Crypto / DRM
Update: AES Content Keys
AES Content Keys
84 41 07 03 DA A8 4E 86 AC D4 F4 DF A2 44 1F 37
(Not posting actual bsig of games or apps to stop this from being fixed before its useful)
First 2 bytes of the sig "0012345" are dev specific and dont change when an update or patch is issued.
3rd Byte is predictable based on prior update for the application.
(Extra Auth/Boot Signature ID)
Retail BootSigID Update 1: e9b803
Retail BootSigID Update 2: f3df56
/BSID/STR0/TLM3/data=dbf4c9a6 (8 Bytes)
/BSID/STR1/TLM3/data=9f7cc469 (8 Bytes)
/BSID/STR2/TLM3/data=52UPDATE (8 Bytes)
Last 6 bytes of /STR2/ change every time a new update or patch is issued. Others stay constant and are app specific.
/BSID/STR0/STR1/bsid=dbf4c9a69f7cc46952UPDATE (24 Bytes)
Updates for certain apps and games can be skipped by making the BootSig and the BootSigID match the most recent patch when the check is done.
Note: Some apps also check "minRequiredAppVersion".
Compression & Encryption
Some games are packaging game updates/script files with lzma. After you decompress the lzma the files you get have an additional layer of encryption.
Manufacturing Id= getRegistry().hardwareId:sub(1, 4)
Model Id= getRegistry().hardwareId:sub(1, 8)
registerStateType(default, cancel, reset)
PseudoRandom Number Generator
The Randomseed for software based PRNG is just time, allowing you to predict the seed due to low entropy
- The choice of a good random seed is crucial in the field of computer security. When a secret encryption key is pseudo-randomly generated, having the seed will allow one to obtain the key.
Edit: Netflix and Hulu are supporting 4K on the PS4 Pro apparently without Playready 3 using the same APP with the PS4 Pro in PS4 GPU mode. The PS4 Intellectual notice does mention Playready and states that the device can be disabled which is embedded Playready greater than 2.5. Playready 2.5 and lower is in the APP not in a TEE on the PS4.
Apparently all Commercial apps are currently using a 2008 PC Vista model which uses the APU's GPU for codecs. http://www.anandtech.com/show/2622/2 For security reasons the Codec is also supposed to run in a TEE for Playready 3. Has Sony implemented a TEE within their custom APU?
A fail overflow programmer states that Display Port Video exits the APU over a PCIe4 bus to the Custom Panasonic HDMI chip where it is converted to HDMI. In the 2008 Vista PC model, Video is encrypted on the PCIe bus and HDCP takes place in the GPU not the HDMI chip; this would be necessary for 1080P and 4K video leaving the GPU with the PCIe traces and HDMI pins exposed.
Sony calls all PS4s UHD Capable here http://efficientgaming.eu/fileadmin/user_upload/SONY__PCR_2016_CUH1116A.pdf What that means may only be HD + HDR for Games which takes the negotiation of a HDMI 2.0a port. Or it can also support HD + HDR for commercial media or full UHD. This would require a TEE with embedded Playready 3 and my guess optimally happens in Southbridge with a path using PCIe4 from Southbridge to HDMI and with full screen video the APU would be off with GDDR5 in Self refresh. Any need for UI would turn on the APU's GPU. Games would continue using the APU to HDMI PCIe4 path as that has the least latency.
Cerny stated the PS4 Second custom chip as Southbridge has a Trustzone TEE used for trusted boot and background downloading. 256 Meg DDR3 and 1GB DDR3 for the Pro attached to Southbridge notwithstanding Sony statements probably translates to the 2013/2015/2016 PS4s supporting HD + HDR and the PS4 Pro with 4X the memory supporting 4K commercial media.
We have no idea what's coming or how Sony is going to implement Playready 3.
Marlin DRM (used by PS4/PS3/PSP)
Advanced Access Content System (AACS)
AACS (used by BluRay Video / BD]
AES encrypted video
AMD64 has AES-NI support
Key selection vector (KSV)
Content Scramble System (CSS)
CSS (used by DVD-Video)