Forum rules: Forum rule Nº 15 is strictly enforced in this subforum.
#15331 by wololo
Mon Jan 03, 2011 10:09 am
I'm posting this in the PSP programming forum as I'm trying to focus on the recent work by MathieuLH regarding PSP Eboots.
Please bear with me as I'm completely new to the PS3 development work, so I have more questions than answers here.

I'm trying to understand the process with which Mathieu found the PSP master key as well as the signing/encryption algorithms hidden within the PS3 firmware. anybody with interest to help/explain ?

My sources of information:
http://dukio.com/gadget/mathieulh-psp-m ... s-ps3.html (a quick summary of what Mathieu said so far regarding his recent work on the PSP)
http://ps3wiki.lan.st/index.php/SELF_Fi ... Decryption (the SELF format explained)
http://psx-scene.com/forums/643064-post1.html Most of the tools released so far, in a compiled way. Source is included.
https://spreadsheets.google.com/pub?key ... utput=html frequently updated list of keys
There are more "fresh" sources of information (lan.st, twitter, geohot's website...) but the 3 ones above have the benefit of regrouping most of the stuff I think is needed for now.

What I did
I downloaded the PS3 update from the official PS3 site.
Running pup_unpack on that file correctly decrypted the firmware.
I then unpacked the tar file containing all the pkg files, and did the following to decrypt/unpack the dev_flash files:
Code: Select allfor i in `ls dev_flash*`; do ./depkg $i $i.tar ; tar -xvf ./$i.tar ; rm $i.tar; done


Hmmm...from there I'm basically lost already...
everything in dev_flash/pspemu could be interesting...
in that folder, there are two .self files: psp_emulator.self and psp_translator.self
Are those interesting? Are they encrypted? How to decrypt/disassemble the code in those?
I tried the decrypt_self tool included in the package above, but this gives me what looks like an empty elf, whatever key I try to use.

On top of these two .self files, we can find lots of .sprx files in the release/ folder. Some of them will look very familiar, as they just look like the prx files we have in the usual PSP firmwares. Some of them have very interesting names, such as emulator_api.sprx, emulator_drm.sprx, or PEmuCoreLib.sprx...

Mathieu says each module has different keys...do we need to look for those keys in order to decrypt/decompile the .self and .sprx files in this pspemu folder? Are there any tools to decompile .sprx files?
Advertising
Last edited by wololo on Tue Jan 04, 2011 7:50 am, edited 2 times in total. Reason: (added one link)
#15421 by cold-zero
Mon Jan 03, 2011 1:27 pm
Wololo wrote:What I did
I downloaded the PS3 update from the official PS3 site.
Running pup_unpack on that file correctly decrypted the firmware.
I then unpacked the tar file containing all the pkg files, and did the following to decrypt/unpack the dev_flash files:
Code: Select allfor i in `ls dev_flash*`; do ./depkg $i $i.tar ; tar -xvf ./$i.tar ; rm $i.tar; done


Hmmm...from there I'm basically lost already...
everything in dev_flash/pspemu could be interesting...
in that folder, there are two .self files: psp_emulator.self and psp_translator.self
Are those interesting? Are they encrypted? How to decrypt/disassemble the code in those?
I tried the decrypt_self tool included in the package above, but this gives me what looks like an empty elf, whatever key I try to use.

On top of these two .self files, we can find lots of .sprx files in the release/ folder. Some of them will look very familiar, as they just look like the prx files we have in the usual PSP firmwares. Some of them have very interesting names, such as emulator_api.sprx, emulator_drm.sprx, or PEmuCoreLib.sprx...

Mathieu says each module has different keys...do we need to look for those keys in order to decrypt/decompile the .self and .sprx files in this pspemu folder? Are there any tools to decompile .sprx files?


I got to that point too and i tried decrypting the .self files from the pspemu folder with fwpkg.exe with no result.
But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.

I think the .sprx files in the release folder are the minimum files needed to imitate the psp firmware so they can emulate psp EBOOT's. I suppose those files are like prx's on the psp just they are for the ps3.
#15428 by jigsaw
Mon Jan 03, 2011 1:39 pm
But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.


I think not. The reason for running decryptor on PSP is that we didn't have public/private keys, which is built in Kirk.
Now that both keys and algorithms are released, any platform should be able to decrypt it.

At one hand, the findings by fail0verflow is terrific, and on the other hand, I feel bit depressed. :( I guess even TN would have same feeling? :D
#15429 by JJS
Mon Jan 03, 2011 1:41 pm
cold-zero wrote:But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.
I don't think so. You can only do decryption on the PSP because you need the KIRK hardware to do the decryption since the encryption keys are (or were?) unknown. That is why you could not do it on the PC. But with the PS3 the keys are known so everything can be done on the PC.

The modules just have their own key that you have to get somewhere (dunno from where) apparently. I only write what I learned from this post btw.


Fake edit: OMG I am so slow... I am submitting my reply anyway :mrgreen:


Real edit: I don't think this is the end of CFW, but instead it will just allow the signing of own code. To what extent that is possible I cannot say, for that I know not enough about. So I cannot tell if this will allow to create a valid IPL, to sign kernel modules for the firmware or to sign only user mode games. Anyway, you will want a CFW on the PSP regardless of the ability to create user mode homebrew because of the other restrictions of OFW like the inability to load external modules from the memory stick (which means no kernel mode for homebrew software).
#15430 by cold-zero
Mon Jan 03, 2011 1:44 pm
jigsaw wrote:
But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.


I think not. The reason for running decryptor on PSP is that we didn't have public/private keys, which is built in Kirk.
Now that both keys and algorithms are released, any platform should be able to decrypt it.


I know that, but AFAIK they only claimed they have found the key's but they never made them public. Of course i may have misunderstood.

EDIT: Ok i got it, the keys are public. Don't mind me, my brain is not compiling these news that fast. /:)

jigsaw wrote:At one hand, the findings by fail0verflow is terrific, and on the other hand, I feel bit depressed. :( I guess even TN would have same feeling? :D


Well yeah, now it all resumes at homebrew development and plugin development but on the bright side maybe now we will be able to dump the pre-IPL on the motherboards that do not accept pandora and find out more about the PSP.
Last edited by cold-zero on Mon Jan 03, 2011 1:47 pm, edited 1 time in total.
#15431 by wololo
Mon Jan 03, 2011 1:45 pm
Hmm, so... I think I was being half stupid here...
basically, I downloaded Firmware 3.55 and tried to decrypt its files with the 3.15 keys...

I tried the same procedure with firmware 3.50 (and the keys 3.50 from the google spreadsheet at https://spreadsheets.google.com/pub?key ... utput=html ), and this time I got the decryption to "half work".

./decrypt-self.exe psp_emulator.self test2.elf 350.appkey 0

This gives me an ELF file which looks somewhat legit... but the decryption segfaults after a while...
(I'll try with firmware 3.15 as well to see if the decrypt process doesn't segfault in the middle of the process...)

hmmm, so now I guess that from this ELF, I need to start decompiling stuff... any existing tool for that?
#15441 by wololo
Mon Jan 03, 2011 1:59 pm
@Pihas thanks but I'm pretty sure that's not what I'm looking for...

Who is online

Users browsing this forum: No registered users and 3 guests