PS3 packages and how it leads to PSP signing

[wololo]

I'm posting this in the PSP programming forum as I'm trying to focus on the recent work by MathieuLH regarding PSP Eboots.
Please bear with me as I'm completely new to the PS3 development work, so I have more questions than answers here.

I'm trying to understand the process with which Mathieu found the PSP master key as well as the signing/encryption algorithms hidden within the PS3 firmware. anybody with interest to help/explain ?

My sources of information:
http://dukio.com/gadget/mathieulh-psp-m ... s-ps3.html (a quick summary of what Mathieu said so far regarding his recent work on the PSP)
http://ps3wiki.lan.st/index.php/SELF_Fi ... Decryption (the SELF format explained)
http://psx-scene.com/forums/643064-post1.html Most of the tools released so far, in a compiled way. Source is included.
https://spreadsheets.google.com/pub?key ... utput=html frequently updated list of keys
There are more "fresh" sources of information (lan.st, twitter, geohot's website...) but the 3 ones above have the benefit of regrouping most of the stuff I think is needed for now.

What I did
I downloaded the PS3 update from the official PS3 site.
Running pup_unpack on that file correctly decrypted the firmware.
I then unpacked the tar file containing all the pkg files, and did the following to decrypt/unpack the dev_flash files:

Code: Select all

for i in `ls dev_flash*`; do ./depkg $i $i.tar ; tar -xvf ./$i.tar ; rm $i.tar; done

Hmmm...from there I'm basically lost already...
everything in dev_flash/pspemu could be interesting...
in that folder, there are two .self files: psp_emulator.self and psp_translator.self
Are those interesting? Are they encrypted? How to decrypt/disassemble the code in those?
I tried the decrypt_self tool included in the package above, but this gives me what looks like an empty elf, whatever key I try to use.

On top of these two .self files, we can find lots of .sprx files in the release/ folder. Some of them will look very familiar, as they just look like the prx files we have in the usual PSP firmwares. Some of them have very interesting names, such as emulator_api.sprx, emulator_drm.sprx, or PEmuCoreLib.sprx...

Mathieu says each module has different keys...do we need to look for those keys in order to decrypt/decompile the .self and .sprx files in this pspemu folder? Are there any tools to decompile .sprx files?

Advertising

[FrEdDy]

I was thiking about psp_emulator/translator.self too,but I didn't manage to decrypt them correctly too

Advertising

[Pihas]

Since where are posted some keys, maybe somebody knows how to use them in homebrew?

[cold-zero]

What I did
I downloaded the PS3 update from the official PS3 site.
Running pup_unpack on that file correctly decrypted the firmware.
I then unpacked the tar file containing all the pkg files, and did the following to decrypt/unpack the dev_flash files:

Code: Select all

for i in `ls dev_flash*`; do ./depkg $i $i.tar ; tar -xvf ./$i.tar ; rm $i.tar; done

Hmmm...from there I'm basically lost already...
everything in dev_flash/pspemu could be interesting...
in that folder, there are two .self files: psp_emulator.self and psp_translator.self
Are those interesting? Are they encrypted? How to decrypt/disassemble the code in those?
I tried the decrypt_self tool included in the package above, but this gives me what looks like an empty elf, whatever key I try to use.

On top of these two .self files, we can find lots of .sprx files in the release/ folder. Some of them will look very familiar, as they just look like the prx files we have in the usual PSP firmwares. Some of them have very interesting names, such as emulator_api.sprx, emulator_drm.sprx, or PEmuCoreLib.sprx...

Mathieu says each module has different keys...do we need to look for those keys in order to decrypt/decompile the .self and .sprx files in this pspemu folder? Are there any tools to decompile .sprx files?

I got to that point too and i tried decrypting the .self files from the pspemu folder with fwpkg.exe with no result.
But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.

I think the .sprx files in the release folder are the minimum files needed to imitate the psp firmware so they can emulate psp EBOOT's. I suppose those files are like prx's on the psp just they are for the ps3.

[jigsaw]

But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.

I think not. The reason for running decryptor on PSP is that we didn't have public/private keys, which is built in Kirk.
Now that both keys and algorithms are released, any platform should be able to decrypt it.

At one hand, the findings by fail0verflow is terrific, and on the other hand, I feel bit depressed. I guess even TN would have same feeling?

[JJS]

But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.

I don't think so. You can only do decryption on the PSP because you need the KIRK hardware to do the decryption since the encryption keys are (or were?) unknown. That is why you could not do it on the PC. But with the PS3 the keys are known so everything can be done on the PC.

The modules just have their own key that you have to get somewhere (dunno from where) apparently. I only write what I learned from this post btw.


Fake edit: OMG I am so slow... I am submitting my reply anyway


Real edit: I don't think this is the end of CFW, but instead it will just allow the signing of own code. To what extent that is possible I cannot say, for that I know not enough about. So I cannot tell if this will allow to create a valid IPL, to sign kernel modules for the firmware or to sign only user mode games. Anyway, you will want a CFW on the PSP regardless of the ability to create user mode homebrew because of the other restrictions of OFW like the inability to load external modules from the memory stick (which means no kernel mode for homebrew software).

[cold-zero]

But my question is aren't we suppose to decrypt these files on a ps3 with a hombrew like prxdecrypter but for the ps3.

I think not. The reason for running decryptor on PSP is that we didn't have public/private keys, which is built in Kirk.
Now that both keys and algorithms are released, any platform should be able to decrypt it.

I know that, but AFAIK they only claimed they have found the key's but they never made them public. Of course i may have misunderstood.

EDIT: Ok i got it, the keys are public. Don't mind me, my brain is not compiling these news that fast. /:)

At one hand, the findings by fail0verflow is terrific, and on the other hand, I feel bit depressed. I guess even TN would have same feeling?

Well yeah, now it all resumes at homebrew development and plugin development but on the bright side maybe now we will be able to dump the pre-IPL on the motherboards that do not accept pandora and find out more about the PSP.

[wololo]

Hmm, so... I think I was being half stupid here...
basically, I downloaded Firmware 3.55 and tried to decrypt its files with the 3.15 keys...

I tried the same procedure with firmware 3.50 (and the keys 3.50 from the google spreadsheet at https://spreadsheets.google.com/pub?key ... utput=html ), and this time I got the decryption to "half work".

./decrypt-self.exe psp_emulator.self test2.elf 350.appkey 0

This gives me an ELF file which looks somewhat legit... but the decryption segfaults after a while...
(I'll try with firmware 3.15 as well to see if the decrypt process doesn't segfault in the middle of the process...)

hmmm, so now I guess that from this ELF, I need to start decompiling stuff... any existing tool for that?

[Pihas]

http://www.ps3hax.net/2010/11/release-p ... z19yrn9fAs

[wololo]

@Pihas thanks but I'm pretty sure that's not what I'm looking for...