Advertising (This ad goes away for registered users. You can Login or Register)

PS3 packages and how it leads to PSP signing

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
User avatar
criptych
Posts: 10
Joined: Tue Feb 08, 2011 4:40 pm
Location: ::1
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by criptych » Tue Feb 08, 2011 4:57 pm

Does anyone know the relation between the KIRK header keys and the ~PSP header keys? I know the KIRK header keys are encrypted with the KIRK CMD1 key - I've been lurking here for a while now :) - but the ones in the ~PSP header are obviously obscured some other way (different key, different encryption, or something). Is it already known and I just can't find it online, or has no one else figured it out yet either?
Advertising
PSP-2001 // CFW 6.60 ME-1.2 and GCLite // Genesis Competition Entry
"So, we meet again: for the first time, for the last time." —Spaceballs

kgsws
Guru
Posts: 77
Joined: Wed Jan 05, 2011 9:51 am

Re: PS3 packages and how it leads to PSP signing

Post by kgsws » Thu Feb 10, 2011 5:25 pm

Check PRX decrypter source code.
Advertising

User avatar
criptych
Posts: 10
Joined: Tue Feb 08, 2011 4:40 pm
Location: ::1
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by criptych » Thu Feb 10, 2011 7:04 pm

kgsws wrote:Check PRX decrypter source code.
I actually started doing that in the meantime. It looks like DecryptPRX2 is what I want, but I don't know how to determine the tag info for a PRX whose tag isn't in PRXdecrypter's list, specifically the "key" used to initialize tmp2:

Code: Select all

    int i, j;
    u8 *p = tmp2+0x14;

    for (i = 0; i < 9; i++) {
        for (j = 0; j < 0x10; j++) {
            p[(i << 4) + j] = pti->key[j];
        }

        p[(i << 4)] = i;
    }

    if (Scramble((u32 *)tmp2, 0x90, pti->code) < 0) {
(I think there are few enough Scramble codes / keyseeds that I can just try them all.)

For example, one of those I'm testing with has the tag 0xc0cb167c. Where can I find the init key that goes with it? Is there some way to derive it, or will I have to brute-force it? (I hope not!)

EDIT: Hmm, never mind that last part... looks like it was one of the "old-style" PRXs that uses DecryptPRX1. :oops:
PSP-2001 // CFW 6.60 ME-1.2 and GCLite // Genesis Competition Entry
"So, we meet again: for the first time, for the last time." —Spaceballs

coyotebean
Guru
Posts: 96
Joined: Mon Sep 27, 2010 3:22 pm

Re: PS3 packages and how it leads to PSP signing

Post by coyotebean » Fri Feb 11, 2011 5:29 am

criptych wrote:I actually started doing that in the meantime. It looks like DecryptPRX2 is what I want, but I don't know how to determine the tag info for a PRX whose tag isn't in PRXdecrypter's list, specifically the "key" used to initialize tmp2:

(I think there are few enough Scramble codes / keyseeds that I can just try them all.)

For example, one of those I'm testing with has the tag 0xc0cb167c. Where can I find the init key that goes with it? Is there some way to derive it, or will I have to brute-force it? (I hope not!)

EDIT: Hmm, never mind that last part... looks like it was one of the "old-style" PRXs that uses DecryptPRX1. :oops:
If a tag is not in PRXdecrypter, you have to dig into the firmware/game to find the necessary data.
GBASP x1, GBM x2, NDSL x2, PSP 100X x3, PSP 200X x6, PSP 300X x5, PSP Go x4, Wii x1

logical
Posts: 102
Joined: Sun Oct 03, 2010 12:34 pm
Location: Russia
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by logical » Sun Feb 20, 2011 9:48 am

Guys what do you think about using precalculated header from ofw update pbp? I think if its possible "signed" homebrews may have kernel access
psp 2k 2G 5.00m33-6 broken screen
psp3k 4G 6.39-TN, PRO, ME
=Thanks to HBL and all devs!=
ipod touch4G 8gb iOs6.1

warlock02
Posts: 41
Joined: Thu Dec 16, 2010 2:49 pm
Location: r00t
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by warlock02 » Sun Feb 20, 2011 10:20 am

logical wrote:Guys what do you think about using precalculated header from ofw update pbp? I think if its possible "signed" homebrews may have kernel access
you can`t unpack updater
Image
sorry for my *** English :)

logical
Posts: 102
Joined: Sun Oct 03, 2010 12:34 pm
Location: Russia
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by logical » Sun Feb 20, 2011 11:47 am

Answer please on my question! TN-C "signed" and can be run from ofw but file size less than 5mb, how he can do this?!
psp 2k 2G 5.00m33-6 broken screen
psp3k 4G 6.39-TN, PRO, ME
=Thanks to HBL and all devs!=
ipod touch4G 8gb iOs6.1

coyotebean
Guru
Posts: 96
Joined: Mon Sep 27, 2010 3:22 pm

Re: PS3 packages and how it leads to PSP signing

Post by coyotebean » Sun Feb 20, 2011 4:19 pm

logical wrote:Answer please on my question! TN-C "signed" and can be run from ofw but file size less than 5mb, how he can do this?!
http://www.wololo.net/talk/viewtopic.ph ... 170#p20435
http://www.wololo.net/talk/viewtopic.ph ... 240#p21228
http://www.wololo.net/talk/viewtopic.ph ... 290#p22465

All current HEN/LCFW are user program using an exploit in kernel to elevate permission.
GBASP x1, GBM x2, NDSL x2, PSP 100X x3, PSP 200X x6, PSP 300X x5, PSP Go x4, Wii x1

juggernaut6613
Posts: 29
Joined: Tue Jan 18, 2011 7:32 am

Re: PS3 packages and how it leads to PSP signing

Post by juggernaut6613 » Mon Feb 21, 2011 8:08 am

logical wrote:Answer please on my question! TN-C "signed" and can be run from ofw but file size less than 5mb, how he can do this?!
I think TN used PScrypter(Homebrew based application to sign other simple applications...) instead of PRXEncrypter... :?
PSP 3000 6.20 PRO-B5 Permanent Patch :D

Post Reply

Return to “Programming and Security”