Can the PSP be hacked any further? Interview with Davee and Proxima (Part 2)
Yesterday we started a long interview with two of the most active hackers on the PSP scene, Davee and Proxima. We introduced their recent work on Kirk, the encryption/decryption chip of the PSP. But I wanted to know more, especially the practical use we could get from knowing more about this chip. So I kept asking questions, about the possibilities of hacking the PSP more, creating unbrickers for new PSP models, as I kept thinking “will the PS Vita have huge security holes as the PS3 and the PSP did?”
3. What’s next?
wololo: To most people, the PSP is already fully hacked: we have kernel access and CFW on all PSP models, and can do pretty much whatever we
want with the flash…assuming you guys are not doing it only for fun… what is the ultimate goal of reverse engineering kirk functions? What more will it bring to the scene?
Davee: Honestly, I’m doing it for education. It is a pristine example and opportunity to explore the working of a remote cryptosystem. It’s good to learn how a cryptosystem works in practice and to enhance your education on it, you attack it for any vulnerabilities. With knowledge on attacks you can do, you can improve your own knowledge of cryptosystems and be able to apply that to real-life again. It’s like learning from your own mistakes, but not your mistakes.
Proxima: Primary point of understanding more about KIRK is learning. This goes one of two places. Either a good implementation that is secure and should be used a model for good crypto practices, or a vulnerable implementation that should teach people what not to do. The second part has the added benefit of trying to future-proof homebrew on the platform. Pandora-eligible PSPs are forever exploitable, but non-pandora ones could be patched by Sony to be secure again and shut out homebrew.
wololo: Are there functions in Kirk that remain closed to the scene? What would it allow if we broke them open? Is there any hope that this can actually happen?
Proxima: All the functions not in the kirk_engine project are currently closed to the scene and could be leveraged by Sony to revamp their security. There is always hope though, except with proper ECDSA….
Davee: Yes, KIRK has a bunch of “protected” keys of which cannot be accessed by the inverse operation. This means that Sony can actually apply encryption schemes using these keys and we are unable to encrypt. This is well demonstrated in the 6.30+ ECDSA type PRX where we cannot forge a header for the PRX to be accepted by the PSP. It is also known in the new IPL hashes where these protected keys are used to encrypt the hashes. Explained by Bubbletune here: http://bubble.lolhax.org/preipl.html
wololo: For those who are too lazy to read Bubbletune’s article, here’s a quick summary: Dark_Alex’s expectations that dumping the pre IPL would be enough to break the PSP security were wrong. The PSP security is much stronger than that. So what about the recent ta88v3 unbricker? Is there any hope for a PSP3000/PSP Go unbricker?
Proxima: I haven’t really looked at it. With a SHA1 HMAC of each block of IPL, Kirk7 0x6C key encryption, and proper ECDSA sig of entire IPL, its not really worth looking at a custom IPL.
Davee: Well, breaking KIRK will not affect the ability to use service mode. To gain service mode execution you need two things:
1 – A valid IPL that is accepted by the pre-IPL.
2 – Ability to enter service mode.
The TA-88v3 has only the ability to enter service mode, we cannot create an IPL (and we never will). Breaking KIRK will allow us to encrypt hashes, but without the pre-IPL we cannot determine how the hashes are even permutated in the first place. Even if we could forge those hashes and encrypt them, the last block in the IPL chain has an ECDSA signature. This signature is likely the signature of the entire IPL and we cannot forge this.
So effectively, there is no way to generate a valid until we have 3 things:
1 – ability to produce hashes
2 – ability to encrypt hashes
3 – private key of the ECDSA signature
Getting number 3 is unlikely.
Really, the work I’ve done which is documenting the new IPL structure and bootrom, the TA88v3 unbricker guys won’t take any interest in my work. It is effectively a step back. Prior to my work, we believed that grabbing the pre-IPL would make the security fall. Now it is clear that the security is well implemented and it is unlikely we will ever see a custom IPL on a TA88v3. As for 3k and up, well, we don’t even know how to decrypt the IPL 🙂
Their work is useless to me, running Sony code is not on my agenda.
wololo: Arg, that’s some tough news… well, “never say never”, who knows, maybe some new breakthrough will happen some day… Thanks a lot to both of you for your time!