Advertising (This ad goes away for registered users. You can Login or Register)

Search found 44 matches

by Proxima
Sun Jun 12, 2011 4:17 pm
Forum: Programming and Security
Topic: Interesting info on KIRK1 function
Replies: 18
Views: 6612

Re: Interesting info on KIRK1 function

djmati11 wrote:He has signed message with ECSDA?
The encrypted message was too subtle I guess.
by Proxima
Fri Jun 10, 2011 3:02 pm
Forum: Programming and Security
Topic: Interesting info on KIRK1 function
Replies: 18
Views: 6612

Re: Interesting info on KIRK1 function

jigsaw wrote:what's the algo for encryption then? or is it a silly question? :roll:
Encryption is the same as normal KIRK1. The CMACs have been replaced with SHA1s of the header and data with ECDSA signatures of each.
by Proxima
Thu Jun 09, 2011 2:58 pm
Forum: Programming and Security
Topic: Interesting info on KIRK1 function
Replies: 18
Views: 6612

Interesting info on KIRK1 function

Something that may be of interest to KIRK 1 researchers and developers. 10 6D 65 5D F7 B4 C0 41 5D AB 17 3C AE 6D D8 F2 66 4F E1 F2 E9 D6 63 36 F7 33 0B CA B9 55 6D B6 EB E8 05 DC F5 57 E2 F8 C8 1F D9 5C B6 0B 60 1B F0 86 2D DB 1F CB 4E AF CD E3 88 A6 3C 1D 57 DC 5E 94 EE AC 2E 6C 9F 2E 81 C7 1C 58 ...
by Proxima
Tue Feb 01, 2011 5:06 pm
Forum: Programming and Security
Topic: Lots of User mode NIDS via PS3
Replies: 1
Views: 902

Lots of User mode NIDS via PS3

Not sure if this has been mentioned yet, but the PS3 PSP emulator has a library called PEmuCoreLib.sprx. If you decrypt it, there is a nice list of NIDS and full function names for what looks like all the user calls that the Emu supports for the Minis. In the 3.55 version of PEmuCoreLib.sprx, the li...
by Proxima
Tue Jan 25, 2011 8:41 pm
Forum: Programming and Security
Topic: PS3 packages and how it leads to PSP signing
Replies: 318
Views: 183688

Re: PS3 packages and how it leads to PSP signing

The gzip file has to unzip to the ELF size listed in the header. You'll need to append 0s to the ELF until its the correct size, then gzip it and it should work better.
by Proxima
Tue Jan 18, 2011 4:52 pm
Forum: Programming and Security
Topic: PS3 packages and how it leads to PSP signing
Replies: 318
Views: 183688

Re: PS3 packages and how it leads to PSP signing

The additional possibility is related to how the OFW uses the entrypoint listed in the header. Even if the file has no relocations listed, so the 0x0890xxxx based use is fine, it may implicitly doing the relocation math on the entry point, so an entry point listed as 0x1AE0, gets 0x08900000 added to...
by Proxima
Mon Jan 17, 2011 10:40 pm
Forum: Programming and Security
Topic: PS3 packages and how it leads to PSP signing
Replies: 318
Views: 183688

Re: PS3 packages and how it leads to PSP signing

The oldest Demo (using decrypt mode D) that I can find is LocoRoco from April 2006. It does not use an entry point in the 0x08900000 range. It is based at 0 and gets relocated at run time. If you have a mode D demo that has a 0x0890xxxx based entry point, we should add that to the possible header li...
by Proxima
Mon Jan 17, 2011 3:34 am
Forum: Programming and Security
Topic: PS3 packages and how it leads to PSP signing
Replies: 318
Views: 183688

Re: PS3 packages and how it leads to PSP signing

My understanding is that since the psp header is included in the SHA1 hash, and since we don't have the keys for any mode other than 9, we cannot re-encode the proper SHA1 into the header. Changing the info in the header only is possible if we can re-encode the SHA1 data. Though I may have missed so...
by Proxima
Sun Jan 16, 2011 8:27 pm
Forum: Programming and Security
Topic: PS3 packages and how it leads to PSP signing
Replies: 318
Views: 183688

Re: PS3 packages and how it leads to PSP signing

One more function for kirk-engine.c. It's the encryption version of CMD1. Used to encrypt a plaintext ELF with the header info. Call this just before you call kirk_forge. I called it CMD0, but rename it as you like. int kirk_CMD0(u8* outbuff, u8* inbuff, int size) { KIRK_CMD1_HEADER* header = (KIRK_...
by Proxima
Sun Jan 16, 2011 7:53 pm
Forum: Programming and Security
Topic: PS3 packages and how it leads to PSP signing
Replies: 318
Views: 183688

Re: PS3 packages and how it leads to PSP signing

Here's some code to support the CMAC collision forging. In crypto.c, add the following function: void AES_CMAC_forge (AES_ctx *ctx, unsigned char *input, int length, unsigned char * forge ) { unsigned char X[16],Y[16], M_last[16], padded[16]; unsigned char K1[16], K2[16]; int n, i, flag; generate_su...

Go to advanced search