Advertising (This ad goes away for registered users. You can Login or Register)

PS3 packages and how it leads to PSP signing

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
criptych
Posts: 10
Joined: Tue Feb 08, 2011 4:40 pm
Location: ::1
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by criptych »

Does anyone know the relation between the KIRK header keys and the ~PSP header keys? I know the KIRK header keys are encrypted with the KIRK CMD1 key - I've been lurking here for a while now :) - but the ones in the ~PSP header are obviously obscured some other way (different key, different encryption, or something). Is it already known and I just can't find it online, or has no one else figured it out yet either?
Advertising
PSP-2001 // CFW 6.60 ME-1.2 and GCLite // Genesis Competition Entry
"So, we meet again: for the first time, for the last time." —Spaceballs
kgsws
Guru
Posts: 77
Joined: Wed Jan 05, 2011 9:51 am

Re: PS3 packages and how it leads to PSP signing

Post by kgsws »

Check PRX decrypter source code.
Advertising
criptych
Posts: 10
Joined: Tue Feb 08, 2011 4:40 pm
Location: ::1
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by criptych »

kgsws wrote:Check PRX decrypter source code.
I actually started doing that in the meantime. It looks like DecryptPRX2 is what I want, but I don't know how to determine the tag info for a PRX whose tag isn't in PRXdecrypter's list, specifically the "key" used to initialize tmp2:

Code: Select all

    int i, j;
    u8 *p = tmp2+0x14;

    for (i = 0; i < 9; i++) {
        for (j = 0; j < 0x10; j++) {
            p[(i << 4) + j] = pti->key[j];
        }

        p[(i << 4)] = i;
    }

    if (Scramble((u32 *)tmp2, 0x90, pti->code) < 0) {
(I think there are few enough Scramble codes / keyseeds that I can just try them all.)

For example, one of those I'm testing with has the tag 0xc0cb167c. Where can I find the init key that goes with it? Is there some way to derive it, or will I have to brute-force it? (I hope not!)

EDIT: Hmm, never mind that last part... looks like it was one of the "old-style" PRXs that uses DecryptPRX1. :oops:
PSP-2001 // CFW 6.60 ME-1.2 and GCLite // Genesis Competition Entry
"So, we meet again: for the first time, for the last time." —Spaceballs
coyotebean
Guru
Posts: 96
Joined: Mon Sep 27, 2010 3:22 pm

Re: PS3 packages and how it leads to PSP signing

Post by coyotebean »

criptych wrote:I actually started doing that in the meantime. It looks like DecryptPRX2 is what I want, but I don't know how to determine the tag info for a PRX whose tag isn't in PRXdecrypter's list, specifically the "key" used to initialize tmp2:

(I think there are few enough Scramble codes / keyseeds that I can just try them all.)

For example, one of those I'm testing with has the tag 0xc0cb167c. Where can I find the init key that goes with it? Is there some way to derive it, or will I have to brute-force it? (I hope not!)

EDIT: Hmm, never mind that last part... looks like it was one of the "old-style" PRXs that uses DecryptPRX1. :oops:
If a tag is not in PRXdecrypter, you have to dig into the firmware/game to find the necessary data.
GBASP x1, GBM x2, NDSL x2, PSP 100X x3, PSP 200X x6, PSP 300X x5, PSP Go x4, Wii x1
logical
Posts: 102
Joined: Sun Oct 03, 2010 12:34 pm
Location: Russia
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by logical »

Guys what do you think about using precalculated header from ofw update pbp? I think if its possible "signed" homebrews may have kernel access
=Thanks to HBL and all devs!=

Image
warlock02
Posts: 41
Joined: Thu Dec 16, 2010 2:49 pm
Location: r00t
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by warlock02 »

logical wrote:Guys what do you think about using precalculated header from ofw update pbp? I think if its possible "signed" homebrews may have kernel access
you can`t unpack updater
Image
sorry for my *** English :)
logical
Posts: 102
Joined: Sun Oct 03, 2010 12:34 pm
Location: Russia
Contact:

Re: PS3 packages and how it leads to PSP signing

Post by logical »

Answer please on my question! TN-C "signed" and can be run from ofw but file size less than 5mb, how he can do this?!
=Thanks to HBL and all devs!=

Image
coyotebean
Guru
Posts: 96
Joined: Mon Sep 27, 2010 3:22 pm

Re: PS3 packages and how it leads to PSP signing

Post by coyotebean »

logical wrote:Answer please on my question! TN-C "signed" and can be run from ofw but file size less than 5mb, how he can do this?!
http://www.wololo.net/talk/viewtopic.ph ... 170#p20435
http://www.wololo.net/talk/viewtopic.ph ... 240#p21228
http://www.wololo.net/talk/viewtopic.ph ... 290#p22465

All current HEN/LCFW are user program using an exploit in kernel to elevate permission.
GBASP x1, GBM x2, NDSL x2, PSP 100X x3, PSP 200X x6, PSP 300X x5, PSP Go x4, Wii x1
juggernaut6613
Posts: 29
Joined: Tue Jan 18, 2011 7:32 am

Re: PS3 packages and how it leads to PSP signing

Post by juggernaut6613 »

logical wrote:Answer please on my question! TN-C "signed" and can be run from ofw but file size less than 5mb, how he can do this?!
I think TN used PScrypter(Homebrew based application to sign other simple applications...) instead of PRXEncrypter... :?
PSP 3000 6.20 PRO-B5 Permanent Patch :D
Locked

Return to “Programming and Security”