Page 1 of 1
PSP's security
Posted: Mon Nov 21, 2005 3:13 pm
by andbna
Just wondering a few things:
1. What does the PSP use to determin weather a program is official or not. (the reason why we cant play homebre games on 1.51 or later)
I heard it was a 128-bit RSA encryption am i wrong?
2. What file would contain the key (EBOOT.pbp?), and is there any documentation on its format?
Thanks
Posted: Tue Nov 22, 2005 7:22 am
by Jim
Google for public key cryptography. There you will find that the PSP BIOS holds half the key and Sony hold the other half. Without Sony's half of the key, there's no way to sign an executable that the PSP will run.
Jim
Posted: Tue Nov 22, 2005 8:12 am
by andbna
Ok, so the programs are encrypted with an RSA algorithm? using a key soney has, and decrypted using a key stored in the BIOS.
I found a bunch of info on the RSA algorithm here:
http://world.std.com/~franl/crypto/rsa-guts.html
So, the BIOS has the modulus and the public exponant and uses it to decrypt files encrypted with the private exponant.
So; has anyone gotten or is there a way to get the public exponant and the modulus from the BIOS?
Assuming these are found, could someone not edit the firmware to include a check to see if its encrypted or not? Alternativly brute force the private key.
Posted: Wed Nov 23, 2005 2:33 am
by PSP250
Checkout this for more informations:
-
PSAR Dumper Source / Decrypts files using the PSP
-
http://www.psphacks.net/forums/viewtopic.php?t=406 / Section about Security
Bruteforce the complete private key would prolly take a few years to succeed.
However, I think the only possible bruteforce is to try to write a VERY small piece of code (few bytes that start something unsigned) and try to create an encrypted version of these few bytes using a homebrew that uses some bruteforce method on the decrypting procs. (Brute force some bytes -> Let PSP decrypt -> Compare if decrypted version matches our file etc.)