Encryption key extraction ?

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

Post Reply
Vyrus001
Posts: 30
Joined: Tue Apr 26, 2005 4:25 am

Encryption key extraction ?

Post by Vyrus001 »

not sure how much good this would do since there is no way to get an image of a game off of a umd at this point but, might it be prudent to assume that since each pice of psp game code "DATA.PSP and .PSAR" is encrypted by a public AES key, that companies might use the same one for each game? in wich case it should be possible to compare pices of games that we know are the same "headders perhaps" and reverse engineer a key that could be used to encrypt home brew games? If nothing else this might be an ideal meathod for compareing DATA.PSP files from other souces (than the 1.5 firmare update) and compare the so called "key table" at the top of the file...


btw... yes i know my spelling is horrable but i was in a hurry when i wrote this :P

[EDIT: Spellcheck on the thread title.]
User avatar
mc
Posts: 211
Joined: Wed Jan 12, 2005 7:32 am
Location: Linköping

Post by mc »

There is no such thing as a "public AES key", AES is a symmetrical crypto.

And no, a fixed AES key would most likely not be used. Instead, a unique key would be generated for each release, and encrypted using an assymetrical crypto, and then stored in the DATA.PSP.
Flying at a high speed
Having the courage
Getting over crisis
I rescue the people
Neila
Posts: 79
Joined: Sat Apr 23, 2005 3:36 am
Location: Canada

Post by Neila »

you have different key generated for each section of the PSAR (by Dev-kit most probably since they have to be able to create demos and whatnot without encrypting them at Sony, and the UMD orders seem pretty secure since no one else can press that media),
the key then is encrypted with the "private" key and stored in tables in the xxx.PSP.
GAMESAVES go through in-PSP encryption, and unless someone devised a totally separate encryption system, the encryption/decryption (write/read) of the saves will be done with the internal "private" key which apperantly will be symmetrical. (and this explains the lack of any KEYs in the gamesaves directories)
As mc said, they would not want "public AES" but since it's encrypted, it could be possible (to have it public, and not worry since it's encrypted with the private key).
Besides they need those keys and decryption to be VERY fast, have a hardware decoder doing them, not having to kill the processing units inly with enc/decr tasks.

but most of that is already known.... search the posts.
cheers
Vyrus001
Posts: 30
Joined: Tue Apr 26, 2005 4:25 am

Post by Vyrus001 »

i keep seeing in all the posts that the psar is where the game data is stored, but im not so sure. if i remove the psar all togeather and change the version number to 1.5x in the sfo file i get a screen that sais psp updater, then it gives me an error about missing psar, how ever the fact that this screen can be seen leads me to beleave 2 things...

1) the psp file is the actual application (in this case "pbp file") and the psar is simply an archive of the new os that is to be copied

2) the previous being true it means that once the psp file is cracked / decrypted, it should be possible to run homebrew code without ever touching the psar

i figure the psp file has a non encrypted header "listed in posts alredy" and the crypted "loader" program in it then it simply "loads" the psar code

... side note "perhaps the psar is simply an archive of .bin files simmalar to the ps2, wich would explain the arcitecture we beleve it to have"

.. ps... yes i know spelling :P
Neila
Posts: 79
Joined: Sat Apr 23, 2005 3:36 am
Location: Canada

Post by Neila »

if you ex/change the PNGs and the PMF file what does it show?

my guess is that what you see is simply those and no actual code is present, only the "loader" - PSP, and icons PNG, PMF
Vyrus001
Posts: 30
Joined: Tue Apr 26, 2005 4:25 am

Post by Vyrus001 »

Neila wrote:if you ex/change the PNGs and the PMF file what does it show?

my guess is that what you see is simply those and no actual code is present, only the "loader" - PSP, and icons PNG, PMF
i dont think that is the case... here is the pbp to prove my point

http://vnet.hopto.org/EBOOT.PBP
Post Reply