Idea for an exploit via the 1.5 updater

MumblyOMOD · Post by **MumblyOMOD** » Thu May 26, 2005 3:24 pm

Okay, so the psp was released in Japan as the 1.0. The 1.0 could run unencrypted code, so the 1.5 update was released fixing this issue. Then the US psp was released, already updated to 1.5. Then Sony released the 1.51 update in Japan only and said that users with the 1.5 update did not need to update the 1.51. Upon thinking about this information, I thought of a scenario that fits all this information. That the security flaw isn't with the 1.5 firmware, but with the 1.5 firmware installer. This would explain why 1.5 users wouldn't need to upgrade to 1.51 and why the 1.51 update hasn't been released for the US psp's. Since US psp's are already at 1.5, there would be no reason to update to 1.51 if the flaw was in the updater application itself. I have no idea how this might be able to be exploited, but I thought that this idea might prove useful.

jday · Post by **jday** » Thu May 26, 2005 3:34 pm

The 1.51 update has been released in the US. When I have my US 1.5 scan for updates it finds and downloads 1.51.

MumblyOMOD · Post by **MumblyOMOD** » Thu May 26, 2005 3:36 pm

F9zDark · Post by **F9zDark** » Thu May 26, 2005 4:33 pm

Where have you been?

What we need is someone to download the 1.5 firmware(now that 1.51 is released, that might be impossible) and reverse engineer it to find any clues about how to enable the encryption/signing methods that were enabled in the 1.5 firmware. This would be an auxiliary step towards making homebrew because then once code can be run on 1.5 PSPs, a 'hacked' firmware could be released to disable this encryption/signing to forever unlock 1.5 systems.

Busby · Post by **Busby** » Thu May 26, 2005 11:11 pm

What we need is someone to download the 1.5 firmware(now that 1.51 is released, that might be impossible)

Loads of people have the 1.50 update downloaded.

Erant · Post by **Erant** » Thu May 26, 2005 11:24 pm

F9zDark wrote:Where have you been?

What we need is someone to download the 1.5 firmware(now that 1.51 is released, that might be impossible) and reverse engineer it to find any clues about how to enable the encryption/signing methods that were enabled in the 1.5 firmware. This would be an auxiliary step towards making homebrew because then once code can be run on 1.5 PSPs, a 'hacked' firmware could be released to disable this encryption/signing to forever unlock 1.5 systems.

Oh, alright, I've got the 1.50 updater. Lemme just get this little black box with the big button that says "REVERSE ENGINEER", and hook it up to the PSP.

But seriously, there is no way you're going to reverse engineer the encrypted PSAR file. For starters, you don't know for sure wether or not it's AES encrypted. And even if it was, you wouldn't have the key. (Don't start about bruteforcing, you already look dumb, don't make it worse). And after that, you don't know how it's compressed, you don't know which parts are compressed, etc. etc.

Histo · Post by **Histo** » Sat May 28, 2005 7:19 am

Actually the 1.50 firmware is still on Sony's servers they never took it off when they released the 1.51 update.

Vampire · Post by **Vampire** » Sat May 28, 2005 7:32 am

Histo wrote:Actually the 1.50 firmware is still on Sony's servers they never took it off when they released the 1.51 update.

no, it isn't there anymore. they took it off a few hours/days after they released the 1.51 update.

jimmygoon · Post by **jimmygoon** » Sun May 29, 2005 2:03 am

I truly believe that every topic with the word "idea" in it should be instantly closed and deleted.

MumblyOMOD · Post by **MumblyOMOD** » Mon May 30, 2005 5:00 am

At least it's in legible english