Hi, i just downloaded http://my.malloc.us/silverspring/files/ ... sample.rar wich is an example of how they decrypt the ipl.
I was wondering if it would be possible to watch/log the calls of such hardware functions with the help of breakpoints.
Because it is not a normal call to such a function you can not simply say: "stop at offset xy"
The reason i ask is some idea about this crypto chip.
Cos nobody knows what code it uses to crypt/decrypt stuff ... why not just generate a file that stores the encrypted and decrypted buffer.
That way emulators might be possible in future ...
(of course only if the buffer that needs to get decrypted does not change every time)
Breakpoint on hardware functions possible?
-
Dariusc123456
- Posts: 388
- Joined: Tue Aug 12, 2008 12:46 am
PSPLink has an option for breakpoints, but the problem is that the actual function is called by the chip.
All you change is a register/memory part, so i wonder if it is somehow possible to break on the change of a special register/memory part.
For better understanding thats some part they use to decrypt stuff:
PspKirkRegs *const crypt = KIRK_HW_REGISTER_ADDR;
crypt->command = 1;
crypt->src_addr = MAKE_PHYS_ADDR(src);
crypt->dst_addr = MAKE_PHYS_ADDR(dst);
crypt->proc_phase = 1;
while((crypt->status & 0x11) == 0);
See?
There is no function call like for example "decrypt()" at all.
Question is, how the chip knows when it should process the command.(maybe just checks the field proc_phase?)
All you change is a register/memory part, so i wonder if it is somehow possible to break on the change of a special register/memory part.
For better understanding thats some part they use to decrypt stuff:
PspKirkRegs *const crypt = KIRK_HW_REGISTER_ADDR;
crypt->command = 1;
crypt->src_addr = MAKE_PHYS_ADDR(src);
crypt->dst_addr = MAKE_PHYS_ADDR(dst);
crypt->proc_phase = 1;
while((crypt->status & 0x11) == 0);
See?
There is no function call like for example "decrypt()" at all.
Question is, how the chip knows when it should process the command.(maybe just checks the field proc_phase?)
Yes you can. First coprocessor CP0 has a couple of registers called WatchHi and WatchLo, which will generate an exception if the address specified on them is accessed. Check a MIPS CPU reference for further details.CrazyT wrote:I was wondering if it would be possible to watch/log the calls of such hardware functions with the help of breakpoints.
Sure about that?CrazyT wrote:Cos nobody knows what code it uses to crypt/decrypt stuff
http://hitmen.c02.at/files/yapspd/psp_d ... tml#sec8.7
Afaik, Kirk doesn't do encryption as it only has the public key (for decrypting). But don't quote me on this, and correct me if i'm wrong.
EDIT: ok, you mean the algorithm for decryption, I understood otherwise :P
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.