Help with the 0x51 idstorage key

*mUrDeRc0dE* · Post by ***mUrDeRc0dE*** » Thu Sep 04, 2008 10:35 pm

Anyone know how the original firmware version is stored in 0x51 key?

SilverSpring · Post by **SilverSpring** » Fri Sep 05, 2008 10:37 pm

What do you mean how? The number comes from the version stored in version.txt which holds the firmware version number.

Why do you need to know this anyway?

Torch · Post by **Torch** » Sat Sep 06, 2008 10:56 pm

I'm guessing he wants to know the raw byte format of the data.

SilverSpring · Post by **SilverSpring** » Sun Sep 07, 2008 7:40 pm

The format? It comes from the version.txt which is just a plain ASCII text file. So the version number is just an ASCII string.

Couldn't he see himself that it is in ASCII?

I still don't know what he is trying to achieve.

Torch · Post by **Torch** » Sun Sep 07, 2008 7:44 pm

Yes but there is some binary stuff after the version number, and the rest is zeroed out.

I don't know the IDStorage format. I'm guessing its some checksum/hash or the like.

Oh and I just found out that my PSP which shipped with 3.71 says 3.60 in the IDStorage :S

SilverSpring · Post by **SilverSpring** » Sun Sep 07, 2008 8:11 pm

Ok, he didn't mention any of that he just asked how the firmware version was stored. And I explained to him how the version was stored.

About the hash following the version number, it is a partial SHA1-HMAC of the version.txt file that the version number came from. It is also unique per-PSP because it also uses the PSP's FuseID in its calculation.

The rest of the leaf isn't used. Just 8-Bytes for the version number and 8-Bytes for the hash (it is only using the first 64-bits out of the 160-bit SHA1-HMAC).

Torch · Post by **Torch** » Sun Sep 07, 2008 9:32 pm

I assume the newer IPLs check the integrity of the keys and will brick if the hash does not match? So you can't change the version number unless we know the HMAC key?

Are all the keys hashed? If so then the HMAC key must be known in order for DC7 to regenerate the IDS ?

SilverSpring · Post by **SilverSpring** » Mon Sep 08, 2008 2:00 pm

I don't know if this key is checked in newer fw, it was never used in previous fw's. I think it was primarily used when people sent in their PSP's for service. They could check if the nand was originally theirs or if they had flashed someone elses nand dump. And if they did, they could identify which PSP the nand dump came from as well. I guess it was a way to guarantee the fw it was originally flashed with at factory.