Reverse Sha & Md5 hashes

Dariusc123456 · Post by **Dariusc123456** » Fri Sep 19, 2008 9:46 am

Well, I been messing around with sha and md5 on the psp. I been wondering, how can I reverse the encryption process so it can show the data that was in the file?

Hellcat · Post by **Hellcat** » Fri Sep 19, 2008 10:39 am

You can't.
It's only a hash, not the complete encrypted data.

However SHA-1 is more or less broken, so if you got the tool and powerfull machines to do it, you could generate data that results in the same has value - if it's what you are looking for is another thing then.... (could only be a "collision").

Not sure what the PSP uses, if it uses any of the SHA-2 variants, your totally out of luck.

Dariusc123456 · Post by **Dariusc123456** » Fri Sep 19, 2008 11:43 am

So, the only thing I can do is to see if the file have been modified? Why dont anyone port any of the things like aes, dsa, etc? I understand thats its hard, but it seen more simple todo.

Torch · Post by **Torch** » Fri Sep 19, 2008 12:21 pm

If you just have an AES encrypted file, then there is no way to crack it. You have no idea what the decrypted data is supposed to look like. Even if you brute force all keys, how will you know when you have found the right one?

Dariusc123456 · Post by **Dariusc123456** » Fri Sep 19, 2008 6:40 pm

So, what can be use to encrypt data for the psp? We dont have access to the psp hardware and cant access the things we need. I can just make my own type of encryption, but then, I might need it to be Digitally Sign with DSA. Brute Force takes to much time. Some people can just go on and poison the hashes with different keys without brute force.

Torch · Post by **Torch** » Fri Sep 19, 2008 11:15 pm

Dariusc123456 wrote:So, what can be use to encrypt data for the psp? We dont have access to the psp hardware and cant access the things we need. I can just make my own type of encryption, but then, I might need it to be Digitally Sign with DSA. Brute Force takes to much time. Some people can just go on and poison the hashes with different keys without brute force.

I don't know what you are trying to do, but I get the impression that you are trying to encrypt/decrypt a file for use in your application. The firmware *has* hardware accelerated functions to AES encrypt/decrypt which you can use. In this case, no matter what you do it is completely insecure because the key can be easily retrieved from your application by reverse engineering. Unless you encrypt the data on first usage by requesting a passphrase from the user and using that.

Dariusc123456 · Post by **Dariusc123456** » Sat Sep 20, 2008 5:01 am

If the key can be easily crack, would sony key been crack and found right now? So there is usage of the psp hardware for encrypting and decrypting? And yes, I making an application, but the program along with it im making , I want it to read encrypted files thats made by my program.

Hellcat · Post by **Hellcat** » Sat Sep 20, 2008 9:50 am

The Sony keys that are stored in files ARE found (w/o we wouldn't have PSARDumper and the such).

Some keys are embedded in the crypto hardware of the PSP and have NOT been found (but the functions to use it have :p)

AES/RSA is asymetric, so even when you have found the key embedded in some other file, it's pretty much worthless.

Torch · Post by **Torch** » Sat Sep 20, 2008 5:22 pm

Hellcat wrote:The Sony keys that are stored in files ARE found (w/o we wouldn't have PSARDumper and the such).

Some keys are embedded in the crypto hardware of the PSP and have NOT been found (but the functions to use it have :p)

AES/RSA is asymetric, so even when you have found the key embedded in some other file, it's pretty much worthless.

The PSAR keys are just used for layers of convolution to make dumping the firmware update difficult, its really got nothing to do with the PSPs security. Its just a lame software thing which is theoretically insecure because there is no real secret, everything is systematically accessible.

Official programs aren't decrypted using en/decryption keys in the PSP hardware (aside from the UMD disc decryption). The decryption key for executable files is stored in plain sight in the EBOOT.PBP. The only thing stored in hardware is the secret key for the hash check on the executables. Its got nothing to do with the functions that have been found. They are just hardware accelerated AES functions where YOU give the key to use. Similar to the hardware accelerated Atrac3/MP3 decoding functions.

AES is symmetric. It should be possible to encrypt an EBOOT and just put the key in the PBP file which the firmware will use to decrypt when you run it. You can't 'sign' it with the HMAC hash though because that key is unknown and is in the hardware.

Dariusc123456 wrote:If the key can be easily crack, would sony key been crack and found right now? So there is usage of the psp hardware for encrypting and decrypting? And yes, I making an application, but the program along with it im making , I want it to read encrypted files thats made by my program.

The PSP hardware can only do symmetric AES encryption. The key HAS to be stored in your application, so it can be extracted and anyone can encrypt/decrypt your data.

If you implement RSA which is asymmetric, then you can keep the public key in your application so it can only decrypt data. You use the private key in your encrypting application which you keep to your self. Anyone can still decrypt data by extracting the public key, but only you can encrypt data with your other application.