forums.ps2dev.org

[StreetskaterFU]

Hi, i've think of a full decryption of the semi decyrpted warhawk files. i would try to start a plaintext attack, do u think it would work?

For the test i need the encrypted files,too. They are legal so i would ask if someone can give me a download link?

thanks in advance

streetskaterfu

[jimparis]

No, we do not discuss game hacking here.

[StreetskaterFU]

its not for game hacking its to understand the self files

[kururin]

This wont work anyway, the encryption used in that file is no simple xor algorithm, you need more than a few bruteforcing to get it to plain text, even with the half of it being decrypted.

[d-range]

You cannot plaintext attack public/private key-pair encryption systems like used for the PS3 game code. Depending on the key size (probably 128 bit or more) it will take you somewhere between twenty thousand and 2 billion years before you hit the private key... On average... If you're using a supercomputer.... You have a better chance of finding the private key by disecting the hardware itself, but even then you need insane tools to do it. So if I were you, I'd just give it up.

[gotama]

[Ps3Rips]

d-range is 100% right about needing to attack the hardware.

This is the old school way of opening up consoles to homebrew etc.
Of course Ps2Dev seem to prefer the way of finding holes in the machines logic.

The only problem with the hardware way is that generally its associated with Modchips and that is associated with piracy.

Its really expensive and just like the logic hacking there are only a few people skilled enough to really know how to bypass the security.

Generally and this is a gross understatement you would need to

Remove the top layer of a chip - there are many ways to do this but it usually means getting some acids or using a laser (remembering to try and keep the chip still operational).

The you should end up with something like this



Once you have that then using a very very powerful microscope you can look at the chip in greater detail and you should have something like this.


And once there you can use some specialist tools like a Focused Ion Beam Workstation http://en.wikipedia.org/wiki/Focused_ion_beam
to look at patching the Nands and probing them for keys and other goodies.

Now like I said at the start all of that is way over simplified and also a very costly thing to do. Plus your going to need a nice number of Ps3's to experiment on, plus as much technical documentation you can get your hands on. The last bit about the actual design of the ps3 Hardware wise is not very widley known.

Yes we all know about how many SPE's / Nands etc but I'm talking about mapping documents which explain how the chips are mapped internally.

Anyway you get my point.

Personally I think the Ps2Dev way is more elegant but I also look in awe whenever I see someone open up a chip and grab codes or even inject codes that they are not meant to have access to.

PS None of those chips are from any Consoles and its not my work. I've just seen it done.
_________________
Kicking out a bad guy
Beating up a monster
Fighting against evil
I'll rescue this town

[audi100quattro]

It's insane to even try to "attack hardware" by trying to look at it through a really powerful microscope. What're you going to do, take pictures of half a billion transistors and try to put it all together? Regardless, cryptographic keys aren't stored there, and you'd have better luck trying to decipher IBM's design by signing up to power.org or something. If you could magically do it, you'd pretty much be guaranteeing all hardware design would be done in an opensource way going forward.

Putting a digital oscilloscope to the buses in the ps3 during startup will get you further but considering nobody's even been able to do it to the iphone, it'll be a while before those oscilloscopes even get to most universities. That's assuming what's being sent over the buses isn't encrypted which could be asking too much.

[Ps3Rips]

I'm not talking about just looking down a microscope thats only done so you can identify the differing parts that make up a chip or device.

Usual hardware attacks would be.

* Probing for Electrical glitches:
* Optical Erasure: (UV light)
* Optical glitches: These can sometimes give strange results.
* Bus attacks: Sitting on the databus (As mentioned by you). This method is effective but V hard.

This hardware hacking is the exact same way that Bunny hacked the Xbox back in 2002 (I think he was the first?)

http://www.g4tv.com/screensavers/features/10099/Andrew_Huangs_Hacking_Adventures.html?article_key=10099

The point still being that Hardware is usually quicker and faster at gaining access if you want to take a look at what secrets a machine is holding.
Unless of course there is an obvious software flaw. Which knowning Sony there isn't. (obvious ones that is)
There are software flaws I think I remembering reading about a user here using a Ps2 Homebrew bios dumper to look at the Ps2 Bios updates in the firmware.
And also I'm sure that someone only last week mentioned a security flaw that they had notified sony about almost a year ago that still lay unpatched. Plus you could guess many more that people are not talking about.

Anyway I'm sure that this is a boarderline discussion for this forum. So I'll leave my post there.
_________________
Kicking out a bad guy
Beating up a monster
Fighting against evil
I'll rescue this town

[d-range]

[ralferoo]

[d-range]

[stinkymonkey]

incorrect...
just ring sony for the keys brooo!!
_________________
Yo my ps3 is blacker then you!!!

[jonwil]

I think if Sony and NVIDIA provided a binary blob for the PS3 GPU (same sort of thing as what you get for PC NVIDIA GPUs), most of the reasons for needing to hack the PS3 go away and the only reason to even consider hacking GameOS, game data files, executables or anything else outside of OtherOS would be to pirate PS3 games.

[DONGLECRACKER]

has any progress been made decrypting the warhawk file?

[mc]

jonwil: Not quite. There are a few other applications of a hacked GameOS:

* To get around region protection for PS1 and PS2 games, and BD titles.
* Importing PS1 and PS2 saves from other emulation systems (this can
also be achieved by cracking the signature on PSV files)
* Translation patches and similar for legally owned games.

But as far as PS3 Development (the topic of this forum) is concerned, you
are basically correct.
_________________
Flying at a high speed
Having the courage
Getting over crisis
I rescue the people

[emoon]

Im not really sure if this leads anywhere...
And what is the purpose of understanding the self files? We can already run regular elf files under OtherOS.

[Rex_VF5]

[audi100quattro]

The reason I said "Putting a digital oscilloscope to the buses in the ps3 during startup will get you further.." was because I knew about the xbox hack. :) Stupid encryption.

Trying to understand what ralferoo said, the SPU would still have to be initialized by software to go into the isolated mode, unless it was hardwired to do so, or maybe a combination of the two methods. Can a linux program put an SPU into isolated mode? IBM likely has enough docs out in the open to do this, if more than one SPU can be run in isolated mode at the same time. I just haven't gotten that far, as you can tell..

If having an HD partition (with random data written across it during creation) with keys hidden in the partition (at a pseudo-random location, and moved during startup/shutdown) or in LinuxBIOS or in your head is considered good enough security for Linux [swap] partitions, it could be good enough for the PS3 too.

[emoon]

I have now locked this thread as this forum is "PS3 Development" and not "PS3 Hacking" on more talks about stuff like this in the forum please.