So the keys enable a sort of permenant HEN? Why don't they just use the keys to sign a CFW update (thus enabling ISO loading from the XMB) and just run it?
@Schlupi
Not positive on this, but I think EBOOT loading was phased out in the last update in favor of ISO loading. As long as the homebrew was signed though, it could just then run ISOs from the homebrew. Not XMB loading, but still good.
@Schlupi
Not positive on this, but I think EBOOT loading was phased out in the last update in favor of ISO loading. As long as the homebrew was signed though, it could just then run ISOs from the homebrew. Not XMB loading, but still good.
Nices, so we already have the process, we just need to sign it.Rydian said:
Is there any program around that can uncompress eboots so I can see what's inside? If its the ISO with a few extra commands then it won't work, if it IS the game itself then we could be onto a winner here.
Edit: It relies on a load of ISO loader PRXes. Tried loading one of the built ISOs on my hacked PSP 1000. If they were just games, they'd have worked but I got a black screen instead. It probably works like the POPSloader stuff, just wrapping the iso in an eboot container so the XMB can see it.
- Joined
- Apr 21, 2010
- Messages
- 1,221
- Trophies
- 0
- Age
- 28
- Location
- Canada
- Website
- www.gbatemp.net
- XP
- 333
- Country
Mathieulh wont release his psp keys
i want to look for them but i dont have a ps3 (if you need it)
and i dont know where /dev_flash/ is
QUOTE said:
i want to look for them but i dont have a ps3 (if you need it)
and i dont know where /dev_flash/ is
Actually thats pretty stupid. I mean he found something interesting but he does not release it. Of course he may choose if he releases it or not since he found it, but doesn't it feel sad for the people that were happy to hear the news? He better not tell us that he found it, now everyone wants to know but he closes his doors....
- Joined
- Apr 21, 2010
- Messages
- 1,221
- Trophies
- 0
- Age
- 28
- Location
- Canada
- Website
- www.gbatemp.net
- XP
- 333
- Country
that why i hate some peoplebjorno said:
look at geohot
he found them and released them for everyone
just fricking copy/paste the keys so people can use them
He's probably using them himself or given them to other programmers rather than a bunch of n00bs that don't know how to use them, plus here aren't any programs to apply the code to a file.kiafazool said:
Geohots case was different, the tools were already out there.
ThePowerOutage said:
Nah thats not the case. We do not care that he does not release it to EVERYONE, we just hope it gets in the hands of those good developers. But right now it does not seem to be like that case. And about the code and tools? Why would people make tools if he is not even sure if he is going to release it (at the moment he is NOT releasing it at the looks of his replies). Like I earlier said, the code is in HIS hand so he may decide to release it to everyone, only good developers or to nobody. But it is just F*cked, telling people WOOOT I got this amazing thingy but too bad I won't release it, then KEEP IT TO YOURSELF..
WOOOT I FINALLY FIGURED A PANDORA METHOD FOR PSP 3000 AND GO but.. I won't release it (same case, how would you feel?..)
Anybody with interest and a dev brain that would stretch far enough to create the tools will be able to find the keys thanks to his hints. He just found the keys, its not like he'd create a program for creating signed eboots and couldn't be arsed releasing it.
bjorno said:[
WOOOT I FINALLY FIGURED A PANDORA METHOD FOR PSP 3000 AND GO but.. I won't release it (same case, how would you feel?..)
That nothing had changed, and the status quo remained. Plus it's not a Pandora method....
These Keys shouldn't be released and it's sad that Math has given the level of info he has, although most people able to use that knowledge won't just release the keys either....
xist said:bjorno said:[
WOOOT I FINALLY FIGURED A PANDORA METHOD FOR PSP 3000 AND GO but.. I won't release it (same case, how would you feel?..)
That nothing had changed, and the status quo remained. Plus it's not a Pandora method....
You didn't get it lol, I was just telling you how you would feel if somebody found something interesting, spreading news around the internet but not giving anyone. Like IF somebody said that there is a pandora for 3000 but he does not say how and does not release it. I didn't mean that there REALLY is a pandora for 3000.
He just posted it on his twitter, it's everybody else that spread the news everywhere.
He's probably not releasing it publicly because he doesn't want an ISO loader to be one of the first things to come out for it (like the latest HENs had), he may just be making his own tools or giving them to people he can trust to make some stuff.
Speculation, though.
He's probably not releasing it publicly because he doesn't want an ISO loader to be one of the first things to come out for it (like the latest HENs had), he may just be making his own tools or giving them to people he can trust to make some stuff.
Speculation, though.
When a hacker doesn't condone piracy (which many don't), you run into the problem where they find or make something with the intent of legal purposes. In the end though, you get people just creating ways to pirate for the console using what the hacker found or made, completely destroying the purpose for the release.
Kinda sucks for people that want to actually use the hacks for legal purposes such as homebrew, but it has to be controlled because of the piracy.
Kinda sucks for people that want to actually use the hacks for legal purposes such as homebrew, but it has to be controlled because of the piracy.
- Joined
- Dec 24, 2006
- Messages
- 1,023
- Trophies
- 0
- Age
- 34
- Location
- Australia
- Website
- Visit site
- XP
- 166
- Country
You see, Geohot did that because not only is he an egotistical good for nothing attention whore, he knew if he didn't do it, someone else would and take all the credit. He needed his reputation restored after the whole "I give up hacking the PS3 guys."kiafazool said:
I can not promise I will be correct but for a bit of elaboration.
kirk keys seems to be the name for the master keys for the psp, why they were on the PS3 I am not sure (everything I know about such crypto says you keep the master/private keys locked down tight not distributed to X million potentially hostile types)- it is not the same the PS3 stuff that allowed private keys to be derived but that the PSP keys were stored in full on the PSP (presumably for allowing the PS3 to act as a server for PSP code- why they did it that way I am not sure but it is not the first time something has fallen to such silliness (I recall an itunes hack along similar lines some years back)).
All of what follows pretty much comes from kiafazool's post http://gbatemp.net/t272666-psp-keys-dumped...t&p=3371333
/dev_flash/ is unix ish naming/filesystem talk- it means rock up to your PS3 onboard flash memory (dev stands for device- flash means flash).
There is a file system on there as there is with most larger memory spaces.
In the pspemu/release/emulator directory (maybe give or take some version numbers) there is a file called emulator_drm.sprx -prx is a plugin format (sprx is a minor tweak on it) and this is what houses the keys.
The sprx will be encrypted but we have decryption tools now available for various things PS3. There are also IDA modules for them to allow disassembly and presumably a measure of cleanup (IDA is very powerful).
You might be able to sidestep this step given current events and pull it from a PS3 firmware update (assuming it comes with firmware and is not a download).
"get spu_handler.isoself"
Not sure if this is an API or a module for the emulator_drm.sprx module. Simply put though it is likely the code bit of code that handles signing for the PSP stuff.
"decrypt it" seems to imply that it would not have been decrypted in your initial decrypting of the emulator_drm.sprx module. I believe there are SPU/SPE emulators and keys these days if nothing else.
grab keys
If they are not plain text (the starting values that were given being more than enough to tell) or embedded/referenced in an instruction/call now you have decrypted this spu_handler.isoself code you can probably poke a few things (feed a 00000...000h file or something to generate them if you have to- remember encryption is mathematics and signing long lengths of 00s and/or FF's- one or the other at least tends to spit out exact keys) to grab the keys.
Profit- you have the keys but
Looking at the PS3 SELF stuff and assuming the ideas carry across if not the implementation- the header is encrypted which leads to another set of hashes which are signed and stuff like that each with different keys and initialisation vectors (which you now have). The trouble will be figuring out what order each key gets applied in and what sections it gets applied to (and if you are good at this what each section does). Fortunately the emulator_drm.sprx or indeed the spu_handler.isoself also handle this for the PS3 so by stepping through (or emulating) the program/calls you can figure out what order, locations and methods are used at each step and there is no end of sample code to test it out on.
By replicating these steps (presumably as a PC program but in a pinch you might be able to get the PS3 to do your dirty work by hacking the code to do it all) you get to sign code- in and of itself that might not be that useful right away as different formats available to a stock PSP for use and hardware level restrictions will likely crop up which you will need to sort- thinking that despite being readily able to write to PSP3000, unhackable 2000s and PSP GO flash memory you still have the various things to sort as per http://img371.imageshack.us/img371/6698/cpus.png (thanks to others in this post for reminding me of that picture). Nothing terribly difficult to sort given the existing amount of code that does it but not quite a magic bullet.
In conclusion- nothing terribly difficult, can probably be replicated by anyone with basic assembly level hacking skills (it is essentially a play by play) and a beer/nod in the direction of Mathieulh.
kirk keys seems to be the name for the master keys for the psp, why they were on the PS3 I am not sure (everything I know about such crypto says you keep the master/private keys locked down tight not distributed to X million potentially hostile types)- it is not the same the PS3 stuff that allowed private keys to be derived but that the PSP keys were stored in full on the PSP (presumably for allowing the PS3 to act as a server for PSP code- why they did it that way I am not sure but it is not the first time something has fallen to such silliness (I recall an itunes hack along similar lines some years back)).
All of what follows pretty much comes from kiafazool's post http://gbatemp.net/t272666-psp-keys-dumped...t&p=3371333
Code:
Want kirk keys?
1. Go to /dev_flash/pspemu/release/emulator_drm.sprx/dev_flash/ is unix ish naming/filesystem talk- it means rock up to your PS3 onboard flash memory (dev stands for device- flash means flash).
There is a file system on there as there is with most larger memory spaces.
In the pspemu/release/emulator directory (maybe give or take some version numbers) there is a file called emulator_drm.sprx -prx is a plugin format (sprx is a minor tweak on it) and this is what houses the keys.
The sprx will be encrypted but we have decryption tools now available for various things PS3. There are also IDA modules for them to allow disassembly and presumably a measure of cleanup (IDA is very powerful).
You might be able to sidestep this step given current events and pull it from a PS3 firmware update (assuming it comes with firmware and is not a download).
"get spu_handler.isoself"
Not sure if this is an API or a module for the emulator_drm.sprx module. Simply put though it is likely the code bit of code that handles signing for the PSP stuff.
"decrypt it" seems to imply that it would not have been decrypted in your initial decrypting of the emulator_drm.sprx module. I believe there are SPU/SPE emulators and keys these days if nothing else.
grab keys
If they are not plain text (the starting values that were given being more than enough to tell) or embedded/referenced in an instruction/call now you have decrypted this spu_handler.isoself code you can probably poke a few things (feed a 00000...000h file or something to generate them if you have to- remember encryption is mathematics and signing long lengths of 00s and/or FF's- one or the other at least tends to spit out exact keys) to grab the keys.
Profit- you have the keys but
Code:
Keep in mind that keys are useless without their algorithms, so go reverse that (it's also in spu_handler.isoself)Looking at the PS3 SELF stuff and assuming the ideas carry across if not the implementation- the header is encrypted which leads to another set of hashes which are signed and stuff like that each with different keys and initialisation vectors (which you now have). The trouble will be figuring out what order each key gets applied in and what sections it gets applied to (and if you are good at this what each section does). Fortunately the emulator_drm.sprx or indeed the spu_handler.isoself also handle this for the PS3 so by stepping through (or emulating) the program/calls you can figure out what order, locations and methods are used at each step and there is no end of sample code to test it out on.
By replicating these steps (presumably as a PC program but in a pinch you might be able to get the PS3 to do your dirty work by hacking the code to do it all) you get to sign code- in and of itself that might not be that useful right away as different formats available to a stock PSP for use and hardware level restrictions will likely crop up which you will need to sort- thinking that despite being readily able to write to PSP3000, unhackable 2000s and PSP GO flash memory you still have the various things to sort as per http://img371.imageshack.us/img371/6698/cpus.png (thanks to others in this post for reminding me of that picture). Nothing terribly difficult to sort given the existing amount of code that does it but not quite a magic bullet.
In conclusion- nothing terribly difficult, can probably be replicated by anyone with basic assembly level hacking skills (it is essentially a play by play) and a beer/nod in the direction of Mathieulh.
the reason the psp keys where in the PS3 is most likely for the psp minis which are programmed as PSP games, but simple enough for the PS3 to easily emulate.
Similar threads
- No one is chatting at the moment.
-
-
-
-
@
Psionic Roshambo:
Well it helps when you get every Eidos game ever made for like 40 bucks on a 90% off Steam sale lol -
-
@
Psionic Roshambo:
Spent like 200 bucks one year doing that they had all kinds of collections on sale
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
