Hacking Maybe someone here can help me.

P4RI4H · May 19, 2019

So I'm trying to get my RSA key from my ds4 in order to have my titan two pair natively with ps4.
I'm using the ds4master frome here:
https://www.psxhax.com/threads/dualshock-4-ds4-ps4-firmware-dump-reversing-tools-by-ds4user.1159/

I've managed to get most things working, however, it seems I've reached an impasse with my limited python and linux knowledge.
When I try running the script, I get this:

Code:

Traceback (most recent call last):
  File "jedi_crypto.py", line 226, in <module>
    flash = JediFlash('./jedi_flash-Aug_3_2013.bin')
  File "jedi_crypto.py", line 204, in __init__
    s.verify_fw()
  File "jedi_crypto.py", line 210, in verify_fw
    BldrKey().verify(f.read(0x38000))
  File "jedi_crypto.py", line 127, in __init__
    blob = unwrap_key_blob(bldr_key_blob)
  File "jedi_crypto.py", line 101, in unwrap_key_blob
    return HwKey().decrypt_and_verify(blob)
  File "jedi_crypto.py", line 113, in decrypt_and_verify
    def decrypt_and_verify(s, buf): return s.verify(s.decrypt(buf))
  File "jedi_crypto.py", line 106, in decrypt
    def decrypt(s, buf): return AES.new(s.key, AES.MODE_CBC, s.iv).decrypt(buf)
  File "/usr/lib/python2.7/site-packages/pycryptodome-3.8.1-py2.7-linux-x86_64.egg/Crypto/Cipher/_mode_cbc.py", line 246, in decrypt
    raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
ValueError: Data must be padded to 16 byte boundary in CBC mode

Any help would be appreciated.

MostlyUnharmful · May 19, 2019

It doesn't seem a Linux distribution or Python error.

If you fix the padding error adding the line:

Code:

from Crypto.Util.Padding import pad

at the beginning of the script and modify the "decrypt" function:

Code:

def decrypt(s, buf):
    return AES.new(s.key, AES.MODE_CBC, s.iv).decrypt(pad(buf, 16))

you can get further but it eventually fails with a "MAC check failed" error.

P4RI4H · May 19, 2019

MostlyUnharmful said:
It doesn't seem a Linux distribution or Python error.

If you fix the padding error adding the line:

Code:

from Crypto.Util.Padding import pad

at the beginning of the script and modify the "decrypt" function:

Code:

def decrypt(s, buf): return AES.new(s.key, AES.MODE_CBC, s.iv).decrypt(pad(buf, 16))

you can get further but it eventually fails with a "MAC check failed" error.

I was just thinking to myself that I might need the DS4 Lib here: https://github.com/j0lama/DS4Lib (EDIT: Seems this is only for reading controller inputs after looking)https://github.com/j0lama/DS4Lib

There isn't a lot of documentation about either tbh, so I'm trying to piece this all together. I can't seem to find any information about how anyone used it either.

MostlyUnharmful · May 19, 2019

I've looked briefly on the PSX dev WiKi but didn't found anything related, but usually interesting tidbits are hidden in the pages' "*talk*" section.

IIRC the Fail0verflow group posted something about a vulnerability found on the DS4...

P4RI4H · Jun 29, 2019

Bump. Anybody get this to work? Would really appreciate it.

Hacking Maybe someone here can help me.

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Popular threads in this forum