Maybe someone here can help me.

Discussion in 'PS4 - Hacking & Homebrew' started by P4RI4H, May 19, 2019.

  1. P4RI4H
    OP

    P4RI4H Advanced Member

    Newcomer
    2
    Mar 10, 2018
    United States
    Earth
    So I'm trying to get my RSA key from my ds4 in order to have my titan two pair natively with ps4.
    I'm using the ds4master frome here:
    https://www.psxhax.com/threads/dualshock-4-ds4-ps4-firmware-dump-reversing-tools-by-ds4user.1159/

    I've managed to get most things working, however, it seems I've reached an impasse with my limited python and linux knowledge.
    When I try running the script, I get this:
    Code:
    Traceback (most recent call last):
      File "jedi_crypto.py", line 226, in <module>
        flash = JediFlash('./jedi_flash-Aug_3_2013.bin')
      File "jedi_crypto.py", line 204, in __init__
        s.verify_fw()
      File "jedi_crypto.py", line 210, in verify_fw
        BldrKey().verify(f.read(0x38000))
      File "jedi_crypto.py", line 127, in __init__
        blob = unwrap_key_blob(bldr_key_blob)
      File "jedi_crypto.py", line 101, in unwrap_key_blob
        return HwKey().decrypt_and_verify(blob)
      File "jedi_crypto.py", line 113, in decrypt_and_verify
        def decrypt_and_verify(s, buf): return s.verify(s.decrypt(buf))
      File "jedi_crypto.py", line 106, in decrypt
        def decrypt(s, buf): return AES.new(s.key, AES.MODE_CBC, s.iv).decrypt(buf)
      File "/usr/lib/python2.7/site-packages/pycryptodome-3.8.1-py2.7-linux-x86_64.egg/Crypto/Cipher/_mode_cbc.py", line 246, in decrypt
        raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
    ValueError: Data must be padded to 16 byte boundary in CBC mode
    
    Any help would be appreciated.
     
  2. MostlyUnharmful

    MostlyUnharmful GBAtemp Fan

    Member
    5
    Feb 8, 2018
    Italy
    It doesn't seem a Linux distribution or Python error.

    If you fix the padding error adding the line:
    Code:
    from Crypto.Util.Padding import pad
    at the beginning of the script and modify the "decrypt" function:
    Code:
    def decrypt(s, buf):
        return AES.new(s.key, AES.MODE_CBC, s.iv).decrypt(pad(buf, 16))
    
    you can get further but it eventually fails with a "MAC check failed" error.
     
    KiiWii likes this.
  3. P4RI4H
    OP

    P4RI4H Advanced Member

    Newcomer
    2
    Mar 10, 2018
    United States
    Earth
    I was just thinking to myself that I might need the DS4 Lib here: https://github.com/j0lama/DS4Lib (EDIT: Seems this is only for reading controller inputs after looking)

    There isn't a lot of documentation about either tbh, so I'm trying to piece this all together. I can't seem to find any information about how anyone used it either.
     
    Last edited by P4RI4H, May 19, 2019
    KiiWii likes this.
  4. MostlyUnharmful

    MostlyUnharmful GBAtemp Fan

    Member
    5
    Feb 8, 2018
    Italy
    I've looked briefly on the PSX dev WiKi but didn't found anything related, but usually interesting tidbits are hidden in the pages' "*talk*" section.

    IIRC the Fail0verflow group posted something about a vulnerability found on the DS4...
     
    KiiWii likes this.