Hermes and Naima on PS3 NPDRM SELFs, Encryption Differs
Today Waninkoko mentioned he agrees with Hermes and Naima's recent views on the discussion of PS3 NPDRM SELFs, how their encryption differs, GeoHot and what PS3 Firmware 3.60 may bring to combat PlayStation 3 hackers.
Below is a rough translation from Elotrolado, to quote:
I like to play magic, astrology and / or fortune-telling, so what is written below is not from any of the three.
The first consequence that will bring the firmware 3.60 is that all applications signed with the utility in make_self_npdrm created by Geohot stop working.
Oh Wait! That's not what I had said 'sceners' by the mouth of all are phrases like 'are key signed with Sony, you can not do anything'
That would be true if they were well signed, but the truth is that they are not.
Without going into deep detail about how the Sony npdrm I will explain briefly, when Sony makes the process to generate an executable npdrm valid, generates a random key pair unique for each executable, those keys are encrypted with the ERK + npdrm RIV, which is available reverse-engineering the firmware PS3 coded counterpart obtaining them.
The keypair is encrypted then clear the rest of the encrypted file and its counterpart is included as such in the header. The ERK + RIV npdrm Sony counterpart to decrypt the header and get the keypair clear after which we can follow the rest of the decryption process of the application.
I have intentionally omitted details, but I think the important concept is clear.
Geohot with cheap excuse not to encourage piracy has never published the key then Sony would decrypt all npdrm. That would be honest if it came from someone else, but in the case of a megalomaniacal egomaniac we suspect other hidden agendas.
Kakaroto said recently that "now the hackers we must also reverse engineer Geohot both work as that of Sony's as clear sign of his displeasure toward Geohot control policy.
My general definition of piracy would be the misappropriation of something in order to obtain personal benefit Geohot just what has been done.
Have you used the keys and the Sony code to position a checkpoint in the 'scene' for PS3, be he who decides who can do the rest of us.
Hypocrisy has been used at will as best suited him, we do not condemn it piracy on one hand but on the other metldr the key post because it is a contradiction.
Has clearly used his position to a position from childhood, I think Geohot has seen too many movies, openly seek work, the sad reality is that in the professional world or for fellow would not today. If you want to work professionally is formed first.
The question of its usefulness in make_self_npdrm is that it uses a keypair static since it does not include the ERK + RIV Sony npdrm keypairs can not generate random for each file.
Has other errors, such as creating blank File Digest, which are unmistakable signs that the executables created are legitimate, but these other errors could be corrected by any competent programmer. However, the static keypair has no solution without the ERK + RIV npdrm Sony.
Sony is therefore extremely easy to block the execution, blacklist, all executable to use that keypair, and Geohot knows.
In fact in your source code includes a request to Sony: 'Please do not add to blacklist the key pair that I use, I have offered applications lack the ability to decipher the npdrm'
If we add your child open and work order which I have mentioned, I feel the urgent need to address a question to Geohot, the same question is also the desire of all employees and people who are part of Sony and I even think that part of the user community.
Geohot, kid, "Are you stupid or you do it? just that I thought a few days ago +risas
In addition, the patch is applied by mounting the flash in writing, decoding module, it gets the patch messed with the payloads for pkgs (four bytes), re-encrypts it and writes it to the flash.
This is just watching the elf text strings with a hex editor (the syscall to mount the device is published in [Register or Login to view links]
Sys_storage_util_mount 837 (?) Parameters: Device Name (eg CELL_FS_IOS: BUILTIN_FLSH1) Device File System (eg CELL_FS_FAT) Device Path (eg / dev_flash), 0, Write Protection (0 or 1), 0, 0, 0
Of course, what I do is I can not control 50 areas and 50 fregaos get into, because at the end, I can find a mess that can not leave (other than each has its strengths and weaknesses.) Thing, is that all of our own solve the puzzle and all methods are public and that each work on what you like most independent of the others.
I certainly hoped to have the functional fail0verflow tools that allow me or others, to create the necessary code, but it certainly was very much in disagreement with the path taken by geohot to guard things, basing his work on the part of work of others. That makes a pass at a small application, but not something that requires the best minds and some tranaparencia for anyone charged with the responsibility and does not wither.
A big companies we give a crap: I do not care if you're brilliant or mediocre, if you're black or white glove: we all get into the same bag and say the same for all: the mess that was previously head better. And if not interested in the game, not to intervene.
So it's understandable that people be careful not to look for trouble, but it is understandable that you do your job, you keep it and you become solely responsible for certain things that are happening, because then, you cut what hangs and what does not hang as well, do not farm your friends and how to proceed, you prevent this forward and put others at risk trying to do the same as your own + the boot.
PD: Anyway, I do not want to lose, for us and much to gain and dismantle the arguments of SONY or most of their arguments, but also to be scared enough to do what I should have done from the beginning : o nothing, or what others are doing in this regard.
Waininkoko adds the following: "Totally agree.
By the way, what a surprise when I told you about the XML and then saw Finally, geohot has done the same thing I already got done, but in a different way."
I have paid for every game that has been released for the PS3 do the math I use multimanager because I can install the games to my PS3 so I don't wear out my $40 blu-ray laser "believe me I have replaced several PS3 lasers" also games load 2x faster.
If Sony "BANS" my ps3 I will not end well because I have all my games registered at playstation.com so lets see who strikes first.
If they stopped complaining about geohot and actually did some reversing perhaps they would find the npdrm keys. At this stage geohot is making the others devs look like noobs. And good on him for trying to block piracy!
programs signed by geohots tool are identifiable by sony (intentionally by the sounds of it) and will probably stop working in the next firmware update, depending on how sony play their hand. Somewhere there is a note from geohot 'Please do not add to blacklist the key pair that I use' demonstrating that he knows its possible, but he has not let the whole cat out the bag, just enough for homebrew.
This will probably strengthen his court case, and there are probably more points we don't know about yet in his favour too. Obviously he's been waiting for this to happen and is prepared. And something about his ego blah blah blah.
Regarding Geohotz own signed programs being detectable by $ony. If you read the charges $ony has brought to the table.
18 U.S.C. § 1030(a)(7)(B) – Intent to Extort
18 U.S.C. § 1030(a)(7)(B) – Intent to ExtortFinally, SCEA will likely prevail on its claim under §1030(a)(7)(B), which prohibits“intent to extort from any person any money or other thing of value” by threatening “to obtaininformation from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer withoutauthorization or by exceeding authorized access.” Hotz violated this provision when, in thesame post in which the published SCEA’s Keys, he attempted to obtain from SCEA “a thingof value” in the form of employment.
So Hacker one day, Anti-Hacker the next. Someone with a mind like GeoHotz is dangerous within the scene. Devs be careful and keep anonymous within the scene and end open source unless trusted.
His CFW was a CV to $ony, shame it failed and now allows piracy within the operating system. I would say hes not getting a job but depends how bad he wants it and who will he sell out to get it. My advice is to forget the dongle free Jailbreak and work on a CFW based on there newest firmware with jailbreak ability intact so we have a choice to run it with JB or without. (3.41) is still the holy grail in the Ps3 scene.
There is no note, his files (which all use the same key pair) are like a note (Like: "Hey, I use always the same key pair, so that I can control the apps and stop piracy so please don't ban my key pair").
Sounds that way to me. Lots of holier than thou BS. It reeks of almost jealously. Noone MADE anyone update to his firmware. If you did and are not happen, welcome to the world of consequence. As a wise man once said on Youtube, they'll never be the same.
I don't bash any devs taking their time to build tools and find these things out, but it makes me pretty sick when one of them takes some heat, and the rest point and snicker like "Yeah we told him not to do that."
From day 1, there was the piracy crowd already upset that the firmware won't load backups. Awww... I'm sure you all had dongles already if that was your intent. Real work on homebrew and emulators, which is the real goal of this scene (or do you just want to run code done by others and not pay for it?) has been overshadowed by the holy grail of the ability to load backups.
I suspect if devs had more ability than Geohot at this point, there would already be running backups and tool that any noob with a tutorial and the will could pull off.
As a nice side effect, those who just really wanna play that torrented GT5 now have to wait for more handouts by the scene, or actually get to work in understand the internals of this device. Where are the handouts? They'll be awhile, the devs are too busy writing butthurt posts about Geohot.
On a serious note, devs, you come off looking bad, even if it's not your intent. You can work in a united scene, and disagree on methods civilly, or you can continue with what you're doing now.
By nature, pirates are very impatient. I want it all, and I want it now, and why don't I have it yet? The progress in the past few weeks has been SHOCKING. Personally, I'd like to give it up to anyone who has written a tool, exploit, tutorial, or intelligent forum post. I'd rather focus on what I CAN do now as a result of this work, rather than what I cannot, and I'd suggest many of you start doing the same.