Sponsored Links

Sponsored Links

Results 1 to 10 of 10



  1. #1
    Senior Member SCE's Avatar
    Join Date
    Jan 2009
    Posts
    172
    Sponsored Links

    Question PES 2009 Gamesave decryption possibility

    Sponsored Links
    Hi, a dude has done some investigation and found something interesting that i think the devs here should look into:
    Quote Originally Posted by stadicon
    I am a PES and NBA 2K modder for PC. Last few weeks i did a research conserning the possibilities of Game Saves editing on PS3 and i tried to find a way to read the Option File of PES 2009 comparing the PC save and the PS3 one. So, i came accross some interested clues:

    1) The size of PC and PS3 save file is identical (kind of).
    2) Through the simple process of editing (in-game), saving and comparing i found out that OF of PS3 is almost identical to the one on PC but encrypted. For instance, every time i change a player's data, an 128-bit section changes in the PS3 save file. This section, is in the same position of the file, as the position of this player data on the PC save!

    So here is my though:
    If we have a default Option File for PES 2009 (didn't test for 2010, yet) we can be almost sure it will be identical to the default on PC (which is unencrypted). So, knowing the original data and the final encrypted data, and having the ability to change a byte of the original data and compare the change on the encrypted, is it possible to find the encryption method and the key?

    I know, it's not easy. But there is a possibility here: the enryption block is just 128-bit size. So, that means we can compare many 16-byte blocks to each other and we can focus on decrypting just 16-bytes, instead of the whole file! We know 16 original bytes and the 16 encrypted bytes. If we find the method for those 16 bytes, we can do it for all the file and maybe we find the method for many other game saves of PS3!

    So, anyone who knows about encryption and stuff, could help about this subject?
    He has uploaded the save files: [Register or Login to view links]

    Credist to: stadicon
    Attached Files Attached Files

  2. #2
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by stadicon
    So here is my though:
    If we have a default Option File for PES 2009 (didn't test for 2010, yet) we can be almost sure it will be identical to the default on PC (which is unencrypted). So, knowing the original data and the final encrypted data, and having the ability to change a byte of the original data and compare the change on the encrypted, is it possible to find the encryption method and the key?

    I know, it's not easy. But there is a possibility here: the enryption block is just 128-bit size. So, that means we can compare many 16-byte blocks to each other and we can focus on decrypting just 16-bytes, instead of the whole file! We know 16 original bytes and the 16 encrypted bytes. If we find the method for those 16 bytes, we can do it for all the file and maybe we find the method for many other game saves of PS3!
    The biggest problem with this is - its still nearly impossible. Assuming we knew the algo that was used (which, we don't), not to mention any possible signing on the save file itself (a hash check), and Sony's fondness of HMAC+SHA1 - on top of all that is - we don't have the key.

    For all we know, part of the save key in these cases could be based off the PSID, Mac, Serial # - whatever. Although it is quite interesting that the files are just about the same, trying to compare and crack with today's modern encryption techniques is not feasible - at least not with todays current computing power.

  3. #3
    Contributor xhugox's Avatar
    Join Date
    Jan 2009
    Posts
    32
    Sponsored Links
    Sponsored Links
    I think the biggest problem is not to find a way to run a piece of code by some kind of exploit, but to encrypt the code we want to run.

    Think about it like this; even if we find a way to run our own code, it is not encrypted/signed, so the PS3 will try to decrypt it again and thus creating jibberish. I'm even pretty sure the devs already found a way to run random signed code, the problem is, they do not have signed code they can run.

    So, being able to run code is useless as long as we do not have anything we can run.

  4. #4
    Banned User hosmy's Avatar
    Join Date
    Oct 2008
    Posts
    56
    Quote Originally Posted by xhugox View Post
    I think the biggest problem is not to find a way to run a piece of code by some kind of exploit, but to encrypt the code we want to run.

    Think about it like this; even if we find a way to run our own code, it is not encrypted/signed, so the PS3 will try to decrypt it again and thus creating jibberish. I'm even pretty sure the devs already found a way to run random signed code, the problem is, they do not have signed code they can run.

    So, being able to run code is useless as long as we do not have anything we can run.
    If its about savegames like the title says then get some games with unsigned/unencrypted data and forget about "biggest problem to encrypt the code"

  5. #5
    Contributor xhugox's Avatar
    Join Date
    Jan 2009
    Posts
    32
    Oh there are unencrypted/unsigned games?

    Why don't we just replace the game's executeable with our executeable?

  6. #6
    Banned User Arnie Pie's Avatar
    Join Date
    Jun 2007
    Posts
    42
    Quote Originally Posted by xhugox View Post
    Oh there are unencrypted/unsigned games?
    The poster was referring to there being games whose saved game data is unencrypted/not-machine-locked..

  7. #7
    Banned User DSpider's Avatar
    Join Date
    Nov 2007
    Posts
    37
    Quote Originally Posted by xhugox View Post
    Oh there are unencrypted/unsigned games?

    Why don't we just replace the game's executeable with our executeable?
    Even if there were (and Blu-ray burners were affordable) the homebrew burned discs would have to be written with extra sectors for the copy-protection system in the PS3 to recognize them as "legit".

    HIDDEN sectors which retail burners don't have access. It's not new technology.

  8. #8
    Banned User hosmy's Avatar
    Join Date
    Oct 2008
    Posts
    56
    Hidden? Every blank (bluray,dvd,cd) is pre-pressed and contains a so called "header" with information such dye, blank type (ex: dvd-r or dvd+r), writing speed, space (650mb cd or 700mb), ID, manufacture, and so on which every console read them at boot.

    The point is we can't delete or owerwrite these informations, and if we could, dvd-rw would reconize as nothing or no disc so they are vital for burners. We already have DAO96 to write subchannels but no luck. I don't think is about hidden sectors

  9. #9
    Senior Member SCE's Avatar
    Join Date
    Jan 2009
    Posts
    172

    Lightbulb

    There are unencrypted files on the HDD, so why can't we replace them? Hash protection?

    http://www.ps3news.com/ps3-hacks-jai...-demo-for-ps3/

  10. #10
    Contributor djpelle's Avatar
    Join Date
    Mar 2007
    Posts
    9
    maybe this helps some devs for the pes savegame decryption i found in the eboot of all pes games on ps3 this key 5accceb27cfaaf9a9e9dcff478640bb3.

 
Sponsored Links

Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News