Using this, we have already found where the encrypted keys are stored for SELF's, PKG's, and BD Pairing among other things, more on that in the weeks to come.
Have you also found where keys for HDD are stored? If so, it would greatly help those attempting to decrypt the HDD contents and possibly create a filesystem driver for other OSs.
Even if not, do I read it correctly that you have everything to be able to decrypt SELF files?
Using this, we have already found where the encrypted keys are stored for SELF's, PKG's, and BD Pairing among other things, more on that in the weeks to come.
Have you also found where keys for HDD are stored? If so, it would greatly help those attempting to decrypt the HDD contents and possibly create a filesystem driver for other OSs.
Even if not, do I read it correctly that you have everything to be able to decrypt SELF files?
First, congratulations to RPS for his reverse engineering! This is indeed very good news and I'm very happy to hear that the hash algorithm was RE-ed!
Now I just have a few questions though, what does it mean exactly when you say that you modified the flash? what files can be modified? which files need the ECC? I was under the impression that the files on the flash are not only checksummed but also encrypted and signed.. I don't think you got the certificate, so even if you can provide a valid checksum, you still can't modify signed files...
Or is it that only ELF executables are signed, and there are other files that are not (libraries?) or is it that there is a 'core' application that is unsigned and that's the application that will check the signature, so it's not signed by itself ?
If it is, then isn't it encrypted? wasn't there a chain of trust that will not allow you to modify the flash because the hypervisor/bootloader would check its signature/encryption ?
I'm hoping that all the bootloader/hypervisor did was check the ECC, and that you can modify the kernel/WM which is itself unsigned and does the signature checking.. this way you can hack it to bypass the signature checking..
I would also like to know *how* you were able to figure out where the encryption keys were stored by modifying the flash.
Anyways, thanks for your efforts, and I'm glad we're seeing some advancement from the dev scene! Keep it up!
Files can be swapped with other valid files from other consoles (debug or other retails) then some files can be edited and patched (mac address can be changed and other interesting things can be done).
There are lot of changes that can successfully be done but yes: signed files cannot be modified or the signature is lost.
Files can be swapped with other valid files from other consoles (debug or other retails) then some files can be edited and patched (mac address can be changed and other interesting things can be done).
There are lot of changes that can successfully be done but yes: signed files cannot be modified or the signature is lost.
Cool.. Now i understand what this means as always.. thanks for the awesome job .. i'm gonna go a celebrate a bit ..
Keep up the good job guys!!!
Originally Posted by CJPC
Reply With Quote
...
as always.. thanks for the awesome job .. i'm gonna go a celebrate a bit ..
