Sponsored Links

Sponsored Links

Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27



  1. #21
    Registered User Keeper75's Avatar
    Join Date
    Aug 2010
    Posts
    12
    Sponsored Links
    Sponsored Links
    exactly... that's what i was trying to explain to you - you can have:
    • A file with a encryption algo
    • A file with a authentication algo
    • A file with encryption AND authentication algo

  2. #22
    Contributor tripellex's Avatar
    Join Date
    Jan 2010
    Posts
    187
    Sponsored Links
    Sponsored Links
    lol Guys, guys, I wasn't meaning it would crack MD5 encryption. I meant using a similar setup like what they used, with 200 PS3s brute forcing, we may be able to extract the encryption keys for the Cell. What I meant regarding MD5 was the hash comparison between an encrypted and decrypted EBOOT.BINs of a game, and somehow utilizing that to crack the encrypted EBOOT.

    Now my question is, are the encryption keys for all PS3 games and systems the same? Or are they console-dependent? I would think that every system has a master set of keys, to decrypt any game on any console version on-the-fly.

  3. #23
    Registered User Keeper75's Avatar
    Join Date
    Aug 2010
    Posts
    12
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by tripellex View Post
    lol Guys, guys, I wasn't meaning it would crack MD5 encryption.
    Re-read what i've wrote...MD5 is NOT a encryption algorithm.

    What those researchers have done, was that they were able to create two digital certificates to which they applied an hash hack attack which allowed them to sign the forged certificate so to make it a valid one.

    Authentication
    Let me put it in other terms: imagine that you have a sheet of paper in which you have wrote say, your name, in plain text with your special RED pen (your MD5 hash). Now, someone else comes, see your sheet, and tries to write their own sheet with your name, but with their BLUE pen (their MD5 hash). The text is the same but the color is different. Of course you'll noticed that it's sheet is not the original. (blue vs red doesn't match - aka md5 hash)

    Encryption
    Now, imagine the same concept but instead of using colored pens you used a pencil and you have replaced the letters by numbers in your paper (say 1=A; 2=B, 3=C) and you wrote "123" on it (encryption). Now assume that someone else tries to encrypt his name but they dont know that 1=A,2=B (your encryption scheme) - when you try to decrypt it it won't make sense, hence the decryption will fail.

    So, all in all, you can authenticate and encrypt your documents which are two different things.

    Quote Originally Posted by tripellex View Post
    ...I meant using a similar setup like what they used, with 200 PS3s brute forcing, we may be able to extract the encryption keys for the Cell.
    1st, i seriously doubt that the encryption keys are in plain text (meaning, no encryption)
    2nd, even if they were and assuming that they simply used a MD5 integrity check algo (which they probably don't use - maybe a SHA1 or SHA2), you could theoretically replace their master keys with your own and have them validated online by applying a MD5 hash attack on them.
    Quote Originally Posted by tripellex View Post
    Now my question is, are the encryption keys for all PS3 games and systems the same? Or are they console-dependent? I would think that every system has a master set of keys, to decrypt any game on any console version on-the-fly.
    I would believe that too... but tbh, i don't even own a PS3 - i simply found this forum interesting due to what has been happening in this last days
    Last edited by Keeper75; 08-26-2010 at 01:05 PM

  4. #24
    Junior Member avojps24's Avatar
    Join Date
    Feb 2010
    Posts
    65

    Exclamation

    Quote Originally Posted by tripellex View Post
    I had a few questions, and a thought regarding a tactic to gain access to the isolated SPE. Maybe the more knowledgeable devs can clarify if I'm just talking out of my a$$ here...
    A) We don't know yet, its too early to tell, but if the code were to be executed during or after the runtime secure boot, then it would need a way to bypass/modify the cryptographic-based authentication check process that the runtime secure boot presents.

    According to Kanna Shimizu (the Security Architect for the Cell Broadband Engine) this type of authentication check has many flavors, but one method it uses is "the hardware root of trust" or simply put ; a hardware key that is generated arbitrarily within the LS (local store).

    B) regardless whether the code is booted before or after the RSB, it is not possible to execute a program to successfully brute force calls to the isolated SPE. This mainly due to the fact that this so called "program" would first need to be authenticated by one of the cryptographic-based authentication checks, and as we know the integrity of these authentication checks are highly proficient, as they use both software and hardware based methods to ensure their reliability...

    Even if you used geohot's hypervisor memory exploit or found an exploit yourself, and gained LV1 & LV2 access. and had full control over the PPE , you would still not able to gain access to the isolated spe due to the SPV, RSB, and hardware root of secrecy , thus never having a chance to decrypt the hardware keys, etc.

    C) exactly, the system would halt , thus eliminating any chance of breaking into isolated spe.

    D) let us first try and gain access to the ISPE before we can even think about attempting to decrypt any of their hardware root keys, but to answer your question we do not have any clue to what type of encryption schema the ISPEs use. If I were to guess, it would be one that is NOT easily decrypt-able.

    Here are some reference links to the information I talked about above

    Cell Broadband Engine Security : [Register or Login to view links]

    geohot's exploit: [Register or Login to view links]

    programming apps on the Cell: [Register or Login to view links]

    list of lv1 hypervisor calls: [Register or Login to view links]

    I hope this information has better helped you understand the security of the cell.

  5. #25
    Junior Member avojps24's Avatar
    Join Date
    Feb 2010
    Posts
    65
    looks like sony uses AACS (Advanced Access Content System) type encryption on their blu-ray and digital content.

    [Register or Login to view links]

    [Register or Login to view links]

  6. #26
    Junior Member rumblpak's Avatar
    Join Date
    Feb 2007
    Posts
    28
    Yes, they use AACS on their discs but I guarantee they use other encryption schemes in their hardware than on their discs.

  7. #27
    Junior Member avojps24's Avatar
    Join Date
    Feb 2010
    Posts
    65
    Quote Originally Posted by rumblpak View Post
    Yes, they use AACS on their discs but I guarantee they use other encryption schemes in their hardware than on their discs.
    yes i agree, but it has come to my attention, that sony is possibly using a proprietary encryption scheme for their hardware security. This makes finding any hardware exploits that much more difficult.

 

Sponsored Links
Page 3 of 3 FirstFirst 123
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News