Today Spanish PS3 Developer DemonHades has announced news that they may have decrypted the Sony PS3 HDD. We will update the 'rumor' status of this when more questions are answered of course.
Several PS3 Devs including NDT are currently investigating whether the method can be repeated in other PS3 consoles, or just for one console only (possibly brute-forced?) as it's already known the key differs between each.
Below is a picture of a font on the PS3 decrypted, followed by some preliminary (roughly translated) details:
The key is 512bytes is a sha1-4096 (512 bytes per sector). The key is xoreada own... To be sure it was not a simple xor as speculation... text still appears ... /cell_mw_cfs and more text:
The method I can/should I even say it is very close to an update could change the key or decryption/encryption. The first is to investigate all of its content and then go looking at what interests us is that we have to go 40gbs decoding one by one and is not easy.
But since you said that all the published info that this method allows for and is something that decode the hdd, as advice... I will not make an actualizar. It's about read PS3 hdd content (512 bytes xored key has been decoded), by the moment this means that hard disk content could be read, but not all info about this have been revealed.
Well, although we all hope this is true, I do have a few issues with it so far...
For starters, SHA1 is a hashing mechanism , you can't use it to encrypt and decrypt data (not like AES, etc), its a one way hash.
Now, it may be possible that the SHA1 hash (which, is only 160 bytes) is the result of the SHA of some string (as in, the "password"), and the hash is used to decrypt the data, but, it was stated that the key was 512 bytes, not 160 bytes.
Furthermore, I doubt that the "password" would be stored anywhere on the hdd (not encrypted that is), as that would be insanely foolish to do.
Also, the "proof" that was posted so far (a font file), is not proof at all, I will dig up some files and reply with more info on them later.
It Looks like it was vreated in a Hex App. AES is hard to Dyencrypt, 512 is alot more than that Im used to, They could also be using the same concept as the yubico yubikey found at [Register or Login to view links]
Here are a few more pics.. with some more Google-translated Spanish
As you can see, the route not only of redirection (like i said many times) but also the certificates of authentication and validation along with the PS3 Game Key.
In reply to NDT's question there: i'm writing in english because i can't understand spanish at all. can someone explain me if the HDD has been decripted using a method that can be repeated in other consoles or just for 1 console only? (maybe is was just brute-forced or something like that).
The method has to be valid for all, because all do the same function, apart from that.. I understood that certificates were kept in the flash, sony detect that flash were decoded and moved them to hdd, sony ... and now where going to put them?
I speak spanish, so if you want I can translate, it's really hard to follow the thread in demonhades, and it would really help the translation if he wrote better, hehe. Feel free to send me the text and I'll translate
SHA1 can be used to break an encryption ONLY if you are debugging the code and capture enough packets to generate the hash table. this takes ALOT of time and alot of data movement. once you have the hash table its easy to get the hash routine.
SHA1 = 160bit/512bit blocks
SHA512 = 512bit/1024bit blocks... if he PS3 HDD was SHA-512, it won't be getting decrypted anytime in your lifetime, perhaps not even in your childs lifetime. even SHA-256 most likely won't get broken AND you can't tell the difference between SHA-1 AND SHA-256 algos, especially if the data is padded.
Here's the thing.. SHA1 is a one way cryptographic function, once its hashed, it can not be "decrypted" by any known key, short of either having the original, unencrypted data to then re-encrypt and compare, or essentially brute-forcing it, its only going in one direction.
In which case, the PS3 would not use SHA1 "Encryption" to encrypt the files on the hard disk, as there would be no plausible way of decrypting them. Not to mention the fact that, yet again, its creates a hash, it doesn't do any "encryption" per-se.
Yes, the PS3 does use the SHA1 hash function in other areas, but more as a "checksum", to ensure data has not been tampered with, not as an encryption.
Take AES for example, a "two way" system, data can be both encrypted, and decrypted "at will", but straight SHA1 is just a hash, nothing more!
Im mexican if you need any translation I can do it too. Ill stick to the forums as much as I can to translate if needed. Today Im going to see ironmaiden but ill be back around 1 or 2am central time.
All this was posted by demonhades in the last 2 days..
Como vemos muestra la ruta no solo de redireccion(como dije hace muxo tiempo) si no que se ven los certificados de autentificacion y validacion junto con la key del juego para que ps3 lo ejecute.
As we can see we didnt only get the redirection route(like I said a long time ago) this also shows the autentification and validation certificates with the game key for the ps3 to execute.
ummmmm el metodo no lo puedo/debo de decir aun porque esta muy proxima un update que podria cambiar el tipo o clave de descifrado/cifrado.
Lo primero es investigar todo su contenido y luego ir mirando lo que nos interesa,son 40gbs que hay que ir descifrando uno por uno y no es cosa facil jajajja
Pero ya os comento que se publicara toda la info que este metodo permita y sea para algo mas que descifrar el hdd,como consejo.........yo no voy a actualizar.cada uno que haga lo que crea conveniente.
1saludo y paciencia
hmmm.. the method I can't/should'nt tell because theres an update coming soon that could change the type of key to decrypt/crypt.
First thing to do is investigate all the content and look for what could interest us, its 40gbs of things that need to be decrypted one by one and thats not an easy thing to do hahaha
But let me tell you that all the info this method shows will be published and lets hope its for something else than to decrypt the hdd, take my advise and do not update, let everyone do what they see fit.
Paciencia es pronto llevamos 3 dias dia y noche sin parar de hacer pruebas,formateos,extracciones etc
todo a su debido momento
Patience its still soon we only have 3 days wokring day and night without stoping making tests, formats and extractions etc.
everything at its due time.
Esta investigacion lleva ya tiempo,hace 2 aņos...la empece en teknoconsolas y en eol(eol chapo el hilo por ser una tonteria)hay esta el resultado de trabajar sin cesar en lo que te interesa y te gusta....
This investigation has already time on the works, 2 years ago we started in teknoconsolas and eol(I give the link for being a waste of time) theirs the result of working without stoping in something that we are interested and we like.
Previously ifcaro also said:
como q cual es una fuente? :confundido: :confundido:
lo q quiero decir esq deduzco q los datos de la imagen son de una fuente tipografica al haber palabras como Font y Bold xd
EDITO: concretamente "SCE-PS3 NewRodin JPNBold"
What do you mean by what is a font?
What I mean is that I can make out the things of the image are from a typography font because there are words like font and bold XD
Edit: to be specific "SCE-PS3 NewRodin JPNBold"
Demonhades also says...
Bueno para dar mas detalles:
La key es de 512bytes
es una sha1-4096(512bytes por sector)
La propia clave esta xoreada....
Para que quede claro que no a sido un simple xor como se especula.....
Okay to give more details:
The key is a 512bytes key
its a sha1-4096(512 per sector)
The key is xored
To make it clear it hasnt been a simple xor like its believed
Edit: Sorry but the automerge post is making the post difficult to read...
Ifcaro is posting pictures apparently extracted from the hard drive of what he is finding. like the resistance picture.