Sponsored Links

Sponsored Links

PS3 HDD Decryption PoC From a PC By Flat_z and Glevand Arrives


Sponsored Links
99w ago - Following up on the previous work by PlayStation 3 developer Graf Chokolo, today naehrwert has announced news of a PS3 HDD decryption proof-of-concept (PoC) from a PC as a result of reverse-engineering work done by flat_z and glevand.

Download: [Register or Login to view links] / [Register or Login to view links] (Mirror)

Below are the details (via ps3devwiki.com/wiki/HDD_Encryption), to quote:

Introduction

  • The following information was reverse engineered from LV1, Storage Manager in LPAR1 and sb_iso_spu_module.self.
  • I'm able to decrypt/encrypt my PS3 HDD and VFLASH on PC now.

HDD Encryption

  • XTS-AES-128 is used to encrypt all data on PS3 HDD.
  • XTS is NOT CBC!!! It's AES-ECB with tweak XORing. AES-CBC is impractical for HDD encryption. Each sector can be encrypted/decrypted independantly from other HDD sectors.
  • Good paper about XTS-AES: ntnu.diva-portal.org/smash/get/diva2:347753/FULLTEXT01
  • VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
  • Tweak and data XTS keys are of size 32 bytes but only the first 16 bytes are used.
  • You can set and clear ATA keys with my Linux ps3encdec device driver which i use to test HDD/VFLASH encryption. But be careful, never set/clear ATA keys while some HDD regions/partitions are mounted !!! You will corrupt your data on your HDD !!!

Dumping ATA Keys

  • I modified sb_iso_spu_module.self to dump ATA keys.
  • ATA keys are passed as parameters to sb_iso_spu_module.self.

Program

My SPU program to dump ATA tweak and data XTS keys to PPU memory with spuisofs:

pastie.org/4503109

Result

Test

  • To test your ATA XTS tweak and data keys, you need encrypted HDD sectors. You can either connect your HDD to PC and dump it or use my ps3vuart-tools on Linux and clear ATA keys and then dump it from ps3da. I tried both methods. But make sure you unmount all HDD regions before using ps3vuart-tools to clear your ATA keys.
  • I coded a small application which implements XTS-AES encryption/decryption. XTS-AES paper is a good reference how to implement it.
  • You have to pass the correct sector number in order to get correct results.
  • As you see below in my examples, i pass sector number 0 and sector 8 for VFLASH because VFLASH begins at sector 8 on HDD.
  • Another interesting fact is that you have to swap half-words after encrypting and before decrypting HDD sectors else you will get wrong results. This swapping is not necessary for VFLASH sectors.
  • Another note is that you have to decrypt VFLASH sectors with ATA keys first and then with ENCDEC keys.

Result with 1st encrypted sector from HDD:

Dumping ENCDEC Keys

  • VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
  • You cannot dump ENCDEC keys with sb_iso_spu_module.self. They are set in lv1ldr only (see here: gitorious.ps3dev.net/reversing/lv1ldr/trees/master).
  • I used a modified lv1ldr with my Linux spuldrfs driver and dumped ENCDEC keys.
  • XTS-AES-128 with 128bit tweak key and 128bit data key, just like ATA keys.
  • ENCDEC tweak and data keys are passed to lv1ldr NOT in clear text.
  • ENCDEC keys are computed by lv1ldr with AES-CBC-256 by encrypting 32byte seeds.
  • metldr passes to lv1ldr AES-CBC-256 IV and key which are used to compute ENCDEC keys.
  • I tested my ENCDEC keys with my ps3encdec Linux driver and set them again, and VFLASH was still working fine. As soon as i changed some bits in these keys, VFLASH could not be decrypted properly anymore It means keys are correct.

ENCDEC Key Seeds

  • Use the dumped ENCDEC IV and key to encrypt these seeds and you will get your ENCDEC keys for VFLASH.
  • You can find these seeds in lv1ldr.

Data key seed:

Tweak key seed:

Program

Here is my SPU program which i used to dump ENCDEC keys:

pastie.org/4503119

Result

  • Test run with spuldrfs on Linux 3.5.1

Test

  • To test your ENCDEC XTS tweak and data keys, you need encrypted VFLASH sectors. You can dump it from ps3da starting with sector 8.
  • You have to pass the correct sector number in order to get correct results.
  • As you see below in my examples, i pass sector 8 for VFLASH because VFLASH begins at sector 8 on HDD.
  • The input sector was already decrypted with ATA keys.

Result with 1st encrypted sector from VFLASH:

Finally, from KDSBest: The keys are on wiki why not expose them in your source code naehrwert. The key generation algo is nearly the same as the eid0 key generation algo. Seed AES Encrypt with EID Root key.


I dunno if this works only a idea of a bored man.

Should read the Adress in lv2 for you. Can someone with a PS3 that can try this... I dunno if I can write the SPRG0 with mtspr, but if that is possible you can dump lv2 with this on 3.55. I don't think Sony changed this syscall on higher FWs.




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 33 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

Foo's Avatar
#33 - Foo - 96w ago
Mounting PS3's HDD on PC via Linux by Glevand: ps3devwiki.com/wiki/Mounting_HDD_on_PC

  • The goal is to mount PS3 HDD on PC Linux and make changes to it.
  • Use device mapper for transparent encryption/decryption.

ATA and ENCDEC keys

Read more here: [Register or Login to view links]

Device Mapper


  • A really cool feature of Linux 2.6/3.
  • The device mapper is stackable.
  • You have to enable a couple of new kernel features like device mapper crypto, XTS crypto and so on.

dm-bswap16

  • Swaps bytes in each 16-bit word.
  • It is necessray for HDD/VFLASH encryption/decryption.
  • Tested on Linux 3.5.3
  • GIT repo: gitorious.ps3dev.net/ps3linux/dm-bswap16

What it should look like on a test run:


On a Test with ps3da

  • Tested with Debian LiveCD and Linux 3.4.10
  • xts_aes: gitorious.ps3dev.net/ps3linux/xts_aes



dm-crypto

  • We don't need xts_aes application anymore.
  • Linux kernel does enctyption/decryption of data transparently for us.
  • One of the device mapper features is that it's stackable which is very useful for us.
  • VFLASH is encrypted twice. So we have to create a second DM crypto target based on the DM crypto target for HDD.

HDD Test
Tested on PS3 itself with Debian LiveCD and Linux kernel version 3.4.10 but you can use the same technique on a Linux PC. I was just lazy and it is easier to test on PS3.


VFLASH Test


PS3 HDD Partition Table

  • Now that we can decrypt/encrypt PS3 HDD with Linux, we want to be able to mount HDD/VFLASH regions because only then we can do changes to UFS or FAT filesystems on the HDD.
  • We have to implement PS3 HDD partition table in Linux kernel.
  • The Linux kernel with this feature will create all partition devices automatically in this case and we could mount and modify any HDD regions easily.
  • A new Linux kernel patch is necessary.
  • PS3 partition table is of size 0x1000 bytes.
  • Implemented PS3 partition support in Linux kernel. See patch 0035-ps3-partition.patch here gitorious.ps3dev.net/ps3linux/kernel-patches-35

Test:


Neo Cyrus's Avatar
#32 - Neo Cyrus - 99w ago
It's nice to see so much progress being made recently. My hat's off to you gentlemen.

niwakun's Avatar
#31 - niwakun - 99w ago
with these, we can use my PC to grab files from HDD? Like act.dat and rif files.

pinoytechno's Avatar
#30 - pinoytechno - 99w ago
thanks for sharing this great news to us sir

PS3 News's Avatar
#29 - PS3 News - 99w ago
I have now promoted the news to the main page and +Rep for the update Foo!

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News