Thanks to graf_chokolo who made public the PS3 master key (46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2). With said key we’re able to generate our own dongle ID keys — ones that Sony hasn’t revoked. And to do that: Xtse’s PS3 Dongle ID Key Generator. Two versions are available — one for Windows and one for Linux. And I gotta say congratulations to hack master chokolo, that’s some real nice HV work in the past couple weeks.
The key used for PS3 downgrade dongles currently sold is typically 0xAAAA; the same can be said for PSGrade. Sony can revoke keys of their choice with firmware updates, potentially leaving you hack-less. Now that graf has discovered the “master key” we can generate our own dongle keys and keep on entering factory/service mode … should that lead to other hacks down the road.
Cheers!!!!!
Happy new YEAR 2011.....
Wednesday, January 19, 2011
PSP Master Key
Mathieulh Found The PSP Master Keys! Can sign anything PSP now!
First it was the PS3 that had its master key’s uncovered. Now Mathieulh has posted he found the PSP master keys in the PS3 system. The Kirk key’s as they are called.
Quoting Mathieulh via his twitter
" I can encrypt/sign anything on psp now"
What does this mean now for the scene? Well big changes, very big. PSP dev’s can now sign there own homebrew as if they were Sony. That means they will run on any PSP! Any homebrew, PRX, Eboot’s and Custom Firmware too.
Did you know? Kirk Keys, The hardware crypto engine responsible for almost all aspects of the PSP’s security, including decryption of eboots & prx’s, savefile and adhoc encryption, and idstorage verification. Named after Captain Kirk of Star Trek.
First it was the PS3 that had its master key’s uncovered. Now Mathieulh has posted he found the PSP master keys in the PS3 system. The Kirk key’s as they are called.
Quoting Mathieulh via his twitter
" I can encrypt/sign anything on psp now"
What does this mean now for the scene? Well big changes, very big. PSP dev’s can now sign there own homebrew as if they were Sony. That means they will run on any PSP! Any homebrew, PRX, Eboot’s and Custom Firmware too.
Did you know? Kirk Keys, The hardware crypto engine responsible for almost all aspects of the PSP’s security, including decryption of eboots & prx’s, savefile and adhoc encryption, and idstorage verification. Named after Captain Kirk of Star Trek.
6.31 HEN and 6.35 HEN released for Minna no Sukkiri demo exploit!
Virtuous Flame aka Vflame and Coldbird’s HEN for 6.31 and 6.35 have been released! The ones that were stuck on 6.31 or 6.35 Firmware, this is what you have been waiting for! Your now part of the HEN party that’s happening. Instructions on how to use it below:
1. First download the correct HEN for your version of firmware either HEN for 6.31 or HEN for 6.35 (below)
2. Download and install HBL rev 112 for Minna no Sukkiri demo exploit
3. Download the Minna no Sukkiri PSP Demo and save data exploit. Extract the folder UCJS10094.zip to PSP/SAVEDATA
4. Now in the HBL directory hbl/menu/EBOOT.PBP overwrite this eboot with the appropriate HEN version for your Firmware 6.31 or 6.35
5. Start the Minna no Sukkiri, load HEN and enjoy homebrew!!!
Yes ISO loaders like Prometheus ISO Loader do work on 6.31 HEN & 6.35… But remember legal ISO backup’s or you shall burn in HELL.
1. First download the correct HEN for your version of firmware either HEN for 6.31 or HEN for 6.35 (below)
2. Download and install HBL rev 112 for Minna no Sukkiri demo exploit
3. Download the Minna no Sukkiri PSP Demo and save data exploit. Extract the folder UCJS10094.zip to PSP/SAVEDATA
4. Now in the HBL directory hbl/menu/EBOOT.PBP overwrite this eboot with the appropriate HEN version for your Firmware 6.31 or 6.35
5. Start the Minna no Sukkiri, load HEN and enjoy homebrew!!!
Yes ISO loaders like Prometheus ISO Loader do work on 6.31 HEN & 6.35… But remember legal ISO backup’s or you shall burn in HELL.
Sony to announce PSP2 in Japan come January 27th
VG247 and various other websites are all claiming that Sony will announce the PSP2 this month in Japan. January 27th is the date set. This move makes sense as Nintendo is set to release their Nintendo 3DS this year so Sony really need something up their sleeves. That something is the PSP2.
First Signed OFW PSP Homebrew demo. Runs without hacks!
PSP Developer kgsws has released the first signed homebrew. This ones big for the homebrew scene. Why? Well its requires no hacks to run. No Custom Firmware, HBL or HEN needed here. Mission accomplished, homebrew on any PSP hacked or not.
Just make a directory in PSP/GAME and then place this eboot in it and run from the XMB! Nice, hopefully this will now lead to homebrew games and applications that can be run on all PSP’s hacked or not hacked.
Just make a directory in PSP/GAME and then place this eboot in it and run from the XMB! Nice, hopefully this will now lead to homebrew games and applications that can be run on all PSP’s hacked or not hacked.
Custom Firmware v3.55
Custom Firmware v3.55 for PS3 released By Waninkoko
What you've all been waiting for...
A custom firmware for v3.55 PS3 that enables Backup Manager support + Online!
Released of course by long time very solid scene developer Waninkoko!
What you've all been waiting for...
A custom firmware for v3.55 PS3 that enables Backup Manager support + Online!
Released of course by long time very solid scene developer Waninkoko!
6.35 HEN signed? Can be run from the XMB. No HBL required!!!!
With the recent signing of apps or using a demo’s signed container Liquidigong has posted he has signed 6.35 HEN (also 5.03 HEN) So it looks as if we are soon going to be able to launch 6.35 HEN right from our XMB’s soon. No need to run the save data exploit first then HBL. Good news. As far as I can see on the avg9 forums liquidgong posts on, no release yet. But we will let you know as soon as 6.35 HEN signed is released
IPhone 5
RUMORS...
The iPhone 5 is expected to launch this summer!!!!
iPhone 5 -- a completely redesigned handset -- which our sources say is on track for a summer launch. Right now, the device is being tested discreetly by senior staff at Apple (strictly on campus only). We don't have much info on the phone at this point, but our understanding is that the new device will be a total rethink from a design standpoint and will be running atop Apple's new A5 CPU (a Cortex A9-based, multi-core chip). This device, like the iPad 2, will feature a Qualcomm chipset that does triple duty as the CDMA / GSM / UMTS baseband processor -- from what we hear there's no LTE in the mix at this point.
The iPhone 5 is expected to launch this summer!!!!
iPhone 5 -- a completely redesigned handset -- which our sources say is on track for a summer launch. Right now, the device is being tested discreetly by senior staff at Apple (strictly on campus only). We don't have much info on the phone at this point, but our understanding is that the new device will be a total rethink from a design standpoint and will be running atop Apple's new A5 CPU (a Cortex A9-based, multi-core chip). This device, like the iPad 2, will feature a Qualcomm chipset that does triple duty as the CDMA / GSM / UMTS baseband processor -- from what we hear there's no LTE in the mix at this point.
What a HEN?
Halfway between the CFW and eLoader (Eboot Loader, ie Eboot loader), a HEN (Homebrew Enabler) is a program to temporarily patch the RAM of the PSP. Ce patch désactive plusieurs sécurités implantées par Sony , et ouvre les portes vers le lancement d'un grand nombre d' homebrews , qui peuvent exploiter la majorité des fonctions de la PSP. This patch disables several security established by Sony, and opens the door to the launch of a large number of homebrew, which can operate most functions of the PSP. Le HEN se différencie d'une part de l'Eloader car il permet de lancer des homebrews depuis le XMB, et d'autre part, du Custom Firmware traditionnel car nous devons relancer le HEN à chaque redémarrage de la console. HEN differs from one part of Eloader because it allows to run homebrew from the XMB, and secondly, the traditional custom firmware because we need to revive the HEN each time you restart the console.
HEN continues to grow, and that makes all the happiness of PSP owners equipped with firmware 6.20
HEN continues to grow, and that makes all the happiness of PSP owners equipped with firmware 6.20
PS3 in History
PS3 in History....
The PlayStation 3's security has been broken by hackers, potentially allowing anyone to run any software - including pirated games - on the console
A collective of hackers recently showed off a method that could force the system to reveal secret keys used to load software on to the machine.
A US hacker, who gained notoriety for unlocking Apple's iPhone, has now used a similar method to extract the PS3's master key and publish it online.
Sony declined to comment on the hack.
"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.
"This is as bad as it gets - someone is getting into serious trouble at Sony right now."
The group, which has previously hacked Nintendo's Wii and says it is vehemently against games piracy, said that it had developed the hack so that it could install other operating systems and community - written software - known as homebrew - on the powerful machine.
"The details we provided and information and techniques we disclosed would have been enough to install Linux," he said. "We have no interest in piracy."
Following the presentation, US hacker George Hotz, who has previously hacked parts of the console, used a similar technique to extract the master key. He has now published it on his blog.
This formerly secret number is used to "sign" all games and software that run on the system, to authenticate that it is genuine and approved by Sony.
However, once the key is known it can be used to sign any software - including unofficial software and games.
"I hate that it enables piracy," said Mr Hotz. "The publication of the key is more academic than anything else."
The number also works for Sony's handheld console the PlayStation Portable, said Mr Hotz.
Developers have already started releasing tools to develop new software for the PS3 using the hacks.
'Valid target'
The PS3 - once regarded as the most secure of the game's consoles, and the only one not to have been permanently cracked - has in the last 12 months come under increasingly scrutiny from hackers.
In January 2010, Mr Hotz claimed to have cracked the console.
Following his initial announcement, Sony released an update disabling a function, called OtherOS, that allowed gamers to install a version of Linux on their machines, thought to have been exploited by Mr Hotz.
Many saw it as a pre-emptive strike to guard against games piracy.
Mr Hotz never released the exploit and publicly said that he had stopped work on the console.
But Sony's removal of OtherOS prompted other hackers to begin to look at the system more closely.
"It became a valid target," pytey told BBC News. "That was the motivation for us to hack it."
He said the team had spent "months" trying to find their way into the system.
"It was not trivial to do this," he said.
In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.
"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.
"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."
But the team found that Sony had made a "critical mistake" in how it implemented the security.
"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.
"However, Sony wrote their own signing software, which used a constant number for each signature."
This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.
"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.
The team decided to publish its method but not the keys.
After the team revealed their hack, Mr Hotz said that he was prompted to renew his work on the system.
"What fun is a race if no-one else is running," he said. "fail0verflow did great work - they took it up a level."
Using a similar technique he was able to extract the entire master key for the system, which he subsequently publish online along with a demonstration of it in action.
However, he has not released the method he used to extract the key.
"There is no reason to," he said.
However, he said that he may release a piece of software that will allow people to easily sign their own pieces of software and homemade games - known as homebrew - on to the console.
"I have a program running but am thinking of a good way to release it," he said.
Like fail0verflow, he said that he does not condone games piracy.
"I do not want it to be able to sign official Sony programs. I'd like it just to be able to sign homebrew."
fail0verflow said it "disagrees" with Mr Hotz's decision to release the key, saying that it expects them "to make piracy easier without accomplishing intrinsically useful".
Legal worry
Sony takes a dim view of people hacking its system.
Last year, a team released a USB dongle called PSjailbreak that contained software that allowed gamers to play homemade and pirated games on the PlayStation 3.
Sony updated its consoles to block the software and took legal action against distributors in many countries.
However, according to pytey, it may not be so easy to fix the problem this time.
The only way to fix this is to issue new hardware," he said. "Sony will have to accept this."
He said that he thought his group was on safe legal ground with its work.
"I haven't stolen anything," he said. "It's my own hardware, I can run whatever I like on it.
But Mr Hotz was more cautious.
"I'm scared of being hit with a lawsuit," he admitted.
The PlayStation 3's security has been broken by hackers, potentially allowing anyone to run any software - including pirated games - on the console
A collective of hackers recently showed off a method that could force the system to reveal secret keys used to load software on to the machine.
A US hacker, who gained notoriety for unlocking Apple's iPhone, has now used a similar method to extract the PS3's master key and publish it online.
Sony declined to comment on the hack.
"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.
"This is as bad as it gets - someone is getting into serious trouble at Sony right now."
The group, which has previously hacked Nintendo's Wii and says it is vehemently against games piracy, said that it had developed the hack so that it could install other operating systems and community - written software - known as homebrew - on the powerful machine.
"The details we provided and information and techniques we disclosed would have been enough to install Linux," he said. "We have no interest in piracy."
Following the presentation, US hacker George Hotz, who has previously hacked parts of the console, used a similar technique to extract the master key. He has now published it on his blog.
This formerly secret number is used to "sign" all games and software that run on the system, to authenticate that it is genuine and approved by Sony.
However, once the key is known it can be used to sign any software - including unofficial software and games.
"I hate that it enables piracy," said Mr Hotz. "The publication of the key is more academic than anything else."
The number also works for Sony's handheld console the PlayStation Portable, said Mr Hotz.
Developers have already started releasing tools to develop new software for the PS3 using the hacks.
'Valid target'
The PS3 - once regarded as the most secure of the game's consoles, and the only one not to have been permanently cracked - has in the last 12 months come under increasingly scrutiny from hackers.
In January 2010, Mr Hotz claimed to have cracked the console.
Following his initial announcement, Sony released an update disabling a function, called OtherOS, that allowed gamers to install a version of Linux on their machines, thought to have been exploited by Mr Hotz.
Many saw it as a pre-emptive strike to guard against games piracy.
Mr Hotz never released the exploit and publicly said that he had stopped work on the console.
But Sony's removal of OtherOS prompted other hackers to begin to look at the system more closely.
"It became a valid target," pytey told BBC News. "That was the motivation for us to hack it."
He said the team had spent "months" trying to find their way into the system.
"It was not trivial to do this," he said.
In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.
"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.
"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."
But the team found that Sony had made a "critical mistake" in how it implemented the security.
"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.
"However, Sony wrote their own signing software, which used a constant number for each signature."
This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.
"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.
The team decided to publish its method but not the keys.
After the team revealed their hack, Mr Hotz said that he was prompted to renew his work on the system.
"What fun is a race if no-one else is running," he said. "fail0verflow did great work - they took it up a level."
Using a similar technique he was able to extract the entire master key for the system, which he subsequently publish online along with a demonstration of it in action.
However, he has not released the method he used to extract the key.
"There is no reason to," he said.
However, he said that he may release a piece of software that will allow people to easily sign their own pieces of software and homemade games - known as homebrew - on to the console.
"I have a program running but am thinking of a good way to release it," he said.
Like fail0verflow, he said that he does not condone games piracy.
"I do not want it to be able to sign official Sony programs. I'd like it just to be able to sign homebrew."
fail0verflow said it "disagrees" with Mr Hotz's decision to release the key, saying that it expects them "to make piracy easier without accomplishing intrinsically useful".
Legal worry
Sony takes a dim view of people hacking its system.
Last year, a team released a USB dongle called PSjailbreak that contained software that allowed gamers to play homemade and pirated games on the PlayStation 3.
Sony updated its consoles to block the software and took legal action against distributors in many countries.
However, according to pytey, it may not be so easy to fix the problem this time.
The only way to fix this is to issue new hardware," he said. "Sony will have to accept this."
He said that he thought his group was on safe legal ground with its work.
"I haven't stolen anything," he said. "It's my own hardware, I can run whatever I like on it.
But Mr Hotz was more cautious.
"I'm scared of being hit with a lawsuit," he admitted.
Subscribe to:
Comments (Atom)