MD5 or SHA 2 firmware check. Anti-pirate.

**lewk** · 01-31-2011,08:16 PM

So I'm kinda new to the whole encryption thing but, i think i have a decent grasp. So could Sony run a hash check on your firmware while you're logged on?
So if you have CFW obviously the hash would be different then the OFW. Would this be feasible, and if not why not?

**lewk** · 02-01-2011,01:04 AM

First bump, second,setting aside the limitation of network bandwidth consumption. because i pose this in the theoretical situation that programmers are able to send falsified lists of recent activity to Sony (stealth patching). because it was determined through packet sniffing that some data of activity is transmitted. Also i ask if the method of figuring the private key was similar to the way wep was cracked. because the idea was that a non random seed value was use to generate public keys. where i believe the root key is the private and the firmware keys are public which can be revoked through an internal certificate authority. Wep was cracked because IV values repeated them selfs so using enough packet with the same iv yielded a router password. the main question becomes is this seed value a like salt or an iv or neither. and could Sony revoke the private keys. actually thats like three questions all together but i would like to understand.

**lewk** · 02-01-2011,01:12 AM

or lets say i'm mixing different aspects of cryptography let me know that as well. its difficult to wrap my head around.

**ichibaka** · 02-01-2011,02:21 AM

1. with 3.56 ofw it's likely since there's an option for $hitny to install a rootkit and remotely run any code on your ps3.

2. Presumably egoho has the public private key, and I think team fail0verflow also has it but no real proof. Atm though no one else has figured out how to get the real private key, so if it is as easy to crack as WEP every script kiddies on the block would have already been bleeding it like a pig.

3. $hitny can revoke the master private key, but it's used to sign all released games to date and if it is revoked you can bet the games will stop working.

**afiser** · 02-01-2011,02:31 AM

Originally Posted by ichibaka

2. Presumably egoho has the public private key, and I think team fail0verflow also has it but no real proof. Atm though no one else has figured out how to get the real private key, so if it is as easy to crack as WEP every script kiddies on the block would have already been bleeding it like a pig.

3. $hitny can revoke the master private key, but it's used to sign all released games to date and if it is revoked you can bet the games will stop working.

lolwut

2. no one has the private keys for 3.56. it is not possible to get them at this time as they corrected the random number problem. have you not paid attention? here are all the keys (public and private) from pre 3.56 https://spreadsheets.google.com/pub?...GB&output=html

3. sony already has done a way to combat using old private keys. they have added a whitelist in 3.56 that will validate all existing NPDRM files via a sha1 hash. so all old games still work. but anything new being signed with the old keys will not run.

User Tag List

Thread: MD5 or SHA 2 firmware check. Anti-pirate.

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!