software_update_plugin private key (probably a stupid question)

[junkie2100]

i was wondering about the whole private key thing, apparently the older firmwares had the key in the software_update_plugin prx file, which would make sense because you have to have a key stored somewhere in something to match up with. but is it just a part of the now changed equation to derive the key from, or the entire key itself? and if its the key itself can we decrypt that software_update_plugin sprx and search it for the key? i mean it wouldnt be the easiest thing in the world to do i know that but if it is possible to derive the private key from the decrypted file i would like to take a crack at it. i no longer have a hacked ps3 myself due to someone updating my console, on the very day i was going to update to a 4.30 cfw no less, but if someone could get me a copy of the unencrypted software_update_plugin sprx from a version 4 firmware, preferably more than one for better comparison, and an old 3.55 one to use as a reference point id love to take a look at them and try to figure this out. im dieing without my cfw and ive got way too much time on my hands

[indirect76]

if it is possible to derive the private key from the decrypted file...

It's not possible.

[junkie2100]

but why isnt it possible? the key HAS to be stored somewhere. i figure now that we can decrypt the files its just a matter of finding it unless its not actually the key itself but another factor in the unsolvable equation. i realize the process of going through hundreds of lines of code is a daunting task to say the least but unless they key actually isnt stored in there it is technically possible

[indirect76]

the key HAS to be stored somewhere.

Yes, it is stored somewhere in Sony headquarters, not in the PS3. The public keys are stored in the PS3, not the private keys.

Read this to get an idea of how something like a private/public key encrpyption system works: Pretty Good Privacy - Wikipedia, the free encyclopedia

[junkie2100]

i understand how encryption works(11111 + encryption key 01234 = 12345), i just dont understand how the ps3 knows its not signed with the correct key if it doesnt know what the correct key is. in the old 3.55 they had the key hidden in the software_update_plugin prx file if im not mistaken

[indirect76]

i understand how encryption works

No you don't apparently. You are assuming there is a single key for encryption and decryption.

[junkie2100]

yes, i do understand encryption. i just dont know how its used in the ps3 that is what i want to know. if the hmac key is only one piece of the puzzle then we are still screwed without all the pieces, but the hmac key for firmware signing is stored at 0x602E0 of said file in older firmwares according to many sources i have found. so i assume its stored in the newer ones too even if its not in the same spot as before

[indirect76]

The key for signing firmwares is not stored in the PS3. The only thing stored in the PS3 is the public keys for decrypting. These keys have already been found. That is why any new firmware that comes from Sony can be decrypted. It is however impossible to sign a firmware because we don't have the private keys. Did you read the Wiki article I linked?

[junkie2100]

yes and it was nothing really new to me, ive also read kakarotos article on ecdsa, but regardless of any of that if the ps3 can tell, its possible for us to as well, all we have to do is figure out exactly how the ps3 knows the signature is incorrect, take its own detection, and turn it back on itself as far as i can see

[indirect76]

If the firmware is not signed properly, then it will either fail or produce garbage code. Even if there was a software check, how are you going to modify the OFW so it does not do the check?