software_update_plugin private key (probably a stupid question)

**indirect76** · 11-28-2012,08:48 PM

I was under the impression that the private keys were static and an additional random number was used in the algorithm. If the private keys were random for each operation, what's to stop somebody from just choosing a random number and being able to sign firmwares? Is the 3.55 flaw in the actual firmware code or in the implementation of ECDSA done outside the PS3 as I thought?

**Goku1992** · 11-28-2012,08:53 PM

@Indirect76
I will tell you this. I forgot how 3.41 was cracked into but I do know at the time the keys were not generated. They were found the same way TB was found I am under the impression that the guys who were over the operation had the keys released. Idk what keys it was but I do know the key was not a generated key.

With that being said if Sony actually made the private key today how it was intended years go then the ps3 "to this day" would of never gotten cracked. Which is why I am so confident that the Ps4 or "Orbits" will not be cracked because of the very same reason why the ps3 cant be cracked from scratch over 3.60

It is the same concept not the firmware. If the private key was random in the first place then nobody would of found a jailbreak.

**indirect76** · 11-28-2012,09:11 PM

I didn't get into the scene until fail overflow did their thing two years ago. I thought the jailbreaks before that used a service jig that allowed unsigned code to be run, and was part of the firmwares design.

**Goku1992** · 11-28-2012,09:17 PM

Well I followed it since 3.41 PS Jailbreak. I am not a Ps3 developer or a deep depth knowledge in the ps3 but I do know for a fact that you need some kind of root key to even get public keys that comes from a private key.

Signatures and etc..etc.. whatever they used it was easily figured out. So when Sony fixed the problem "with the help of Geohot/Failoverfolw" all the CFW stopped over 3.55

When private key is unknown: use scekrit (pre 3.56 only, since they fixed the randomfail in 3.56+ after the fail0verflow presentation at 27C3).

I got that firm the ps3 wiki site. Whatever the hell that means LOL (I even don't know) the problem was fixed permanently.

Long story short the greatest Ps3 devs HELPED Sony fix the patches. Which is why everything revolves around 3.55

**playerkp420** · 11-28-2012,09:59 PM

If it was built by man, then it can be destroyed by another man.

How the ECDSA Algorithm Works by PS3 Developer KaKaRoToKS

Even if it was impossible. Why do you care if someone wants to try.

They said it was “impossible”, but was it really?

**junkie2100** · 11-29-2012,11:19 AM

Thank you player. And to answer your question indirect the key could very well be static but I'm not sure and I don't think its relevant here, the variable that allowed fail overflow in was a number that should have been random in the generation of the encrypted message, what they did was pick apart the message itself without having access to the information we have access to now. You can't use their message comparison anymore because the algorithm randomizes it now but like player said, anything created can be destroyed by an equal and opposite force

**junkie2100** · 11-29-2012,11:26 AM

And BTW goku if you're gonna sit there and admit you don't understand what they random fail is, how are you arguing with me about how ecdsa works? I know what they random fail is and I fully understand it. Sony didn't randomize a key variable that by ecdsa standards should have been randomized and by not randomizing it the encrypted message (pup file) became vulnerable when compared to others. That was a flaw in message generation though, this is bypassing message generation altogether and going straight back to key generation

**junkie2100** · 11-29-2012,11:37 AM

One more thing. This "root key" used to generate the public key. It is the private key, they use mathematics based on the curve parameters to generate the public key so if you don't know guzzle public key and the curve parameters you're sol. But we know the public key and the curve parameters now, so you just reverse the creation process. x*2=4 solve for x

**junkie2100** · 11-29-2012,11:42 AM

And BTW goku if you're gonna sit there and admit you don't understand what they random fail is, how are you arguing with me about how ecdsa works? I know what they random fail is and I fully understand it. Sony didn't randomize a key variable that by ecdsa standards should have been randomized and by not randomizing it the encrypted message (pup file) became vulnerable when compared to others. That was a flaw in message generation though, this is bypassing message generation altogether and going straight back to key generation

**indirect76** · 11-29-2012,11:43 AM

Originally Posted by junkie2100

But we know the public key and the curve parameters now, so you just reverse the creation process. x*2=4 solve for x

It just doesn't work like that. Building a hash is an iterative process and some of the variable values are thrown out in the process. It's a one way process.

User Tag List

Thread: software_update_plugin private key (probably a stupid question)

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!