NPDRM key; Howto use for latest EBOOTS

**Dots** · 01-14-2011,07:59 AM

this fking NPDRM key needs to get out fast, if only for backup up PS store games.

**NTAuthority** · 01-14-2011,10:12 AM

I've been trying a hybrid between a dictionary attack and a bruteforce attack on the NPDRM keys today -- sadly no result has been turned up in the first few files I expected.

As geohot released both a plain text key (for the AES implementation to use) and an encrypted key (for the PS3 to decrypt), and as it's known Sony has the key used for decrypting this in some of the data, I used an application (messy C# code) to interpret every 48-byte pair in various files as a 32-byte key/16-byte IV, encrypt the plain text, and compare the encrypted data to geohot's key.

Sadly, this has resulted in nothing when ran on (decrypted, obviously) SELFs in a) CORE_OS_PACKAGE.pkg and b) /sys/internal/ in dev_flash, which might be for one of the following reasons:

1) the IV doesn't immediately follow the key, like with the normal key/IV pairs (in appldr, for instance) -- this could increase processing time anywhere from *2 to ^2.
2) the key isn't in any of the locations I checked -- for instance, Waninkoko mentioned (regarding the PSP keys) a file named 'spu_handler.isoself', which I can't find in any of those 2 locations.
3) there's an implementation bug in my code, though I tested it by encrypting a random set of plaintext data with the appldr 3.15 key/IV (using the openssl command line, with similar parameters to geohot's commented out code) and running appldr through my code -- it found the key/IV. it could be geohot's commented code is intentionally wrong to hamper people going from it for finding out the key... which would be annoying.

**Capt.Fruitcake** · 01-14-2011,10:16 AM

hey with a bit of luck sony will make it public as "evidence" and say they found it on geo's machine. lol!

**laptopfreek0** · 01-15-2011,01:32 AM

Originally Posted by NTAuthority

Sadly, this has resulted in nothing when ran on (decrypted, obviously) SELFs in a) CORE_OS_PACKAGE.pkg and b) /sys/internal/ in dev_flash, which might be for one of the following reasons:
...
2) the key isn't in any of the locations I checked -- for instance, Waninkoko mentioned (regarding the PSP keys) a file named 'spu_handler.isoself', which I can't find in any of those 2 locations.

Not 100% sure if this is the right file, but I did manage to find a SacModule.spu.isoself in the /dev_flash/vsh/module folder

**Capt.Fruitcake** · 01-21-2011,04:23 AM

graf_chokolo says:
January 18, 2011 at 5:47 am

Uploaded my new stuff: NPDRM, SYSCON, HV exploit from GameOS and other things.

With NPDRM payload you won’t be able to decrypt all NPDRMs.

this should help right..?

User Tag List

Thread: NPDRM key; Howto use for latest EBOOTS

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!