El inminente lanzamiento de Tru Blue ha hecho que la scene se ponga a investigar, consiguiendo grandes avances.
El hecho de que el nuevo dispositivo Tru Blue haya saltado a la palestra, ha hecho que algunos desarrolladores que estaban inactivos se hayan vuelto a motivar para investigar sobre los nuevos firmwares de PS3 (o quizá ya existía esa información y Tru Blu ha hecho que salga a la luz).
El caso es que se está bastante cerca de poder obtener las claves que permitirían volver a desarrollar CFW para las últimas versiones de los OFW de PS3.
No nos vamos a extender en temas técnicos, tan solo os diremos que se ha conseguido saber como extraer la per_console_key_1 y la per_console_keyN, faltando solamente ahora obtener la per_console_key_0 para poder reventar de nuevo la seguridad de PS3.
Para los usuarios más avanzados e interesados os dejamos un texto original más explicativo:
EID crypto is very complicated, it is done so on purpose first of all EID0 isn’t decrypted with one key and one algorithm alone it is decrypted in several parts which use different algos and keys the keys are all derivations of a per console key (per_console_key_1)which is stored inside metldr and copied by it to sector 0 and never leaves isolation that same key is a derivation of the per console key (per_console_key_0) used to encrypt metldr and the bl in the first place as well isoldr clears that key from sector 0 before jumping to the isolated module but before doing so it encrypts it with another keyset and stores it in a buffer so that the isolated module can use the new crafted key since the
operation is AES if you know that keyset you can decrypt the crafted key and get the eid root key without pwning a loader or metldr through an isolated module that is not like you really need it because you can already use the crafted key to decrypt some of eid0 but not all of it and the crafted key also uses the first elf section to be built as in your isolated module will have a small section which only contains a key and that key is used as another layer by isoldr to encrypt the buffer with it so basically you have 2 encryption layer over the root key the final key then decrypts a specific part of the EID eid crypto is actually done smart that is because most of it originally comes from the cell bootrom as in they reuse the same algo used for metldr binaries and bl in the eid crypto including some of the keys and the steps and you cannot decrypt all of the eid sections unless you gathered every single keys and steps and there are a lot then you still have to figure out wtf it is you decrypted because eid is actually full of keys.
operation is AES if you know that keyset you can decrypt the crafted key and get the eid root key without pwning a loader or metldr through an isolated module that is not like you really need it because you can already use the crafted key to decrypt some of eid0 but not all of it and the crafted key also uses the first elf section to be built as in your isolated module will have a small section which only contains a key and that key is used as another layer by isoldr to encrypt the buffer with it so basically you have 2 encryption layer over the root key the final key then decrypts a specific part of the EID eid crypto is actually done smart that is because most of it originally comes from the cell bootrom as in they reuse the same algo used for metldr binaries and bl in the eid crypto including some of the keys and the steps and you cannot decrypt all of the eid sections unless you gathered every single keys and steps and there are a lot then you still have to figure out wtf it is you decrypted because eid is actually full of keys.
Fuente: Teknoconsolas.es
0 comentarios:
Publicar un comentario