Post: Geohot's Firmware Decrypter!
Options
12-31-2010, 08:54 AM
#1
eStyle_Chupa
Brute
This will allow devs to take a look at files such as CORE_OS_PACKAGE.pkg, from the convenience of their PC. Previously, the only way to take a look at these files, was via graf_chokolo's method, which utilized the PS3. Geohot's app is ready to be compiled and includes the necessary decryption keys.
Download Source: You must login or register to view this content.
Read more: PSGroove.com - Geohot Releases dePKG - Firmware Package Decrypter You must login or register to view this content.
SOURCE: You must login or register to view this content.
With this, developers can decrypt our own modified .PUP files and encrypt them with the newly found Sony Encryption Keys!
Just to let you know
!
12-31-2010, 10:31 AM
#2
0xFa1z
Splicer
Heres whats inside the source file.
// depkg by geohot
// needs openssl and zlib
// 100 lines for your pkg file needs
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
#include "zlib.h"
#define u64 unsigned long long
#define u32 unsigned int
#define u16 unsigned short int
#define u8 unsigned char
u64 get_u64(void* vd) {
u8 *d = (u8*)vd;
return ((u64)d[0]<<56) | ((u64)d[1]<<4
| ((u64)d[2]<<40) | ((u64)d[3]<<32) | (d[4]<<24) | (d[5]<<16) | (d[6]<< | d[7];
}
u32 get_u32(void* vd) {
u8 *d = (u8*)vd;
return (d[0]<<24) | (d[1]<<16) | (d[2]<< | d[3];
}
u8 pkg_riv[] = {0x4A,0xCE,0xF0,0x12,0x24,0xFB,0xEE,0xDF,0x82,0x45,0xF8,0xFF,0x10,0x21,0x1E,0x6E};
u8 pkg_erk[] = {0xA9,0x78,0x18,0xBD,0x19,0x3A,0x67,0xA1,0x6F,0xE8,0x3A,0x85,0x5E,0x1B,0xE9,0xFB,0x56,0x40,0x93,0x8D,0x4D,0xBC,0xB2,0xCB,0x52,0xC5,0xA2,0xF8,0xB0,0x2B,0x10,0x31};
AES_KEY aes_key;
u8* data;
#define INFLATION_BUFFER_SIZE 0x1000000
u8 inf_buffer[INFLATION_BUFFER_SIZE];
int inf(u8 *source, int source_size, u8 *dest, int* dest_size) {
int ret;
unsigned have;
z_stream strm;
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
strm.avail_in = source_size;
strm.next_in = source;
strm.avail_out = *dest_size;
strm.next_out = dest;
ret = inflateInit(&strm);
if(ret != Z_OK)
return ret;
ret = inflate(&strm, Z_NO_FLUSH);
(*dest_size) -= strm.avail_out;
(void)inflateEnd(&strm);
return ret == Z_STREAM_END ? Z_OK : Z_DATA_ERROR;
}
int main(int argc, char *argv[]) {
u8 iv[0x10], ecount_buf[0x10];
int num;
FILE *f=fopen(argv[1], "rb");
fseek(f, 0, SEEK_END);
int nlen = ftell(f);
fseek(f, 0, SEEK_SET);
data = (u8*)malloc(nlen);
fread(data, 1, nlen, f);
fclose(f);
printf("read 0x%X bytes of pkg\n", nlen);
int metadata_offset = 0x20+get_u32(data+0xC);
int file_offset = get_u64(data+0x10);
AES_set_decrypt_key(pkg_erk, 256, &aes_key);
AES_cbc_encrypt(&data[metadata_offset], &data[metadata_offset], 0x40, &aes_key, pkg_riv, AES_DECRYPT);
memset(ecount_buf, 0, 16); num=0;
AES_set_encrypt_key(&data[metadata_offset], 128, &aes_key);
AES_ctr128_encrypt(&data[metadata_offset+0x40], &data[metadata_offset+0x40], file_offset-0x40-metadata_offset, &aes_key, &data[metadata_offset+0x20], ecount_buf, &num);
u64 pkg_start = get_u64(data+0xE0);
u64 pkg_size = get_u64(data+0xE;
printf("pkg data @ %llx with size %llx\n", pkg_start, pkg_size);
memset(ecount_buf, 0, 16); num=0;
AES_set_encrypt_key(&data[0x230], 128, &aes_key);
AES_ctr128_encrypt(&data[pkg_start], &data[pkg_start], pkg_size, &aes_key, &data[0x240], ecount_buf, &num);
int real_size = INFLATION_BUFFER_SIZE;
printf("inflated: %d\n", inf(&data[pkg_start], pkg_size, inf_buffer, &real_size));
printf("writing %X\n", real_size);
FILE *fout = fopen(argv[2], "wb");
fwrite(inf_buffer, 1, real_size, fout);
fclose(fout);
exit:
free(data);
}
12-31-2010, 10:43 AM
#3
The InvadeR
Who’s Jim Erased?
Originally posted by Chupa
The famous Geohot resurfaced today, to release a useful app called dePKG. The app is very useful for devs, that are planning to look into Sony's official firmware files. dePKG is a linux app, that will decrypt PKG files, that are within PS3UPDAT.PUP files (not to be confused with PSN PKG files).
This will allow devs to take a look at files such as CORE_OS_PACKAGE.pkg, from the convenience of their PC. Previously, the only way to take a look at these files, was via graf_chokolo's method, which utilized the PS3. Geohot's app is ready to be compiled and includes the necessary decryption keys.
Download Source: You must login or register to view this content.
Read more: PSGroove.com - Geohot Releases dePKG - Firmware Package Decrypter You must login or register to view this content.
SOURCE: You must login or register to view this content.
With this, developers can decrypt our own modified .PUP files and encrypt them with the newly found Sony Encryption Keys!
Just to let you know!
This will allow devs to take a look at files such as CORE_OS_PACKAGE.pkg, from the convenience of their PC. Previously, the only way to take a look at these files, was via graf_chokolo's method, which utilized the PS3. Geohot's app is ready to be compiled and includes the necessary decryption keys.
Download Source: You must login or register to view this content.
Read more: PSGroove.com - Geohot Releases dePKG - Firmware Package Decrypter You must login or register to view this content.
SOURCE: You must login or register to view this content.
With this, developers can decrypt our own modified .PUP files and encrypt them with the newly found Sony Encryption Keys!
Just to let you know
!
so what is this used for, jailbreak ? i know i probaly sound n00b1sh
12-31-2010, 12:18 PM
#4
ihatecompvir
VERTIGO
When will people realize that JB is now a HUGE WASTE OF MONEY?
This (the private keys, not the tool) allows you to do whatever you want on the PS3. Any code you want signed, say an FTP server, can be signed and will function a retail PS3 with 0 modifications. The PS3 will accept it as if it was from Sony.
This has absolutely nothing to do with the jailbreak at all.
And the PS3 still can't run unsigned code without a jailbreak, but now it doesn't need to run unsigned code.
Anyways about this tool, it doesn't work for Retail PKGs(so don't think that you are getting a challenge lobby with this). It works with Firmware PKGs, like CORE_OS_PACKAGE.PKG or BLUETOOTH_FIRMWARE.PKG
People can now begin looking more deeply on how the firmware functions.
This (the private keys, not the tool) allows you to do whatever you want on the PS3. Any code you want signed, say an FTP server, can be signed and will function a retail PS3 with 0 modifications. The PS3 will accept it as if it was from Sony.
This has absolutely nothing to do with the jailbreak at all.
And the PS3 still can't run unsigned code without a jailbreak, but now it doesn't need to run unsigned code.
Anyways about this tool, it doesn't work for Retail PKGs(so don't think that you are getting a challenge lobby with this). It works with Firmware PKGs, like CORE_OS_PACKAGE.PKG or BLUETOOTH_FIRMWARE.PKG
People can now begin looking more deeply on how the firmware functions.
The following 11 users say thank you to ihatecompvir for this useful post:
12-31-2010, 03:45 PM
#6
ihaxgames
Treasure hunter
Originally posted by Ihatecompvir
When will people realize that JB is now a HUGE WASTE OF MONEY?
This (the private keys, not the tool) allows you to do whatever you want on the PS3. Any code you want signed, say an FTP server, can be signed and will function a retail PS3 with 0 modifications. The PS3 will accept it as if it was from Sony.
This has absolutely nothing to do with the jailbreak at all.
And the PS3 still can't run unsigned code without a jailbreak, but now it doesn't need to run unsigned code.
Anyways about this tool, it doesn't work for Retail PKGs(so don't think that you are getting a challenge lobby with this). It works with Firmware PKGs, like CORE_OS_PACKAGE.PKG or BLUETOOTH_FIRMWARE.PKG
People can now begin looking more deeply on how the firmware functions.
This (the private keys, not the tool) allows you to do whatever you want on the PS3. Any code you want signed, say an FTP server, can be signed and will function a retail PS3 with 0 modifications. The PS3 will accept it as if it was from Sony.
This has absolutely nothing to do with the jailbreak at all.
And the PS3 still can't run unsigned code without a jailbreak, but now it doesn't need to run unsigned code.
Anyways about this tool, it doesn't work for Retail PKGs(so don't think that you are getting a challenge lobby with this). It works with Firmware PKGs, like CORE_OS_PACKAGE.PKG or BLUETOOTH_FIRMWARE.PKG
People can now begin looking more deeply on how the firmware functions.
There's sadly one problem with this, the payloads, for example hermes payloads allowing us to not need a game in the drive to play backups, idk what we'll do about that, I'm sure a new backup manager that is signed by "Sony" could possibly have a fix for that built in, but if it can't we need to figure something out, not that it matters much, but it's nice to not need to bother finding whether or not something's in the Blu-Ray drive
12-31-2010, 03:55 PM
#7
ihatecompvir
VERTIGO
12-31-2010, 04:08 PM
#8
UMD
Brute
Originally posted by Ihatecompvir
Backup Manager won't work period, there is no exploit in something(I forget) which allows them to obtain the game signing keys.
I personally think this is great, I'm mainly interested in the emulators and stuff(Brawl on PS3 is my dream) and modding games(Rock Band Custom Songs FTW)
I personally think this is great, I'm mainly interested in the emulators and stuff(Brawl on PS3 is my dream) and modding games(Rock Band Custom Songs FTW)
Same!! This is really great the the PS3 is finally FULLY hacked!!
12-31-2010, 06:27 PM
#10
ihatecompvir
VERTIGO
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
