(adsbygoogle = window.adsbygoogle || []).push({}); Seeing that everyone has a serious need for FTP, I see it's time for my first post.

Edit: those of you helping, here you are...

You must login or register to view this content.

Before Anything, this thread is for the sole purpose of discussing the sign and encryption process (or algorithm) used on retail .pkg files and attempting to reverse the decryption process made by Mathieulh to sign HOMEBREW for use on KaKaRoToKs CFW v1.1 (or higher), namely OFW 3.55 functionality!

RESOURCES AT BOTTOM

There are definitely those of you interested in learning some sort of cryptography to sign ourselves some homebrew! With that, you might want to read up:

... just kidding, I'll give you guys a quick run-down! Since the PS3 uses asymmetric encryption under the Advanced Encryption Standard (AES), we needed both public keys and private keys used in specific algorithms to actually encrypt and decrypt files.

See You must login or register to view this content. For some extensive details!

Since we have the keys and algorithms for decryption, as provided by Mathieulh, it is possible to obtain an encryption algorithm (or better yet, an automated program to package, encrypt, and sign .pkg sets for us).

Those of you familiar with Visual C/C## will know what to do with Mathieulh's source included below.

For those who are new to it, just follow this quick guide:

1. Download the PSP_PS3_PKG_Decrypter
2. Head into the extractred directory.
3. Continue down the directories until you see this file: FormMain.cs
4. Open With Notepad...
5. And you're on your way! Check out the code, look at some of his comments, do whatever you think can help us get further!

Anyway, I don't fully understand the process used for encryption (or the entire decryption method, for that matter) and this thread should be a great basis for dev talk. Should we come across a functional algorithm, I'll do my best to create some sort of script that could at least make a proof-of-concept HelloWorld.pkg


As for what I know currently:

Decryption Process
-Concerning the case 0x01 (PS3 Decryption, not PSP):

1. Checks file length from address 0x1c of entire pkg for verification.
2. Checks file length from address 0x2c of encrypted file.
3. At address 0x70, the individual pkg key (encrypted) is stored (for later use in decryption, presumably).
4. A series of offsets and processing using public decryption keys stored in the Array are the resulting decrypted pkg (not yet unpacked). How this is done, I'm not entirely sure. The process is, as of yet, beyond me.
5. I haven't analyzed much farther... unpacking, I'm sure. I'll edit in or change according to findings. Outside info welcome! After all, what are forums for?

No way to have encryption without understanding all other aspects! Math concepts, really... single variable solving.

Other info: Both AES 256-bit and 128-bit keys are used (the erk and riv) when it comes down to the encryption process. The problem is how. Should you guys find anything, post away!

PS - I can be wrong, too. Correct me if you have reason. I only just started this little side project. Check out the Wiki below for some serious dev info. For that matter, hit up Lan.st!
Otherwise, I believe I have some decent information.




RESOURCES:
Mods don't want me to post Mathieulh's tool, so go find it yourself! -Google "ps3 pkg decrypter mathieulh"
You must login or register to view this content.

Problem is if they release and it signs unsigned code and used for piract... it breaks laws so alot of devs won't be doing it

Seems we gotta clear some things up....

Signing files is not illegal, assuming you do not reverse engineer any code owned by Sony to achieve this. How Mathieulh got his algorithm was through some lv2 exploit, I'm not sure when.

Piracy is a concern among developers, but that is not a legal issue they need to be concerned with. By that, I mean end users who sign any pkg's that are for the purpose of playing pirated software are responsible, if only legally.

And to Broseidon:p :

I appreciate the hard work, but firmware patching is far more dangerous and does require reverse engineering Sony's code. That being said, I really see more coming out of successfully finding a retail encryption method based off of work done away from Sony's code.

For this reason, I'mma keep away from touching firmwares (I'll look into it, to be sure, but I won't have a real drive to test it).

Dude, alot more will come of modding the firmware itself in the long run atleast, giving the options to add whatever you want the firmware and ps3 to do itself that you can't in a program, just as an example you could create your own playstation network type environment, a private online version for only friends even, you just need a server able to do so, and to code the firmware to use it right.

Since we're on this topic, you are completely right, Broseidon. There is no better way than CFW.

But for now, this is just not a timely solution. That and most of us don't have the ability to test firmwares.

I do like your suggestions, but many users will love just having signed homebrew. For now, I will work on the encryption.

To be honest, I wasn't thinking about patching the kernel at all... I definitely see myself looking into this. Thanks!

I'm the other 25% I just don't have what the devices I need to do things, yet. :carling:

---------- Post added at 08:52 AM ---------- Previous post was at 08:49 AM ----------


I want to see a CFW that allows backup managers, the reason is simple, I would love to have my games on the HDD and not keep switching disks, for example, I'm playing Nazi Zombies, get raped, and I want to play a different game, I get up, look for the disk, can't find it, go into my room, don't find it there and then find it with the shitbox games, the fact is, most people won't pirate games, especially PS3 games, it's too much work.

backup manager will not work on the current CFW also if they will be signed! they need syscalls and our CFW doesn't have them enable (for system security)

You can change all that on the firmware though, making it possible.

it isn't so easy!

But adding all this in will make the CFW way easier for Sony to detect it.