(adsbygoogle = window.adsbygoogle || []).push({}); Seeing that everyone has a serious need for FTP, I see it's time for my first post.

Edit: those of you helping, here you are...

You must login or register to view this content.

Before Anything, this thread is for the sole purpose of discussing the sign and encryption process (or algorithm) used on retail .pkg files and attempting to reverse the decryption process made by Mathieulh to sign HOMEBREW for use on KaKaRoToKs CFW v1.1 (or higher), namely OFW 3.55 functionality!

RESOURCES AT BOTTOM

There are definitely those of you interested in learning some sort of cryptography to sign ourselves some homebrew! With that, you might want to read up:

... just kidding, I'll give you guys a quick run-down! Since the PS3 uses asymmetric encryption under the Advanced Encryption Standard (AES), we needed both public keys and private keys used in specific algorithms to actually encrypt and decrypt files.

See You must login or register to view this content. For some extensive details!

Since we have the keys and algorithms for decryption, as provided by Mathieulh, it is possible to obtain an encryption algorithm (or better yet, an automated program to package, encrypt, and sign .pkg sets for us).

Those of you familiar with Visual C/C## will know what to do with Mathieulh's source included below.

For those who are new to it, just follow this quick guide:

1. Download the PSP_PS3_PKG_Decrypter
2. Head into the extractred directory.
3. Continue down the directories until you see this file: FormMain.cs
4. Open With Notepad...
5. And you're on your way! Check out the code, look at some of his comments, do whatever you think can help us get further!

Anyway, I don't fully understand the process used for encryption (or the entire decryption method, for that matter) and this thread should be a great basis for dev talk. Should we come across a functional algorithm, I'll do my best to create some sort of script that could at least make a proof-of-concept HelloWorld.pkg


As for what I know currently:

Decryption Process
-Concerning the case 0x01 (PS3 Decryption, not PSP):

1. Checks file length from address 0x1c of entire pkg for verification.
2. Checks file length from address 0x2c of encrypted file.
3. At address 0x70, the individual pkg key (encrypted) is stored (for later use in decryption, presumably).
4. A series of offsets and processing using public decryption keys stored in the Array are the resulting decrypted pkg (not yet unpacked). How this is done, I'm not entirely sure. The process is, as of yet, beyond me.
5. I haven't analyzed much farther... unpacking, I'm sure. I'll edit in or change according to findings. Outside info welcome! After all, what are forums for?

No way to have encryption without understanding all other aspects! Math concepts, really... single variable solving.

Other info: Both AES 256-bit and 128-bit keys are used (the erk and riv) when it comes down to the encryption process. The problem is how. Should you guys find anything, post away!

PS - I can be wrong, too. Correct me if you have reason. I only just started this little side project. Check out the Wiki below for some serious dev info. For that matter, hit up Lan.st!
Otherwise, I believe I have some decent information.




RESOURCES:
Mods don't want me to post Mathieulh's tool, so go find it yourself! -Google "ps3 pkg decrypter mathieulh"
You must login or register to view this content.

I have to say what a first post and welcome to the forums!
You seem to have some knowledge and understanding and good grammar, thats what this section could do with right now.. someone to take charge and point people in the right direction, instead everyones just leeching and waiting on a signed FTP App to come out , instead of actually trying stuff their self.

I don't see why everyone tries modding the .pkgs themself and not the firmware, thats what I'm working on, all you have to do is change it to run un-signed .pkgs lmfao, much MUCH easier. Either way whichever one you do is illegal so it hardly matters, due to modding the firmware to run un-official files by making them the equivelant of official and running un-signed files on a PS3.

So far I've bricked my 3.41 CFW PS3 2 times just trying out random stuff, just keep un-bricking it using the tut zonetw0 posted haha.

P.S. There are tools out there to extract the firmware .PUP, just go on kakarotos' GITHUB.

KaKaRoTo disabled it to prevent privacy right?

I'm stepping into this to get my hands wet as well. If I have the learning information (Which in the past couple weeks I have acquired a decent amount to get started with the exception of a few minor things) I can kick it into high gear and work beside you on this one. I am no coding guru but I am one hell of a fast learner. I understand encryption and decryption pretty good. I am so eager to get the ball rolling I would most definitely like to step foot into this. I grabbed a substantial amount of tools and hopefully this thread can help me along the way. So I also would encourage others that know the "just" of it to help us push forward and make the scene explode at a faster rate (as if it already isn't cruising along ) by providing any piece of informative information possible to the subject. I will post up to the best of my knowledge my findings and I hope everyone will do the same. To the SCENE! Cheers!

I was trying to tell my friend about this ^ ALL DAY !!/facepalm
but anyway's this should be put as a [sticky] till this packing .pkg cools down.

This is EXACTLY whati was talking about in my other post and in the sb

Sucks that i don't know C#, or i'd have it reversed and the ftp signed

This should help alot of people, but again, no offense to anyone, but i bet 75% of NGU are scared to try things out by their selves.

Yes, all you have to do is go in and enable it, I created a thread on how to mod the firmware yourself a mod just has to accept the thread to be posted.

You cant just edit random pkgs and change a few bytes to allow you
to install unsigned packages, you need to patch the kernel. ( Thats what the jailbreak team patched by injecting a payload into the kernel.)

That said if you fuc.k one thing up in the kernel and trash lv2, theres
no unbricking it, end of. LV2DIAG.SELF needs lv2, aswell recovery menu (uses vsh.self). So all in all, its best to leave that to people who know what they are doing like KaKoRaTo, Mathieulh etc.

Im not trying to be an ass to you if you take it that way, im just warning you that messing with the dev_flash is NOT a safe thing to do.