Your Ad Here

Poll: Does Sony Have the Right to Put a Rootkit on your PS3?

CLICK HERE TO VOTE NOW

• Yes, definitely.
• NO! that's insane.
• Don't know. Don't care.
• What PS3 rootkit?!


Over 51,000 visitors on JAILBREAKSCENE.COM have seen this news and now we want to know what you think, by voting!

Uncovering the PS3's Master Key

ImageShack, share photos, pictures, free image hosting, free video hosting, image hosting, video hosting, photo image hosting site, video hosting site

Word on the street is that Estx, a member of XorLoser's Blog, has found the PS3's Master Key. Of course, the announcement from Estx was greeted with doubt by another member who goes by the name phiren. You are probably wondering why the Master Key is so important. To keep it simple, the Master Key can be used to fully unlock the PS3--permanent jailbreak and downgrading. Here's the dialogue between the two:


Estx says:
"I’ve found the Masterkey from bruteforcing dumps from my system.

Took 27 minutes, over 8,100,000 possible keys. Lol – could’ve waited but ah well.

If anyone is interested in doing the same, you can find it on 3.41.
for(int i = 0; i < list.length; i++) if(HMAC-SHA-1(key[i]).ComputeHash(encryptChallengeBody) == matchResponseBody) { Success; } Challenge and response I took from the dumps reported on psx-scene. If graf doesn't find it by tomorrow – I'll release the key. Only reason I'm holding it back – is because no one helped me when I asked for it."

phiren says:
"Either your code you supplied is nothing like the actual code you used, or you managed to fluke the correct device key for the device that was used to generate that response, not the master key."

Estx says:
"It’s just psuedo code. Actual code has a few more lines than this.
Inclusive of byte conversion, list generating from binary dumps and other trivial functions.

I have no way to dump the data between my at90usb192 and PS3 so I can’t post any challenge/response logs.

And it’s not a magic key – it is the master key.
I have tried it so far from 3.41 and 3.50 on my slim and fat."

phiren says:
"I’m thinking more of the code which does an SHA1-HMAC between the master key and the dongle ID to generate the device key which is finally SHA1-HMACed with the challenge.

A single device key will work on all firmware versions, which makes it just as useful as the master key for our purposes.

It just means that Sony can revoke that single device and you can’t possibly generate another device key. But since Sony will probably revoke every single device and start again with a new master key with the next firmware version, having the master key isn’t that useful."

Estx says:
"That’s what I was thinking as I was learning how to generate the correct response before constructing a quick loop.
The expected response is 20 bytes of what you suggested above.

I’ve found no other use of the master key yet.. so you’re quite right.
Mind you, I’m not as talented as some of the other developers here, I’m still playing around with new things I’m finding in the firmware’s. And thank’s to graf’s work – there’s even more to play around with."
source
at 12/03/2010

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Your Ad Here