Brute-force? - PSP3D.com - Sony PlayStation Portable News, Homebrew, Hacks, Reviews, Videos, Mods, Forums

NaYoN · #1 (**permalink**) 12-06-2005, 12:43 AM

Ok now people here's the idea. Forgive me if it's been done.
Things needed:
Hex editor
psar dumper
EBOOT 1.5
PBP unpacker

So, since we can pass the evrsion check in the SFO but not the psar, the thing we do is this:
1-Make a copy of the EBOOT, then unpack the copy.
2-Randomly change a value in the psar with the hex editor.
3-Dump the edited EBOOT's psar.
4-Compare with the unedited EBOOT.
5-Observe what changes when you change that value.
6-Take notes.
7-Start over till you can hit the version number value by choosing random hex.

This one is tough and time consuming, but at least it is less time-consuming than brute-forcing. Maybe this can be done by a dedicated hacker. What do you say? BS or good idea?

NOTE: THIS IS NOT IN ANY WAY A DOWNGRADER AND YOU SHOULD NOT TRY IT IF YOU DO NOT KNOW WHAT YOU ARE DOING!!!!!

Cooldan1 · #2 (**permalink**) 12-06-2005, 12:54 AM

well, I must say, this is a semi-good idea. (the reason its not totally good, is cuz finding a dedicated hacker would be tough). If you can though, thats interesting. I think the security checksum would find the change in the psar though... Give it a one time go around first and see if I'm mistaken. then it might work...

NaYoN · #3 (**permalink**) 12-06-2005, 05:14 AM

See, the thing is, you never encrypted or decrypted the code, so it would probably pass the test!

Is the chcksum something in the EBOOT itself or something in the PSP flash?

Shambler · #4 (**permalink**) 12-06-2005, 05:32 AM

Chances are that the firmware code gets decrypted using the firmware data AND encryption key, thus if one single byte changes in the firmware update then the entire decryption process fails.

Thats why people aren't just copying the encryption keys onto custom firmware.

NaYoN · #5 (**permalink**) 12-06-2005, 05:37 AM

Well, it's worth a try, tho. If there isn't a chance of bricking, I will try this tonight and send you results...

HaQue · #6 (**permalink**) 12-06-2005, 05:41 AM

Im assuming the psar has a crc check, which would fail as soon as you hex it.

Shambler · #7 (**permalink**) 12-06-2005, 01:34 PM

It has been tried, thats how people know it doesn't work.

fanjita · #8 (**permalink**) 12-06-2005, 05:30 PM

Read up on digital signatures, then come back and ask yourself if this would work.

If you're going to try this sort of stuff, you need to learn about RSA BSAFE encryption and digital signing, and how it all works, then you might have a chance of doing something useful.

Anything else is just wasting your time.

nWoJester · #9 (**permalink**) 12-22-2005, 04:13 PM

I currently have a 2.01 Sony PSP.

I have been attempting this myself.
I have changed the version from 2.00 to 2.02 in the SFO (extracted from the 2.0 US EBoot Firmware).
It displays the PSP game starting animation, then goes to the update start page, but right away greys out and this message is displayed:
_______________________________
The update cannot be started.
The data is corrupted.
_______________________________

I have been looking for a PC PSAR and PSP dump utility to attempt the theory of a version match between the SFO and the PSAR/PSP or both.

Also will need a PC utility to build the file once done. Any suggestions or links to the files in question? I have searched many site and googled for programs.

SpongeFreak52 · #10 (**permalink**) 12-22-2005, 04:15 PM

thats a common error. it was messed up then.