There's been lots of discussion about the PSP encryption, but there's little bits in all sorts of different threads, so I figured our best chance of cracking it would be to gather all our thoughts into one thread. So here we go...
Here's what I've gathered so far from the forums & some of my own tests:
- We're assuming all encrypted files/data are using the same method, namely 128bit AES.
- The data is not compressed.
- Resaving identical data results in completely different output meaning that a new key is generated every time, and this key (or at least part of it) is stored with the data.
That's not much to work from, but the PSP is a sweet piece of hardware and we're all determined to crack the code... I know we can do it! Just imagine the possibilities when we do...
Anyway, there's a few things I want to try out to narrow down what the encryption keys are, but unfortunately I have a very limited data set to work from (only one game), so if people are willing to send me some of their savegame files then I can work on some theories... any game, multiple different saves would be good... just zip up the whole directory. My e-mail is johnathan()veggiegames()com .
If anyone has any other info or theories on how the encryption works please post it here, even if it's already been posted in another thread (so all the info is in one place).
Thanks!
Cracking PSP Encryption
-
VeggieGames
- Posts: 9
- Joined: Wed Mar 30, 2005 3:27 am
- Location: Vancouver BC, Canada
- Contact:
I don't think it would even be worth trying to setup a distributed effort at this point, but I do have faith in finding the holy grail (a fatal flaw). After-all, programmers are only people... people who are normally running on redbull and coffee. If someone wanted to waste their excess cycles anyway, do we even have something to brute force?
I can't help much on the technical side, but I found some interesting info. Has anyone heard of this yet? Would it be helpful in figuring out the encryption?
from http://www.gamasutra.com/php-bin/news_i ... story=5187
From Software has announced that it will be releasing Adventure Player for the PSP in Japan this summer, a RPG Maker-styled piece of software that will allow game creators to make a role-playing game title on their PC and then transfer their adventure to their PSP to play it. One of the default 'example games', according to the latest issue of Japanese magazine Famitsu, will be PlayStation 1 RPG Echo Night, and, most interestingly, game creators will be able to send their titles to other PSP owners over the Internet, using the PSP's Wi-Fi connection. However, a Western release for this title has yet to be announced.
from http://www.lik-sang.com/info.php?catego ... ts_id=6653
Adventure Player lets players create their own adventure games on their PC, and import them to be played on the PSP.
Playing a user-created adventure game on the PSP will require the Adventure Player UMD software and a Memory Stick Duo with the saved game data.
You can also create your own game data on PCs by using a development kit called Adventure Player Studio, which will become available once the game is released.
Adventure Player will come with three adventure game scripts by default. One of the game scripts to be included is Echo Night, which was a title released by From Software on the PlayStation in 1998. There will also be new scripts and other games to download from the company's official site.
Adventure Player also lets users create other kinds of games, such as puzzle games and quiz games. Of course, regardless of what type of games users create, they'll be able to send them to fellow PSP owners via the Internet or via the PSP's Wi-Fi connection.
It doesn't seem that the PC program would be encrypting the game scripts before sending them to the PSP since the UMD is required (meaning they're probably not being executed directly), but could it help to examine the Wi-Fi transfer? As far as I know, there hasn't been a transfer scanned yet where the contents were known beforehand.
from http://www.gamasutra.com/php-bin/news_i ... story=5187
From Software has announced that it will be releasing Adventure Player for the PSP in Japan this summer, a RPG Maker-styled piece of software that will allow game creators to make a role-playing game title on their PC and then transfer their adventure to their PSP to play it. One of the default 'example games', according to the latest issue of Japanese magazine Famitsu, will be PlayStation 1 RPG Echo Night, and, most interestingly, game creators will be able to send their titles to other PSP owners over the Internet, using the PSP's Wi-Fi connection. However, a Western release for this title has yet to be announced.
from http://www.lik-sang.com/info.php?catego ... ts_id=6653
Adventure Player lets players create their own adventure games on their PC, and import them to be played on the PSP.
Playing a user-created adventure game on the PSP will require the Adventure Player UMD software and a Memory Stick Duo with the saved game data.
You can also create your own game data on PCs by using a development kit called Adventure Player Studio, which will become available once the game is released.
Adventure Player will come with three adventure game scripts by default. One of the game scripts to be included is Echo Night, which was a title released by From Software on the PlayStation in 1998. There will also be new scripts and other games to download from the company's official site.
Adventure Player also lets users create other kinds of games, such as puzzle games and quiz games. Of course, regardless of what type of games users create, they'll be able to send them to fellow PSP owners via the Internet or via the PSP's Wi-Fi connection.
It doesn't seem that the PC program would be encrypting the game scripts before sending them to the PSP since the UMD is required (meaning they're probably not being executed directly), but could it help to examine the Wi-Fi transfer? As far as I know, there hasn't been a transfer scanned yet where the contents were known beforehand.
im taking that back... headers may be present but thats just me talking out of my rear again. but until i know for sure by default aes doesnt use headers. RSA bsafe may use a header of which may be encrypted... this paper is hard to read.
http://www.rsasecurity.com/node.asp?id=1209
rsa has some cool apis...
-- edit
damn... This api is for ssl wireless. ive never used it until today. sorry for the confusion.
http://www.rsasecurity.com/node.asp?id=1209
rsa has some cool apis...
-- edit
damn... This api is for ssl wireless. ive never used it until today. sorry for the confusion.
I would imagine this is the API they are using:-
http://www.rsasecurity.com/node.asp?id=1210
This is used for embedded encryption applications and covers use of the AES encryption algorithm.
You can sign up and download the SDK for free if you want to take a look.
http://www.rsasecurity.com/node.asp?id=1210
This is used for embedded encryption applications and covers use of the AES encryption algorithm.
You can sign up and download the SDK for free if you want to take a look.
I would imagine Sony take the Bsafe cryptoC-me as a Linux module as is, then embed it into the kernel and expose secure versions of the load / save functions to developers while running on the device.
PSP dev hardware kits would share the same architecture and key. AES keys are usually protected by much stronger public key crypto such as 3072 bit RSA keys or 512bit ECC keys.
The other alternatives are the dev kits dont contain or require encrypted binaries at all. The developer would then code exclusively for the dev kit then ship the code to Sony for encryption and possibly signing.
I have download the RSA API and I'm taking a look at it.
PSP dev hardware kits would share the same architecture and key. AES keys are usually protected by much stronger public key crypto such as 3072 bit RSA keys or 512bit ECC keys.
The other alternatives are the dev kits dont contain or require encrypted binaries at all. The developer would then code exclusively for the dev kit then ship the code to Sony for encryption and possibly signing.
I have download the RSA API and I'm taking a look at it.
This is exactly the case. dev kits do not run "production" code -- as far as i know...The other alternatives are the dev kits dont contain or require encrypted binaries at all. The developer would then code exclusively for the dev kit then ship the code to Sony for encryption and possibly signing.
in general when aes was adopted a 128-bit key length was default.
ccrypt uses the exact same cipher chosen for aes but uses a 256 bit key (this ends up being what third parties use).
ccrypt uses a 4 byte header though aes does not.
theory states maximum time by key length at 128 bit key by 255 keys per second. it would take 149 trillion years to crack... etc etc..
http://forums.ps2dev.org/viewtopic.php? ... ight=#7871
Hey HV - All this game does is create a save file. It does not excute any code directly off the memory stick. You buy a UMD to read the save files to play the games made for free on your pc. It sounded at first a cool game, but I dunno....HeroreV wrote:I can't help much on the technical side, but I found some interesting info. Has anyone heard of this yet? Would it be helpful in figuring out the encryption?
Devkits can be booted in production mode and play consumer umds. They can also boot unencrypted DVDs with the game fileset on them. Sony encrypt each game with its own unique key publisher side, and as a bonus I think games cant read other games discs...
As for adventure maker thing - unlikely Sony would allow game saves to be made and encrypted with anything other than their encryption, and unlikely they will allow access for developers to make pc-side tools with their encrypt. You can always go back on a press release - I think developer will make psp the tool to use to create adventure gaem.
As for adventure maker thing - unlikely Sony would allow game saves to be made and encrypted with anything other than their encryption, and unlikely they will allow access for developers to make pc-side tools with their encrypt. You can always go back on a press release - I think developer will make psp the tool to use to create adventure gaem.
-
Neil Stevens
- Posts: 79
- Joined: Thu Jan 27, 2005 2:22 pm
- Location: California
- Contact:
If nothing else I'd imagine there is a TRC that would prevent it.Neil Stevens wrote:If a game can access web pages, then couldn't an enterprising developer create a workstation-side tool that puts up a web server for the PSP side to download workstation-created content?
Shoot Pixels Not People!
Makeshift Development
Makeshift Development
-
Guest
-
neonenergy
- Posts: 11
- Joined: Mon Apr 04, 2005 4:42 am
this sounds like the enigma code...
So the key is embedded somewhere in the data?
But that would just be sloppy of Sony, they probably have a master code somewhere in the psp os that adds the code already in the data. so lets not all go and brute force it okay? (Less productive)
if we can sift the memory on the psp (with hardware or software) before during and after data saving, maybe some clues can be found. data has to be dumped from somewhere. (More productive)
So the key is embedded somewhere in the data?
But that would just be sloppy of Sony, they probably have a master code somewhere in the psp os that adds the code already in the data. so lets not all go and brute force it okay? (Less productive)
if we can sift the memory on the psp (with hardware or software) before during and after data saving, maybe some clues can be found. data has to be dumped from somewhere. (More productive)
Commentary:
General knowledge of a standard algorithm is useful, but in my experience companies can be tricky and tweek the algorighm a little [keeping the crypto robustness, but making it slightly non standard]
Ignoring the significant computation time needed to "crack" a key, you may be testing keys against the wrong algorithm.
Official specs or the ability to disassemble real executable code (under "fair use" for interoperability) are typically what you need.
Recent encryption related hacks that I've looked into (BTW: not meant for copyright violations, but for "fair use" interoperability)
+ Sony AIBO AUTH protocol uses an MD5-like cypher for its challenge/response authorization protocol.
+ Zipit Wireless upload protocol is a Blowfish-like, but the key generation is non-standard [like an extra level salt]
Notice the addon "-like"
If someone took the standard implementations of these algorithms, they would never be able to crack the encryption/signing, because the key test would be slightly off from the standard algorithm.
====
A hardware mod to grab the ROM are usually the best way of opening the details of the device. All legal within reverse engineering for interoperability.
However a very slippery slope since the same techniques are more often used for cracking and making illegal copies of software.
General knowledge of a standard algorithm is useful, but in my experience companies can be tricky and tweek the algorighm a little [keeping the crypto robustness, but making it slightly non standard]
Ignoring the significant computation time needed to "crack" a key, you may be testing keys against the wrong algorithm.
Official specs or the ability to disassemble real executable code (under "fair use" for interoperability) are typically what you need.
Recent encryption related hacks that I've looked into (BTW: not meant for copyright violations, but for "fair use" interoperability)
+ Sony AIBO AUTH protocol uses an MD5-like cypher for its challenge/response authorization protocol.
+ Zipit Wireless upload protocol is a Blowfish-like, but the key generation is non-standard [like an extra level salt]
Notice the addon "-like"
If someone took the standard implementations of these algorithms, they would never be able to crack the encryption/signing, because the key test would be slightly off from the standard algorithm.
====
A hardware mod to grab the ROM are usually the best way of opening the details of the device. All legal within reverse engineering for interoperability.
However a very slippery slope since the same techniques are more often used for cracking and making illegal copies of software.
-
PebbleBeach
- Posts: 1
- Joined: Sun Apr 10, 2005 8:52 am
Hardware gurus required for cracking AES ?
I heard that it is possible to hack AES if the de/encryption is performed in hardware. The idea is that you measure the input current to the IC and you observe the inputs. If you get a power consumption peak, you try to find the key that has passed over the bus (that's why military folks are trying to make ICs with constant power consumption)... Are there any hardware gurus knowing whether that's applicable to the PSP ?
Who needs Gates in a world without fences...
apparently (Thanks Ycros), at ruxcon two years ago some guy gave a talk on doing just that to smart cards. his talk was very detailed and techical on the inner workings of des/aes and how you can crack it with power analysis. his talk was on des, but he did say it applies to aes as well.
overview
http://ruxcon.org.au/2003-presentations.shtml#12
slides
http://ruxcon.org.au/files/sc_side_channel.pdf
google
http://www.google.com/search?q=side%2Dchannel+attack
edit: can't spell
overview
http://ruxcon.org.au/2003-presentations.shtml#12
slides
http://ruxcon.org.au/files/sc_side_channel.pdf
http://www.google.com/search?q=side%2Dchannel+attack
edit: can't spell
Just out of pure curiousity, what would be involved in setting up a distributed effort? I've googled a little and asked around, but nothing has really come up. Are there any tools already, or would they have to be written (something like deschall for rsa bsafe)? I wouldn't mind offering up idle cpu time for an effort. Even if some other method is successful before the key is discovered, whats the harm in trying?
-
Guest
Indeed.
Besides, any such effort to make a distributed attack would very likely attract strong attention from Sony in countries where they have a legal right to care, assuming they are able to collectively pick themselves up off the ground from outrageous laughter at the attempt.
Balls yes, brains no. Freetime plenty. Humor value priceless.
Previous distributed attacks were often academic exercises arranged by Math PhD's who specialized in crypto. Usually they try to brute through mathematical weaknesses in the encryption. Without a known mathematical weakness in AES that can dramatically shorten the exercise to within a human lifetime, one might saddle their Nth generation descendants with a rather obtuse burden.
Besides, any such effort to make a distributed attack would very likely attract strong attention from Sony in countries where they have a legal right to care, assuming they are able to collectively pick themselves up off the ground from outrageous laughter at the attempt.
Balls yes, brains no. Freetime plenty. Humor value priceless.
Previous distributed attacks were often academic exercises arranged by Math PhD's who specialized in crypto. Usually they try to brute through mathematical weaknesses in the encryption. Without a known mathematical weakness in AES that can dramatically shorten the exercise to within a human lifetime, one might saddle their Nth generation descendants with a rather obtuse burden.
The xbox "signing code" for the BIOS was cracked by bunnie, he extracted the rc4 key to decrypt the flash ROM (BIOS). bunnie achieved this by designing a tap board he later soldered on the LDT (HyperTransport) bus. He coded a program which looped through the tapped data to using a key length within a "moving window" and decrypted the BIOS using the suspect key, the program logged "clear text" attempts using a statistic function and that is how he got the key. You could say his hacks made the homebrew software scene possible for xbox.
The "signing code" for the xbox games, which haven't been cracked yet (not to my knowledge) is what I think AlexGreen refer to, cracking that would make it possible to burn your own xbox discs and boot without any mod, ending up with something like the dreamcast.
In my opinion, for homebrew purposes, trying to find "the bunnie way" is the right way to go.
The "signing code" for the xbox games, which haven't been cracked yet (not to my knowledge) is what I think AlexGreen refer to, cracking that would make it possible to burn your own xbox discs and boot without any mod, ending up with something like the dreamcast.
In my opinion, for homebrew purposes, trying to find "the bunnie way" is the right way to go.
-
almazlamaz
- Posts: 25
- Joined: Thu Apr 14, 2005 12:36 pm
-
chiefofthejojos
- Posts: 1
- Joined: Thu Apr 14, 2005 4:51 am
- Location: Finland