Cracking the PSP OFW without pandora

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

TyRaNiD
Posts: 907
Joined: Sun Jan 18, 2004 12:23 am

Post by TyRaNiD »

Perhaps you keep forgetting, you don't need the HMAC key, at least for the IPL that can be brute forced in a few days for a single encrypted block which is all you need :) All you need to do is find the method of data encryption/decryption and job done.

It is worth remembering that the encryption itself was probably more about obfuscation than any actual protection mechanism, of course they have probably tweaked something to make it not just decrypt plain using AES on a PC but that is so you couldn't easily break the obfuscation. The history of PSP security measures has been one of security through obscurity, this is just one step in that. They are unlikely to be hiding the algorithms, in fact they could probably say it uses AES and SHA1 HMAC and we would be no closer really to finding anything.

When it comes down to it security of this kind is all about defense in depth and is also assumed to be time limited. If we had never got code to run on the device at all it would be considerably harder to do what has been done. If they hadn't screwed up from day 1 maybe, just maybe, the PSP would still be a "secure" system :)
paulotex
Posts: 19
Joined: Sun Jan 20, 2008 9:28 pm

new ta-090 apparently can be pandorized

Post by paulotex »

Hi.

Just to complete this thread (slightly off-topic): I just found this announcement of a TA-090 that can be Pandorized:
http://psp.tgbus.com/yjzb/200809/20080918093811.shtml
Google engrish translation:
http://translate.google.com/translate?u ... n&ie=UTF-8

(Edit: removed a broken link to an unsupported claim.)
Post Reply