Post: [RELEASE] SceNpTrophySignature
05-24-2017, 08:16 PM #1
(adsbygoogle = window.adsbygoogle || []).push({}); Hello NextGenUpdate,

I was really curious and bored and decided to tinker with SceNpTrophySignature stored inside decrypted ESFM (trophy) files, specifically TROP.ESFM from Call of Duty: MWR that I released on Twitter. The first thing I did was get the Sce-Np-Trophy-Signature tag inside the decrypted file, and created a new file and converted it to hex.

The output should be looking similar to this (will change on different file of course):
    
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000 4C 39 B9 8C 01 00 00 00 00 00 00 00 80 B9 E0 DE L9¹Œ........€¹àÞ
00000010 C1 C8 ED DB D9 0C F4 5D 7E CE 2A 65 6C 9D 7F F5 ÁÈíÛÙ.ô]~Î*el..õ
00000020 96 77 C4 7D 73 52 09 B7 35 69 89 BD 5A CE 0A 82 –wÄ}sR.·5i‰½ZÎ.‚
00000030 C8 58 06 B6 22 8B 5B 26 A7 A8 AB D1 C4 62 92 6D ÈX.¶"‹[&§¨«ÑÄb’m
00000040 5A 99 56 AD 6D 13 97 4B 2E 12 EB 23 DE A3 3D D2 Z™V.m.—K..ë#Þ£=Ò
00000050 57 25 70 00 DF D0 8F 73 83 19 84 D2 BC 56 15 FE W%p.ßÐ.sƒ.„Ò¼V.þ
00000060 EB 39 FB D8 A9 91 BF B5 60 1F 0D D8 4C E5 F3 5B ë9ûØ©‘¿µ`..ØLåó[
00000070 AA 52 AA 58 DB CA 0A 8D 77 B8 41 E6 DE E8 D1 5C ªRªXÛÊ..w¸AæÞèÑ\
00000080 1D BF 39 E2 34 F1 1D 16 DB CA 27 C7 EB 67 82 87 .¿9â4ñ..ÛÊ'Çëg‚‡
00000090 32 AD 80 43 A7 68 23 61 FC AC D8 FF E9 2B 54 17 2.€C§h#aü¬Øÿé+T.


The structure of this goes as the following:
    
typedef struct {
u8 digest[20];
u8 signature[128];
} SceNpTrophySignature;

typedef struct {
u32 magic; // (0x4C39B98C)
u64 version; // (1.00)
SceNpTrophySignature signature;
} SceNpTrophyHeader;


The digest described in the structure is a SHA-1 HMAC hash and signature is signed by RSA. The hunt was on to find keys to generate the digest and find keys for RSA. But of course only public keys were to be found. If someone can factor Modulus for RSA plz let me know kthnx. The keys were fairly easy to find.

    
private byte[] SceNpTrophyXmlShaHmacKey = new byte[64] {
0x6A, 0xC0, 0xB3, 0xFB, 0x1E, 0xBB, 0x4F, 0xB7, 0xBC, 0xC2, 0xA0, 0x0D, 0xA3, 0xA2, 0xA4, 0xBD,
0xBC, 0xB7, 0x88, 0xEC, 0x45, 0x67, 0x48, 0xCC, 0x86, 0xCD, 0x9D, 0x09, 0xEF, 0x37, 0x93, 0x7F,
0x6E, 0xE3, 0x11, 0x67, 0x77, 0x8E, 0x41, 0x4E, 0x9B, 0x71, 0x1B, 0xE9, 0xD8, 0xCB, 0xB5, 0xF8,
0x95, 0x6E, 0x45, 0x4E, 0xE9, 0x4A, 0x46, 0xC3, 0x9D, 0xC4, 0xFF, 0x0D, 0x09, 0x0B, 0x92, 0xB7
};

static RSAParameters param = new RSAParameters() {
Modulus = new byte[128] {
0xCA, 0x30, 0xCE, 0xE5, 0x9B, 0xF1, 0x9E, 0x04, 0x1F, 0x6F, 0x02, 0xC5, 0x4A, 0xE4, 0x2C, 0xD6,
0x76, 0x91, 0x85, 0xE1, 0x57, 0xAB, 0x86, 0x59, 0xB7, 0x0D, 0xCE, 0xC0, 0xC3, 0xEE, 0x60, 0x39,
0xFF, 0x95, 0x2F, 0xD9, 0x76, 0x7D, 0x35, 0x47, 0x4B, 0x11, 0xBB, 0x55, 0x14, 0x20, 0x5C, 0x55,
0x38, 0x64, 0xF7, 0x7B, 0xD4, 0xDA, 0x89, 0x9B, 0x30, 0x11, 0x0B, 0x0E, 0xA4, 0xF8, 0xAD, 0x33,
0xFB, 0xE0, 0x35, 0x0E, 0x08, 0x5B, 0x2A, 0x92, 0xA7, 0xD3, 0x27, 0x97, 0x81, 0x10, 0xAA, 0xB9,
0x50, 0x85, 0x73, 0x02, 0x35, 0x40, 0x81, 0x56, 0x70, 0x7C, 0x3B, 0x22, 0x38, 0xF9, 0x78, 0xBF,
0xF4, 0xF3, 0x08, 0x06, 0x38, 0x09, 0xAE, 0xAF, 0xB2, 0xF9, 0xAE, 0xC6, 0x2E, 0x19, 0x68, 0xCF,
0xF5, 0x8B, 0x9B, 0xA8, 0x34, 0xB3, 0x58, 0x8C, 0x92, 0xC8, 0x41, 0x1C, 0x54, 0x8B, 0xFC, 0x49
},

Exponent = new byte[4] {
0x00, 0x01, 0x00, 0x01
}
};


To calculate the SHA-1 HMAC hash all you have to do is get data in the decrypted ESFM starting from <trophyconf tag all the way to the end. In the end there might be some padding (0D) make sure to delete up to hex value (0A), and you'll have to add the data from SceNpTrophyHeader struct to the end to calculate the hash.

Since we cannot sign our own signature due to us not having the private keys, all we can do is verify our signature and see that it's valid and came from in this case Sony. To verify, you'll have to generate a SHA1 hash of a message. The message is the same thing as what you used to calculate the SHA-1 HMAC hash but now you'll have to add SceNpTrophySignature->digest to the end of the file.

I'm going to be including the stock TROP.ESFM (untouched) file I used, calc.bin file that I used to calculate the hash and verify signature, and the Sce-Np-Trophy-Signature (which you can easily do with the already included TROP.ESFM but why not). I'm also going to include the source code to the tool I used to calculate everything. All the files are going to be stored in the /bin folder.

P.S: They used the same keys on Playstation 3.

Download link:
You must login or register to view this content.

Virus scan:
You must login or register to view this content.
Last edited by Red-EyeX32 ; 05-24-2017 at 08:29 PM.

The following 20 users say thank you to Red-EyeX32 for this useful post:

2much4u, Algebra, BaumHF1, Big_Buddha, BurtE, CavaloDeTroia10, DEv_ShOoTz, Dog88Christian, Hydrogen, Beats, LaughTracks, Levisaurus, NGU GHOST, NUKES_mAn97, Playstation VR, seb5594, Dacoco, Specter, SWAT CLAN, Xx-GIPPI-xX
05-24-2017, 08:19 PM #2
Dacoco
I void warranties.
first
05-24-2017, 08:41 PM #3
Originally posted by EyeX32 View Post
Hello NextGenUpdate,

I was really curious and bored and decided to tinker with SceNpTrophySignature stored inside decrypted ESFM (trophy) files, specifically TROP.ESFM from Call of Duty: MWR that I released on Twitter. The first thing I did was get the Sce-Np-Trophy-Signature tag inside the decrypted file, and created a new file and converted it to hex.

The output should be looking similar to this (will change on different file of course):
    
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000 4C 39 B9 8C 01 00 00 00 00 00 00 00 80 B9 E0 DE L9¹Œ........€¹àÞ
00000010 C1 C8 ED DB D9 0C F4 5D 7E CE 2A 65 6C 9D 7F F5 ÁÈíÛÙ.ô]~Î*el..õ
00000020 96 77 C4 7D 73 52 09 B7 35 69 89 BD 5A CE 0A 82 –wÄ}sR.·5i‰½ZÎ.‚
00000030 C8 58 06 B6 22 8B 5B 26 A7 A8 AB D1 C4 62 92 6D ÈX.¶"‹[&§¨«ÑÄb’m
00000040 5A 99 56 AD 6D 13 97 4B 2E 12 EB 23 DE A3 3D D2 Z™V.m.—K..ë#Þ£=Ò
00000050 57 25 70 00 DF D0 8F 73 83 19 84 D2 BC 56 15 FE W%p.ßÐ.sƒ.„Ò¼V.þ
00000060 EB 39 FB D8 A9 91 BF B5 60 1F 0D D8 4C E5 F3 5B ë9ûØ©‘¿µ`..ØLåó[
00000070 AA 52 AA 58 DB CA 0A 8D 77 B8 41 E6 DE E8 D1 5C ªRªXÛÊ..w¸AæÞèÑ\
00000080 1D BF 39 E2 34 F1 1D 16 DB CA 27 C7 EB 67 82 87 .¿9â4ñ..ÛÊ'Çëg‚‡
00000090 32 AD 80 43 A7 68 23 61 FC AC D8 FF E9 2B 54 17 2.€C§h#aü¬Øÿé+T.


The structure of this goes as the following:
    
typedef struct {
u8 digest[20];
u8 signature[128];
} SceNpTrophySignature;

typedef struct {
u32 magic; // (0x4C39B98C)
u64 version; // (1.00)
SceNpTrophySignature signature;
} SceNpTrophyHeader;


The digest described in the structure is a SHA-1 HMAC hash and signature is signed by RSA. The hunt was on to find keys to generate the digest and find keys for RSA. But of course only public keys were to be found. If someone can factor Modulus for RSA plz let me know kthnx. The keys were fairly easy to find.

    
private byte[] SceNpTrophyXmlShaHmacKey = new byte[64] {
0x6A, 0xC0, 0xB3, 0xFB, 0x1E, 0xBB, 0x4F, 0xB7, 0xBC, 0xC2, 0xA0, 0x0D, 0xA3, 0xA2, 0xA4, 0xBD,
0xBC, 0xB7, 0x88, 0xEC, 0x45, 0x67, 0x48, 0xCC, 0x86, 0xCD, 0x9D, 0x09, 0xEF, 0x37, 0x93, 0x7F,
0x6E, 0xE3, 0x11, 0x67, 0x77, 0x8E, 0x41, 0x4E, 0x9B, 0x71, 0x1B, 0xE9, 0xD8, 0xCB, 0xB5, 0xF8,
0x95, 0x6E, 0x45, 0x4E, 0xE9, 0x4A, 0x46, 0xC3, 0x9D, 0xC4, 0xFF, 0x0D, 0x09, 0x0B, 0x92, 0xB7
};

static RSAParameters param = new RSAParameters() {
Modulus = new byte[128] {
0xCA, 0x30, 0xCE, 0xE5, 0x9B, 0xF1, 0x9E, 0x04, 0x1F, 0x6F, 0x02, 0xC5, 0x4A, 0xE4, 0x2C, 0xD6,
0x76, 0x91, 0x85, 0xE1, 0x57, 0xAB, 0x86, 0x59, 0xB7, 0x0D, 0xCE, 0xC0, 0xC3, 0xEE, 0x60, 0x39,
0xFF, 0x95, 0x2F, 0xD9, 0x76, 0x7D, 0x35, 0x47, 0x4B, 0x11, 0xBB, 0x55, 0x14, 0x20, 0x5C, 0x55,
0x38, 0x64, 0xF7, 0x7B, 0xD4, 0xDA, 0x89, 0x9B, 0x30, 0x11, 0x0B, 0x0E, 0xA4, 0xF8, 0xAD, 0x33,
0xFB, 0xE0, 0x35, 0x0E, 0x08, 0x5B, 0x2A, 0x92, 0xA7, 0xD3, 0x27, 0x97, 0x81, 0x10, 0xAA, 0xB9,
0x50, 0x85, 0x73, 0x02, 0x35, 0x40, 0x81, 0x56, 0x70, 0x7C, 0x3B, 0x22, 0x38, 0xF9, 0x78, 0xBF,
0xF4, 0xF3, 0x08, 0x06, 0x38, 0x09, 0xAE, 0xAF, 0xB2, 0xF9, 0xAE, 0xC6, 0x2E, 0x19, 0x68, 0xCF,
0xF5, 0x8B, 0x9B, 0xA8, 0x34, 0xB3, 0x58, 0x8C, 0x92, 0xC8, 0x41, 0x1C, 0x54, 0x8B, 0xFC, 0x49
},

Exponent = new byte[4] {
0x00, 0x01, 0x00, 0x01
}
};


To calculate the SHA-1 HMAC hash all you have to do is get data in the decrypted ESFM starting from <trophyconf tag all the way to the end. In the end there might be some padding (0D) make sure to delete up to hex value (0A), and you'll have to add the data from SceNpTrophyHeader struct to the end to calculate the hash.

Since we cannot sign our own signature due to us not having the private keys, all we can do is verify our signature and see that it's valid and came from in this case Sony. To verify, you'll have to generate a SHA1 hash of a message. The message is the same thing as what you used to calculate the SHA-1 HMAC hash but now you'll have to add SceNpTrophySignature->digest to the end of the file.

I'm going to be including the stock TROP.ESFM (untouched) file I used, calc.bin file that I used to calculate the hash and verify signature, and the Sce-Np-Trophy-Signature (which you can easily do with the already included TROP.ESFM but why not). I'm also going to include the source code to the tool I used to calculate everything. All the files are going to be stored in the /bin folder.

P.S: They used the same keys on Playstation 3.

Download link:
You must login or register to view this content.

Virus scan:
You must login or register to view this content.


Where have the modded bo1 savegames been? Fucking god mode and all that shit Them feels
05-25-2017, 02:05 AM #4
Hydrogen
Super Mod
Third Sal

Nice job Red :3
05-25-2017, 02:16 AM #5
Best Mate
Dark Knight
4th wth did I just read. :/
05-25-2017, 11:49 AM #6
CavaloDeTroia10
Do a barrel roll!
RedEye always the best
05-27-2017, 03:38 AM #7
cjmurder123
What do I say here?
Originally posted by EyeX32 View Post
If someone can factor Modulus for RSA plz let me know kthnx


Do you know the modulus N? Do you know d and e?
05-27-2017, 03:46 AM #8
Originally posted by cjmurder123 View Post
Do you know the modulus N? Do you know d and e?


The modulus (n) and exponent (e) is there above. d is the private key which is unknown.
05-28-2017, 01:33 AM #9
seb5594
Proud Former Admin
I'm curious about what you will publish in the future.
Pretty sure you will try to make something like a trophy resigner Cool Man (aka Tustin)

PS: Still no access to kernel stuff - waiting for an exploit Happy
05-29-2017, 08:58 PM #10
ProtoBuffers
Bounty hunter
If the keys are the same wouldn't their be a few available games to edit already? Ex:
PLJM84002 Battlefield 4 [PS4]
CUSA00049 Battlefield 4 [PS4]
CUSA00110 Battlefield 4 [PS4]

These are listed under the PS3 Bruteforce tool by Aldo

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo