Post: [RELEASE] PS3 IDPS Verifier by Zecoxao
Options
05-15-2015, 12:22 PM
#1
SonyBlack
League Champion
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
Originally posted by another user
To quote: What you see here is a narrowed down version of ps3xport that can be used to verify the idps of your console. the only thing this does is, with the idps set (in main.c as device_id) it'll do its crypto and decrypt archive2.dat initial 0x40 bytes after the header. if the last 16 bytes are zero, it'll say that idps matches (this should happen on an empty after format backup), if not it'll say that idps doesn't match.
In either of the results, it'll output the result to archive2.bin for you guys to analyze.
This'll be later part of a bruteforcer, so that every user that didn't have access to idpstealer can use the tool and obtain it in a short ammount of time (or until TheDarkProgrammer releases his, whichever comes first)
This is the modified main.c that bruteforces the last 8 bytes using only one thread:
In either of the results, it'll output the result to archive2.bin for you guys to analyze.
This'll be later part of a bruteforcer, so that every user that didn't have access to idpstealer can use the tool and obtain it in a short ammount of time (or until TheDarkProgrammer releases his, whichever comes first)
This is the modified main.c that bruteforces the last 8 bytes using only one thread:
Originally posted by another user
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "types.h"
#include "aes.h"
#include "vtrm.h"
int main(){
u8 device_id[0x10] =
{
0x00, 0x00, 0x00, 0x01, 0x00, 0x87, 0x00, 0x05,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int a1,a2,a3,a4,a5,a6,a7,a8;
a1=a2=a3=a4=a5=a6=a7=a8=0;
clock_t start = clock(), diff;
for(a1=0;a1<=0xFF;a1++){
for(a2=0;a2<=0xFF;a2++){
for(a3=0;a3<=0xFF;a3++){
for(a4=0;a4<=0xFF;a4++){
for(a5=0;a5<=0xFF;a5++){
for(a6=0;a6<=0xFF;a6++){
for(a7=0;a7<=0xFF;a7++){
for(a8=0;a8<=0xFF;a8++){
device_id[0x08] = (char)a1;
device_id[0x09] = (char)a2;
device_id[0x0A] = (char)a3;
device_id[0x0B] = (char)a4;
device_id[0x0C] = (char)a5;
device_id[0x0D] = (char)a6;
device_id[0x0E] = (char)a7;
device_id[0x0F] = (char)a8;
u8 buffer[0x40];
u8 zero_iv[0x10];
u8 buffer_enc[0x40];
u8 buffer_dec[0x40];
u8 key[0x10];
u8 iv[0x10];
memset (buffer, 0, 0x40);
memset (buffer_enc, 0, 0x40);
memset (buffer_dec, 0, 0x40);
memset (zero_iv, 0, 0x10);
memcpy (buffer, device_id, 0x10);
vtrm_encrypt (3, buffer, zero_iv);
memcpy (key, buffer, 0x10);
memcpy (iv, buffer + 0x10, 0x10);
FILE *fp= fopen("archive2.dat","rb");
fseek(fp,0x40,SEEK_SET);
fread(buffer_enc,1,0x40,fp);
aes128cbc (key, iv, buffer_enc, 0x40, buffer_dec);
fclose(fp);
FILE *fl= fopen("archive2.bin","wb");
fwrite(buffer_dec,1,0x40,fl);
fclose(fl);
if(memcmp(buffer_dec+0x30,zero_iv,0x10)==0){
printf("this device_id is the right one");
FILE *fx= fopen("idps.bin","wb");
fwrite(device_id,1,0x10,fx);
fclose(fx);
diff = clock() - start;
int msec = diff * 1000 / CLOCKS_PER_SEC;
printf("\nTime taken %d seconds %d milliseconds", msec/1000, msec%1000);
return 0;
}
else{
//printf("\nid: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",device_id[0],device_id[1],device_id[2],device_id[3],device_id[4],device_id[5],device_id[6],device_id[7],device_id[8],device_id[9],device_id[10],device_id[11],device_id[12],device_id[13],device_id[14],device_id[15]);
}
}
}
}
}
}
}
}
}
return -1;
}
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "types.h"
#include "aes.h"
#include "vtrm.h"
int main(){
u8 device_id[0x10] =
{
0x00, 0x00, 0x00, 0x01, 0x00, 0x87, 0x00, 0x05,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int a1,a2,a3,a4,a5,a6,a7,a8;
a1=a2=a3=a4=a5=a6=a7=a8=0;
clock_t start = clock(), diff;
for(a1=0;a1<=0xFF;a1++){
for(a2=0;a2<=0xFF;a2++){
for(a3=0;a3<=0xFF;a3++){
for(a4=0;a4<=0xFF;a4++){
for(a5=0;a5<=0xFF;a5++){
for(a6=0;a6<=0xFF;a6++){
for(a7=0;a7<=0xFF;a7++){
for(a8=0;a8<=0xFF;a8++){
device_id[0x08] = (char)a1;
device_id[0x09] = (char)a2;
device_id[0x0A] = (char)a3;
device_id[0x0B] = (char)a4;
device_id[0x0C] = (char)a5;
device_id[0x0D] = (char)a6;
device_id[0x0E] = (char)a7;
device_id[0x0F] = (char)a8;
u8 buffer[0x40];
u8 zero_iv[0x10];
u8 buffer_enc[0x40];
u8 buffer_dec[0x40];
u8 key[0x10];
u8 iv[0x10];
memset (buffer, 0, 0x40);
memset (buffer_enc, 0, 0x40);
memset (buffer_dec, 0, 0x40);
memset (zero_iv, 0, 0x10);
memcpy (buffer, device_id, 0x10);
vtrm_encrypt (3, buffer, zero_iv);
memcpy (key, buffer, 0x10);
memcpy (iv, buffer + 0x10, 0x10);
FILE *fp= fopen("archive2.dat","rb");
fseek(fp,0x40,SEEK_SET);
fread(buffer_enc,1,0x40,fp);
aes128cbc (key, iv, buffer_enc, 0x40, buffer_dec);
fclose(fp);
FILE *fl= fopen("archive2.bin","wb");
fwrite(buffer_dec,1,0x40,fl);
fclose(fl);
if(memcmp(buffer_dec+0x30,zero_iv,0x10)==0){
printf("this device_id is the right one");
FILE *fx= fopen("idps.bin","wb");
fwrite(device_id,1,0x10,fx);
fclose(fx);
diff = clock() - start;
int msec = diff * 1000 / CLOCKS_PER_SEC;
printf("\nTime taken %d seconds %d milliseconds", msec/1000, msec%1000);
return 0;
}
else{
//printf("\nid: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",device_id[0],device_id[1],device_id[2],device_id[3],device_id[4],device_id[5],device_id[6],device_id[7],device_id[8],device_id[9],device_id[10],device_id[11],device_id[12],device_id[13],device_id[14],device_id[15]);
}
}
}
}
}
}
}
}
}
return -1;
}
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
The following 6 users say thank you to SonyBlack for this useful post:
11-05-2015, 05:42 PM
#11
onlyeyes
Gobble
Originally posted by smhabib
since i know this is madness, im leaving this here
You must login or register to view this content.
its optimized ALOT(i mean it!)
it uses 8 threads(8 cores amd or 4 cores i7(hyperthreading))
each thread handles 10000000000 combinations
P.S:im not responsible for any damages cause your pc will run hot!
you can modify the above src to try random numbers and see if you are lucky
this app bruteforces last 6 bytes(not
.the first two are chassis check, you gotta be lucky!
You must login or register to view this content.
its optimized ALOT(i mean it!)
it uses 8 threads(8 cores amd or 4 cores i7(hyperthreading))
each thread handles 10000000000 combinations
P.S:im not responsible for any damages cause your pc will run hot!
you can modify the above src to try random numbers and see if you are lucky
this app bruteforces last 6 bytes(not
.the first two are chassis check, you gotta be lucky!
please!!!, the link is down, is possible a new link????
11-05-2015, 07:24 PM
#12
onlyeyes
Gobble
Originally posted by smhabib
since i know this is madness, im leaving this here
You must login or register to view this content.
its optimized ALOT(i mean it!)
it uses 8 threads(8 cores amd or 4 cores i7(hyperthreading))
each thread handles 10000000000 combinations
P.S:im not responsible for any damages cause your pc will run hot!
you can modify the above src to try random numbers and see if you are lucky
this app bruteforces last 6 bytes(not.the first two are chassis check, you gotta be lucky!
You must login or register to view this content.
its optimized ALOT(i mean it!)
it uses 8 threads(8 cores amd or 4 cores i7(hyperthreading))
each thread handles 10000000000 combinations
P.S:im not responsible for any damages cause your pc will run hot!
you can modify the above src to try random numbers and see if you are lucky
this app bruteforces last 6 bytes(not
.the first two are chassis check, you gotta be lucky!
please!!!, the link is down, is possible a new link????
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
