that can be used to verify the idps of your console. the only thing this does is, with the idps set (in main.c as device_id) it'll do its crypto and decrypt archive2.dat initial 0x40 bytes after the header. if the last 16 bytes are zero, it'll say that idps matches (this should happen on an empty after format backup), if not it'll say that idps doesn't match.
In either of the results, it'll output the result to archive2.bin for you guys to analyze.
This'll be later part of a bruteforcer, so that every user that didn't have access to idpstealer can use the tool and obtain it in a short ammount of time (or until TheDarkProgrammer releases his, whichever comes first)
This is the modified main.c that bruteforces the last 8 bytes using only one thread:
Originally posted by another user
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "types.h"
#include "aes.h"
#include "vtrm.h"
int main(){
u8 device_id[0x10] =
{
0x00, 0x00, 0x00, 0x01, 0x00, 0x87, 0x00, 0x05,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int a1,a2,a3,a4,a5,a6,a7,a8;
a1=a2=a3=a4=a5=a6=a7=a8=0;
clock_t start = clock(), diff;
for(a1=0;a1<=0xFF;a1++){
for(a2=0;a2<=0xFF;a2++){
for(a3=0;a3<=0xFF;a3++){
for(a4=0;a4<=0xFF;a4++){
for(a5=0;a5<=0xFF;a5++){
for(a6=0;a6<=0xFF;a6++){
for(a7=0;a7<=0xFF;a7++){
for(a8=0;a8<=0xFF;a8++){
device_id[0x08] = (char)a1;
device_id[0x09] = (char)a2;
device_id[0x0A] = (char)a3;
device_id[0x0B] = (char)a4;
device_id[0x0C] = (char)a5;
device_id[0x0D] = (char)a6;
device_id[0x0E] = (char)a7;
device_id[0x0F] = (char)a8;
u8 buffer[0x40];
u8 zero_iv[0x10];
u8 buffer_enc[0x40];
u8 buffer_dec[0x40];
u8 key[0x10];
u8 iv[0x10];
memset (buffer, 0, 0x40);
memset (buffer_enc, 0, 0x40);
memset (buffer_dec, 0, 0x40);
memset (zero_iv, 0, 0x10);
memcpy (buffer, device_id, 0x10);
vtrm_encrypt (3, buffer, zero_iv);
memcpy (key, buffer, 0x10);
memcpy (iv, buffer + 0x10, 0x10);
FILE *fp= fopen("archive2.dat","rb");
fseek(fp,0x40,SEEK_SET);
fread(buffer_enc,1,0x40,fp);
aes128cbc (key, iv, buffer_enc, 0x40, buffer_dec);
fclose(fp);
FILE *fl= fopen("archive2.bin","wb");
fwrite(buffer_dec,1,0x40,fl);
fclose(fl);
if(memcmp(buffer_dec+0x30,zero_iv,0x10)==0){
printf("this device_id is the right one");
FILE *fx= fopen("idps.bin","wb");
fwrite(device_id,1,0x10,fx);
fclose(fx);
diff = clock() - start;
int msec = diff * 1000 / CLOCKS_PER_SEC;
printf("\nTime taken %d seconds %d milliseconds", msec/1000, msec%1000);
return 0;
}
else{
//printf("\nid: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",device_id[0],device_id[1],device_id[2],device_id[3],device_id[4],device_id[5],device_id[6],device_id[7],device_id[8],device_id[9],device_id[10],device_id[11],device_id[12],device_id[13],device_id[14],device_id[15]);
}
}
}
}
}
}
}
}
}
return -1;
}