Post: [RELEASE] PS3 IDPS Verifier by Zecoxao
Options
05-15-2015, 12:22 PM
#1
SonyBlack
League Champion
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
Originally posted by another user
To quote: What you see here is a narrowed down version of ps3xport that can be used to verify the idps of your console. the only thing this does is, with the idps set (in main.c as device_id) it'll do its crypto and decrypt archive2.dat initial 0x40 bytes after the header. if the last 16 bytes are zero, it'll say that idps matches (this should happen on an empty after format backup), if not it'll say that idps doesn't match.
In either of the results, it'll output the result to archive2.bin for you guys to analyze.
This'll be later part of a bruteforcer, so that every user that didn't have access to idpstealer can use the tool and obtain it in a short ammount of time (or until TheDarkProgrammer releases his, whichever comes first)
This is the modified main.c that bruteforces the last 8 bytes using only one thread:
In either of the results, it'll output the result to archive2.bin for you guys to analyze.
This'll be later part of a bruteforcer, so that every user that didn't have access to idpstealer can use the tool and obtain it in a short ammount of time (or until TheDarkProgrammer releases his, whichever comes first)
This is the modified main.c that bruteforces the last 8 bytes using only one thread:
Originally posted by another user
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "types.h"
#include "aes.h"
#include "vtrm.h"
int main(){
u8 device_id[0x10] =
{
0x00, 0x00, 0x00, 0x01, 0x00, 0x87, 0x00, 0x05,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int a1,a2,a3,a4,a5,a6,a7,a8;
a1=a2=a3=a4=a5=a6=a7=a8=0;
clock_t start = clock(), diff;
for(a1=0;a1<=0xFF;a1++){
for(a2=0;a2<=0xFF;a2++){
for(a3=0;a3<=0xFF;a3++){
for(a4=0;a4<=0xFF;a4++){
for(a5=0;a5<=0xFF;a5++){
for(a6=0;a6<=0xFF;a6++){
for(a7=0;a7<=0xFF;a7++){
for(a8=0;a8<=0xFF;a8++){
device_id[0x08] = (char)a1;
device_id[0x09] = (char)a2;
device_id[0x0A] = (char)a3;
device_id[0x0B] = (char)a4;
device_id[0x0C] = (char)a5;
device_id[0x0D] = (char)a6;
device_id[0x0E] = (char)a7;
device_id[0x0F] = (char)a8;
u8 buffer[0x40];
u8 zero_iv[0x10];
u8 buffer_enc[0x40];
u8 buffer_dec[0x40];
u8 key[0x10];
u8 iv[0x10];
memset (buffer, 0, 0x40);
memset (buffer_enc, 0, 0x40);
memset (buffer_dec, 0, 0x40);
memset (zero_iv, 0, 0x10);
memcpy (buffer, device_id, 0x10);
vtrm_encrypt (3, buffer, zero_iv);
memcpy (key, buffer, 0x10);
memcpy (iv, buffer + 0x10, 0x10);
FILE *fp= fopen("archive2.dat","rb");
fseek(fp,0x40,SEEK_SET);
fread(buffer_enc,1,0x40,fp);
aes128cbc (key, iv, buffer_enc, 0x40, buffer_dec);
fclose(fp);
FILE *fl= fopen("archive2.bin","wb");
fwrite(buffer_dec,1,0x40,fl);
fclose(fl);
if(memcmp(buffer_dec+0x30,zero_iv,0x10)==0){
printf("this device_id is the right one");
FILE *fx= fopen("idps.bin","wb");
fwrite(device_id,1,0x10,fx);
fclose(fx);
diff = clock() - start;
int msec = diff * 1000 / CLOCKS_PER_SEC;
printf("\nTime taken %d seconds %d milliseconds", msec/1000, msec%1000);
return 0;
}
else{
//printf("\nid: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",device_id[0],device_id[1],device_id[2],device_id[3],device_id[4],device_id[5],device_id[6],device_id[7],device_id[8],device_id[9],device_id[10],device_id[11],device_id[12],device_id[13],device_id[14],device_id[15]);
}
}
}
}
}
}
}
}
}
return -1;
}
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "types.h"
#include "aes.h"
#include "vtrm.h"
int main(){
u8 device_id[0x10] =
{
0x00, 0x00, 0x00, 0x01, 0x00, 0x87, 0x00, 0x05,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int a1,a2,a3,a4,a5,a6,a7,a8;
a1=a2=a3=a4=a5=a6=a7=a8=0;
clock_t start = clock(), diff;
for(a1=0;a1<=0xFF;a1++){
for(a2=0;a2<=0xFF;a2++){
for(a3=0;a3<=0xFF;a3++){
for(a4=0;a4<=0xFF;a4++){
for(a5=0;a5<=0xFF;a5++){
for(a6=0;a6<=0xFF;a6++){
for(a7=0;a7<=0xFF;a7++){
for(a8=0;a8<=0xFF;a8++){
device_id[0x08] = (char)a1;
device_id[0x09] = (char)a2;
device_id[0x0A] = (char)a3;
device_id[0x0B] = (char)a4;
device_id[0x0C] = (char)a5;
device_id[0x0D] = (char)a6;
device_id[0x0E] = (char)a7;
device_id[0x0F] = (char)a8;
u8 buffer[0x40];
u8 zero_iv[0x10];
u8 buffer_enc[0x40];
u8 buffer_dec[0x40];
u8 key[0x10];
u8 iv[0x10];
memset (buffer, 0, 0x40);
memset (buffer_enc, 0, 0x40);
memset (buffer_dec, 0, 0x40);
memset (zero_iv, 0, 0x10);
memcpy (buffer, device_id, 0x10);
vtrm_encrypt (3, buffer, zero_iv);
memcpy (key, buffer, 0x10);
memcpy (iv, buffer + 0x10, 0x10);
FILE *fp= fopen("archive2.dat","rb");
fseek(fp,0x40,SEEK_SET);
fread(buffer_enc,1,0x40,fp);
aes128cbc (key, iv, buffer_enc, 0x40, buffer_dec);
fclose(fp);
FILE *fl= fopen("archive2.bin","wb");
fwrite(buffer_dec,1,0x40,fl);
fclose(fl);
if(memcmp(buffer_dec+0x30,zero_iv,0x10)==0){
printf("this device_id is the right one");
FILE *fx= fopen("idps.bin","wb");
fwrite(device_id,1,0x10,fx);
fclose(fx);
diff = clock() - start;
int msec = diff * 1000 / CLOCKS_PER_SEC;
printf("\nTime taken %d seconds %d milliseconds", msec/1000, msec%1000);
return 0;
}
else{
//printf("\nid: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",device_id[0],device_id[1],device_id[2],device_id[3],device_id[4],device_id[5],device_id[6],device_id[7],device_id[8],device_id[9],device_id[10],device_id[11],device_id[12],device_id[13],device_id[14],device_id[15]);
}
}
}
}
}
}
}
}
}
return -1;
}
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
The following 6 users say thank you to SonyBlack for this useful post:
05-18-2015, 11:03 PM
#6
smhabib
Gobble
stupidness
i modified this for me for 8 threads with each thread handling 0x2100000000 combinations
each a5 round(0x1000000 combinations)takes one minute with a HIGH END overclocked intel 5820k x99 @4.1ghz
so 0xff=255
how much time?
rounding the a5 time to 2 hours and the answer is:
2*255=510*21=10710 hours=446 days
more than a year
now this is very rough estimate cause i wanna sleep now lol
and this program has been damn optimized by me with multi thread cores and still this answer...
p.s my pc can have 12 threads at the same time=12 logical cores
and this is done by bruteforcing the last 6 bytes, not 8(considering chasis num if lucky)
i modified this for me for 8 threads with each thread handling 0x2100000000 combinations
each a5 round(0x1000000 combinations)takes one minute with a HIGH END overclocked intel 5820k x99 @4.1ghz
so 0xff=255
how much time?
rounding the a5 time to 2 hours and the answer is:
2*255=510*21=10710 hours=446 days
more than a year
now this is very rough estimate cause i wanna sleep now lol
and this program has been damn optimized by me with multi thread cores and still this answer...
p.s my pc can have 12 threads at the same time=12 logical cores
and this is done by bruteforcing the last 6 bytes, not 8(considering chasis num if lucky)
05-18-2015, 11:13 PM
#7
Im_YouViolateMe
NextGenUpdate Elite
Originally posted by SonyBlack
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
When I first read the title, I thought this was a tool that verified if a CID was legit and if it was banned/unbanned lol guess I was wrong.
05-19-2015, 12:26 PM
#8
Snoop
I’m too L33T
bro! Its kinda rude of you to just tell me to test your coldboot and say you will help me but then u stop responding.
Originally posted by SonyBlack
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.
I plan to make it using more threads, but i still don't know how to use thread management.
You must login or register to view this content.
You must login or register to view this content.
05-19-2015, 04:01 PM
#9
ELITE xxmcvapourxx
Guest
Originally posted by smhabib
stupidness
i modified this for me for 8 threads with each thread handling 0x2100000000 combinations
each a5 round(0x1000000 combinations)takes one minute with a HIGH END overclocked intel 5820k x99 @4.1ghz
so 0xff=255
how much time?
rounding the a5 time to 2 hours and the answer is:
2*255=510*21=10710 hours=446 days
more than a year
now this is very rough estimate cause i wanna sleep now lol
and this program has been damn optimized by me with multi thread cores and still this answer...
p.s my pc can have 12 threads at the same time=12 logical cores
and this is done by bruteforcing the last 6 bytes, not 8(considering chasis num if lucky)
i modified this for me for 8 threads with each thread handling 0x2100000000 combinations
each a5 round(0x1000000 combinations)takes one minute with a HIGH END overclocked intel 5820k x99 @4.1ghz
so 0xff=255
how much time?
rounding the a5 time to 2 hours and the answer is:
2*255=510*21=10710 hours=446 days
more than a year
now this is very rough estimate cause i wanna sleep now lol
and this program has been damn optimized by me with multi thread cores and still this answer...
p.s my pc can have 12 threads at the same time=12 logical cores
and this is done by bruteforcing the last 6 bytes, not 8(considering chasis num if lucky)
Welcome Habib your second post LOOOOOOOOL about time you came on here....hahahaha
05-19-2015, 05:57 PM
#10
smhabib
Gobble
since i know this is madness, im leaving this here
You must login or register to view this content.
its optimized ALOT(i mean it!)
it uses 8 threads(8 cores amd or 4 cores i7(hyperthreading))
each thread handles 10000000000 combinations
P.S:im not responsible for any damages cause your pc will run hot!
you can modify the above src to try random numbers and see if you are lucky
this app bruteforces last 6 bytes(not
.the first two are chassis check, you gotta be lucky!
You must login or register to view this content.
its optimized ALOT(i mean it!)
it uses 8 threads(8 cores amd or 4 cores i7(hyperthreading))
each thread handles 10000000000 combinations
P.S:im not responsible for any damages cause your pc will run hot!
you can modify the above src to try random numbers and see if you are lucky
this app bruteforces last 6 bytes(not
.the first two are chassis check, you gotta be lucky!
The following user thanked smhabib for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
