Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [00:16] <@Draan> Mathieulh: haha, nice then. IIRC we need kirk 7 key to sign kernel modules
- [00:17] <Zecoxao> what about that guy, Proxima?
- [00:17] <Zecoxao> seems like he's finding interesting stuff
- [00:18] <@Draan> kirk 7 key is used to encrypt kernel header iirc
- [00:18] <@Draan> ECDSA encrytion is used to encrypt the file itself
- [00:18] == RoxFox64 [~RoxFox64@66-190-90-133.dhcp.athn.ga.charter.com] has quit [Ping timeout: 258 seconds]
- [00:18] <@Draan> looks like Proxima figured out that stuff
- [00:22] <+Mathieulh> you can calculate the priv
- [00:22] <+Mathieulh> for kirk 0x01
- [00:22] <+Mathieulh> that's enough to fake sign any kernel module
- [00:22] <+Mathieulh> with what you already have
- [00:23] <some1_> you need to forge ~PSP header as well
- [00:24] <Zecoxao> so all you need is kirk 7?
- [00:25] <+Mathieulh> you don't need kirk 7 cause you can reuse sony's own stuff
- [00:25] <some1_> lol, so back to fake signing?
- [00:25] <@Draan> kernel modules? xD
- [00:25] <+Mathieulh> the same reason you don't need the curves for ecdsa
- [00:25] <+Mathieulh> because you can reuse their R value
- [00:27] <@Draan> Mathieulh: well...so it's possibile to sign an updater?
- [00:28] <some1_> I'm sure perm cfw will be out by the end of the year
- [00:28] <some1_> actually, I'm surprised its not further along already
- [00:29] <@PspHellcat> o_O
- [00:29] <@PspHellcat> nold?
- [00:29] <some1_> lolno
- [00:29] <@Draan> artart? o_O
- [00:29] <+Mathieulh> Draan yes it is
- [00:29] <+Mathieulh> but there is no point
- [00:30] <+Mathieulh> because we already have a kernel exploit
- [00:30] <+Mathieulh> also sony can fix this in their next firmware
- [00:30] <some1_> mhmm
- [00:30] <@PspHellcat> sploits can be fixed
- [00:30] <+Mathieulh> by using cmd 0x10
- [00:31] <+Mathieulh> there is another neat exploit out there anyway
- [00:31] <+Mathieulh> it's just not public
- [00:32] <+Mathieulh> and I am not the one who found it so meh....
- [00:34] <Zecoxao> so, it's possible to fake sign kernel applications without the fear for a system update or not?
- [00:34] <@Draan> no, they can fix it
- [00:34] <+Mathieulh> yah
- [00:34] <@JEEB> unless something is done in hardware I'd say system updates can fix everything
- [00:34] <+Mathieulh> they can just stop using cmd 0x01
- [00:34] <some1_> yup
- [00:34] <@JEEB> yeh
- [00:34] <@Draan> because they can change kernel encryption as they wish
- [00:34] <+Mathieulh> and provide their own pub + priv
- [00:34] <some1_> find an exploit in pre-ipl tho, screwed for life :D
- [00:35] <+Mathieulh> not really
- [00:35] <+Mathieulh> you'd still need a way to write your ipl
- [00:35] <+Mathieulh> basically you'd need service mode + your own IPL
- [00:35] <+Mathieulh> then you are settled
- [00:35] <some1_> well, if you can obtain pre-ipl somehow, I'm sure you can forge the 0x20 hash
- [00:36] <@Draan> btw, i think we can truesign IPLs for old devices ;)
- [00:36] <@Draan> as it uses only 0x1
- [00:36] <some1_> or I should say, most likely 0x14 hash + salt
- [00:36] <+Mathieulh> well, we can sign the ecdsa
- [00:36] <+Mathieulh> for a pspgo or 3k ip
- [00:36] <+Mathieulh> ipl*
- [00:37] <+Mathieulh> cause we have the priv
- [00:37] <+Mathieulh> but we don't know how they generate the 0x20 hash
- [00:37] <+Mathieulh> that's what's stopping us
- [00:37] <some1_> mhmm
- [00:37] <@Draan> bruteforce anyone? xD
- [00:37] <some1_> lmao
- [00:37] <@JEEB> lol
- [00:38] <@PspHellcat> knowing sony
- [00:38] * JEEB coughs and looks at the access key to a computing cluster
- [00:38] <@PspHellcat> its some lazy XOR
- [00:38] <some1_> it could be anythign tbh
- [00:38] <some1_> sha-1 + xor + possible encryption
- [00:38] <some1_> + salt
- [00:39] <@JEEB> yah
- [00:41] <+Mathieulh> I think we abused the only possible pre-ipl exploits
- [00:41] <+Mathieulh> and they closed them
- [00:41] <+Mathieulh> the only way now would be to decap
- [00:41] <some2_> <Draan> bruteforce anyone? xD <--- grab an 88v3 and go ahead and start xP
Add Comment
Please, Sign In to add comment