wraggster
July 1st, 2010, 12:35
News via http://www.psp-hacks.com/2010/06/30/psardumper-for-psp-firmware-6-30/
Grab your PSP, dosey dough, round and round and round we go… You’re no doubt familiar with this scenario — you’ve witnessed it countless times… Sony pushes a firmware update, and a day or two later, it’s dumped & decrypted. This time ’round it only took like 24 hours. So kudos to you hrimfaxi — you’re the shit!
The technical deets:
In 6.30 firmware Sony has add two new types of PRX to protect their executable. But we only spend one day to crack that. Currently there is only psp phat key, but it should be enough though.
Key detail:
/* 6.30 phat kernel s_code 0x43 type 3 */
u8 key_4c9484f0[16] = {
0x36, 0xB0, 0xDC, 0xFC, 0x59, 0x2A, 0x95, 0x1D,
0x80, 0x2D, 0x80, 0x3F, 0xCD, 0x30, 0xA0, 0x1B,
};
/* 6.30 phat kernel-2, s_code 0x5b type 3 */
u8 key_457b80f0[16] = {
0xd4, 0x35, 0x18, 0x02, 0x29, 0x68, 0xfb, 0xa0,
0x6a, 0xa9, 0xa5, 0xed, 0x78, 0xfd, 0x2e, 0x9d
};
/* used by vshmain.prx, s_code 0x5a, type 3 */
u8 key_380280f0[16] = {
0x97, 0x09, 0x12, 0xD3, 0xDB, 0x02, 0xBD, 0xD8,
0xE7, 0x74, 0x51, 0xFE, 0xF0, 0xEA, 0x6C, 0x5C,
};
DecryptPRX2 cannot handle these new "type 3" prx, so I imported PSPCipher kprx_decrypt function to make this psardumper to work.
After decrypting, a new game key (0xd91680f0) is found in mesg_led_01.prx. It is likely we kicked sony's ass again.
Credit: tpu dumped the IPL, and I found out what happened to the IPL decryptor.
Note: this source has been already covered by GPLv3 becuase of the usage of PSPCipher source.
Grab your PSP, dosey dough, round and round and round we go… You’re no doubt familiar with this scenario — you’ve witnessed it countless times… Sony pushes a firmware update, and a day or two later, it’s dumped & decrypted. This time ’round it only took like 24 hours. So kudos to you hrimfaxi — you’re the shit!
The technical deets:
In 6.30 firmware Sony has add two new types of PRX to protect their executable. But we only spend one day to crack that. Currently there is only psp phat key, but it should be enough though.
Key detail:
/* 6.30 phat kernel s_code 0x43 type 3 */
u8 key_4c9484f0[16] = {
0x36, 0xB0, 0xDC, 0xFC, 0x59, 0x2A, 0x95, 0x1D,
0x80, 0x2D, 0x80, 0x3F, 0xCD, 0x30, 0xA0, 0x1B,
};
/* 6.30 phat kernel-2, s_code 0x5b type 3 */
u8 key_457b80f0[16] = {
0xd4, 0x35, 0x18, 0x02, 0x29, 0x68, 0xfb, 0xa0,
0x6a, 0xa9, 0xa5, 0xed, 0x78, 0xfd, 0x2e, 0x9d
};
/* used by vshmain.prx, s_code 0x5a, type 3 */
u8 key_380280f0[16] = {
0x97, 0x09, 0x12, 0xD3, 0xDB, 0x02, 0xBD, 0xD8,
0xE7, 0x74, 0x51, 0xFE, 0xF0, 0xEA, 0x6C, 0x5C,
};
DecryptPRX2 cannot handle these new "type 3" prx, so I imported PSPCipher kprx_decrypt function to make this psardumper to work.
After decrypting, a new game key (0xd91680f0) is found in mesg_led_01.prx. It is likely we kicked sony's ass again.
Credit: tpu dumped the IPL, and I found out what happened to the IPL decryptor.
Note: this source has been already covered by GPLv3 becuase of the usage of PSPCipher source.