A Place For Gamers By Gamers


You are not connected. Please login or register

View previous topic View next topic Go down  Message [Page 1 of 1]

#1
 Ŧг๏รtאץเ

Ŧг๏รtאץเ
Founder
Founder
[RELEASE] PS3 IDPS Verifier by Zecoxao Ps3-idps-hiding-tool-share-your-dumps-safely



Following up on the previous PS3 IDPS update, today PlayStation 3 developer zecoxao has released an IDPS Verifier which allows you to verify your IDPS with your archive2.dat file.



To quote: What you see here is a narrowed down version of ps3xport that can be used to verify the idps of your console. the only thing this does is, with the idps set (in main.c as device_id) it'll do its crypto and decrypt archive2.dat initial 0x40 bytes after the header. if the last 16 bytes are zero, it'll say that idps matches (this should happen on an empty after format backup), if not it'll say that idps doesn't match.

In either of the results, it'll output the result to archive2.bin for you guys to analyze.

This'll be later part of a bruteforcer, so that every user that didn't have access to idpstealer can use the tool and obtain it in a short ammount of time (or until TheDarkProgrammer releases his, whichever comes first)

This is the modified main.c that bruteforces the last 8 bytes using only one thread:





Code:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "types.h"
#include "aes.h"
#include "vtrm.h"

int main(){

u8 device_id[0x10] = 
{
0x00, 0x00, 0x00, 0x01, 0x00, 0x87, 0x00, 0x05,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

int a1,a2,a3,a4,a5,a6,a7,a8;
a1=a2=a3=a4=a5=a6=a7=a8=0;
clock_t start = clock(), diff;
for(a1=0;a1<=0xFF;a1++){
for(a2=0;a2<=0xFF;a2++){
for(a3=0;a3<=0xFF;a3++){
for(a4=0;a4<=0xFF;a4++){
for(a5=0;a5<=0xFF;a5++){
for(a6=0;a6<=0xFF;a6++){
for(a7=0;a7<=0xFF;a7++){
for(a8=0;a8<=0xFF;a8++){

device_id[0x08] = (char)a1;
device_id[0x09] = (char)a2;
device_id[0x0A] = (char)a3;
device_id[0x0B] = (char)a4;
device_id[0x0C] = (char)a5;
device_id[0x0D] = (char)a6;
device_id[0x0E] = (char)a7;
device_id[0x0F] = (char)a8;

u8 buffer[0x40];
u8 zero_iv[0x10];
u8 buffer_enc[0x40];
u8 buffer_dec[0x40];
u8 key[0x10];
u8 iv[0x10];


memset (buffer, 0, 0x40);
memset (buffer_enc, 0, 0x40);
memset (buffer_dec, 0, 0x40);
memset (zero_iv, 0, 0x10);
memcpy (buffer, device_id, 0x10);
vtrm_encrypt (3, buffer, zero_iv);
memcpy (key, buffer, 0x10);
memcpy (iv, buffer + 0x10, 0x10);

FILE *fp= fopen("archive2.dat","rb");
fseek(fp,0x40,SEEK_SET);
fread(buffer_enc,1,0x40,fp);
aes128cbc (key, iv, buffer_enc, 0x40, buffer_dec);
fclose(fp);
FILE *fl= fopen("archive2.bin","wb");
fwrite(buffer_dec,1,0x40,fl);
fclose(fl);
if(memcmp(buffer_dec+0x30,zero_iv,0x10)==0){
printf("this device_id is the right one");
FILE *fx= fopen("idps.bin","wb");
fwrite(device_id,1,0x10,fx);
fclose(fx);
diff = clock() - start;
int msec = diff * 1000 / CLOCKS_PER_SEC;
printf("\nTime taken %d seconds %d milliseconds", msec/1000, msec%1000);
return 0;
}
else{

//printf("\nid: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",device_id[0],device_id[1],device_id[2],device_id[3],device_id[4],device_id[5],device_id[6],device_id[7],device_id[8],device_id[9],device_id[10],device_id[11],device_id[12],device_id[13],device_id[14],device_id[15]);

}

}

}
}
}
}
}
}
}
return -1;
}



I plan to make it using more threads, but i still don't know how to use thread management.



Download

Virus Scan
Credit to Sony Black  

http://www.team-psn.net

View previous topic View next topic Back to top  Message [Page 1 of 1]


Permissions in this forum:
You cannot reply to topics in this forum

Share URL

URL Direct
BBcode
HTML