PSP's security

[andbna]

Just wondering a few things:

1. What does the PSP use to determin weather a program is official or not. (the reason why we cant play homebre games on 1.51 or later)
I heard it was a 128-bit RSA encryption am i wrong?

2. What file would contain the key (EBOOT.pbp?), and is there any documentation on its format?

Thanks

[Jim]

Google for public key cryptography. There you will find that the PSP BIOS holds half the key and Sony hold the other half. Without Sony's half of the key, there's no way to sign an executable that the PSP will run.

Jim

[andbna]

Ok, so the programs are encrypted with an RSA algorithm? using a key soney has, and decrypted using a key stored in the BIOS.

I found a bunch of info on the RSA algorithm here:
http://world.std.com/~franl/crypto/rsa-guts.html

So, the BIOS has the modulus and the public exponant and uses it to decrypt files encrypted with the private exponant.

So; has anyone gotten or is there a way to get the public exponant and the modulus from the BIOS?
Assuming these are found, could someone not edit the firmware to include a check to see if its encrypted or not? Alternativly brute force the private key.

[PSP250]

Checkout this for more informations:

- PSAR Dumper Source / Decrypts files using the PSP
- http://www.psphacks.net/forums/viewtopic.php?t=406 / Section about Security

Bruteforce the complete private key would prolly take a few years to succeed.

However, I think the only possible bruteforce is to try to write a VERY small piece of code (few bytes that start something unsigned) and try to create an encrypted version of these few bytes using a homebrew that uses some bruteforce method on the decrypting procs. (Brute force some bytes -> Let PSP decrypt -> Compare if decrypted version matches our file etc.)