Thread: HDD encryption
Because of that you can't even just place a chip in there and rip out its innermost secrets. You have to decap it first which is quite expensive or dangerous if you do it yourself since it involves pouring hot acid on the chip that will eat away any organic material it touches.
So yes - a SEM can be used to reverse engineer ICs - just as well as a good optical microscope. But the process is a lot more difficult than "just throw your PS3 into this magic box and you're all set".
If you want to know more on reverse engineering ICs, have a look here: http://www.flylogic.net/blog/
Maybe someone wants to send them a PS3?
Why ? There are many reasons, first thing first as underlined by sapperlott is a microscope and not an X-ray machine, MFM (Magnetic Force Microscope) are used in forensics to examine the surface of HDD in (very valuable) data retrieval occurrences and the whole process can take from months to years based on the amount of data.
On a second line there is a need to put under vacuum the sample and the sample must be no more thick than about half a micron.
On a third line what do you think they call it "Electron" for ? Cause those system uses huge electron beams instead of photons and this thing could make several damage at the memory cells (do you remember something about the UV erasable eproms ?)
On a forth line let we say that all the above (enough) reasons shouldn't exist and your beloved SEM could act as a Magnetic Resonance Unit and could be able to bypass the external lining don't you think that such a magnetic mess could destroy all the data before being able to read it ?
On a fifth line let we assume that an SEM or a whatyouwant could be able to retrieve linear data from the sample do you think it can focus onto piled up cells of memory ? Or do you think that in a simple chip, not THE CELL, there is only one layer of memory cells ?
Sorry but AFAIK your idea is to bury (in-deep).
ionbladez you should probably explain what your idea is a bit more. Ignoring the "difficulty" of it I just would want to know if its possible or has been done before.
Difficult or extreme doesn't matter, we already know the ps3 is a pain to hack so bring on the theories!
Has anyone tried to replace a .self file from hdd with another one using KnightSolidus method? like lwp.self (life with playstation) with ftpd.self from sdk
I got a stupid idea maybe but sometimes.... Just the main line huh, not the in-deep technical details that are up to .... the one who feel it...
Backup facility saves data surely encrypted and most likely signed onto an SD card... A savegame onto an SD card for example, maybe it's signed but not encrypted...at least not every files...
Starting from a virgin and empty profile, doing a backup o'it before and after the simplest and most useful savegame someone can find or maybe even trying a fake file (made on purpose) in a savegame folder... and of course taking a copy of the savegame only....
Was it ever tried ?
To find the signature could be useful to audit some shopping on P$N, at least this is my idea, every data bought on P$N at the end of the process lays onto HDD encrypted AND signed with console specific key, data comes obviously encrypted by the server but about signature there are two options:
1) data comes unsigned and it can be snuff on the net before it goes to through the signing process thus we can compare it with the afterprocess file that will go to lay signed onto HDD...
2) Data arrives already signed and this needs each machine to sends the needed data to the server to have it can upload to the console already signed data, even in this way we can sniff what the console sends out...
the only trouble is...what if the outgoing data is encrypted (99,9999%) ?
Well this last could be the gameover at this whole theory, but... was this thing tried too ?
You (and others) keep saying "it has to be signed by Sony". Is the "signing" done by SCEJ or can you do this with your PS3 toolkit?
The toolkit (or devkit?) is used by the devs to make their games, right?
That means they make their games, but they only work on their devkit and they need to send it to Sony before it can be played on a standard PS3?
A developer will compile their code as an ELF, pretty run of the mill, then use a tool called "make_fself" or "make_fself_npdrm", as you can guess, they make "fake" SELF's. One of which can run from just about all media, the other (NPDRM) only from hard disk.
The fake selfs, although are "signed", are not encrypted. It's basically a format that is compatable with the SELF loading system of the PS3, although the PS3 does not care about the encryption. Its more complicated than that, but that's generally how it is.
Once the developer finishes their game (or patch), it gets sent to Sony, and they encrypt the SELF for retail units.
Then , the SELF, which was all done up (usually compressed and encrypted), is put to disc, or made available on the PSN store.
Although not new to most, netkas has posted this on his blog yesterday: http://netkas.org/?p=550
PS3 hdd fs is UFS
Here is something from lv2 dump
ufs is a fs used by bsd systems
ps3 also supports iso9660, udf, fat, netfs (?)
but it seems for now only fat can be used on usb drive.
also, filesystem of /dev/flashX is FAT