Ernie Secure

From Vita Development Wiki
Revision as of 06:59, 20 March 2018 by Yifan Lu (talk | contribs) (Created page with "== Syscon 0xD0 handshake == 1. Generate an empty buffer <pre>30 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Syscon 0xD0 handshake

1. Generate an empty buffer 

30 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

and send it to Syscon.

2. Syscon returns header + 8 byte challenge.

3. F00D composes a response that is 

30 02 00 0F

header a 

01 00 00 00

counter, 8 bytes of RNG value, 8 bytes copied from challenge, and 16 bytes of shared data. On 1.69, the shared data is 

C8 6B 51 FB 01 9A 20 7F 32 11 8E 55 46 2D 50 08

4. This data is encrypted using AES-128-CBC with all zero IV and a shared key. On 1.69, it is 

50 E4 C3 A7 72 64 16 7C 40 9C 72 A9 B5 7A 86 09

5. The resultant data will be used as the IV for the next packet received and then that packet will be the IV for the next packet sent and so on. Basically it is using AES-128-CBC as if there is a single file containing the request, response, request, etc.

Retrieved from "http://wiki.henkaku.xyz/index.php?title=Ernie_Secure&oldid=9467"