These keys are development keys at best

[Jhynjhiruu]

These keys aren't the actual keys used for signing stuff on the console or in any of their infrastructure, as far as I can tell. Not only do the n components not match up with any keys used on the console, but the q components are set to 1 (reducing the security to essentially 0). If BroadOn actually used these keys in production for anything, I would be seriously surprised. The SecurityWorlds folder, I obviously don't know anything about. Once the keys in there are dumped, stuff might get more interesting.

[CONIGUERO]

These keys aren't the actual keys used for signing stuff on the console or in any of their infrastructure, as far as I can tell. Not only do the n components not match up with any keys used on the console, but the q components are set to 1 (reducing the security to essentially 0). If BroadOn actually used these keys in production for anything, I would be seriously surprised. The SecurityWorlds folder, I obviously don't know anything about. Once the keys in there are dumped, stuff might get more interesting.

That's very true.

I noticed you say

Not only do the n components not match up with any keys used on the console,[...]

and later...

[...] the q components are set to 1 (reducing the security to essentially 0). If BroadOn actually used these keys in production for anything, I would be seriously surprised.

So, if you say you know they don't match up with the ones on the console, then I figure you must have the public keys at hand? And if that's the case, could you post them here and maybe see if the q=1 property is true for those ones as well?

[Jhynjhiruu]

RSA public keys don't have p or q components, only n and e. The root key's q value is not 1, and that's really the only key we care about (not actually, but it's the most useful to get). The root key's n value is 0xD326858D3B15D8A7DEC64D0F6EBD94827EBE82A43A5AB8CCDB8DC14AE9117D95E5B91F621839E4E1226E0C350414A413334CD886AF984A6B1DFDED1534782D40EE2949E8861A05FEF7EB10593F2B161818A508D10072CAFC02CA8625262290AD6FD8A9A3ECC0FB0CF9DAE66064F6DFBA67FA4E42348CEB9F4C938595E8FEEA9A4ABF5AA7DCB67BE51BD5CD20709374F7FC0D15CA3227F85E2DDBA3490026054EB3E1125927BDE21C504092B901536899109494DD77A45D8F6DC7B24C0D82798AA47C941C9E8588E4711EB76CD75E4FC0BD5C2BB004AE9A7F5A28F7B3A01AB9E3AE4F1292B82ABB054C7FCF043B65D39214C62B17223A35A17BB2FB738F69B183746C5A1F89CFFA664ADAE330FB57A799F46B2972DCADE8010EB9E03D403EB08755C4E68842C45A5BF6DADBBCA08AA0A2EE3FFFC16FA7D15456341EB7A4A48028D163670DD1D294CBC6BC1C300C9D29CBF82F6FF7EFF961A27AF776F6BF7E256779A0D9499EAE778FFAD082943700BEC9C85F3163ADE1FE4D0C504DAAEC845BF8FAAF2BCE08B201C03CD499D1F7066A6DBA662EB56F3B80A331AF35DFF5278E0B5D3D07E7FB68FF2764981BFCB1715C6913B1ECCCC851B68E18615DE16D82F559A8D091D6D93CE98DEBDC2E297CA5611465E3BBC9BED0FDA49C6456069E5AFF3889BCAC2E52B2E00AB98F7E6284AC6FCE9E896655E84CAD6A4FE6C5BCB33C4117.

[CONIGUERO]

RSA public keys don't have p or q components, only n and e. The root key's q value is not 1, and that's really the only key we care about (not actually, but it's the most useful to get). The root key's n value is 0xD326858D3B15D8A7DEC64D0F6EBD94827EBE82A43A5AB8CCDB8DC14AE9117D95E5B91F621839E4E1226E0C350414A413334CD886AF984A6B1DFDED1534782D40EE2949E8861A05FEF7EB10593F2B161818A508D10072CAFC02CA8625262290AD6FD8A9A3ECC0FB0CF9DAE66064F6DFBA67FA4E42348CEB9F4C938595E8FEEA9A4ABF5AA7DCB67BE51BD5CD20709374F7FC0D15CA3227F85E2DDBA3490026054EB3E1125927BDE21C504092B901536899109494DD77A45D8F6DC7B24C0D82798AA47C941C9E8588E4711EB76CD75E4FC0BD5C2BB004AE9A7F5A28F7B3A01AB9E3AE4F1292B82ABB054C7FCF043B65D39214C62B17223A35A17BB2FB738F69B183746C5A1F89CFFA664ADAE330FB57A799F46B2972DCADE8010EB9E03D403EB08755C4E68842C45A5BF6DADBBCA08AA0A2EE3FFFC16FA7D15456341EB7A4A48028D163670DD1D294CBC6BC1C300C9D29CBF82F6FF7EFF961A27AF776F6BF7E256779A0D9499EAE778FFAD082943700BEC9C85F3163ADE1FE4D0C504DAAEC845BF8FAAF2BCE08B201C03CD499D1F7066A6DBA662EB56F3B80A331AF35DFF5278E0B5D3D07E7FB68FF2764981BFCB1715C6913B1ECCCC851B68E18615DE16D82F559A8D091D6D93CE98DEBDC2E297CA5611465E3BBC9BED0FDA49C6456069E5AFF3889BCAC2E52B2E00AB98F7E6284AC6FCE9E896655E84CAD6A4FE6C5BCB33C4117.

I know how RSA works. What I really meant with that question was, that if you already had the public keys you could easily know if their private counterparts are actually the ones in this repo, simply by using openssl to generate a public PEM based on the private one(s) shown here.

Also, could you please send the root public key on standard PEM format? Would be greatly appreciated. Thanks.

[Jhynjhiruu]

Root-public.zip It's actually way easier than that: just do openssl rsa -in key.pem -text -noout and compare the modulus.