kuwoh
commented
5 years ago How would one extract keys?
Closed dogtopus closed 5 years ago
kuwoh
commented
5 years ago How would one extract keys?
dogtopus
commented
5 years ago Short answer: I don't know.
Long answer: It depends. There are quite a few revisions of DS4s and tons of practically just one (so far all the licensed controllers I saw use the same secure element) licensed controllers on the market. All we really need is one flaw for one of these controllers to get a valid key.
For example, it seems that the older revisions of DS4 (JDM-001, JDM-010) uses a microcontroller that has a public hardware flaw which can be exploited to read out the firmware and the keys stored on it (https://fail0verflow.com/blog/2018/ps4-ds4/). I didn't try to reproduce this yet because I can't find a controller that is old enough. However even if I eventually get a valid key I won't share it anywhere for obvious reasons.
kuwoh
commented
5 years ago found a firmware dump
dogtopus
commented
5 years ago Keys extracted from public dumps are highly likely not working because $**y should be actively monitoring any possible leaks and revoke them as soon as they pop up.
So if you really decided to follow the key extraction route you are entirely on your own. Although there are always easier ways like passthrough.
kuwoh
commented
5 years ago Seems that I've gotten my hands on a jdm-001 controller. Which pins do i short and is there any dumping program?
dogtopus
commented
5 years ago Done.
Similar to #8 but for authenticators. This should allow authentication methods other than passthrough, including direct communication to the A710x SE used on Hori Mini, or, even crazier, native authenticator and/or PKCS11 authenticator (if I, by chance, got keys for a DS4/licensed controller eventually).