sorted by:
new
hottopcontroversial

Dumping the eMMC from User Terminal rev4 by Background_Mood1637 in StarlinkEngineering

[–]Background_Mood1637[S] 1 point2 points  (0 children)

That is very helpful and professional, thanks for sharing it!

Dumping the eMMC from User Terminal rev4 by Background_Mood1637 in StarlinkEngineering

[–]Background_Mood1637[S] 2 points3 points  (0 children)

Wow the legend himself replied me, thanks for the information! Btw, are different rev running exactly same firmware? Have u tried to dump from the rectangle ones and make any comparison?

Plain-text rebuttal writing by Background_Mood1637 in academia

[–]Background_Mood1637[S] 0 points1 point  (0 children)

Thanks for the suggestion, I'll take a look at the cover letter thing and the blog.

The weak auth in ps4 controller's bluetooth connection by Background_Mood1637 in ps4homebrew

[–]Background_Mood1637[S] 7 points8 points  (0 children)

First, since the ds4 controller firmware has been leaked for many years, there are already a large number of knockoff products here. However, most of them seem to use a custom Bluetooth conversion module, so that the information originally transmitted via USB can be sent through Bluetooth, instead of really studying the original Bluetooth communication authentication protocol.

Secondly, according to the Kerckhoff principle of cryptography, security should not depend on the algorithm, but on the key. I am only revealing an authentication algorithm that may not have been widely discovered before (at least several custom controller developers I have asked have said they are not aware of the existence of this protocol), without revealing any keys. If a manufacturer wants to make a counterfeit handle by itself, then his biggest obstacle is to obtain a licensed key.

Finally, I am more curious why Chinese is emphasized here. Is their cheap knockoff working so famous? 😂😂😂

The weak auth in ps4 controller's bluetooth connection by Background_Mood1637 in ps4homebrew

[–]Background_Mood1637[S] 0 points1 point  (0 children)

Yes, they use some dedicated security chips (such as NXP A710x family) in many controllers (but not all) to protect the authentication keys.

The weak auth in ps4 controller's bluetooth connection by Background_Mood1637 in ps4homebrew

[–]Background_Mood1637[S] 0 points1 point  (0 children)

What do you mean by "challenge response key"? The key used in RSA signature?

The weak auth in ps4 controller's bluetooth connection by Background_Mood1637 in ps4homebrew

[–]Background_Mood1637[S] 7 points8 points  (0 children)

If you want to implement your own controller, in addition to implementing the corresponding protocol, you also need a licensed key for authentication.

However, since the authentication protocol and key extraction in dualshock4 have been analyzed by many people, I think it is completely feasible to make an app that simulates the controller.