Permalink
Browse files

First Commit.

  • Loading branch information...
0 parents commit 456b7dfdbc081cefa02a3fc4722f1de7ecac93b4 @Noltari committed Dec 4, 2010
Showing with 4,488 additions and 0 deletions.
  1. +6 −0 .gitignore
  2. +47 −0 Makefile
  3. +66 −0 README.md
  4. +94 −0 hmac.c.txt
  5. +38 −0 hmac.h.txt
  6. +355 −0 main.c
  7. +1,200 −0 pic18_usb.c
  8. +221 −0 pic18_usb.h
  9. +198 −0 sha1.c.txt
  10. +36 −0 sha1.h.txt
  11. +770 −0 usb.c
  12. +1,062 −0 usb.h
  13. +68 −0 usb_desc.h
  14. +327 −0 usb_hw_layer.h
@@ -0,0 +1,6 @@
+*.hex
+*.zip
+*.err
+*.esym
+*.cod
+*.sym
@@ -0,0 +1,47 @@
+CCS_COMPILER = ccsc
+CCS_SOURCE = main.c
+CCS_FLAGS_NBL = +FH +Y9 -L -A -E -M -P -J -D
+CCS_FLAGS_WBLHID = $(CCS_FLAGS_NBL) +GWBOOTLOADERHID="true"
+CCS_FLAGS_WBLMCHP = $(CCS_FLAGS_NBL) +GWBOOTLOADERMCHP="true"
+CCS_FLAGS_LEDS = +GLEDR1="PIN_B4" +GLEDR2="PIN_B1" +GLEDR3="PIN_C0" +GLEDG1="PIN_B5" +GLEDG2="PIN_C1"
+ZIP = zip -r
+BUILD_DIR = build
+CLEAN_FILES = *.err *.esym *.cod *.sym *.hex *.zip
+
+BOOTLOADER_BUILDS = nBTL \
+ wBTL_HID \
+ wBTL_MCHP
+
+VERSION = git rev-parse HEAD
+
+all:
+ #HEX with HID Bootloader.
+ $(CCS_COMPILER) $(CCS_FLAGS_WBLHID) $(CCS_FLAGS_LEDS) +GFW$(fw_pic)="true" +GPAYLOAD="$(pl_pic)" +GPAYLOAD_DIR=$(PAYLOAD_DIR) $(CCS_SOURCE));
+
+ #HEX with MCHP Bootloader.
+ $(CCS_COMPILER) $(CCS_FLAGS_WBLMCHP) $(CCS_FLAGS_LEDS) +GFW$(fw_pic)="true" +GPAYLOAD="$(pl_pic)" +GPAYLOAD_DIR=$(PAYLOAD_DIR) $(CCS_SOURCE));
+
+ #HEX without Bootloader.
+ $(CCS_COMPILER) $(CCS_FLAGS_NBL) $(CCS_FLAGS_LEDS) +GFW$(fw_pic)="true" +GPAYLOAD="$(pl_pic)" +GPAYLOAD_DIR=$(PAYLOAD_DIR) $(CCS_SOURCE));
+
+ #Create build structure.
+ mkdir $(BUILD_DIR);
+ $(foreach bl_pic, $(BOOTLOADER_BUILDS), mkdir $(BUILD_DIR)/$(bl_pic);
+
+ #Fix MCHP Bootloader
+ sed -i '1i :020000040000FA..' PSGrooPIC_*_wBTL_MCHP.hex
+
+ #Move each payload to its directory.
+ $(foreach bl_pic, $(BOOTLOADER_BUILDS), mv *_$(bl_pic).hex $(BUILD_DIR)/$(bl_pic); )
+
+ #Zip all HEX.
+ cd $(BUILD_DIR) && $(ZIP) "PSGradePIC_$(VERSION)" *
+ mv build/PSGrooPIC_$(VERSION).zip ./
+
+clean:
+ #Clean files.
+ rm -f -r $(CLEAN_FILES)
+
+ #Remove compilations.
+ $(MAKE) -C $(PAYLOAD_DIR)/ clean
+ $(MAKE) -C tools/ clean
@@ -0,0 +1,66 @@
+PSGradePIC
+==========
+
+PSGradePIC is an open-source reimplementation of the psdowngrade exploit for PIC18F microcontrollers.
+
+It is known to work on:
+
+- PIC18F14K50 (20 pins / 16KB Flash)
+- PIC18F2450 (28 pins / 16KB Flash)
+- PIC18F2455 (28 pins / 24KB Flash)
+- PIC18F2550 (28 pins / 32KB Flash)
+- PIC18F2553 (28 pins / 32KB Flash)
+- PIC18F27J53 (28 pins / 128KB Flash)
+- PIC18F4450 (40 pins / 16KB Flash)
+- PIC18F4455 (40 pins / 24KB Flash)
+- PIC18F4550 (40 pins / 32KB Flash)
+- PIC18F4553 (40 pins / 32KB Flash)
+- PIC18F47J53 (40 pins / 128KB Flash)
+- PIC18F67J50 (64 pins / 128KB Flash)
+
+**This software is not intended to enable piracy, and such features
+have been disabled. This software is intended to allow the execution
+of unsigned third-party apps and games on the PS3.**
+
+No one involved in maintaining the psgroopic git is responsible for or has any involvement with any existing usb dongles sporting "psgrade" / "psgradepic" in its name. Thank you for your understanding.
+
+
+Cloning
+-------
+To clone, use something like:
+
+ git clone git://github.com/Noltari/PSGradePIC.git
+ cd PSGradePIC
+
+
+Building
+--------
+
+ make clean
+ make
+
+
+Using
+-----
+To use this exploit:
+
+* Hard power cycle your PS3 (using the switch in back, or unplug it)
+* Plug the dongle into your PS3.
+* Press the PS3 power button, followed quickly by the eject button.
+
+After a few seconds, the first LED on your dongle should light up.
+After about 5 seconds, the second LED will light up (or the LED will
+just go off, if you only have one). This means the exploit worked!
+
+
+Notes
+-----
+A programmed dongle won't enumerate properly on a PC, so don't worry
+about that.
+
+
+Credits
+-------
+/* Credits to be done :D. */
+
+And thanks to all the community around this work.
@@ -0,0 +1,94 @@
+/* HMAC-SHA-1 - an implementation of the HMAC message authentication
+ Version as of March 4th 2007
+
+ Copyright (C) 2007 CHZ-Soft, Christian Zietz, <czietz@gmx.net>
+ See README file for more information.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the
+ Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include "sha1.h"
+
+#define SHA1_DIGESTSIZE 20
+#define SHA1_BLOCKSIZE 64
+
+unsigned char hmackey[SHA1_BLOCKSIZE];
+
+// Initializes HMAC algorithm with given key
+// key must be smaller than 64 bytes
+void HMACInit(const unsigned char* key, const uint8_t len) {
+ uint8_t i;
+
+ // copy key, XOR it for the inner digest, pad it to block size
+ for (i=0;i<len;i++) {
+ hmackey[i] = key[i] ^ 0x36;
+ }
+ for (i=len;i<SHA1_BLOCKSIZE;i++) {
+ hmackey[i] = 0x36;
+ }
+
+ // initialize SHA1 and hash key
+ SHA1Init();
+ SHA1Block(hmackey, SHA1_BLOCKSIZE);
+}
+
+// Authenticates blocks of 64 bytes of data.
+// Only the last block *must* be smaller than 64 bytes.
+void HMACBlock(const unsigned char* data, const uint8_t len) {
+ SHA1Block(data, len);
+}
+
+// Calculates the MAC, hmacdigest will contain the result
+// Assumes that the last call to HMACBlock was done with len<64
+void HMACDone(void) {
+ uint8_t i;
+ unsigned char temp[SHA1_DIGESTSIZE];
+
+ // terminate inner digest and store it
+ SHA1Done();
+ memcpy(temp, shadigest, SHA1_DIGESTSIZE);
+
+ // prepare key for outer digest
+ // buffer will contain the original key xor 0x5c
+ for (i=0;i<SHA1_BLOCKSIZE;i++) {
+ hmackey[i] ^= 0x6a;
+ }
+
+ // initialize SHA1 and hash key
+ SHA1Init();
+ SHA1Block(hmackey, SHA1_BLOCKSIZE);
+ // hash inner digest and terminate hash
+ SHA1Block(temp, SHA1_DIGESTSIZE);
+ SHA1Done();
+}
+
+// Authenticates just one arbitrarily sized chunk of data
+void HMACOnce(const unsigned char* key, const uint8_t klen,
+ const unsigned char* data, int len) {
+ HMACInit(key, klen);
+ while (len>=0) {
+ HMACBlock(data, len>SHA1_BLOCKSIZE?SHA1_BLOCKSIZE:len);
+ len -= SHA1_BLOCKSIZE;
+ data += SHA1_BLOCKSIZE;
+ }
+ HMACDone();
+}
+
+
+
+
@@ -0,0 +1,38 @@
+/* HMAC-SHA-1 - an implementation of the HMAC message authentication
+ Version as of March 4th 2007
+
+ Copyright (C) 2007 CHZ-Soft, Christian Zietz, <czietz@gmx.net>
+ See README file for more information.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the
+ Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA
+*/
+
+#ifndef __HMAC_H__
+#define __HMAC_H__
+
+#include <stdint.h>
+#include "sha1.h"
+
+#define hmacdigest shadigest
+
+void HMACInit(const unsigned char* key, const uint8_t len);
+void HMACBlock(const unsigned char* data, const uint8_t len);
+void HMACDone(void);
+void HMACOnce(const unsigned char* key, const uint8_t klen,
+ const unsigned char* data, int len);
+
+#endif
+
Oops, something went wrong.

0 comments on commit 456b7df

Please sign in to comment.