Enjoy Your PSC until 2048.

[Berion]

After that, all USB hacks will stop working.

 

[GuilloteTesla]

Sony making stupid decisions, part 5000.

 

[Luisile]

After that, all USB hacks will stop working.

View attachment 42883

expand it please

 

[Berion]

@Luisile Keys expires in that date. One day later and all stuff booting from USB will stop be recognized. So lolhack, Bleemsync, RetroBoot, AutoBleem etc. will be rejecting.

Not sure about GAADATA partition encryption. But if GPG somehow is involved in it (I doubt, rather AES XTS) then also You will no longer be able playing games.

- - -
I preparing "PSC Decryption Helper" (like one for PS3 and PS4) and stopped a while for repacking USB stuff. Then I noticed that time bomb.

 

[GuilloteTesla]

In this case, is it possible to just remove the signature validations? (if possible).

As I remember, the PSC uses an open source emulator, so the only annoying layer lays between the user and the emulator.

The best option would be to replace the board with a Raspberry and recycle everything else (case, power supply, controllers, USB ports, etc.).

 

[Berion]

It is whole Linux distribution there on eMMC. I don't really understands how those scripts seeking update data. Maybe it is possible to just replace whole this nonsense from e.g "/media/028c18a9-ec4b-4632-b2cf-d4e20f252e8f/LUPDATA.BIN" to eg. "/media/PSC/start.sh". Those bins are encrypted tar.gz, from which bash script called "start" is run.

 

[GuilloteTesla]

That would be pretty good. I don't have a PSC to tinker with, but if it runs on Linux then the bootloader can be overridden (unless there is some hardware crap that handles it, like PSP's IPL).

 

[Berion]

Bootloader starts from dedicated raw partition. All that stuff looks like early Xperia phones (two bootldr, two tee, two rootfs etc.).

Script which is run for seeking USB updates is called usb_watch. I could try mess with it but the problem is, I don't have compatible USB OTG, so I cannot set host. Also I don't have any hardware nor skills to desolder eMMC (all partitions except games aren't encrypted). So in worst scenario, I will end with kind a brick without a way to recover (because USB updates stop to be run). For that reason, I will not be messing with it.

 

[Desz5]

Is there anyway to increase the year timer? maybe hexedit the year?

@Berion is there a way to extract LUPDATA.BIN with PSC Decryption Helper, edit the year and Encrypt it back to LUPDATA.BIN and replace it with the "/media/028c18a9-ec4b-4632-b2cf-d4e20f252e8f/LUPDATA.BIN"?

 

[Berion]

@Desz5 It is not matter of modifying update package, nor any file by hex editor. My knowledge about GPG is nearly zero but what I know is that we cannot just replace it by generated by us just like that. For now, consider it as time bomb.

 

[Desz5]

Too bad, so there's nothing we can do?

 

[Berion]

I could try but I don't have eMMC flasher for that chip. Mandatory in such experiments if I don't want to end with broken USB update. While my soldering skills are very low, I leave that fun to real hackers. Sorry. ^^

But TBH, messing with GPG is waste of time anyway. Better approach, and probably very simple one is just replacing usb_watch which only seeking script there to launch (in current form, it seeking packed script and signed package). And then problem solved. ;]

 

[Desz5]

Np, maybe someone else can take a stab at it.
Hopefully we have a solution before 2048.

@Berion Would this be something you can do? I can test if you want.

But TBH, messing with GPG is waste of time anyway. Better approach, and probably very simple one is just replacing usb_watch which only seeking script there to launch (in current form, it seeking packed script and signed package). And then problem solved. ;]

Can you create such a script? I can test it if you want.