Announcement

**Lazy Bastard** · 01-11-2007, 07:04:52 PM

Always good to see your work, man. And that The Cyndicate is still alive and well, heh.

**Insight** · 01-12-2007, 05:38:53 AM

great tool,and now with blanked lines.good choice to add this option.it makes it even easier to overlook the whole codes.i hope to see more from you

**misfire** · 01-23-2007, 06:43:52 AM

CB2crypt v1.4

v1.4 (Jan 23 2007)
+ Options are now saved to/loaded from the registry.
This feature was requested by bfoos.
* Added a "g_" prefix to the global variables in CB2crypt.c
* Changed all copyright notices to include the year 2007.

Download

**misfire** · 11-17-2010, 09:46:19 AM

As I put so much energy into CB2crypt, I decided this piece of software deserves a dedicated place. Therefore I reconstructed a Git repository from the release packages, along with history:

https://github.com/misfire/CB2crypt

Something for posterity.

**Lazy Bastard** · 11-17-2010, 10:11:02 AM

Cool

**misfire** · 11-17-2010, 01:35:52 PM

While I was at it, I also checked in my other CB2 projects:

In the C projects I fixed all compile warnings and added cross-compilation support.

To be honest, this made me think of the good old times...

**Gtlcpimp** · 11-17-2010, 06:20:50 PM

Do any of these utilities allow for an ELF embed in the "pelican.bin" file? Or is that a different subject on its own o.O

**misfire** · 11-18-2010, 04:37:08 AM

cb2util can encrypt or decrypt PCB (*.bin) files, and directly convert PCB files into ELF but not the other way around.

Actually, after cracking the RSA signature, I was able to create such files manually:

http://gshi.org/vb/threads/1725-Boot...odeBreaker-PS2

Originally posted by misfire View Post

Here is what I did:
- compiled an ordinary ELF using the ps2sdk (the load address must be 0x01000000)
- removed the ELF header from the file with a hex editor
- added a fake RSA signature
- encrypted the file with CBCreator (unreleased)

I'm not going to write an ELF-to-pelican.bin converter as those files are pretty useless without a patched CodeBreaker which requires a modded PS2 (such a machine is able to boot homebrew anyway).

Furthermore, creating pelican.bin files requires to re-compile the source code of existing apps, so the load address becomes 0x01000000. It's quite difficult to do this with an automatic converter...

Now replace "CBCreator" with "cb2util" and there you go.

**Gtlcpimp** · 11-20-2010, 04:40:45 PM

When you say you "added a fake RSA signature" what exactly do you mean? I am not very familiar on encryption, so I don't know how you add a signature to data.

**misfire** · 11-21-2010, 06:35:28 AM

With "fake" I mean arbitrary data. Just put 256 random bytes in front of the ELF data. Encrypt the resulting file with cb2util. Ta-da!

**Gtlcpimp** · 11-21-2010, 04:49:24 PM

Ah I see... Now I remember you saying you needed a patched CodeBreaker for it to load the custom Pelican.bin right? That leaves the question, did they ever put in security... If not... Would be very dirty for someone to use their software to hack their software.. If ya catch my drift

**misfire** · 11-22-2010, 04:55:00 AM

First off, some things you should know about CBC/PCB files:

Those files are encrypted with a 1024-byte RC4 key, which is not a problem. There is also a 2048-bit RSA signature which is a problem, indeed. Thus, creating a valid CBC/PCB file is as difficult as factoring this 617-digit number - the RSA public modulus:

Code:

18186898319132092067030408332916676704313396686120603627332896303253927543449730_
54515017309980285549294964671522255632675440192849337961188844183344565939072628_
96927390507277589043812243937223051045461604440669824513224232333458977702637644_
34464790579626719232359853447499629515700943282156068763135292289078528909657411_
79076213115262743324470834032421257515982686999894188852656514701189877407918376_
28940637563359143912074899161221731741487266912094081583917126278213765395360005_
54795826084351907456437143472802330746389858427156892349997547217074196123876382_
005843383496361528821285986554176549191162402117915792423

This can't be done.

However, I was able to load counterfeit CBC/PCB files by cracking the CodeBreaker executable. Back then some warez group had released a cracked version with the copy protection removed. I took that version and added the RSA fix (technically, I just patched a call to memcmp() so that all signatures pass the check). I gave that binary, which is known as CB v9.22, to a warez site from where it spread to the world. (IIRC, there's even a "GSHI" version of it.)

Neither I nor anyone else has touched the crypto keys; there'd be no benefit anyway. All of my tools use the original keys extracted from CB.

**Lazy Bastard** · 11-22-2010, 09:19:35 AM

I believe the rumor of a GSHI version of the cracked CB 9.2 ELF stemmed from people seeing mention of the ELF at GSHI, and assuming someone at GSHI cracked the ELF. Unless I'm remembering incorrectly, no one at GSHI was involved with that.

**misfire** · 11-22-2010, 09:55:55 AM

Might be because I published it here first, but I don't really remember...

Announcement

CB2crypt v1.3

CB2crypt v1.3

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment