Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Mar 30, 2017 at 3:56 PM       5,822       6            
Following the PS3 FNIDS Python Scripts by PlayStation developer @zecoxao, today he let us know on Twitter that jarveson added PS4 NIDs and PS3 NIDs to his Hashcat bruteforcer password recovery utility. ;)

Download: Hashcat v3.40 / PS4 NIDs / PS3 NIDs

Intended for developers, the NIDs can be used with the attack tool to determine PlayStation 4 and PlayStation 3 System Firmware function names.

From the README.md: hashcat

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms.

hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.

PS4 NIDs

include/interface.h
Code:
@@ -1761,6 +1761,7 @@ int filezilla_server_parse_hash   (u8 *input_buf, u32 input_len, hash_t *hash_bu
 int netbsd_sha1crypt_parse_hash   (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
 int atlassian_parse_hash          (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
 int ps3_nid_parse_hash            (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
+int ps4_nid_parse_hash            (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig);
 
 /**
  * hook functions
src/interface.c
Code:
@@ -240,6 +240,7 @@ static const char HT_14900[] = "Skip32";
 static const char HT_15000[] = "FileZilla Server >= 0.9.55";
 static const char HT_15100[] = "Juniper/NetBSD sha1crypt";
 static const char HT_16110[] = "PS3 Function NIDs";
+static const char HT_16111[] = "PS4 Function NIDs";
 static const char HT_99999[] = "Plaintext";
 
 static const char HT_00011[] = "Joomla < 2.5.18";
@@ -14456,6 +14457,43 @@ int ps3_nid_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UN
   return (PARSER_OK);
 }
 
+int ps4_nid_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig)
+{
+  if ((input_len < DISPLAY_LEN_MIN_16110) || (input_len > DISPLAY_LEN_MAX_16110)) return (PARSER_GLOBAL_LENGTH);
+
+  u32 *digest = (u32 *) hash_buf->digest;
+
+  salt_t *salt = hash_buf->salt;
+
+  if (is_valid_hex_string (input_buf, 8) == false) return (PARSER_HASH_ENCODING);
+
+  digest[0] = hex_to_u32 ((const u8 *) &input_buf[ 0]);
+  digest[1] = 0;
+  digest[2] = 0;
+  digest[3] = 0;
+  digest[4] = 0;
+
+  digest[0] -= SHA1M_A;
+  digest[1] -= SHA1M_B;
+  digest[2] -= SHA1M_C;
+  digest[3] -= SHA1M_D;
+  digest[4] -= SHA1M_E;
+
+  u32 salt_len = 32;
+
+  u8 salt_buf[32] = "518D64A635DED8C1E6B039B1C3E55230";
+
+  u8 *salt_buf_ptr = (u8 *) salt->salt_buf;
+
+  salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
+
+  if (salt_len != 16) return (PARSER_SALT_LENGTH);
+
+  salt->salt_len = salt_len;
+
+  return (PARSER_OK);
+}
+
 int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED const hashconfig_t *hashconfig)
 {
   if ((input_len < DISPLAY_LEN_MIN_12001) || (input_len > DISPLAY_LEN_MAX_12001)) return (PARSER_GLOBAL_LENGTH);
@@ -15121,6 +15159,7 @@ char *strhashtype (const u32 hash_mode)
     case 15000: return ((char *) HT_15000);
     case 15100: return ((char *) HT_15100);
     case 16110: return ((char *) HT_16110);
+    case 16111: return ((char *) HT_16111);
     case 99999: return ((char *) HT_99999);
   }
 
@@ -22488,6 +22527,29 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
                  hashconfig->dgst_pos3      = 3;
                  break;
 
+    case 16111:  hashconfig->hash_type      = HASH_TYPE_SHA1;
+                 hashconfig->salt_type      = SALT_TYPE_EMBEDDED;
+                 hashconfig->attack_exec    = ATTACK_EXEC_INSIDE_KERNEL;
+                 hashconfig->opts_type      = OPTS_TYPE_PT_GENERATE_BE
+                                            | OPTS_TYPE_ST_ADD80
+                                            | OPTS_TYPE_ST_ADDBITS15
+                                            | OPTS_TYPE_ST_HEX;
+                 hashconfig->kern_type      = KERN_TYPE_PS3_NID;
+                 hashconfig->dgst_size      = DGST_SIZE_4_5;
+                 hashconfig->parse_func     = ps4_nid_parse_hash;
+                 hashconfig->opti_type      = OPTI_TYPE_ZERO_BYTE
+                                            | OPTI_TYPE_PRECOMPUTE_INIT
+                                            | OPTI_TYPE_PRECOMPUTE_MERKLE
+                                            | OPTI_TYPE_EARLY_SKIP
+                                            | OPTI_TYPE_NOT_ITERATED
+                                            | OPTI_TYPE_APPENDED_SALT
+                                            | OPTI_TYPE_RAW_HASH;
+                 hashconfig->dgst_pos0      = 0;
+                 hashconfig->dgst_pos1      = 1;
+                 hashconfig->dgst_pos2      = 2;
+                 hashconfig->dgst_pos3      = 3;
+                 break;
+
     case 99999:  hashconfig->hash_type      = HASH_TYPE_PLAINTEXT;
                  hashconfig->salt_type      = SALT_TYPE_NONE;
                  hashconfig->attack_exec    = ATTACK_EXEC_INSIDE_KERNEL;
src/usage.c
Code:
@@ -271,6 +271,7 @@ static const char *USAGE_BIG[] =
   "   9900 | Radmin2                                          | Operating-Systems",
   "    125 | ArubaOS                                          | Operating-Systems",
   "  16110 | PS3 Function NID                                 | Operating-Systems",
+  "  16111 | PS4 Function NID                                 | Operating-Systems",
   "   7700 | SAP CODVN B (BCODE)                              | Enterprise Application Software (EAS)",
   "   7800 | SAP CODVN F/G (PASSCODE)                         | Enterprise Application Software (EAS)",
   "  10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1              | Enterprise Application Software (EAS)",

Download: PS4_Function_Finder.idc / GIT

PS4 NIDs and PS3 NIDs Added to Hashcat Bruteforcer by Jarveson.jpg
 

Comments

Recent Articles
Star Wars Jedi: Fallen Order Joins New PS4 Game Releases Next Week
Explore the galaxy in the latest PlayStation 4 third-person action-adventure game Star Wars Jedi: Fallen Order from Respawn Entertainment arriving to PS4 next week on November 15th. Play as an...
Feel The Power of Pro with PlayStation 4 Pro Latest PS4 TV Spot!
Right behind their It's Time to Play! campaign and Black Friday Deals, Sony is ramping up PlayStation promotions for the holidays with the latest PS4 TV spot showcasing the Limited Edition PS4 Pro...
REPL4Y for Android PS4 Remote Play App Free Trial Version by Twist3d89
Proceeding his request for Beta Testers and the Chiaki Open Source PS4 Remote Play Client release, developer Twist3d89 has made available a free trial version of his REPL4Y for Android application...
Sony CEO Jim Ryan on the Next-Gen Transition to PlayStation 5
Since the leaked PS5 DevKit Prototype images surfaced last month PlayStation CEO Jim Ryan revealed several areas Sony must focus on for a successful transition to their next-generation PlayStation...
Top