PS 4 - Controller Authentication

General Chat, Feel Free To talk about anything here.
Avok
Posts: 6
Joined: Sat Dec 16, 2017 3:33 pm

PS 4 - Controller Authentication

Post by Avok » Sat Dec 16, 2017 4:14 pm

Hi,

I have a question regarding the controller authentication.
Based on the GIMX source codes and the wiki/eleccelerator pages, I understood what are the current limitations for the PS 4 controller emulation.
Basically, please correct me if I'm wrong, right now it's not possible to 100% emulate a PS 4 controller due to an authentication process that is involved between the host and the device.

However, thanks to Matlo serial-usb project, I was able to sniff the USB communication between an H*RI (USB) m*ni fighti*g sti*k and the console.
Basically the authentication works in this way (more or less the same information that I got from the wiki):
Host sends the Set Report Request 0x03F0 to the device
The 0x03F0 is sent in 5 different messages:
1) The #1...4 contain 56bytes of relevant data (the first 4 bytes of each message are just header/counters, the last 4 bytes are the CRC)
2) The #5 contains 32 bytes of relevant data
In total the 0x03F0 is 256Bytes long that I assume it will represent the pass-phrase.
Probably it's a sort of 2048bit encryption (RSA?)
Anyway, the 0x03F0 changes every time that the console is restarted.

Once the device has received the five 03F0 messages, it will start to send the 0x03F1 report to the host that will contain some encoded payload, based on the key received from the host.

Now, I spent few hours analysing different Wireshark logs (took in different time) and I can see that the encoder/decoder protocol is not so easy to reverse (as I expected).
I think that this is the main reason that GIMX needs a PC/PI to spoof and pass-through the authentication.

Question.
With google I found out that there is a board called univer*al fight*ing sti*k that is able to full emulate every new gen controller.
I don't think that the company is authorized from S*ny or Micro*oft or Ninten*o to produce this board, so I believe that they were able to reverse the code.
Now, this makes me wonder that the challenge message sent is not based on some sort of hard level type of encryption (i.e. RSA), so this can make the decode process much easier.
Anyone knows how they did it?
I mean, anyone tried to capture the logs between this board and the console? Does anyone have some other information to share?
Thanks

User avatar
Matlo
Posts: 4899
Joined: Wed Jul 06, 2011 7:01 am
Location: France
Contact:

Re: PS 4 - Controller Authentication

Post by Matlo » Sat Dec 16, 2017 6:14 pm

Hi,

I would not be surprised that the fightstick you are talking about requires a genuine controller to work on PS4 and Xbox 360/One.

I believe they are using symmetric-key algorithms, which means you have to know the private key to authenticate.
On Xbox platforms this is handled by a dedicated chip. It's unlikely to be hacked.
GIMX creator Donate Shop

Avok
Posts: 6
Joined: Sat Dec 16, 2017 3:33 pm

Re: PS 4 - Controller Authentication

Post by Avok » Sat Dec 16, 2017 8:18 pm

Hi Matlo,

Thanks for the reply.
Based on the information available on the seller website and also on the YouTube videosl, it seems that the board doesn't need the original pad for the authentication.
It looks weird to me too, but if you look at the circuit board there is only one USB socket, that is used to connect to the console, that's it, no BT or other USB ports.
There is a good review on YouTube too.

I will continue my research :-)
Thanks
Bye.

User avatar
Matlo
Posts: 4899
Joined: Wed Jul 06, 2011 7:01 am
Location: France
Contact:

Re: PS 4 - Controller Authentication

Post by Matlo » Sat Dec 16, 2017 11:36 pm

Could you please post a link? I cannot guess which device you are talking about.
GIMX creator Donate Shop

Avok
Posts: 6
Joined: Sat Dec 16, 2017 3:33 pm

Re: PS 4 - Controller Authentication

Post by Avok » Sun Dec 17, 2017 12:43 am


User avatar
Matlo
Posts: 4899
Joined: Wed Jul 06, 2011 7:01 am
Location: France
Contact:

Re: PS 4 - Controller Authentication

Post by Matlo » Thu Dec 21, 2017 5:33 pm

If this is for real, then they hacked the gamepad authentication.
GIMX creator Donate Shop

Zer0xFF
Posts: 2
Joined: Thu Dec 07, 2017 9:46 pm

Re: PS 4 - Controller Authentication

Post by Zer0xFF » Fri Dec 22, 2017 12:41 am

@Avok if you're interested and if you think it might be of use I can probably get you the DS4 firmware (currently the one with PS4 FW 1.76, but with the release of the new exploit 4.05, might even be able to get a newer version)

Avok
Posts: 6
Joined: Sat Dec 16, 2017 3:33 pm

Re: PS 4 - Controller Authentication

Post by Avok » Sat Dec 23, 2017 12:46 am

Zer0xFF wrote:
Fri Dec 22, 2017 12:41 am
@Avok if you're interested and if you think it might be of use I can probably get you the DS4 firmware (currently the one with PS4 FW 1.76, but with the release of the new exploit 4.05, might even be able to get a newer version)
It would be great :-).
Thanks!

Avok
Posts: 6
Joined: Sat Dec 16, 2017 3:33 pm

Re: PS 4 - Controller Authentication

Post by Avok » Sat Dec 23, 2017 12:55 am

Matlo wrote:
Thu Dec 21, 2017 5:33 pm
If this is for real, then they hacked the gamepad authentication.
Yes, it's absolutely real.
If you do a search on google you will find ton of posts of users that are very satisfied of this board.
This company produces many adapters for all type of consoles.
This means that they have hacked the authentications for all new-gen consoles.

User avatar
GoDlike
Posts: 416
Joined: Thu Apr 28, 2016 12:47 pm
Location: Poland

Re: PS 4 - Controller Authentication

Post by GoDlike » Sat Dec 23, 2017 9:52 am

Yeah DS4 FW can be dumped from the 1.76 hacked console for some months. Probably they used it to hack gamepad authentication. There's 4.05 hack in the works and private 5.01 exploit. It will surely be an interesting time.
My hardware: Xbox 360 S "Trinity" RGH | PS3 Slim CFW 4.80 | PS4 5.50 | Mouse: 8 years old Gigabyte M8000x :mrgreen:
My Steam: http://steamcommunity.com/id/Godlike_RU/ | PSN: GoDlike_RU

Post Reply