[E3-hacking] PBL 5.1 (again)
otaku at takingthingsapart.org
Sun Jan 20 13:14:59 GMT 2008
Ok - took a break from my other shiny to finally play with my PBL5.1 E3
So - the current state of play is this :
0x02 0x00 0x02 0x00 0x02 0x00 0x04 ( Version Query )
0x02 0x00 0x0e 0x00 (STX header + length of packet )
0x82 0x00 0x72 0x00 ( Response data )
0xfe 0x7b 0x6e 0xb4
Viable commands without SHA-256 hash match are :
cmd_16 is used to upload a ( as far as I can tell ) 392 byte
the key is hashed via sha-256 and, for any of the other commands not
mentioned above, compared to the hash on the box.
If the generated hash matches the stored one, the command executes, if
not, it doesn't.
For the interested, I believe the hash is :
I'm currently going over the code to see if there are any sneaky
bypasses, but it doesn't look good so far.
I'll let y'all know if anything progresses.
One thought does strike, however..
392 bytes is kind of a strange length for a plaintext source for the hash.
Makes one wonder if its a (X)PGP ascii signature.
As always, reality may bear no resemblance to the statements above.
More information about the e3-hacking