Hi,
I have a question regarding the controller authentication.
Based on the GIMX source codes and the wiki/eleccelerator pages, I understood what are the current limitations for the PS 4 controller emulation.
Basically, please correct me if I'm wrong, right now it's not possible to 100% emulate a PS 4 controller due to an authentication process that is involved between the host and the device.
However, thanks to Matlo serial-usb project, I was able to sniff the USB communication between an H*RI (USB) m*ni fighti*g sti*k and the console.
Basically the authentication works in this way (more or less the same information that I got from the wiki):
Host sends the Set Report Request 0x03F0 to the device
The 0x03F0 is sent in 5 different messages:
1) The #1...4 contain 56bytes of relevant data (the first 4 bytes of each message are just header/counters, the last 4 bytes are the CRC)
2) The #5 contains 32 bytes of relevant data
In total the 0x03F0 is 256Bytes long that I assume it will represent the pass-phrase.
Probably it's a sort of 2048bit encryption (RSA?)
Anyway, the 0x03F0 changes every time that the console is restarted.
Once the device has received the five 03F0 messages, it will start to send the 0x03F1 report to the host that will contain some encoded payload, based on the key received from the host.
Now, I spent few hours analysing different Wireshark logs (took in different time) and I can see that the encoder/decoder protocol is not so easy to reverse (as I expected).
I think that this is the main reason that GIMX needs a PC/PI to spoof and pass-through the authentication.
Question.
With google I found out that there is a board called univer*al fight*ing sti*k that is able to full emulate every new gen controller.
I don't think that the company is authorized from S*ny or Micro*oft or Ninten*o to produce this board, so I believe that they were able to reverse the code.
Now, this makes me wonder that the challenge message sent is not based on some sort of hard level type of encryption (i.e. RSA), so this can make the decode process much easier.
Anyone knows how they did it?
I mean, anyone tried to capture the logs between this board and the console? Does anyone have some other information to share?
Thanks
PS 4 - Controller Authentication
Re: PS 4 - Controller Authentication
Hi,
I would not be surprised that the fightstick you are talking about requires a genuine controller to work on PS4 and Xbox 360/One.
I believe they are using symmetric-key algorithms, which means you have to know the private key to authenticate.
On Xbox platforms this is handled by a dedicated chip. It's unlikely to be hacked.
I would not be surprised that the fightstick you are talking about requires a genuine controller to work on PS4 and Xbox 360/One.
I believe they are using symmetric-key algorithms, which means you have to know the private key to authenticate.
On Xbox platforms this is handled by a dedicated chip. It's unlikely to be hacked.
GIMX creator
Re: PS 4 - Controller Authentication
Hi Matlo,
Thanks for the reply.
Based on the information available on the seller website and also on the YouTube videosl, it seems that the board doesn't need the original pad for the authentication.
It looks weird to me too, but if you look at the circuit board there is only one USB socket, that is used to connect to the console, that's it, no BT or other USB ports.
There is a good review on YouTube too.
I will continue my research
Thanks
Bye.
Thanks for the reply.
Based on the information available on the seller website and also on the YouTube videosl, it seems that the board doesn't need the original pad for the authentication.
It looks weird to me too, but if you look at the circuit board there is only one USB socket, that is used to connect to the console, that's it, no BT or other USB ports.
There is a good review on YouTube too.
I will continue my research
Thanks
Bye.
Re: PS 4 - Controller Authentication
Could you please post a link? I cannot guess which device you are talking about.
GIMX creator
Re: PS 4 - Controller Authentication
If this is for real, then they hacked the gamepad authentication.
GIMX creator
Re: PS 4 - Controller Authentication
@Avok if you're interested and if you think it might be of use I can probably get you the DS4 firmware (currently the one with PS4 FW 1.76, but with the release of the new exploit 4.05, might even be able to get a newer version)
Re: PS 4 - Controller Authentication
Yes, it's absolutely real.
If you do a search on google you will find ton of posts of users that are very satisfied of this board.
This company produces many adapters for all type of consoles.
This means that they have hacked the authentications for all new-gen consoles.
Re: PS 4 - Controller Authentication
Yeah DS4 FW can be dumped from the 1.76 hacked console for some months. Probably they used it to hack gamepad authentication. There's 4.05 hack in the works and private 5.01 exploit. It will surely be an interesting time.
My hardware: PS3 Slim CFW 4.80 | PS4 Pro 500 Million LE | PS5 | Xbox Series X
Steam: Godlike_RU | PSN: GoDlike_RU | XBL: GoDlike
Steam: Godlike_RU | PSN: GoDlike_RU | XBL: GoDlike