Weekly Report December 1, 2013

The Playstation 4 is great, I got mine from Amazon 2 weeks ago, no problems. USBXLATER is on hold. After weeks of investigation and experimentation and collaborating with other people, it seems that the PS4 only accepts the data from DualShock 4’s Bluetooth interface, and not the USB interface, even if HID reports are sent through USB. This makes emulation via USB impossible. The next possible methods are to emulate the Bluetooth connection instead, or to install an internal modification to the DualShock 4’s hardware.

My Bluetooth module currently does not have some features that allow me to use it for spoofing so I’ll have to get a new one before even attempting it. I have started on the design for this internal modification already.

I attempted to use the Ubertooth One to do Bluetooth sniffing, but it is extremely hard to use and doesn’t seem to work right. I can obtain the LAP and UAP of my Playstation using it, with this information, the Ubertooth is supposed to be able to perform the necessary calculations required to follow the same frequency hopping pattern that the Playstation and DualShock uses. But the Ubertooth cannot successfully do this, and when it does seem to obtain the pattern, it fails to decode every single packet, leading me to think that it miscalculated the hopping pattern.

iOS’s BLE events seems to be polled at a really slow rate. I had to fix a problem which involved using the time when the event handler was fired. The timestamp was not accurate at all and appears to happen at 1 second interval bursts. This problem was fixed by using another method of obtaining the actual time when the notification was sent from the BLE device, I packed a sample interval into the packet I sent.

2 thoughts on “Weekly Report December 1, 2013

  1. mrasmus

    Ah, just posted on your Xlater preview post before seeing this.

    As I detailed over there, I *believe* that Sony’s implemented encryption on controller communications this generation; that’s my understanding form the custom arcade stick scene. I didn’t know that they’d also reverted to wireless-only communications, but that doesn’t change the end result. I’m more positive (aka 100%) that it’s been confirmed that MS is doing this on the XBO (they also did it on the 360, all in the name of stemming unlicensed controller manufacturing for their systems). This is on all protocols for the 360/XBO, and I wouldn’t be surprised if the reason you’re having trouble decoding “every single packet” is because they’re encrypted. I’d try doing a similar attack on the PS3 to confirm that your tools are working as expected; I suspect you may be SOL on cloning these controllers in the near future, sadly.

    Good luck!

    1. Admin Post author

      The packets themselves appear to be not encrypted so far… but the packets do end with 4 bytes of random data, which could mean they are a hash or checksum. This could be hard to break.


Leave a Reply

Your email address will not be published. Required fields are marked *