450 Comments

1. 

   GregoryRasputin
   11-08-2011
   10:20 AM

   1

   If your going to post news, at least make an effort :/

2. 

   himshie
   11-08-2011
   10:22 AM

   2

   sorry dude i thought the news team would do that

3. 

   DzhoPS3HAX
   11-08-2011
   10:24 AM

   3

   so wait it s meaning?

4. 

   Annelies
   11-08-2011
   10:25 AM

   4

   Until someone makes something out of this, it's useless IMO.

5. 

   GregoryRasputin
   11-08-2011
   10:27 AM

   5

   Originally Posted by himshie sorry dude i thought the news team would do that

   Its ok, i forgive you this time, but the whole point of the members news section, is for members to post news, then we approve.
   
   

   Originally Posted by Annelies Until someone makes something out of this, it's useless IMO.

   They are files from August, not really a leak or an exclusive, more of a yawn.......

6. 

   DzhoPS3HAX
   11-08-2011
   10:33 AM

   6

   so what is meanning? what can we wait now?

7. 

   GregoryRasputin
   11-08-2011
   10:41 AM

   7

   Originally Posted by DzhoPS3HAX so what is meanning? what can we wait now?

   For us small people, this will do nothing, the devs will be able to play with it and we will, benefit from the end results, so don't worry about it until later

8. 

   CrystalWolf
   11-08-2011
   10:45 AM

   8

   I had a further look and it shows that its says 3.50 exploit no too sure if I am right or wrong but since I'm not a dev don't take this too seriously.
   
   here is a screen shot of the image.
   
   
   Don't know if this makes any sense or not. But yeah.

9. 

   H3avyRa1n
   11-08-2011
   10:51 AM

   9

   for what I know the per_console_key_0 is in metldr, so take your conclusions...

10. 

    lunuxx
    11-08-2011
    11:02 AM

    10

    yes the files are from august but not very many have seen them....
    you can get eid root key from metldr

11. 

    aladdin
    11-08-2011
    11:03 AM

    11

    in readme it says eid0 so i hope that is the real thing
    time will tell

12. 

    DzhoPS3HAX
    11-08-2011
    11:10 AM

    12

    yes maybe the end of waiting

13. 

    stevorkz
    11-08-2011
    11:13 AM

    13

    I heard the per_console_key_0 is the trickiest to get. True?

14. 

    ortis123
    11-08-2011
    11:17 AM

    14

    yes thats what makes all thinks work.

15. 

    nzie
    11-08-2011
    11:22 AM

    15

    well the per_console_key_0 is in the 'metldr'

16. 

    H3avyRa1n
    11-08-2011
    11:24 AM

    16

    can this value
    
    94D100BE6E24991D65D93F3DA938858CEC2D133051F47DB4287AC86631719B31573EF7CCE071CA8A
    
    be associated with this exploit?

17. 

    stevorkz
    11-08-2011
    11:25 AM

    17

    Sweet. Can only mean good things. Eventually

18. 

    DzhoPS3HAX
    11-08-2011
    11:26 AM

    18

    So a new exploit will be possible?

19. 

    wikdclown
    11-08-2011
    11:28 AM

    19

    Lets hope this leads to something good.

20. 

    rafa11
    11-08-2011
    11:33 AM

    20

    Originally Posted by wikdclown Lets hope this leads to something good.

    Yes, it would be GREAT

21. 

    bost7
    11-08-2011
    11:37 AM

    21

    The fact is dont get excited before the results.
    
    In 10 months of this scene we have seen soooo many fake news.

22. 

    NeoNetGen
    11-08-2011
    11:50 AM

    22

    Originally Posted by bost7 The fact is dont get excited before the results. In 10 months of this scene we have seen soooo many fake news.

    
    You should be happy there has been 10 months of people working on the console.

23. 

    H3avyRa1n
    11-08-2011
    11:55 AM

    23

    You gotta love metldrpwn.c

24. 

    DzhoPS3HAX
    11-08-2011
    11:57 AM

    24

    so now what will happen?! you will know to the next numero!

25. 

    nzie
    11-08-2011
    11:57 AM

    25

    Originally Posted by H3avyRa1n You gotta love metldrpwn.c

    metldrpwn.c?

26. 

    freestylemaster
    11-08-2011
    12:04 PM

    26

    It'd great if someone can explain what this is for, in detail.
    
    
    Sent from my iPhone using Tapatalk

27. 

    zecavalo
    11-08-2011
    12:05 PM

    27

    There's been some great news lately, namely Uncharted 3, let's hope this is another great step towards playing +3.60 games.

28. 

    havok7
    11-08-2011
    12:07 PM

    28

    i say wait and not get exited over this too early coz you may be disappointed,if this is known from august and no one managed to do anything with it in 4 months........i just go with the flow and dont expect much out of this or anything that gets leaked to the public,the good stuff is released when is released and BUM! will bring back the whole Ps3 scene back to life, then you can get exited and not just yet.

29. 

    lunuxx
    11-08-2011
    12:09 PM

    29

    wasnt known publicly in august, the files are dated august. someone just leaked it

30. 

    OoZic
    11-08-2011
    12:10 PM

    30

    If I were $ony I would get a real big headache with all the news, exploits, PSN cracks and dongles lately

31. 

    GregoryRasputin
    11-08-2011
    12:11 PM

    31

    Originally Posted by lunuxx wasnt known publicly in august, the files are dated august. someone just leaked it

    So if no one could do anything with it in private, why wasn't it released to the public well before now ?

32. 

    H3avyRa1n
    11-08-2011
    12:12 PM

    32

    just opened the .C file and damn, I'm ****ing amazed, if that stuff actually does what is supposed to do... ****!
    
    too bad I can't go any further but the peeps who can actually go have some serious **** here.

33. 

    lunuxx
    11-08-2011
    12:13 PM

    33

    theres a dangerous way to do cex-dex
    just sayin

34. 

    rafa11
    11-08-2011
    12:14 PM

    34

    Originally Posted by GregoryRasputin So if no one could do anything with it in private, why wasn't it released to the public well before now ?

    And who tells you that they haven't been able to do anything with these files?
    According to Matieulh, he already has the 3.60 keys and has already given us clues on how to get them.
    So, it could already have been of some use to some people, but only now they came in broad daylight.
    But this is just a hunch

35. 

    jp_cfc09
    11-08-2011
    12:15 PM

    35

    hopefuly this is true and some devs can make something out of it, makeing us end cfw users better off. all we can do is wait and hope

36. 

    ikefix
    11-08-2011
    12:15 PM

    36

    Well, I do not very much about C, but it mentions glevand, linux kernel, level 1, SPU, that it 's GNU and EID0.
    
    It's structure needs of some libraries I do not know at all, I suposse they are in PS3 system.

37. 

    Pockets69
    11-08-2011
    12:16 PM

    37

    So in advance before it gets asked...
    THIS DOES NOT MEAN CFW.
    THIS IS NOT FOR THE END USER.

38. 

    Annelies
    11-08-2011
    12:18 PM

    38

    [MENTION=7151]Pockets69[/MENTION] is correct.
    
    All this amounts to is a ton of useless speculation. Until one of our "scene professionals" denounces this "leak", you all best keep quiet!

39. 

    Pockets69
    11-08-2011
    12:19 PM

    39

    I didn't say it wasn't real...

40. 

    ikefix
    11-08-2011
    12:22 PM

    40

    Oh, I only expect this will help in some way to get profit from the rsx driver and better distros of linux (if only i had not my awfull 160 GB int hdd wich always gives me the incability of making the hdd partition , even with the alternative sh_region) CFW with dual OS please¡¡¡¡¡

41. 

    zecavalo
    11-08-2011
    12:25 PM

    41

    Originally Posted by rafa11 According to Matieulh, he already has the 3.60 keys and has already given us clues on how to get them.

    It's not hard to release things anonymously...

42. 

    tulla2010
    11-08-2011
    12:36 PM

    42

    "According to Matieulh, he already has the 3.60 keys and has already given us clues on how to get them".
    
    Math also knows the meaning of life, can time travel & knows the answer to all questions, but ofc he wont share these findings with mere mortals such as ourselves

43. 

    gmitesh90
    11-08-2011
    12:48 PM

    43

    wierd to actually front page this ... but anyway cool development

44. 

    GregoryRasputin
    11-08-2011
    12:50 PM

    44

    Originally Posted by gmitesh90 wierd to actually front page this ... but anyway cool development

    What the hell is weird about it ?

45. 

    big_russ
    11-08-2011
    12:52 PM

    45

    this is good news. see what magic the devs can do with this.

46. 

    laurorual
    11-08-2011
    12:52 PM

    46

    an email from anonymous person LOL. hopefully isnt fake... again.

47. 

    GregoryRasputin
    11-08-2011
    12:55 PM

    47

    

48. 

    Loan
    11-08-2011
    12:56 PM

    48

    can someone explain something like...
    
    this could lead to cfw
    
    this could lead to psn hax
    
    this could lead to a new multiman
    
    this could lead to brick your ps3 lol..
    
    
    or wut.. ??? we should expect about this how big it is.. if it is.. anything of importance...

49. 

    bost7
    11-08-2011
    12:58 PM

    49

    According to this:
    
    

    Originally Posted by GregoryRasputin

    This could lead to..nowhere :/

50. 

    badsnoopdog
    11-08-2011
    01:00 PM

    50

    Originally Posted by Loan can someone explain something like... this could lead to cfw this could lead to psn hax this could lead to a new multiman this could lead to brick your ps3 lol.. or wut.. ??? we should expect about this how big it is.. if it is.. anything of importance...

    It is(drum roll)...................................BULL**** end of

51. 

    carldenning
    11-08-2011
    01:06 PM

    51

    Originally Posted by Loan can someone explain something like... this could lead to cfw this could lead to psn hax this could lead to a new multiman this could lead to brick your ps3 lol.. or wut.. ??? we should expect about this how big it is.. if it is.. anything of importance...

    read the post above you and below you

52. 

    laurorual
    11-08-2011
    01:06 PM

    52

    told ya

53. 

    carldenning
    11-08-2011
    01:06 PM

    53

    bloddy thing messed up ignore this message

54. 

    p78ch201
    11-08-2011
    01:07 PM

    54

    Originally Posted by GregoryRasputin

    Obsviously, if RichDevX knows that someone has modified something, then he just confirm he have the original version of it (my guess) and that he probably knows how to use it... (my guess again).

55. 

    jasonps3
    11-08-2011
    01:08 PM

    55

    module_init(metldrpwn_init);module_exit(metldrpwn_exit);MODULE_LICENSE("GPL");MODULE_DESCRIPTION("SPP verifier direct");MODULE_AUTHOR("glevand");
    
    GLEVAND... this is good or bad?

56. 

    synce
    11-08-2011
    01:10 PM

    56

    Isn't this what geohot leaked and eventually led to CFW? Here's hoping it's real

57. 

    laurorual
    11-08-2011
    01:10 PM

    57

    p78ch201
    
    or someone renamed some things that isnt anything but crap
    like take any file on your pc, rename it and then post it :D

58. 

    GregoryRasputin
    11-08-2011
    01:11 PM

    58

    Originally Posted by jasonps3 module_init(metldrpwn_init);module_exit(metldrpwn_exit);MODULE_LICENSE("GPL");MODULE_DESCRIPTION("SPP verifier direct");MODULE_AUTHOR("glevand"); GLEVAND... this is good or bad?

    It has been said before, that this is a modified version of glevands work, so someone took glevands work and added to it.

59. 

    bost7
    11-08-2011
    01:12 PM

    59

    Originally Posted by p78ch201 Obsviously, if RichDevX knows that someone has modified something, then he just confirm he have the original version of it (my guess) and that he probably knows how to use it... (my guess again).

    Really good point and guessing.

60. 

    DzhoPS3HAX
    11-08-2011
    01:13 PM

    60

    So real or fake?

61. 

    laurorual
    11-08-2011
    01:16 PM

    61

    Originally Posted by DzhoPS3HAX So real or fake?

    probably fake, but not sure

62. 

    jasonps3
    11-08-2011
    01:16 PM

    62

    Originally Posted by GregoryRasputin It has been said before, that this is a modified version of glevands work, so someone took glevands work and added to it.

    Then... is fake?

63. 

    Razor1993
    11-08-2011
    01:18 PM

    63

    @ All
    
    we all have the METLDR Keys!
    this thing cant bring us the METLDR Keys! because we have the Keys!
    but the problem is the METLDR is decrypted with LV0! because of this the METLDR Keys arent useful! we need to get the real Root key!(lv0)!
    then we have everything

64. 

    bost7
    11-08-2011
    01:18 PM

    64

    Originally Posted by jasonps3 Then... is fake?

    Moddified work = fake for you??
    
    Maybe someone fixed his work to working, or its completely fake.
    
    Noone knows yet!

65. 

    GregoryRasputin
    11-08-2011
    01:19 PM

    65

    Originally Posted by jasonps3 Then... is fake?

    Being modified doesn't make it fake, though we don't know, some are saying its fake, some are saying its real, we will just have to wait and see.

66. 

    VIRGIN KLM
    11-08-2011
    01:20 PM

    66

    It's incomplete, also it looks like it borrows stuff from appldr exploits...

67. 

    teevo
    11-08-2011
    01:22 PM

    67

    up.... down.... up..... down.... = mood of PS3 scene followers :P
    
    
    Have a little (bit more) patience

68. 

    GregoryRasputin
    11-08-2011
    01:22 PM

    68

    [1:15pm] <Mathieulh> leakers gotta leak
    [1:15pm] <Mathieulh> I am actually explaining how it works
    [1:15pm] <Mathieulh> and put a big screw to the scene with it
    [1:15pm] <Mathieulh> cause the ****ing leaker wouldn't be able to tell you how it ****ing works
    
    So who knows

69. 

    lunuxx
    11-08-2011
    01:23 PM

    69

    http://lan.st/showthread.php?p=22446

70. 

    EmBoLa.be
    11-08-2011
    01:24 PM

    70

    it's on every scene forum/site, so it's big news, even bigger then then true blue, and even we thought that was fake, but apparently it's not, so just wait and see.

71. 

    nzie
    11-08-2011
    01:26 PM

    71

    http://lan.st/showthread.php?p=22446 what's this

72. 

    jasonps3
    11-08-2011
    01:26 PM

    72

    Originally Posted by bost7 Moddified work = fake for you?? Maybe someone fixed his work to working, or its completely fake. Noone knows yet!

    based on [MENTION=14310]RichDevX[/MENTION] tweet seems fake.
    Moddified work obviously != (not equal) fake.

73. 

    Fl3th3r
    11-08-2011
    01:26 PM

    73

    Originally Posted by lunuxx http://lan.st/showthread.php?p=22446

    very good plus to a real deal version

74. 

    GregoryRasputin
    11-08-2011
    01:27 PM

    74

    
    
    http://lan.st/showthread.php?p=22446

75. 

    VIRGIN KLM
    11-08-2011
    01:30 PM

    75

    Originally Posted by GregoryRasputin [1:15pm] <Mathieulh> leakers gotta leak [1:15pm] <Mathieulh> I am actually explaining how it works [1:15pm] <Mathieulh> and put a big screw to the scene with it [1:15pm] <Mathieulh> cause the ****ing leaker wouldn't be able to tell you how it ****ing works So who knows

    If he didn't want him to leak, he should just release it.Period.
    Enough with that tactic, I know how to do it but I won't tell you, I'll just guide you how you can do it yourself ignoring the fact that you may not have enough knowledge to do it taking all of the rest people who are in need of such exploit on my graveyard.
    He cannot just be mad when something leaks, if he doesn't want it to leak, he is an adult, he should know by now that if you don't want a secret to leak, you just don't share it, which proves that if you do share it, you have atleast a bit of ''that poser'' characteristic inside you. It's not importantly bad to be a bit of poser but you cannot be mad or think that people are going to be sorry or respect you to a full extenct.
    
    I am in the music industry and leaks happen, and these are serious, like I could lose my job or get sued.
    I cannot be mad when I shared something with some people I trust more or some less, because I myself chosen it to leak in a context.
    He must just learn to manage how things get released, leak and their timing.
    No releases or no leaks cause to this situation and as long he is in this scene, he should expect this to happen more often.

76. 

    Fl3th3r
    11-08-2011
    01:34 PM

    76

    Originally Posted by VIRGIN KLM If he didn't want him to leak, he should just release it.Period. Enough with that tactic, I know how to do it but I won't tell you, I'll just guide you how you can do it yourself ignoring the fact that you may not have enough knowledge to do it taking all of the rest people who are in need of such exploit on my graveyard. He cannot just be mad when something leaks, if he doesn't want it to leak, he is an adult, he should know by now that if you don't want a secret to leak, you just don't share it, which proves that if you do share it, you have atleast a bit of ''that poser'' characteristic inside you. It's not importantly bad to be a bit of poser but you cannot be mad or think that people are going to be sorry or respect you to a full extenct.

    actually its kind of strange to me,that he's exploit got leak,and his not wasting his time and making a tut for it?maybe he wanted to leak?

77. 

    japsander
    11-08-2011
    01:39 PM

    77

    well, he may be pissed at the leak but the solution to the problem is not to give it out in the first place.
    
    as much as i would like to give him credit for this work i cant due to the fact he was never going to release it.....

78. 

    Progamer
    11-08-2011
    01:41 PM

    78

    I think the news page has to be update

79. 

    TheEvolution_PT
    11-08-2011
    01:43 PM

    79

    This exploit also the lv0 key.
    Matthieulh twiter:Oh and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique/exploit

80. 

    GregoryRasputin
    11-08-2011
    01:45 PM

    80

    Front page updated.

81. 

    DzhoPS3HAX
    11-08-2011
    01:53 PM

    81

    oh it seems that the end of of 3.6x and 3.7x is coming!

82. 

    laurorual
    11-08-2011
    01:58 PM

    82

    at least we know that this isnt fake and its gonna take us to something, right?
    so now we wait! :D

83. 

    Progamer
    11-08-2011
    01:59 PM

    83

    So guys let us Drink Tea and Wait :D

84. 

    bernardoms
    11-08-2011
    02:10 PM

    84

    so we can have a cfw for the ofw 3.7x ? , because for install the cfw in the latest fw we need decrypt lv0 rigth?, and mathieulh said you can decrypt any lv0 using this technique/exploit

85. 

    laurorual
    11-08-2011
    02:14 PM

    85

    if this let me play portal 2, i'll be happy AND SO i'll say thx to math :D

86. 

    carldenning
    11-08-2011
    02:17 PM

    86

    Originally Posted by bernardoms so we can have a cfw for the ofw 3.7x ? , because for install the cfw in the latest fw we need decrypt lv0 rigth?, and mathieulh said you can decrypt any lv0 using this technique/exploit

    more than likely to have a cfw 3.7+ but u will have to be on 3.55 to install it so nothink for people who are already on ,3.56+ ofw

87. 

    gregory2590
    11-08-2011
    02:18 PM

    87

    Originally Posted by bernardoms so we can have a cfw for the ofw 3.7x ? , because for install the cfw in the latest fw we need decrypt lv0 rigth?, and mathieulh said you can decrypt any lv0 using this technique/exploit

    I'm wondering this as well, but this whole thread is filled with mathmad.

88. 

    changbom
    11-08-2011
    02:24 PM

    88

    so the Metldr expolit so ps3 3k gonna downgrade now right ???

89. 

    alexcta83
    11-08-2011
    02:25 PM

    89

    thx math....u rock

90. 

    stevorkz
    11-08-2011
    02:27 PM

    90

    Ok seriously. Is this about the guy who leaked/didnt leak the exploit or is it about the exploit itself and what it means for the scene?

91. 

    TheBuzzer
    11-08-2011
    02:31 PM

    91

    well, the scene of hacking ps3 is done because master key is found.
    
    however, cfw scene and homebrew scene will be active still.

92. 

    OoZic
    11-08-2011
    02:32 PM

    92

    Somehow I feel sorry this got leaked (don't start a flame war). I would rather have one of the smartest PS3 developers still on board of the scene than this in the open...
    
    and to the people who say he never releases anything.... he did more for the PS3 scene than you will ever know. He also helped with a lot more things than you will ever know. But most people only look at his behavior and call it arrogance etc. without even knowing him in real life. Maybe he is arrogant, but looking at what he wrote in the explanation he has somehow (to my feeling) the right to be.
    
    Mathieu, I will miss your talent in the future. I hope this masterpiece will lead to an unstoppable (by $ony) CFW so you won't have left for nothing. Like Graf_chokolo isn't around anymore, if you aren't I will always remember your contribution to make my life more happy
    
    Don't bother to flame me about this comment, I won't answer to any flame post. call it arrogance, I call it a waste of time

93. 

    GregoryRasputin
    11-08-2011
    02:55 PM

    93

    Originally Posted by psg Weren't you the guy that called me a "Sony-Fanboy" and told me to go to the official forums, just because I wasn't bashing the company for something I didn't think was a big deal? Just wondering.

    That has completly nothing to do with this thread.
    
    Now this is the last off topic post
    
    
    @ Everyone
    
    NO MORE MATHIEULH FLAMING
    
    NO MORE OFF TOPIC POSTS
    
    NO MORE INSULTS
    
    Now i don't give a crap about your home problems, about your mid life crisis, about your male menopause or whatever retarded real life crap any of you have, keep it the f*ck off the forum, any more violations will result in infractions and bans, simple as that.

94. 

    Albert Wesker
    11-08-2011
    03:00 PM

    94

    So, finally comes the time to register.
    I want to thank Mathieulh for his work on the exploit.
    I follow the news and the discussions since over a year now and I know that he is sometimes kind of arrogant, but so what?
    Somehow he remembers me on Rodney Mc Kay of Stargate Atlantis, a genuis, always arrogant but deep inside alwys try to help.
    Don't believe me? So why Meth wrote a tutorial how to use that stuff? Without the tutorial it would be useless.
    
    so, thanks Math!

95. 

    wikdclown
    11-08-2011
    03:00 PM

    95

    Hehe maybe what i said earlier was right Math developed a split personality and hes trolling himself !
    
    Thanks to Math for figuring it out and thanks to whomever leaked it (probably math ) :P
    Now if the Rebug Masters come along.....(wishful thinking)

96. 

    gregory2590
    11-08-2011
    03:01 PM

    96

    so we can have a cfw for the ofw 3.7x ? , because for install the cfw in the latest fw we need decrypt lv0 rigth?, and mathieulh said you can decrypt any lv0 using this technique/exploit

    Since the mathmad is fully gone(hopefully), i'll just requote this.

97. 

    jesdaking
    11-08-2011
    03:02 PM

    97

    Math we are all happy here, Thanks!

98. 

    Phil Rey
    11-08-2011
    03:26 PM

    98

    Great news! Now that Math made a tutorial, all we have to do is wait so that Devs make something usable for the end users.
    
    and pleeease stop flaming, insulting people because of their behaviour. "yeah, math this.. math that!" come on!
    
    I agree to him when he says that people are ungrateful (well, not all of us, but some people just can't get enough and want more and more, without ever appreciating what they already have and thanking for that.. :/ )
    
    if math really leaves, the ps3 scene loses a skilled dev.

99. 

    fdm
    11-08-2011
    03:37 PM

    99

    Umm... this is more a trick/technique. How did this get labeled as an exploit? And why would math need to explain something so simple(if not just for the credit)?

100. 

     Senaxx
     11-08-2011
     03:39 PM

     100

     So my first newspost on PS3Hax is Math's biggest leak. I'm away for 2 hours and all hell broke lose. It great that this exploit is out, but don't like the way how this happend.
     
     Math could have chosen to keep his mouth shut and let people figure everything out, but he decided to explain the whole exploit and I think we should be grateful for that.
     
     This wasn't meant to get out, but got leaked (like many stuff nowadays) anyway, and Math explained it all.

101. 

     daveyp187
     11-08-2011
     03:45 PM

     101

     let's hope something good comes outa this .

102. 

     fouzi
     11-08-2011
     03:48 PM

     102

     on twitter
     math saying :
     By the way, in that post of mine, I released 2 exploits, that leak only uses one.

103. 

     hanzoverfist
     11-08-2011
     03:49 PM

     103

     Originally Posted by Phil Rey I agree to him(math ) when he says that people are ungrateful

     Just making a point here, but nothing says that this is his work at all, and so people cannot be grateful to an anonymous donor. On a more general note people are ungrateful in general most of the time, so this should not offend nor be of a surprise.
     
     
     

     Originally Posted by Phil Rey if math really leaves, the ps3 scene loses a skilled dev.

     Didn't he already leave?

104. 

     thamps
     11-08-2011
     03:54 PM

     104

     People!!!
     
     Let's create a dedicated thread to just thank and compliment "Math". I think he deserves that level of attention for all the significant contributions he has done for the scene.
     
     (And if that's successful, create other threads for the other 'Hall of Fame' devs!)
     
     Howz that for an idea?!!

105. 

     GregoryRasputin
     11-08-2011
     04:01 PM

     105

     Originally Posted by thamps People!!! Let's create a dedicated thread to just thank and compliment "Math". I think he deserves that level of attention for all the significant contributions he has done for the scene. (And if that's successful, create other threads for the other 'Hall of Fame' devs!) Howz that for an idea?!!

     
     I do agree that would be a good idea, but then i would only have to infract people(the ones who hate him) for insulting him.
     
     BTW we have one for deank and graf_chokolo

106. 

     TheEvolution_PT
     11-08-2011
     04:05 PM

     106

     Originally Posted by thamps People!!! Let's create a dedicated thread to just thank and compliment "Math". I think he deserves that level of attention for all the significant contributions he has done for the scene. (And if that's successful, create other threads for the other 'Hall of Fame' devs!) Howz that for an idea?!!

     Yes i ike this idea.

107. 

     Señor_Striatum
     11-08-2011
     04:12 PM

     107

     It is unfortunate that Math is leaving imo. I am no dev, so he could very well be blowing smoke up my ass, but he seems to know his stuff and based off of hear say it is my understanding that he has contributed to the scene via his own work and through various collaborations. I personally have never thanked you Math so here I would like to do so. Thank you for your efforts.
     
     I understand what it is like to be devoted to your work. Although the "scene" to which my work contributes is too massive for me to make a name for myself, I imagine I would still release my work in the situation that the scene showed animosity towards me. Thus I understand why you provided the tut and thank you.
     
     It is my understanding that in all reality the masses who make up the scene may have less to offer you personally in comparison with what you have to offer for them (to include me). However, with all due respect, I can understand you leaving but I think it is important to recognize that you cannot fight fire with fire. You are clearly intelligent and have nothing to prove so stooping down to their level is only going to exacerbate the problem and reel in more hating. Thus your relationship with the scene is just as much your fault as it is theirs.
     
     I hope you realize that your work is very much appreciated by those who understand it's significance but it will be vastly shadowed by the reputation you have built by denouncing the masses which make up the scene. I can imagine I would react the same way you have if I were in your shoes but take it from an outside perspective who has not received countless insults, your work would be that much more respected if you were to simply ignore those who hate and denounce them in that manner as opposed to insulting them. Although on account of the insults you have received I do not hold it against you and wish you luck on whatever it is you intend to do. Take care.

108. 

     denero1
     11-08-2011
     04:14 PM

     108

     i agree he does deserve some thanks just wish he wouldn't leave at the slightest betrayal :\ the scene is already on shaky ground don't need more people leaving

109. 

     iavais
     11-08-2011
     04:25 PM

     109

     Thanks Math.Hope you change your mind and keep contributing to the scene.There are many of us who are not haters.
     
     Anyway now can anyone please confirm if this method is working and what implications it will have in future?
     
     Thanks

110. 

     seang
     11-08-2011
     04:26 PM

     110

     [MENTION=81039]meth[/MENTION]ieulh
     
     
     How to pwn metldr the "easy" way
     
     --------------------------------------------------------------------------------
     
     Because some ungrateful person leaked my metldr exploit files I will now be explaining how it actually works, see this as my ultimate release of all times for an ungrateful scene (and scenes in the future)
     
     That's about how I am pissed off right now, because of course the person that leaked these files has no idea of how they actually work.
     
     How to pwn metldr the "easy" way:
     This is most likely how geohot exploited it in the first place, this takes (give or take) about 10 minutes to be performed. (yeah, not so much of a "I hacked the ps3 all on my own work", especially not when it partially relies on Segher's work, one of the reason geohot never shared the way he exploited metldr to anyone)
     
     I will assume here, that you do not have the loader keys that were made readily available by geohot. This little tutorial also assumes that you have a working .self generating tool
     
     Now You want to gain code execution to metldr, you know that metldr loads loaders to its own space, but you cannot run a loader because the loader needs to be signed and even though you know about the sign fail that Segher introduced at the CCC, you cannot use it because you don't have decrypted signatures to calculate a private key and to get signatures you need keys which you are currently trying to dump, so far you are stuck in a chicken and egg scenario.
     
     The question is, do you really need keys to get a decrypted signature ?
     Well the real answer is no, thanks to a nifty fail that sony left in in metldr (and the bootloader), you can have the ldr to decrypt the metadata for you, isn't that neat ?
     
     Here's how it works:
     
     STEP I)
     
     
     In a self file, at address 0x0C a value is used to calculate where the metadata is going to be decrypted, the "offset" is at self header + 0x0C
     its the "meta header offset" in the SCE structure, it takes the SCE offset + that value, so what you have to do is to have a calculation that is equal to 0x3E01F0 which happens to be where metldr copies over the shared metadata from the mailbox (which is sent over by the ppu), the trick is to have metldr to decrypt the metadata located at.
     So basically you have to
     1) set the offset += 0x2000
     dump shared lsa
     and keep increasing 0x2000
     until somewhere in the shared lsa changes 0x40 byte
     2) when it changes 0x40 bytes, you can add/subtract the proper amount to make it decrypt the proper locations
     3) then dump shared lsa and we have decrypted header
     knowing that metldr uses SCE header 0xECF0, you could calculate it knowing the address 0x3E01F0 - 0xECF0 = the value you would patch at SCE header + 0x0C
     
     ROM:0000F6C0 D2 68 87 E6 metadata_erk: .int 0xD26887E6 ; DATA XREF: ROM:0000F178o
     for example in CECHA , the address you want to decrypt it to is 0x3E1F0
     so it should be 0x3E1F0 - 0xF6C0
     
     
     Once you get the decrypted header, you have the key to decrypt the rest of the metadata. Here you go, you have your decrypted signature.
     
     So far so good, now what's next ?
     
     STEP II)
     
     Contrary to popular beliefs, you do not need to know the public key to calculate the private key, you just need two decrypted signature, you now know how to dump these, so let's assume you just did, now all you have to do is to bruteforce the curve type by constantly reloading a self to metldr, the curve type being only 1 byte, that would be 64 possibilities.
     
     CONGRATULATION, you just signed a loader !
     
     Now what ?
     
     Well Your first reflex would be to sign a loader and use it to dump whatever is in your Isolated Local Store, the first thing you will notice is that you have a bit of metldr's code as a leftover, after a few seconds of disassembly you will figure it's actually some piece of code that clears metldr's code and registers and jumps to some address which is matches your signed loader's entrypoint.
     
     This seems like a more than likely candidate to exploit, as in your goal would be to overwrite that piece of code with your own, that way you would have the whole metldr code right before the point where everything gets cleared out.
     
     Let's try to do just that, from your previous dump, you obviously know that the clear code is located from 0x400 to 0x630, (0x410 being where metldr jumps when it clears) your first attempt would naturally be to have a loader section to load at 0x400, well not so surprisingly, it fails, because you are not without a brain (at least you aren't supposed to be if you're reading and understanding this), you will assume that it is likely that metldr checks if you aren't loading your loader/self section below a certain address, which considering you know the loaders' entrypoint is most likely to be 0x12C00, this assumption is in fact correct as metldr will make sure you cannot load any loader at 0x12BFF and below, seems like a huge let down...
     
     Well, maybe not, because yet again, you are not without a brain, you check out the hardware properties for the Local Store, and you find out that the memory wraps around (memory is a donut as someone once said at some ccc conference).
     
     So what happens when you load your loader at let's say from 0x3F000 to 0x40000+some address? (like 0x40410 for example) ?
     
     Well, it WORKS!
     You could put the section at 0x3F000, if you made the length 0x1414 and the last instruction branches "up" to the dump code
     
     ROM:000008AC 33 7F 6C 80 brsl lr, cleanup_and_jump_entry
     ROM:000008B0 32 00 11 80 br loc_93C
     ROM:00000410 cleanup_and_jump_entry: ; CODE XREF: main+4Cp
     ROM:00000410 32 7F FF 80 br sub_40C
     this is what the exploit that got leaked (yeah that's not really their work eh but you figured that much by now did you not? ) does.
     It overwrites from 0x000 to 0x480 because I originally loaded the section o size 0x880 to 0x3FC00
     
     So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)
     
     
     Here you go, you have a metldr dump !
     
     Now as a final line, I'd like to say screw leakers, screw the scene, and this is my last contribution to it EVER. It seems I can't even trust fellow developers to keep my work safe and not leaking it. (Not like any of them would have been able to tell you how all this even works in the first place)
     
     So long, everyone.
     Remember, don't ever bite the hands that feed you.
     
     P.S. Oh! and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique.

111. 

     GregoryRasputin
     11-08-2011
     04:28 PM

     111

     [MENTION=201050]seang[/MENTION] that was posted on the front page over an hour ago......

112. 

     synce
     11-08-2011
     04:32 PM

     112

     OK this is confirmed real... NOW is the PS3 busted wide open forever and for always?

113. 

     carldenning
     11-08-2011
     04:32 PM

     113

     [MENTION=201050]seang[/MENTION] your a bit slow on that ,

114. 

     havok7
     11-08-2011
     04:39 PM

     114

     for me if this stuff actually works and if is 100% confirmed real,it would be more than enough to see only signed eboots,dont care about psn or new cfw just way to play my games on my 3.55 cfw

115. 

     BrunoAdler
     11-08-2011
     04:41 PM

     115

     Imho sony is screwed now... Hahaha

116. 

     carldenning
     11-08-2011
     04:42 PM

     116

     Originally Posted by havok7 for me if this stuff actually works and if is 100% confirmed real,it would be more than enough to see only signed eboots,dont care about psn or new cfw just way to play my games on my 3.55 cfw

     being on cfw and psn wouldnt last too long , sony will just ban cfw ps3 of the psn

117. 

     Zara
     11-08-2011
     04:43 PM

     117

     *Random rant about Math and completely unrelated to the leak. ALSO USING CAPS LOCK TO MAKE MY POST SEEM MORE IMPORTANT!!!
     
     But seriously, farewell Mathieulh and thanks for all the fish. Hopefully something good emerges from this leak.
     
     EDIT
     Wow [MENTION=165859]consaw[/MENTION] great material for your first post. :/

118. 

     ginnza
     11-08-2011
     04:46 PM

     118

     ******* my kid seen that picture

119. 

     carldenning
     11-08-2011
     04:48 PM

     119

     [MENTION=165859]consaw[/MENTION] you well mature , u must be the other way to even search for that . u dont need to spread on how u feel agaist pocket and greg just cos u want them and they dont want u . keep you fansty in you head . there are kid that read this site

120. 

     havok7
     11-08-2011
     04:49 PM

     120

     ban this [MENTION=165859]consaw[/MENTION] character now, we dont need this kind of sh1t here,and btw delete that idiotic pic he posted,focking retard

121. 

     DzhoPS3HAX
     11-08-2011
     04:50 PM

     121

     consaw you should be banned for pornography
     it s not legal on this forum
     you read the chart a little?

122. 

     stratplayer
     11-08-2011
     04:50 PM

     122

     That picture needs removing, seriously!

123. 

     lonewolf88
     11-08-2011
     04:51 PM

     123

     WTF? consaw whats wrong with you man?

124. 

     junse
     11-08-2011
     04:52 PM

     124

     why is he posting his hollydays pics here?

125. 

     japsander
     11-08-2011
     04:52 PM

     125

     Originally Posted by lonewolf88 WTF? consaw whats wrong with you man?

     his fantasy i guess

126. 

     ploggy
     11-08-2011
     04:53 PM

     126

     Dude, you should be banned from the internet..IDIOT!

127. 

     GregoryRasputin
     11-08-2011
     04:53 PM

     127

     Sorry [MENTION=98976]ginnza[/MENTION] the retard has been banned.

128. 

     daymond
     11-08-2011
     04:58 PM

     128

     so except the drama is the information provided enough for good pancakes?
     do we still need blue dongle to play fifa12

129. 

     mrsoczi
     11-08-2011
     05:00 PM

     129

     Yep. Great, big pancakes. Sh.. happens KADO. No pancakes for them. I hope JB2 is dead for good.

130. 

     mrsoczi
     11-08-2011
     05:05 PM

     130

     I'm hoping for a nice, big, juicy news header within the next 10 hours spelling out the 3.72 keys .

131. 

     gregory2590
     11-08-2011
     05:09 PM

     131

     Originally Posted by mrsoczi I'm hoping for a nice, big, juicy news header within the next 10 hours spelling out the 3.72 keys .

     More like 10 days sadly...
     
     
     
     BUT I WANT TO BELIEVE!!

132. 

     lonewolf88
     11-08-2011
     05:15 PM

     132

     I wonder what the hardware aspect of this exploit involves? I mean is it of the shelf thats been modified, or complete bespoke for this task.... ?

133. 

     fouzi
     11-08-2011
     05:15 PM

     133

     lets wait and see !!!
     
     ps3 is coming to an end

134. 

     gambaownsu
     11-08-2011
     05:18 PM

     134

     I refuse to believe that we are near the end of this dark tunnel. I am in complete denial.

135. 

     ps3tricks
     11-08-2011
     05:30 PM

     135

     Originally Posted by mrsoczi I'm hoping for a nice, big, juicy news header within the next 10 hours spelling out the 3.72 keys .

     keep dreaming or hopeing,its not that simple and for sure it will not be in 10 hours.
     
     

     Originally Posted by fouzi lets wait and see !!! ps3 is coming to an end

     
     its more like ps3 seeing the light after many months in dark

136. 

     Jack_Bauer_the_frog
     11-08-2011
     05:39 PM

     136

     My two cents on what this thread was about before it went crazy.
     
     1st: thanks to Math and to anyone who ever contributed to this exploit if as it sounds it turns out to be a major step in making the ps3 a more open system.
     
     2nd: thanks in advance to the other talented devs who will undoubtedly continue this work.
     
     Lastly, to those who for some reason want to make this about Math's supposed nationality, I mean please, come on, you guys are twelve or what...?? I'm not even sure I should dignify your posts by answering them. And I'm not saying that because of some imaginary French superiority complex !!!
     
     And by the way, I don't care if this was meant to be released or leaked, should have been, shouldn't have been... Now it's out so let's move on.

137. 

     tcmkenny
     11-08-2011
     06:01 PM

     137

     Ok the wheels are back on the scene and we have gotten a push start. Who here knows how to drive ?
     
     Very interested to see where this goes

138. 

     calo
     11-08-2011
     06:02 PM

     138

     Originally Posted by tcmkenny Ok the wheels are back on the scene and we have gotten a push start. Who here knows how to drive ? Very interested to see where this goes

     No_one lol
     
     if you get what i mean,
     
     but hopefully somebody can. hopefully.

139. 

     mosstopher
     11-08-2011
     06:10 PM

     139

     Not gonna get involved in the drama of this thread, Just gonna say Thanks to Math for the method and the explanation, and also for everything that he has done for the scene, argue amongst yourselves whether it's a load or a little, I care not either way, he contributed to the scene and I for one am grateful.

140. 

     CaptainCPS-X
     11-08-2011
     06:11 PM

     140

     Wow, I been trying to find something relevant to the main topic (metldr) but I find lot of insults, non-sense, bs, even religion (wtf?!...what religion has to do with a piece of hardware?!)...
     
     Anyway, I just hope to see more results from this exploit sooner or later (I hope people stop being so ignorant and disrespectful as well, this is why I have been away from the scene lately, Im focusing on my previous project FB Alpha).
     
     SeeYa!
     ^^

141. 

     hamtah
     11-08-2011
     06:21 PM

     141

     Yay, another advancement to the scene which will be discussed for 3-4 days and then join the rest of the useless advancements.

142. 

     Warning
     11-08-2011
     06:52 PM

     142

     Originally Posted by Zara BTW, anybody still remember No_One and his announcement about finding a way to obtain 3.6+ keys? What happened with that?

     He is still around. Seen him chatting on another site the other day.
     This stuff is hard. He is doing what he can.

143. 

     lunuxx
     11-08-2011
     07:11 PM

     143

     well it works
     go get your root key
     http://pastebin.com/8ZCqqsQq
     
     im just verifing it works and is safe to use...
     thats the dump i got from it fyi

144. 

     chrisrlink
     11-08-2011
     07:18 PM

     144

     but what if you dont have cfw IE i have 3.73

145. 

     lunuxx
     11-08-2011
     07:20 PM

     145

     Originally Posted by chrisrlink but what if you dont have cfw IE i have 3.73

     you will have to downgrade with a flasher, BUT if you have a ps3 that shipped from factory with metldr.2 you are SOL for now

146. 

     kixiximen
     11-08-2011
     07:23 PM

     146

     Originally Posted by lunuxx well it works go get your root key http://pastebin.com/8ZCqqsQq

     What does this mean?

147. 

     doc81
     11-08-2011
     07:23 PM

     147

     hmmmmm the blame game, devs giving up, sully something doesn't smell right, this could lead to a big treasure.......
     i dunno if i could speak for the people that silently watches from the side that appreciates all the devs work and test it all out to make it better, but i can speak for myself.
     I am a loyal .....firmware user, play games i always wanted and most of all have allot of fun playing (that's what we all want, to play good fun beautiful games at little or no expense, right!!), so lets lay low and see what it coming out for Christmas, okay people :-).
     
     Games i recommend playing (if they work):
     -Uncharted 1, 2 and 3
     -Batman Arkham Asylum and Arkham City
     -Final Fantasy 7 (psx burnt game, use multiman to play)
     -Call of Duty 3 (don't like fps games much, but its ok)
     -Bionic Commando + both PSN versions :-)
     -Hokuto No Ken (Fist of The North Star)
     -Castlevania lord of shadows (also play the nes, genesis and snes versions)
     -Metal Gear Solid 4 (also try the ps1 version) this is the game i bought my ps3 for, i got it original :-))))))))
     
     -Cursed Crusade (please someone get this to work )
     -Dark Souls (same as above)
     
     I think that's a hand full and if you like old skool rpg's try Suikoden 2, the first game is a bit of a drag but 2 is better.
     
     Good luck and happy playin guys :-))))
     Remember, there are allot of good games that work that you can play in the meantime :-))
     
     God bless y'all

148. 

     PepDawg24
     11-08-2011
     07:50 PM

     148

     Originally Posted by lunuxx well it works go get your root key http://pastebin.com/8ZCqqsQq im just verifing it works and is safe to use... thats the dump i got from it fyi

     is this real life?

149. 

     lunuxx
     11-08-2011
     07:54 PM

     149

     Originally Posted by PepDawg24 is this real life?

     uh yah
     its just a dump using the exploit, just proving it works

150. 

     gregory2590
     11-08-2011
     07:58 PM

     150

     Originally Posted by lunuxx well it works go get your root key http://pastebin.com/8ZCqqsQq im just verifing it works and is safe to use... thats the dump i got from it fyi

     
     
     (i hope i dont get in trouble for this, but i really wanted to post it)

151. 

     PepDawg24
     11-08-2011
     07:59 PM

     151

     Originally Posted by lunuxx uh yah its just a dump using the exploit, just proving it works

     well this is good news then

152. 

     gregory2590
     11-08-2011
     08:08 PM

     152

     So what's next? finding the keys?

153. 

     yeh_im_here
     11-08-2011
     08:10 PM

     153

     1 step closer . credits to math

154. 

     carldenning
     11-08-2011
     08:13 PM

     154

     Originally Posted by gregory2590 So what's next? finding the keys?

     yep and if u want the root key you have to get it your self , well once we know how 2 that is

155. 

     jp_cfc09
     11-08-2011
     08:13 PM

     155

     was wondering when his e-fame boost was comeing lol, hopefuly this will bring great things for us and boost the ps3 scene. thanks for the realse bro i love you too lololol dont think youll ever leave us, youd miss us to much lol

156. 

     danyboy666
     11-08-2011
     08:16 PM

     156

     Originally Posted by carldenning yep and if u want the root key you have to get it your self , well once we know how 2 that is

     Surely there's going to be some tool released for that. Just give it time people.

157. 

     Cheesethief
     11-08-2011
     08:25 PM

     157

     Can't say I am all that sorry to see him go. Whatever he would have made in the future would not influence us all that much as he would probably never release it. Like the past year or so he has hardly released anything of value.

158. 

     lunuxx
     11-08-2011
     08:29 PM

     158

     guys dont wanna give you the bad news but there will be no pkg to use this stuff its impossible to do in gameos, besides its really not that hard to do just follow the directions. hell theres even a shell script in there..... (i mean some of it is commented out but use common sense and play with it)
     in the dump the 1st 3 lines are really important
     
     

     So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0×00 to 0×30, which means you get to dump these too. (Although they are hardcoded in metldr’s code anyway)

159. 

     Cheesethief
     11-08-2011
     08:30 PM

     159

     Now back to the topic, hopefully we will have a nice big Christmas/Hanukkah/whatever you celebrate present this year from the devs that are working on this thing.

160. 

     SenorPickle
     11-08-2011
     08:46 PM

     160

     Originally Posted by lunuxx guys dont wanna give you the bad news but there will be no pkg to use this stuff its impossible to do in gameos, besides its really not that hard to do just follow the directions. hell theres even a shell script in there..... (i mean some of it is commented out but use common sense and play with it) in the dump the 1st 3 lines are really important

     Just to clarify (and since you're one of the few people that seems to post with useful information): which root key(s) does this dump? My understanding is there isn't a single "root key."

161. 

     xxxblitzxxx
     11-08-2011
     08:47 PM

     161

     guys we need to stop this if this keeps up were going to lose the people that helps us to have a better more expirience about ps3 community we need to help each other

162. 

     lunuxx
     11-08-2011
     08:49 PM

     162

     yes per console

163. 

     alwayshungry
     11-08-2011
     08:51 PM

     163

     guys dont wanna give you the bad news but there will be no pkg to use this stuff its impossible to do in gameos, besides its really not that hard to do just follow the directions. hell theres even a shell script in there..... (i mean some of it is commented out but use common sense and play with it)
     in the dump the 1st 3 lines are really important

164. 

     drjjose
     11-08-2011
     08:52 PM

     164

     im just a simple leacher i dont know programing or anything like that so im gratefull for anything that comes to the scene Thx math

165. 

     kingh11
     11-08-2011
     08:53 PM

     165

     I am very grateful for what math has done for the scene till now, including this release but seriously dude ur dumb. I mean if this leads to something big you bet ur ass that sony is gona come after you, hard. You could have just let the release be anonymous and even the instructions anonymous but now since you spoke out you are risking a legal battle and maybe jail all for what? for the scene? I dont think being the superman of the ps3 scene is worth all that..

166. 

     tenoob
     11-08-2011
     08:56 PM

     166

     Originally Posted by kingh11 I am very grateful for what math has done for the scene till now, including this release but seriously dude ur dumb. I mean if this leads to something big you bet ur ass that sony is gona come after you, hard. You could have just let the release be anonymous and even the instructions anonymous but now since you spoke out you are risking a legal battle and maybe jail all for what? for the scene? I dont think being the superman of the ps3 scene is worth all that..

     
     whatutalkinboutwillis?
     
     

167. 

     yozh
     11-08-2011
     08:58 PM

     167

     Originally Posted by lunuxx well in the first 3 lines of my dump: root riv: 00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.| root erk: 00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......| 00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|

     Lunuxx, you did that with rebug and otheros++ ? which linux distro you used to execute the files? i have no otheros in my console but if you used rebug ill try it today, point a guy in the right direction please

168. 

     denero1
     11-08-2011
     08:59 PM

     168

     Originally Posted by kingh11 I am very grateful for what math has done for the scene till now, including this release but seriously dude ur dumb. I mean if this leads to something big you bet ur ass that sony is gona come after you, hard. You could have just let the release be anonymous and even the instructions anonymous but now since you spoke out you are risking a legal battle and maybe jail all for what? for the scene? I dont think being the superman of the ps3 scene is worth all that..

     
     Basically he is saying if he didn't want to get in any trouble with sony why acknowledge that release of the leaked information as his -_- why not remain silent on the subject and just quietly leave the scene but now if this leads anywhere he pretty much acknowledged it to be his information that was leaked

169. 

     baargle
     11-08-2011
     09:01 PM

     169

     Originally Posted by alwayshungry guys dont wanna give you the bad news but there will be no pkg to use this stuff its impossible to do in gameos, besides its really not that hard to do just follow the directions. hell theres even a shell script in there..... (i mean some of it is commented out but use common sense and play with it) in the dump the 1st 3 lines are really important So will this help in getting the keys to sign eboots to 3.55 or is this still to early to ask?

     You sounded intelligent, then those last 2 lines....

170. 

     SenorPickle
     11-08-2011
     09:02 PM

     170

     Originally Posted by lunuxx well in the first 3 lines of my dump: root riv: 00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.| root erk: 00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......| 00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|

     Thanks for responding.
     
     I've also heard that root keys are system-specific (i.e. your keys are different than mine), is that the case? What do these keys allow access to? Other keys?

171. 

     Cage
     11-08-2011
     09:03 PM

     171

     Correct me if I am wrong but PCK doesn't really allow singning eboots OUTSIDE of your own console.
     
     You will be able to sign things but specifically for your own system, right?
     
     So in theory everyone who wants newer games will have to dump his root key?

172. 

     kingh11
     11-08-2011
     09:06 PM

     172

     Originally Posted by denero1 Basically he is saying if he didn't want to get in any trouble with sony why acknowledge that release of the leaked information as his -_- why not remain silent on the subject and just quietly leave the scene but now if this leads anywhere he pretty much acknowledged it to be his information that was leaked

     precisely. Thanks Denero

173. 

     denero1
     11-08-2011
     09:08 PM

     173

     Originally Posted by kingh11 precisely. Thanks Denero

     ahh no biggy i was thinking the same thing lol

174. 

     yozh
     11-08-2011
     09:10 PM

     174

     Originally Posted by Cage Correct me if I am wrong but PCK doesn't really allow singning eboots OUTSIDE of your own console. You will be able to sign things but specifically for your own system, right? So in theory everyone who wants newer games will have to dump his root key?

     not quite, the console keys you obtain using this procedure, are for decrypt stuff in your system, once the stuff is decrypted, pretty much is the same than other console..
     
     for signing stuff there are other keys which may be hidden somewhere in the ps3.

175. 

     carldenning
     11-08-2011
     09:11 PM

     175

     Originally Posted by yozh not quite, the console keys you obtain using this procedure, are for decrypt stuff in your system, once the stuff is decrypted, pretty much is the same than other console.. for signing stuff there are other keys which may be hidden somewhere in the ps3.

     u can sign it with 3.55 keys

176. 

     Narcarsiss
     11-08-2011
     09:12 PM

     176

     Originally Posted by CrystalWolf I had a further look and it shows that its says 3.50 exploit no too sure if I am right or wrong but since I'm not a dev don't take this too seriously. here is a screen shot of the image. Don't know if this makes any sense or not. But yeah.

     Im more inclined to say it would be for a custom 3.55 firmware, to be able to dump EDI0 and get per console keys?
     
     ^^Idea nothing more thats what i gathered reading the code

177. 

     yozh
     11-08-2011
     09:16 PM

     177

     Originally Posted by carldenning u can sign it with 3.55 keys

     yep we discussed this some days ago lol,
     
     we will see where the wind takes us, but good things ahead

178. 

     lunuxx
     11-08-2011
     09:17 PM

     178

     Originally Posted by SenorPickle Thanks for responding. I've also heard that root keys are system-specific (i.e. your keys are different than mine), is that the case? What do these keys allow access to? Other keys?

     you should be able to decrypt eid
     
     

     Originally Posted by yozh Lunuxx, you did that with rebug and otheros++ ? which linux distro you used to execute the files? i have no otheros in my console but if you used rebug ill try it today, point a guy in the right direction please

     otheros++ with ss patches
     ubuntu 10.10

179. 

     yozh
     11-08-2011
     09:23 PM

     179

     Originally Posted by lunuxx you should be able to decrypt eid otheros++ with ss patches ubuntu 10.10

     thank you man, will try to set up my console tonight

180. 

     lexar21
     11-08-2011
     09:51 PM

     180

     This is great news, though an unfortunate way to receive it. I'm sure Mathieulh won't see this, but I'm thankful for what he's done. Despite that people complain that he didn't really release anything, he did give some very helpful information.
     
     I guess I'll have to put linux back on my ps3 so I can get my keys

181. 

     MathRulesSceneSux
     11-08-2011
     09:54 PM

     181

     Thank you Math.
     
     lunuxx:
     Been using Ubuntu for over 5 years. Using bash and perl daily. What you gonna do with the dump? Never got into decompiling or assembly, but I wanted recently to try ida pro. Also can you upload the dump in raw format rather than a hexdump?
     
     If this dump is system specific could we maybe get two dumps and do a diff?
     
     Glad to see there's a single intelligent person in this thread. Congrats on your intelligence, you're 1 in a million literally.
     
     Also... I'm skilled enough with bash that I could turn that hexdump into binary in less than a minute probably.
     Edit: Had to do it just for the challenge...
     tail -n +2 dump.txt | cut -b 11-58 | tr -d " \n" | xxd -r -p > output.txt
     Screen: http://dl.dropbox.com/u/42660376/Screenshot.png
     I has your dumps.

182. 

     OoZic
     11-08-2011
     10:21 PM

     182

     Originally Posted by EmBoLa.be i vote for a Degradation of [MENTION=7773]GregoryRasputin[/MENTION] for supermod to a normal mod, and i want some else as supermod, someone who's neutral

     Lol, we already have a new supermod if you follow the news here correctly and he is very neutral if you look at his post count
     
     http://www.ps3hax.net/showpost.php?p...&postcount=154
     
     Edit: PS, next time use the words "vote for" in stead of "want"
     ************* [ - Post Merged - ] *************
     

     Originally Posted by lunuxx you should be able to decrypt eid otheros++ with ss patches ubuntu 10.10

     all ss patches including the one that kills trophies? I need to re-flash my CFW than .... Does it need 3.50 or is 3.55 also ok?
     
     Nice job to dump it so soon

183. 

     lunuxx
     11-08-2011
     10:47 PM

     183

     Originally Posted by MathRulesSceneSux Thank you Math. Glad to see there's a single intelligent person in this thread. Congrats on your intelligence, you're 1 in a million literally. Also... I'm skilled enough with bash that I could turn that hexdump into binary in less than a minute probably. Edit: Had to do it just for the challenge... tail -n +2 dump.txt | cut -b 11-58 | tr -d " \n" | xxd -r -p > output.txt Screen: http://dl.dropbox.com/u/42660376/Screenshot.png I has your dumps.

     just thought since it was out and math told everyone how to do it and theres wiki pages on everything it would be fun to play with
     really why not?
     and really anyone with a ps3 could run this as well my grandma could prolly run it

184. 

     MathRulesSceneSux
     11-08-2011
     11:03 PM

     184

     lunuxx:
     Great work doing that dump. To be honest I still don't understand much about this stuff even with the tons of pages I've read. Probably forgot it all after reading some of the incoherent rambling idiots on the various forums crying when there's this great news, but I really should know more with how much I've read.
     
     You're not gonna do anything with the dump you say? Just posting it is huge, maybe someone can make some sense of it. I'm gonna see if I can setup ida pro and maybe use some plugins from ps3devwiki to decompile/disassemble it. It should be ppc code I think. Or maybe that's ppu.
     
     I'm sure I won't be of any help, but maybe I can post something for the regular humans reading forums.
     
     Edit: Can not make anything from this dump. Was hoping I could get some pseudocode from it, but I really don't know what I'm doing. Failed.

185. 

     jarmster
     11-08-2011
     11:57 PM

     185

     Soooo, bootloader decryption is possible now???

186. 

     lunuxx
     11-09-2011
     12:25 AM

     186

     Originally Posted by OoZic Lol, we already have a new supermod if you follow the news here correctly and he is very neutral if you look at his post count http://www.ps3hax.net/showpost.php?p...&postcount=154 Edit: PS, next time use the words "vote for" in stead of "want" ************* [ - Post Merged - ] ************* all ss patches including the one that kills trophies? I need to re-flash my CFW than .... Does it need 3.50 or is 3.55 also ok? Nice job to dump it so soon

     i did use all the ss patches yeah it messes my games up but i just downgrade when i wanna play to 3.41 you can be on 3.55 or 3.41 it should work fine

187. 

     bubba
     11-09-2011
     12:59 AM

     187

     keep up the work guys

188. 

     Thelostdeathknight
     11-09-2011
     01:03 AM

     188

     I agree. great work!!

189. 

     gambaownsu
     11-09-2011
     01:04 AM

     189

     The ball's in your court now, ''developers''.

190. 

     gregory2590
     11-09-2011
     01:12 AM

     190

     Same avatars everywhere...
     
     
     WHAT IS THIS SORCERY?!

191. 

     pbanj
     11-09-2011
     01:15 AM

     191

     Originally Posted by gregory2590 Same avatars everywhere... WHAT IS THIS SORCERY?!

     not sure i think they are copying me. im scared

192. 

     DBCar83
     11-09-2011
     01:31 AM

     192

     Ladies and gents can we please give this to the DEV of all time for modern consoles commodore for eva aka c4eva and he will deliver to this scene which noone ever has seen before since geo and math hit the scene....altho many thanks to all their contributions no disrespect there....I am just sayin lets let the elder god of dev work do the final touches instead of his two sons haha :-P

193. 

     pbanj
     11-09-2011
     01:33 AM

     193

     Originally Posted by DBCar83 Ladies and gents can we please give this to the DEV of all time for modern consoles commodore for eva aka c4eva and he will deliver to this scene which noone ever has seen before since geo and math hit the scene....altho many thanks to all their contributions no disrespect there....I am just sayin lets let the elder god of dev work do the final touches instead of his two sons haha :-P

     
     hacking drive fw and hacking an entire game system is two different things, if you are going to talk about 360 devs at least talk about ones who do real hacks like gligli or team free60, im no saying he is a bad dev but all he does is drive firmware

194. 

     wombatcombat
     11-09-2011
     01:44 AM

     194

     Originally Posted by Musman Mathieulh is japanese he hates the usa. geohot much smarter and unlocked cfw

     i vote musman gets a new title "KING-OF-FAIL"
     
     
     also, my ps3 has 4 cell processors overclocked to 10 GHZ each, 50gb of ram,
     a 500TB hard drive, and can literally make it rain (it shoots flames out the
     back too, but i dont want to brag)

195. 

     Ghostofperdition
     11-09-2011
     01:46 AM

     195

     :D............:D.......:D Thanks Contributors :D

196. 

     Senaxx
     11-09-2011
     02:47 AM

     196

     So it seems the biggest ****storm is over. Have we decided yet if this (the leaking, and explanation by math) was a good thing or not? :P

197. 

     CrystalWolf
     11-09-2011
     02:58 AM

     197

     Originally Posted by Senaxx So it seems the biggest ****storm is over. Have we decided yet if this (the leaking, and explanation by math) was a good thing or not? :P

     To be honest Senaxx, its gonna lead to more drama, and bashing at Math. Personally it shouldn't have gotten leaked in the first place. Although the fact still remains that now that we have this in the open what do we do with it, or how can we implement it. Those are the real questions.

198. 

     mrsoczi
     11-09-2011
     03:36 AM

     198

     OK. On-topic question:
     
     Can anyone explain what this exploit does and what does it lead to? Simple question.

199. 

     Fl3th3r
     11-09-2011
     03:40 AM

     199

     Originally Posted by mrsoczi OK. On-topic question: Can anyone explain what this exploit does and what does it lead to? Simple question.

     Doesn't 1st page or tutorial pretty much explain all that?

200. 

     mrsoczi
     11-09-2011
     03:47 AM

     200

     Originally Posted by Fl3th3r Doesn't 1st page or tutorial pretty much explain all that?

     No, wise-ass. For a person who doesn't know the technical terms behind PS3 it is too confusing. I can't find an explicit answer where do we go from here. Besides, a few people back in the comments said that this may not lead to anything new since new FW don't use metldr anymore. So I'm confused and I would like to have an idea where are we going with this from now on.

201. 

     carldenning
     11-09-2011
     03:51 AM

     201

     Originally Posted by mrsoczi No, wise-ass. For a person who doesn't know the technical terms behind PS3 it is too confusing. I can't find an explicit answer where do we go from here. Besides, a few people back in the comments said that this may not lead to anything new since new FW don't use metldr anymore. So I'm confused and I would like to have an idea where are we going with this from now on.

     if we get our console root keys then it will mean we can decpyte every eboot that will come out for the ps3 dont matter what keys sony used and sign it for 3.55fw .also it will mean we can also decrypte ps3 fw 3.56 and above then we would sign it with 3.55 keys = cfw above 3.56 but only people on 3,55 will beable to install so it basicly like that but im just saying the easy bit there propbley lots of other stuff in between eg removing the black listed keys from 3.56+ fw and editing etc. hopefully u catched my drift

202. 

     Senaxx
     11-09-2011
     04:34 AM

     202

     Originally Posted by mrsoczi OK. On-topic question: Can anyone explain what this exploit does and what does it lead to? Simple question.

     Maybe i'm not the right person because I'm not that technical... but the way I understand: U have to see the security as a chain-of-trust. It's a chain of reactions. 1 loader doesn't work (decrypt) without the other loader. Now is Metldr the highest up in the chain-of-trust, so it means (if i'm right) the whole chain is compromised, and we can load our own code.
     
     
     
     And where it will lead us... Don't think anyone can tell you yet.. just wait and see.
     
     There's a site that explains a lot about the security maybe that will help you (and me) to understand it a bit better.
     
     http://www.edepot.com/playstation3.html#PS3_Security and look for the part about metldr.

203. 

     synce
     11-09-2011
     06:11 AM

     203

     Now that I think about it, this probably explains how people got Uncharted and Battlefield to work. I see a new CFW in time for xmas

204. 

     Senaxx
     11-09-2011
     06:19 AM

     204

     Originally Posted by synce Now that I think about it, this probably explains how people got Uncharted and Battlefield to work. I see a new CFW in time for xmas

     I don't want to burst your bubble but this has totally nothing to do with Uncharted and Battlefield... If i'm not mistaken Battlefield 3 and Uncharted 3 eboot's where taken by a developer with access to the dev network, and those eboot's where "just resigned" with 3.55 keys. In case of Uncharted 3 it was a bit more difficult but it all involved with having access to the dev network.
     
     And before you ask... no you can't access the dev network without a real Sony developers licence anymore.

205. 

     OoZic
     11-09-2011
     06:28 AM

     205

     Originally Posted by synce Now that I think about it, this probably explains how people got Uncharted and Battlefield to work. I see a new CFW in time for xmas

     Uhm, no it does not explain about UC3 and BF3....
     Also this can't be done with GameOS... start installing OtherOS++ first because the key is console specific. Without OtherOS++ you won't get the key and you need to build the CFW yourself.
     
     [MENTION=12889]Ginko[/MENTION] You are forgetting Linux/OtherOS got removed by $ony? For me this was the reason to hack my PS3. All I wanted was to get back what $ony stole from me, no matter the costs...
     
     I have no problem if someone pirates because of the lack of money btw if they are in a bad situation. But people earning 2ooo+ euro/dollar a month should just buy their games...

206. 

     mrsoczi
     11-09-2011
     06:28 AM

     206

     The price of True Blue on cool2deal just dropped from 99$ to 89$ and now they call it a SALE :D . I believe a few asses are on fire right now.

207. 

     carldenning
     11-09-2011
     06:40 AM

     207

     Originally Posted by mrsoczi The price of True Blue on cool2deal just dropped from 99$ to 89$ and now they call it a SALE :D . I believe a few asses are on fire right now.

     
     True blue whats that lol

208. 

     mrsoczi
     11-09-2011
     06:44 AM

     208

     Originally Posted by OoZic Uhm, no it does not explain about UC3 and BF3.... Also this can't be done with GameOS... start installing OtherOS++ first because the key is console specific. Without OtherOS++ you won't get the key and you need to build the CFW yourself.

     But when it comes to eboots/fixes for new games I think You don't need OtherOS. You only need a person who:
     a) has the new 3.56+ games;
     b) has a PS3 with OtherOS and has the key from Math exploit;
     c) will decrypt the 3.56+ games eboots and encrypt them back with 3.55 keys;
     d) publishes the eboots.
     
     Am I close or not rly?

209. 

     tcmkenny
     11-09-2011
     07:13 AM

     209

     Originally Posted by mrsoczi But when it comes to eboots/fixes for new games I think You don't need OtherOS. You only need a person who: a) has the new 3.56+ games; b) has a PS3 with OtherOS and has the key from Math exploit; c) will decrypt the 3.56+ games eboots and encrypt them back with 3.55 keys; d) publishes the eboots. Am I close or not rly?

     If they 3.60+ keys were extracted in such a way, you wouldnt need to re encrypt every single eboot. You could create a CFW with the new keys and save the work or re encypting every sinle eboot.
     
     Would this method work? as long as there is one pwned PS3 out there couldnt we use it to grab the keys from any future OFW ?

210. 

     baargle
     11-09-2011
     07:25 AM

     210

     Originally Posted by Ginko It doesn't matter if most can't hack and seem "greedy" to get their hands on your work. You should be glad. I've spoken to many hackers in my day and they were all always willing to share what they have, no buts or ifs and piracy wasn't even an issue. They pirated, like YOU ALL DO and always will do.

     This... ^
     
     Never a truer word spoken. Piracy\leechers have been around as long as hackers\crackers - and in the same ratio -

211. 

     FireF1y
     11-09-2011
     07:39 AM

     211

     Have you ever though that due to what happened to Holtz that he dose not want to give it away under his name. Maybe he has got people thinking it was leaked to keep his name clean.
     
     Food for thought.

212. 

     bigo93
     11-09-2011
     08:20 AM

     212

     But what most hackers want to do is to run homebrew applications, and as stated one of the results of that is and always will be piracy; there is nothing a dev can do to stop it, apart from not release.
     
     So yes this leak may enable piracy on almost all consoles, but it will also allow those hackers who want their own homebrew apps to work on newer firmwares, to work. (assuming this leads to unlocking the ps3 completely or even anything at all)
     
     If math is serious about not increasing piracy, he should stop developing hacks, or just keep it to himself and not boast about having done something first. It's not helpful at all, makes everyone hate him.
     
     Just remember that if someone does create something nice with this exploit to still thank math for making it, even though he wasnt going to release it anytime soon

213. 

     KillerBug
     11-09-2011
     08:22 AM

     213

     Originally Posted by mihakase Let the people have their cake and eat it, otherwise prepare to be crucified, essentially.

     Not essentially...exactly. Where would microsoft be if they refused to release windows? Where would adobe be if they had bragged about photoshop and then never released it? Even people who release apps that are useful to only 1% of the community get mad props...but Math doesn't because HE DOESN'T RELEASE ANYTHING.

214. 

     Warning
     11-09-2011
     08:23 AM

     214

     It sure would be nice if we could get a good ps3 Linux installation guide. I know there probably is one on this site somewhere but there has been lots of improvements lately and could use one that is fully up to date.

215. 

     H3avyRa1n
     11-09-2011
     08:29 AM

     215

     I wonder why people call my post a tutorial, it's not, it's a technical writeup on how to exploit metldr, with several (brand new) now documented exploits and the explanation on how the leaked .self file works.
     It's not some guide on how to use the leaked files themselves (that's just compiling the leaked spp_verifier_direct port and using it to load the self as a loader), It's really about how the exploit works (something only the author of the leaked files would be able to explain) and also about how metldr could be entirely exploited from scratch even without knowing the loader keys with the help of another exploit I disclosed in my post (one the leaked files did not use).
     
     Source

216. 

     H3avyRa1n
     11-09-2011
     08:50 AM

     216

     Is anyone aware that actually someone (which is also a ps3hax member) already managed to use this stuff successfully and get his root key? Of course not, everyone seem much more interested in flaming and discussing useless stuff..
     
     Props to you [MENTION=190741]lunuxx[/MENTION]

217. 

     medi01
     11-09-2011
     09:05 AM

     217

     Originally Posted by oPolo Math's level of skill really is unparallelled.. I as a software developer really envy him. We should all be grateful for the help he's given. Also before this, regardless of how it has been passed on to us.

     Except as software developer you shouldn't envy him, since he's not a software developer. Don't confuse it with reverse engineering the code.
     
     As far as I've followed the scene:
     
     1) geohot is the biggest talent, hands down
     2) all devs have pirated IDA (it costs about 10k Euro) but only Matieulh was hypocritical enough, to ***** about being oh so against piracy while actually pirating

218. 

     abdelkarim
     11-09-2011
     09:11 AM

     218

     Originally Posted by H3avyRa1n I have a suggestion, what about move this thread to the drama section and start a clean thread regarding this subject with USEFUL information like thoughts and findings about this exploit so we can actually reach somewhere good?

     this is a good idea

219. 

     Phreeq
     11-09-2011
     09:17 AM

     219

     Originally Posted by abdelkarim this is a good idea

     Don't you guys know how a forum works?
     
     :troll:

220. 

     bost7
     11-09-2011
     09:17 AM

     220

     
     
     Well Fu***ing done lunuxx

221. 

     Loan
     11-09-2011
     09:26 AM

     221

     Originally Posted by H3avyRa1n Is anyone aware that actually someone (which is also a ps3hax member) already managed to use this stuff successfully and get his root key? Of course not, everyone seem much more interested in flaming and discussing useless stuff.. Props to you [MENTION=190741]lunuxx[/MENTION]

     waiting on lunuux statue to start blessing him :D

222. 

     mrsoczi
     11-09-2011
     09:31 AM

     222

     Wait until it leads to any kind of stuff for the end user... Cause now it means nothing yet for us simpletons.

223. 

     BobbyCrush
     11-09-2011
     09:31 AM

     223

     Originally Posted by H3avyRa1n Is anyone aware that actually someone (which is also a ps3hax member) already managed to use this stuff successfully and get his root key? Of course not, everyone seem much more interested in flaming and discussing useless stuff.. Props to you [MENTION=190741]lunuxx[/MENTION]

     Does this mean he has the 3.60 keys?

224. 

     macphreak4evr
     11-09-2011
     09:33 AM

     224

     349 comments of NOTHING USEFUL!!!!
     
     the exploit is trivial, you need a Pre 3.56 console to have OtherOS++ and linux on it, you only get your UNIQUE key, it does NOT apply to everyone, if you have a 3.56 console your pretty much Fudged at the moment.

225. 

     GregoryRasputin
     11-09-2011
     09:33 AM

     225

     Ok all the junk/off topic/arguments have been cleared out of this thread.
     
     
     Any more off topic/fighting or thread derailment will result in a one month suspension, with zero warning, make sure you read this and understand.
     
     You want to talk about math, use this thread:
     http://www.ps3hax.net/showthread.php?t=29852
     But keep it the hell off the news articles....
     
     To be clear.
     THIS THREAD IS ABOUT "Metldr Exploit" NOT MATHIEUL

226. 

     hackeyking
     11-09-2011
     09:50 AM

     226

     Originally Posted by GregoryRasputin Ok all the junk/off topic/arguments have been cleared out of this thread, any more off topic/fighting or thread derailment will result in a one month suspension, with zero warning, make sure you read this and understand. You want to talk about math, use this thread: http://www.ps3hax.net/showthread.php?t=29852 But keep it the hell off the news articles.... To be clear. THIS THREAD IS ABOUT "Metldr Exploit" NOT MATHIEUL

     Finally some sense!

227. 

     medi01
     11-09-2011
     09:52 AM

     227

     I'm quite confused on how exploiting metldr once again (geohot did it ages ago, we even have public keys, what's the point?) could lead to decrypting lv0 / getting boot loader keys. Could somone comment on this.

228. 

     freestylemaster
     11-09-2011
     09:58 AM

     228

     Originally Posted by GregoryRasputin Ok all the junk/off topic/arguments have been cleared out of this thread, any more off topic/fighting or thread derailment will result in a one month suspension, with zero warning, make sure you read this and understand. You want to talk about math, use this thread: http://www.ps3hax.net/showthread.php?t=29852 But keep it the hell off the news articles.... To be clear. THIS THREAD IS ABOUT "Metldr Exploit" NOT MATHIEUL

     Thank you so much, really. Anyway, any progress on this exploit by any dev yet?
     
     
     Sent from my iPhone using Tapatalk

229. 

     lonewolf88
     11-09-2011
     10:07 AM

     229

     I cant belive someone has used this already and it works, thats sweet! what hardware was involved? and now you have your console keys, what do you do with them?

230. 

     greyestest
     11-09-2011
     10:08 AM

     230

     Originally Posted by macphreak4evr the exploit is trivial, you need a Pre 3.56 console to have OtherOS++ and linux on it, you only get your UNIQUE key

     And what it gives?

231. 

     lunuxx
     11-09-2011
     10:09 AM

     231

     ohai ill tell you guys howto use mathldr
     (i like to call it that, its kinda catchy)
     this is pretty safe
     just dont go crazy with it, your only gonna mess your eid up if you attemp to rehash it and flash or attempt in any way to replace your eid
     you can decrypt eid with root keys and static keys in the wiki key page
     
     prerequisites:
     1. otheros++ with ss patches (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain)
     2. linux on your ps3 (im using ubuntu 10.10)
     3. a unpacked copy of your flash (which you can obtain by using glevands dumpflash.pkg gitbrew.org/~glevand/ps3/pkgs/dump_flash.pkg) and an unpacked copy of ofw you will need the following files from these:
     metldr
     isoldr
     RL_FOR_PROGRAM.img
     EID0 (you will need to split eid from your flash http://www.ps3devwiki.com/index.php?...s#dump_EID0.sh)
     spp_verifier.self
     default.spp
     and obviously appldr-metldrexploit350.self from the files
     3. ps3tools (latest stuff that was for npdrm should work)
     4. latest gitbrew linux kernel
     5. a desire to quit *****ing and complaining and get off your ass.
     6. motivation (see prerequisite #5)
     ************************************************************************************************************
     
     you can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv alot.
     
     1. ssh into the ps3
     2. download the files
     a. wget http://gotbrew.org/metldr838exploit.tar.gz
     3. untar the files
     a. tar -xvf metldr838exploit.tar.gz
     4. enter the directory and compile
     a. cd metldr838exploit.tar.gz; make
     5 run the following commands now:
     insmod ./metldrpwn.ko
     cat metldr > /proc/metldrpwn/metldr
     cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
     cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg
     cat eid0 > /proc/metldrpwn/eid0
     echo 1 > /proc/metldrpwn/run
     cat /proc/metldrpwn/debug
     there now you have a dump check it out:
     hd /proc/metldrpwn/dump | less
     now copy the dump somewhere or youll lose it:
     cp /proc/metldrpwn/dump /home/username/
     now you have a copy in your home directory for safe keeping
     congrats youve completed about < 10 mins of actual work
     
     there you go keys are in 0x00 to 0x20 (first 3 lines)
     

     So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)

     example:
     erk: #
     00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......|
     00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|
     riv:
     00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.|
     the first 2 lines are erk the 3rd is riv
     and together they are eid0 like captain ****in planet
     
     btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at the moment
     oh thanx math
     thanx anon leaker
     
     some good reading on the subject:
     
     http://www.ps3devwiki.com/index.php?title=Boot_Order
     http://www.ps3devwiki.com/index.php?title=Dev_Tools
     http://www.ps3devwiki.com/index.php?title=Flash
     http://www.ps3devwiki.com/index.php?title=Talk:Flash
     http://www.ps3devwiki.com/index.php?title=IDPS
     http://www.ps3devwiki.com/index.php?title=Talk:IDPS
     http://www.ps3devwiki.com/index.php?...r_Console_Keys
     http://www.ps3devwiki.com/index.php?...r_Console_Keys
     http://www.ps3devwiki.com/index.php?...se_Engineering
     http://www.ps3devwiki.com/index.php?title=Talk:Keys
     http://www.ps3devwiki.com/index.php?...Unit_%28SPU%29
     http://www.ps3devwiki.com/index.php?...Unit_%28SPU%29
     http://www.ps3devwiki.com/index.php?...se_Engineering
     http://www.ps3devwiki.com/index.php?...se_Engineering

232. 

     AstarothX
     11-09-2011
     10:10 AM

     232

     amazing...:3

233. 

     alienkid
     11-09-2011
     10:18 AM

     233

     WOW...what a thread!
     
     Thanks to [MENTION=9827]mathieulh[/MENTION] for the TUT!
     Thanks to [MENTION=190741]lunuxx[/MENTION] for the supplemental TUT!

234. 

     Loan
     11-09-2011
     10:21 AM

     234

     so lunuux if this doesnt get you 3.xx key at least we can trick (patch) eboots ( for the sake to play newer games) with it ?
     
     this should be the master key too so dev can start do everything they want with the ps3 on 3.55 i guess too ?

235. 

     medi01
     11-09-2011
     10:28 AM

     235

     In the original post "decrypting lv0" is mentioned:
     
     

     . Oh! and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique.

236. 

     Rob1980
     11-09-2011
     10:39 AM

     236

     Originally Posted by lunuxx ohai ill tell you guys howto use mathldr (i like to call it that, its kinda catchy) prerequisites: 1. otheros++ with ss patches (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain) 2. linux on your ps3 (im using ubuntu 10.10) 3. a unpacked copy of your flash (which you can obtain by using glevands dumpflash.pkg gitbrew.org/~glevand/ps3/pkgs/dump_flash.pkg) and an unpacked copy of ofw you will need the following files: metldr isoldr RL_FOR_PROGRAM.img EID0 (you will need to split eid from your flash http://www.ps3devwiki.com/index.php?...s#dump_EID0.sh) spp_verifier.self default.spp and obviously appldr-metldrexploit350.self from the files 3. latest gitbrew linux kernel 4. a desire to quit *****ing and complaining and get off your ass. ************************************************************************************************************ you can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv alot. 1. ssh into the ps3 2. download the files a. wget http://gotbrew.org/metldr838exploit.tar.gz 3. untar the files a. tar -xvf metldr838exploit.tar.gz 4. enter the directory and compile a. cd metldr838exploit.tar.gz; make 5 run the following commands now: insmod ./metldrpwn.ko cat metldr > /proc/metldrpwn/metldr cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg cat eid0 > /proc/metldrpwn/eid0 echo 1 > /proc/metldrpwn/run cat /proc/metldrpwn/debug there now you have a dump check it out: hd/proc/metldrpwn/dump | less now copy the dump somewhere or youll lose it: cp /proc/metldrpwn/dump /home/username/ now you have a copy in your home directory for safe keeping congrats youve completed about < 10 mins of actual work there you go root keys are in 0x00 to 0x20 (first 3 lines) example: root erk: # 00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......| 00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{| root riv: 00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.| btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at the moment oh thanx math

     
     Perfect, thank you!
     
     I am more than happy to have a go at this, in fact, I would Like to have a go at this, as well as other stuff on my ps3 rather than relying on, and pressuring others to do it for me all the time. (although I personally have never asked anyone for anything, just waited until they are ready to release)
     
     
     Now, I'm obviously not a "Dev", I'm no programmer, I am pretty confident with certain software aspects, very good at following guides, great with hardware, ie soldering etc..
     
     So for the "normal" person like myself, what can I do, once I have followed this guide, and obtained my root keys, myself? can I use these to sign my own games which are meant for 3.60+? I wouldnt know how to yet, but again, eager to learn more so I'm not being spoon fed all the time.
     (i see you say it wont allow new games?, what nifty stuff are we talking about?)
     
     
     
     Thanks to Math for his hard work, his tut, lunuxx with his layman's tut, and everyone else that is constantly tinkering behind closed doors providing me with the required tools, and knowledge I am not capable of obtaining / creating myself yet.
     
     Rob

237. 

     Adamsville
     11-09-2011
     10:48 AM

     237

     Originally Posted by lunuxx ohai ill tell you guys howto use mathldr (i like to call it that, its kinda catchy) prerequisites: 1. otheros++ with ss patches (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain) 2. linux on your ps3 (im using ubuntu 10.10) 3. a unpacked copy of your flash (which you can obtain by using glevands dumpflash.pkg gitbrew.org/~glevand/ps3/pkgs/dump_flash.pkg) and an unpacked copy of ofw you will need the following files: metldr isoldr RL_FOR_PROGRAM.img EID0 (you will need to split eid from your flash http://www.ps3devwiki.com/index.php?...s#dump_EID0.sh) spp_verifier.self default.spp and obviously appldr-metldrexploit350.self from the files 3. latest gitbrew linux kernel 4. a desire to quit *****ing and complaining and get off your ass. ************************************************************************************************************ you can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv alot. 1. ssh into the ps3 2. download the files a. wget http://gotbrew.org/metldr838exploit.tar.gz 3. untar the files a. tar -xvf metldr838exploit.tar.gz 4. enter the directory and compile a. cd metldr838exploit.tar.gz; make 5 run the following commands now: insmod ./metldrpwn.ko cat metldr > /proc/metldrpwn/metldr cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg cat eid0 > /proc/metldrpwn/eid0 echo 1 > /proc/metldrpwn/run cat /proc/metldrpwn/debug there now you have a dump check it out: hd/proc/metldrpwn/dump | less now copy the dump somewhere or youll lose it: cp /proc/metldrpwn/dump /home/username/ now you have a copy in your home directory for safe keeping congrats youve completed about < 10 mins of actual work there you go keys are in 0x00 to 0x20 (first 3 lines) example: erk: # 00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......| 00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{| riv: 00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.| btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at the moment oh thanx math

     you lost me at prerequisites

238. 

     Cypherous
     11-09-2011
     10:49 AM

     238

     So wait, is the only way to get your per console key via otherOS because i really don't want to spend time fighting to try and install linux on this PS3 for a second time, it didn't work the first time and i have little patience for it, is there not just a .pkg to run that can grab it?

239. 

     nitr0genics
     11-09-2011
     10:49 AM

     239

     Originally Posted by Loan so lunuux if this doesnt get you 3.xx key at least we can trick (patch) eboots ( for the sake to play newer games) with it ? this should be the master key too so dev can start do everything they want with the ps3 on 3.55 i guess too ?

     
     no we cant patch eboots, we can already sign for 3.55, but we cant decrypt 3.6x+ eboots (no public method anyway)
     
     root keys or master keys as you refer to them were made public by geohot at the beggining of the year, 3.55 is about as good as it gets for now hence why we have a multitude of homebrew and backup managers amongst other things like the great CFW from the rebug team etc etc
     
     this is probably the same way geohot pwnd metldr the first time round but he never released the method (which is based off glevands spp_verifier and the work from fail0verflow)
     
     as lunuxx said, if your ps3 shipped with 3.56+ and the metldr.2 your SOL!
     
     lvl0 is the next step! lets see who pwns it!

240. 

     bubba
     11-09-2011
     10:53 AM

     240

     Keep up the good work lunuxx!! I am going to try This Weekend Woot..

241. 

     stevorkz
     11-09-2011
     11:26 AM

     241

     Really wish some people would stick to less technical forums instead of asking ridiculous questions. I can understand the question being asked once or twice...but If one more person asks if this gives cfw or 3.60 keys im going to bite my nails off and knit a jersey with them
     
     How the crap would this exploit bring about the recently released 3.55 signed eboots???
     
     http://www.edepot.com/playstation3.html#PS3_Security
     
     I think someone posted this link earlier (kudos to you dude) and I recommend you read it its an eye opener and a very good solid information source with regards to the ps3 security and what this metldr is and its purpose

242. 

     Qraze1
     11-09-2011
     12:00 PM

     242

     so, Geohots keys were the public and now are no longer fw356+ good.
     
     can these private per console keys be able to generate a new still usable keyset to tag maybe the newer firmwares after an fw update with a per console keyset based app/dump/keystealer thingamajhu installed prior?

243. 

     cyberdude
     11-09-2011
     12:06 PM

     243

     so if i (end user) use lunuxx's method to get my own personal key,what do i benifit from?
     and how would i use the key?

244. 

     Annelies
     11-09-2011
     12:11 PM

     244

     Originally Posted by cyberdude so if i (end user) use lunuxx's method to get my own personal key,what do i benifit from? and how would i use the key?

     I can't answer your question but personally, I'd hold off on it. So far, I don't see the benefit, however somebody will most likely create a much safer all-in-one .PKG file in the near-future.

245. 

     Señor_Striatum
     11-09-2011
     12:14 PM

     245

     Can someone please elucidate what they know regarding eid0 please? I asked this last time we discussed metldr but with no answer. I understand metldr decrypts eid0 and before this we had per_console key 1&2 but what exactly is accomplished, that we are sure of, by decrypting eid0? I understand the answer may be unclear or yet to be determined but what is the speculated role of eid0 and what's the next step in our newly lit path?
     
     Any info is better than none. Thank you. I am speculating devoting a lot of my time to see if I'm capable of learning and contributing to this aspect of the scene but I certainly have a ways to go. Thanks guys.

246. 

     cyberdude
     11-09-2011
     12:16 PM

     246

     thanks for the reply annelies but i wasnt planning on doing it,im not clever enough for that,i just wanted to know what benifits having my personal key would be.and what i could do with the key.

247. 

     Thelostdeathknight
     11-09-2011
     12:44 PM

     247

     Originally Posted by Annelies I can't answer your question but personally, I'd hold off on it. So far, I don't see the benefit, however somebody will most likely create a much safer all-in-one .PKG file in the near-future.

     An all in one silver spoon .pkg isn't possible. it's OOS++ or nothing. ......Behold the power of linux!!!! MWAHAHAHAHA

248. 

     Pockets69
     11-09-2011
     12:45 PM

     248

     *Claps* gratz lunuxx, this one is much easier eh? :P
     
     */me feels sad for not having the ps3 right now*

249. 

     denero1
     11-09-2011
     12:53 PM

     249

     I agree with annelies on this i will take the wait and see approach until i start doing anything wait until there is an actual goal behind doing this >.<

250. 

     freestylemaster
     11-09-2011
     01:01 PM

     250

     First of all, forgive me for my English.
     Obviously, some of you guys (with knowledge of what's going on here) have been pissed off by nonsense questions/comments by users however by the looks of how it is going, I am sure the questions will continue to come. I mean come on, this news is all around the net or at least to those who has been stock with 3.55 CFW. The questions from non devs that rise after this news is pointless to those who knows but with all due respect, end users are so much curious and have no idea what is going on and what to expect. So if one could explain and shed some light in as much details in noob language, things will be much better.
     
     jm2cents
     Rgrds

251. 

     mrsoczi
     11-09-2011
     01:14 PM

     251

     freestylemaster: from what I understood so far these keys are not the answer but they lead to the answer (the more important keys). Correct me if I'm wrong anyone.

252. 

     Rob1980
     11-09-2011
     01:21 PM

     252

     Im just looking on ps3devwiki, looking at security and boot sequence.
     
     I can see from the diagram why people are saying this will not lead to 3.60+ keys..
     
     Is this completely useless? Is it only bootldr and lvl0 that we really want?
     
     
     
     oh.. whilst reading, I found this, could somebody please explain it in full detail, it sounds promising, but I'm unsure?
     
     
     
     

     1) Read/Writeable with undocumented / should also be read/writeable through serial port and possible to switch it to the backup bank1 with backup_mode pulled high 2) CEX/Retail consoles go to standby with red light. SEX/SHOP/SECH will not standby, but instead boot through without waiting for powerbutton. Also check is done on all models if update is flagged to set it into firmware updating procedure 3) Partialy Read/Writeable

     

253. 

     Albert Wesker
     11-09-2011
     01:23 PM

     253

     [MENTION=204816]freestylemaster[/MENTION]
     As you see on the picture we now have access to the metldr. With this, I think if you figure out how, you also have access to all stuff below, so rvkldr, isoldr, appldr, lv2ldr and lv1ldr and with this the next stuff below. If the picture is right, the only thing we don't have access to is bootldr and lv0.
     
     
     
     With some time maybe some devs will find some nice things with this access now, because the metldr is above the most other ldrs.
     
     I personally like the fact that it's not possible yet to play 3.56+ games with this or have another cfw. Not because I don't want to play Games which need 3.56+, I want to buy some games which are 3.56+, but just because of the fact that everyone annoy the devs when they can't play the newest games here and now or don't have the newest cfw here and now. I think it's a good way for THIS people to learn that you just can't have everything here and now, and to learn that they shouldn't ever bite the hands that feed them (and also me). And that's a fact because we don't know how it works! I can wait years for this if i have to.
     
     the laughter against Math now sticks in their throat after they have nothing yet, and Math now won't help anymore.

254. 

     sakuraba
     11-09-2011
     01:27 PM

     254

     Originally Posted by mrsoczi freestylemaster: from what I understood so far these keys are not the answer but they lead to the answer (the more important keys). Correct me if I'm wrong anyone.

     In a nutshell..
     
     PS3 devs = Indiana Jones
     3.60+ keys = The Lost Ark
     This 'news' = We've just met that bird in her cafe and she's got her dads headpiece.
     
     Oh and Sony = Major Toht
     
     In other words, there's still a lot of story to tell before this is all 'useful' to us mere spectators

255. 

     Jamesoow
     11-09-2011
     01:29 PM

     255

     Originally Posted by Rob1980 Im just looking on ps3devwiki, looking at security and boot sequence. I can see from the diagram why people are saying this will not lead to 3.60+ keys.. Is this completely useless? Is it only bootldr and lvl0 that we really want? oh.. whilst reading, I found this, could somebody please explain it in full detail, it sounds promising, but I'm unsure?

     
     Yes, absolutely. I think .. I'm sorry .. I KNOW that the quote you put on is the answer to all our questions. The SECH part is not as important, but SEX/SHOP will enable playing even 5.0 FW games (even without the traditional way of jailbreaking). This is also confirmed by a guy I know who works for Sony (PS Security).
     
     Thanks for sharing !!

256. 

     macphreak4evr
     11-09-2011
     01:32 PM

     256

     you need 3.55 console
     you need on that console otheros++
     then install Linux (ubuntoo or whatever)
     use the guides to get your unique key
     do nothing with that key because at the moment, there is nothing to be done with it.
     
     also* if you have a newer metldr2 machine, dont even bother,
     also** if you have a 3.56+ firmware, dont bother. unless you want to progskeet it and downgrade back, then do start at step 1
     
     good?

257. 

     Albert Wesker
     11-09-2011
     01:37 PM

     257

     Originally Posted by macphreak4evr you need 3.55 console you need on that console otheros++ then install Linux (ubuntoo or whatever) use the guides to get your unique key do nothing with that key because at the moment, there is nothing to be done with it. also* if you have a newer metldr2 machine, dont even bother, also** if you have a 3.56+ firmware, dont bother. unless you want to progskeet it and downgrade back, then do start at step 1 good?

     Perfect explained!

258. 

     Elegant
     11-09-2011
     01:43 PM

     258

     Originally Posted by Rob1980 Im just looking on ps3devwiki, looking at security and boot sequence. I can see from the diagram why people are saying this will not lead to 3.60+ keys.. Is this completely useless? Is it only bootldr and lvl0 that we really want? oh.. whilst reading, I found this, could somebody please explain it in full detail, it sounds promising, but I'm unsure?

     If I'm not mistaken gitbrew dumped the bootldr so that's step 1 but it was encrypted with what appeared to be the same keys as the metldr, (therefore the per console root key). So if we have the console root key now, we can do step 2 and decrypt it.

259. 

     Progamer
     11-09-2011
     01:49 PM

     259

     Originally Posted by Jamesoow Yes, absolutely. I think .. I'm sorry .. I KNOW that the quote you put on is the answer to all our questions. The SECH part is not as important, but SEX/SHOP will enable playing even 5.0 FW games (even without the traditional way of jailbreaking). This is also confirmed by a guy I know who works for Sony (PS Security). Thanks for sharing !!

     One question why don't you ask THIS GUY (:D maby he is very nice and wants to get in trouble with sony :D )to give us the public key?

260. 

     nitr0genics
     11-09-2011
     01:59 PM

     260

     or why not call IBM customer services and ask for the cell root key?

261. 

     Progamer
     11-09-2011
     02:09 PM

     261

     Originally Posted by nitr0genics or why not call IBM customer services and ask for the cell root key?

     Why not i mean the could do this

262. 

     Ghostofperdition
     11-09-2011
     02:41 PM

     262

     Originally Posted by nitr0genics or why not call IBM customer services and ask for the cell root key?

     someone please do this and youtube it :D

263. 

     Maajid
     11-09-2011
     02:54 PM

     263

     This thread's a mess, can't go through all the posts - can anyone sum up the leak and what it means for the scene in three sentences or less?

264. 

     Jamesoow
     11-09-2011
     02:58 PM

     264

     Ghehe I hope you people know that I was just kiddin :D
     
     [MENTION=100711]Maajid[/MENTION], you don't have to look that hard to find it. Just look at the previous posts ..

265. 

     pampos
     11-09-2011
     02:59 PM

     265

     so i have read the hole comments and i have a question. My ps3 is on firmware 3.72 .i was jailbreak my ps3 in the pass but the psn is a part of my life so i was update my system...now if something new like cfw 3.72 or 3.73 came out one day,im i will be able to install it i mean just like the 3.55 and 3.41 or something like that is not possible ? Somebody that knows something pls let me know. sry for any mistakes guys..haha thts sony when he read this hahaha nic smile!!

266. 

     Jamesoow
     11-09-2011
     03:04 PM

     266

     Damnit. Doublepost. Delete please ..

267. 

     Albert Wesker
     11-09-2011
     03:08 PM

     267

     Originally Posted by pampos so i have read the hole comments and i have a question. My ps3 is on firmware 3.72 .i was jailbreak my ps3 in the pass but the psn is a part of my life so i was update my system...now if something new like cfw 3.72 or 3.73 came out one day,im i will be able to install it i mean just like the 3.55 and 3.41 or something like that is not possible ? Somebody that knows something pls let me know. sry for any mistakes guys..haha thts sony when he read this hahaha nic smile!!

     "you need 3.55 console
     ...
     also* if you have a newer metldr2 machine, dont even bother,
     also** if you have a 3.56+ firmware, dont bother. unless you want to progskeet it and downgrade back, then do start at step 1"

268. 

     Cage
     11-09-2011
     03:26 PM

     268

     Originally Posted by pampos so i have read the hole comments and i have a question. My ps3 is on firmware 3.72 .i was jailbreak my ps3 in the pass but the psn is a part of my life so i was update my system...now if something new like cfw 3.72 or 3.73 came out one day,im i will be able to install it i mean just like the 3.55 and 3.41 or something like that is not possible ? Somebody that knows something pls let me know. sry for any mistakes guys..haha thts sony when he read this hahaha nic smile!!

     Once again.
     Don't hope for new CFW because it won't happen in a long time, especially with access to PSN.
     
     However we are not so far (in theory at least, if everything goes just as planned) from making signed eboots and thus playing new games on CFW 3.55.

269. 

     lunuxx
     11-09-2011
     03:31 PM

     269

     ive put the guide on here:
     http://www.ps3devwiki.com/index.php?...Dumping_Metldr
     
     if it ever disappears ive put it here as well:
     
     http://gotbrew.org

270. 

     nzie
     11-09-2011
     03:35 PM

     270

     nice guide

271. 

     squishy
     11-09-2011
     03:36 PM

     271

     So am I correct in saying, for the end user, this MAY end up similar to the xbox360 jtag exploit i.e:
     
     Install Linux (xell, xellous) boot to system, extract cpu keys (per console keys)
     
     Open and drop keys into your favorite bootmaker on pc
     
     Flash the nand with said image tailored to the specific system? (pkg or whatever)
     
     Or am I WAY off?

272. 

     bost7
     11-09-2011
     03:36 PM

     272

     Maybe this is what Math was talking about???? :O
     
     

273. 

     Albert Wesker
     11-09-2011
     03:37 PM

     273

     Originally Posted by Cage Once again. Don't hope for new CFW because it won't happen in a long time, especially with access to PSN. However we are not so far (in theory at least, if everything goes just as planned) from making signed eboots and thus playing new games on CFW 3.55.

     I think we are. If i get it right, than someone has to understand the method Mathieulh used to decrypt the metldr and has to use the same method to decrypt the lv 0:
     
     "P.S. Oh! and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique. "
     
     I think that will take some time...

274. 

     luqi
     11-09-2011
     03:40 PM

     274

     i total agree with you Albert Wesker
     
     what really needs to be investigated is this tweet: http://twitter.com/#!/Mathieulh/stat...22170719436800
     
     // verify metadata offset is not too big //if (data->self_header->metaOffset >= 0x800) //return 0x20; // (cont) http://tl.gd/e2te63
     
     and this tweet: http://twitter.com/#!/Mathieulh/stat...76434690621441
     
     Oh and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique/exploit
     
     both of these hints are very interesting. with another self fail we could get later keys. if we dump a decrypted lv0 we get later keys. two ways right there to get later public keys.

275. 

     devstar
     11-09-2011
     04:18 PM

     275

     are bootldr and metldr not encryted with the same key eg the per console key so would this mean once i have my per console key from metldr could i use it to decrypt bootldr ? also from what i can fathom u need hardware to dump bootldr but gitbrew already has a dump of it is it public ? would my key decrypt there dump ? lol that just sounds awesome i know

276. 

     devstar
     11-09-2011
     04:51 PM

     276

     cool so what kinda hardware would i need would it be possible with e3 as my soldering skills are non existant

277. 

     8E068EDFA0C8DEA3
     11-09-2011
     04:56 PM

     277

     you can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv alot.

     who thinks this guy doesn't even have a girlfriend? no disrespect, it just seems totally random and out of place to mention your girlfriend's tv watching habit in a hacking tutorial.
     
     anyways, here is hoping some permanent solution comes out of this.

278. 

     freestylemaster
     11-09-2011
     05:18 PM

     278

     Just a quick question;
     
     I've compiled hex2key (attached) and tried the first 3 hex line lunuxx posted above @231 and basically all I get is the ANSI code converted from hex code. Is this really what hex2key supposed to do? I mean we could easily get this with an hex editor or am I doing something wrong?
     Anyone have any idea?
     
     Rgrds

279. 

     lunuxx
     11-09-2011
     05:29 PM

     279

     Originally Posted by 8E068EDFA0C8DEA3 who thinks this guy doesn't even have a girlfriend? no disrespect, it just seems totally random and out of place to mention your girlfriend's tv watching habit in a hacking tutorial. anyways, here is hoping some permanent solution comes out of this.

     indeed somewhat out of place to mention, but its the truth
     i cant do very much on the tv sometimes and id rather not bore everyone in the room by having the tv sit on a black screen fyi
     
     about the hex2key i fixed one and left a note on the wiki so there are 2 links to hex2key the edit is the one i slightly repaired all credit for the app goes to anon for creating it
     its supposed to make a binary file

280. 

     freestylemaster
     11-09-2011
     05:32 PM

     280

     Originally Posted by lunuxx indeed somewhat out of place to mention, but its the truth i cant do very much on the tv sometimes and id rather not bore everyone in the room by having the tv sit on a black screen fyi about the hex2key i fixed one and left a note on the wiki so there are 2 links to hex2key the edit is the one i slightly repaired all credit for the app goes to anon for creating it its supposed to make a binary file

     I used the edited one. So is it only to convert hex to ANSI ? after creation of the bin file and opening it with notepad gives me the exact ANSI code.

281. 

     baargle
     11-09-2011
     05:39 PM

     281

     Can anyone explain what this actually brings? If not for the end user, then the developer. What is now more open that wasn't before. If the flow chart a nice member posted a couple of pages back is to be believed, then nothing?
     
     Slightly confused, as this was talked about as the jewel of PS3 hacking, Not by ignorant people who can't hack like myself, but in news articles on here, psx-scene. (Arguable over if they are any less ignorant than myself but not the point)
     
     So this is nothing then?

282. 

     8E068EDFA0C8DEA3
     11-09-2011
     06:28 PM

     282

     Originally Posted by Warning His ps3 is hooked up to his tv, so he uses his computer to access his ps3. I do not see anything strange about that. Someday when you have a significant other you will understand the need to compromise tv usage.

     I have 3 26'' TVs, one for each bedroom, they are cheap nowadays. I already understand relationship stuff but wouldn't try to prove by talking about it in a ps3 hacking tutorial.
     
     
     
     

     Originally Posted by lunuxx indeed somewhat out of place to mention, but its the truth i cant do very much on the tv sometimes and id rather not bore everyone in the room by having the tv sit on a black screen fyi about the hex2key i fixed one and left a note on the wiki so there are 2 links to hex2key the edit is the one i slightly repaired all credit for the app goes to anon for creating it its supposed to make a binary file

     yeah man I understand, it was just me drunk posting. thanks for your hard work and contribution.

283. 

     lunuxx
     11-09-2011
     06:37 PM

     283

     Originally Posted by 8E068EDFA0C8DEA3 I have 3 26'' TVs, one for each bedroom, they are cheap nowadays. I already understand relationship stuff but wouldn't try to prove by talking about it in a ps3 hacking tutorial. yeah man I understand, it was just me drunk posting. thanks for your hard work and contribution.

     i dont think i need to explain myself, though i already have go ahead and think what your gonna think and what not, instead of trying to insult me why dont you try to find out more if your that damn interested in my personal life. follow me on twitter or other social sites whatever. because i dont own another television and/or i dont feel like being apart from my family shut up in another room of the house for hours is really none of your business but there i just explained more. (which i shouldnt have to do)

284. 

     VIRGIN KLM
     11-09-2011
     07:07 PM

     284

     Questions (please don't laugh if I sound funny):
     
     1. To what I understand, this could lead to having kernel access to PS3 right?
     Since ps2 emu self rely on kernel wouldn't we be able to do exactly what Cobra did in a more ''native way''? Also wouldn't this actually tackle with a hack the checks PS3 does on PS3/PSOne games if the disc you insert is an original disc or a backup?
     
     2. Also since metldr is the head of the whole chain of trust procedure, wouldn't we be able to make modified firmwares with stuff like modified (and funtional) vsh.self and pre-vsh stuff like the PSP plugin loader, without breaking the chain of trust of PS3?
     
     3. Aren't we now able to enable the 8th SPU of PS3 and use it on GameOS?(Don't tell me that it's too dangerous and that by default Sony had dissabled it to tackle production failures, it's not an answer to my question and I already know that)

285. 

     Master_Teeee
     11-09-2011
     07:36 PM

     285

     Okay guys, just registered to post this...
     
     Metldr (meta loader) is one of the lowest level functions of the P$3. It is a per console, unique, hardware based code... Meaning the one for your console, is only for your console. Each one has its own. I will refer to this as your 'hard key'.
     
     Now, if you remember, back before geohot got sued, he released a set of keys, most important of which (for all your pirates out there), was the appldr (application loader) key. These are public keys, meaning that every P$3 made uses the SAME keys... This is how your P$3 decides whether the .pup (a firmware file [3.55 for example]) is genuine, or fake. These keys are decided by software, and therefore don't physically exist. This means that they can be updated whenever $ony see's fit, and is the reason modern games won't run on old firmwares.
     
     Now, if you also cast your mind back, you'll remember that when geohot was about to get sued, he posted a comment similar to, "So no one STILL knows how I got the metldr keys???? ". He mentioned this, because if the metldr encryption key is known, then the soft keys can be decrypted. If the soft keys can be decrypted you can exploit the appldr, and have all your backup managers etc, on any firmware.
     
     What makes this metldr key so special, is that, unlike the 'soft' keys, no update can be brought out to modify your metldr key. And, so long as you always know your metldr key (which you can do now), you will ALWAYS know your 'soft' keys, which are what 99% of you are here to try and find out.
     
     Put simply:
     metldr key = soft keys = cfw
     
     This is why it's taken so long to get past 3.55. Geohot released the 'soft' keys, using his own metldr exploit (one would imagine was very similar, if not identical to this piece of C), but never released the method with which to obtain the metldr key itself. So the soft keys released could be updated, and, as we all know they were, and the system re-secured... Now however, we have full access to decrypt the soft keys, effectively continuing where geohot left off.
     
     I hope that this makes sense to at least a couple of you, and sheds some light as to what this means for the scene, and also why people like math and geo were so reluctant to release these exploits.
     
     Peace...

286. 

     mosstopher
     11-09-2011
     07:55 PM

     286

     Originally Posted by Master_Teeee Okay guys, just registered to post this... (---edited for space---) ...Peace...

     Great post, Nice, simple explanations for people like me who, whilst having unending interest and enthusiasm, lack the skills and the brainpower to understand anything!

287. 

     gregory2590
     11-09-2011
     08:07 PM

     287

     Originally Posted by Master_Teeee Okay guys, just registered to post this... Metldr (meta loader) is one of the lowest level functions of the P$3. It is a per console, unique, hardware based code... Meaning the one for your console, is only for your console. Each one has its own. I will refer to this as your 'hard key'. Now, if you remember, back before geohot got sued, he released a set of keys, most important of which (for all your pirates out there), was the appldr (application loader) key. These are public keys, meaning that every P$3 made uses the SAME keys... This is how your P$3 decides whether the .pup (a firmware file [3.55 for example]) is genuine, or fake. These keys are decided by software, and therefore don't physically exist. This means that they can be updated whenever $ony see's fit, and is the reason modern games won't run on old firmwares. Now, if you also cast your mind back, you'll remember that when geohot was about to get sued, he posted a comment similar to, "So no one STILL knows how I got the metldr keys???? ". He mentioned this, because if the metldr encryption key is known, then the soft keys can be decrypted. If the soft keys can be decrypted you can exploit the appldr, and have all your backup managers etc, on any firmware. What makes this metldr key so special, is that, unlike the 'soft' keys, no update can be brought out to modify your metldr key. And, so long as you always know your metldr key (which you can do now), you will ALWAYS know your 'soft' keys, which are what 99% of you are here to try and find out. Put simply: metldr key = soft keys = cfw This is why it's taken so long to get past 3.55. Geohot released the 'soft' keys, using his own metldr exploit (one would imagine was very similar, if not identical to this piece of C), but never released the method with which to obtain the metldr key itself. So the soft keys released could be updated, and, as we all know they were, and the system re-secured... Now however, we have full access to decrypt the soft keys, effectively continuing where geohot left off. I hope that this makes sense to at least a couple of you, and sheds some light as to what this means for the scene, and also why people like math and geo were so reluctant to release these exploits. Peace...

     HOLY ****
     
     I WAS WAITING FOR "THAT ONE POST" WHERE SOMEONE MAKES SENSE ON EXPLAINING WHAT THIS MEANS!
     
     +9001 internets to you. Lurk here more please.

288. 

     Viriatus
     11-09-2011
     08:07 PM

     288

     Originally Posted by muny21 this thread needs to be locked but i guess the mods and/or admins here love drama and have nothing else to do but read through pages and pages of bickering. lock this thread and only update as needed.

     I gotta disagree with you.
     
     There's quite a bit of usefull information beeing shared around here, you just gotta look past the whole mathieu flames.
     
     
     BTW, thanks master_teee been searching the whole thread for some information of what could be expected from the metldr leak.

289. 

     luqi
     11-09-2011
     08:08 PM

     289

     Originally Posted by Master_Teeee Okay guys, just registered to post this... Metldr (meta loader) is one of the lowest level functions of the P$3. It is a per console, unique, hardware based code... Meaning the one for your console, is only for your console. Each one has its own. I will refer to this as your 'hard key'. Now, if you remember, back before geohot got sued, he released a set of keys, most important of which (for all your pirates out there), was the appldr (application loader) key. These are public keys, meaning that every P$3 made uses the SAME keys... This is how your P$3 decides whether the .pup (a firmware file [3.55 for example]) is genuine, or fake. These keys are decided by software, and therefore don't physically exist. This means that they can be updated whenever $ony see's fit, and is the reason modern games won't run on old firmwares. Now, if you also cast your mind back, you'll remember that when geohot was about to get sued, he posted a comment similar to, "So no one STILL knows how I got the metldr keys???? ". He mentioned this, because if the metldr encryption key is known, then the soft keys can be decrypted. If the soft keys can be decrypted you can exploit the appldr, and have all your backup managers etc, on any firmware. What makes this metldr key so special, is that, unlike the 'soft' keys, no update can be brought out to modify your metldr key. And, so long as you always know your metldr key (which you can do now), you will ALWAYS know your 'soft' keys, which are what 99% of you are here to try and find out. Put simply: metldr key = soft keys = cfw This is why it's taken so long to get past 3.55. Geohot released the 'soft' keys, using his own metldr exploit (one would imagine was very similar, if not identical to this piece of C), but never released the method with which to obtain the metldr key itself. So the soft keys released could be updated, and, as we all know they were, and the system re-secured... Now however, we have full access to decrypt the soft keys, effectively continuing where geohot left off. I hope that this makes sense to at least a couple of you, and sheds some light as to what this means for the scene, and also why people like math and geo were so reluctant to release these exploits. Peace...

     Most helpfull post of today, thank you man

290. 

     gregory2590
     11-09-2011
     08:16 PM

     290

     Shoutout to the devs:
     
     If you're working on this now,
     
     
     be
     
     the ****
     
     careful
     
     
     This is like asking to be sued.

291. 

     danyboy666
     11-09-2011
     08:59 PM

     291

     Originally Posted by danielonys cfw on 3.73 ???? http://www.ea.com/mx/futbol/gameface...MfzXxBdQ%3D%3D

     
     Are you n00bs doing it on purpose or what?? Seems like the 800x109 header isn't big enough. It's really depressing seing those "HAZ CFW 3.7x?" comments every time a new intelligent comment is made.
     
     By the way, props to Master_Teeee for the lamens terms explanation, it really sheds light on Metldr.

292. 

     djhazardous
     11-09-2011
     09:09 PM

     292

     Does anyone know if this could lead to a 3.72/3.73 Downgrader?

293. 

     carldenning
     11-09-2011
     09:16 PM

     293

     Originally Posted by djhazardous Does anyone know if this could lead to a 3.72/3.73 Downgrader?

     as far a i know it wont

294. 

     DBCar83
     11-09-2011
     09:39 PM

     294

     Originally Posted by pbanj hacking drive fw and hacking an entire game system is two different things, if you are going to talk about 360 devs at least talk about ones who do real hacks like gligli or team free60, im no saying he is a bad dev but all he does is drive firmware

     
     true but he still owns

295. 

     lunuxx
     11-09-2011
     10:04 PM

     295

     guys calm down
     
     i just wanna let you all know that all the answers you want are in my post
     just read it and also check the links for suggested reading material they will put all your questions to rest
     
     here is everything updated and right:
     
     or on the devwiki:
     
     http://www.ps3devwiki.com/index.php?...Dumping_Metldr
     
     so chill sit back relax open your mind up and read

296. 

     Señor_Striatum
     11-09-2011
     10:17 PM

     296

     Originally Posted by lunuxx guys calm down i just wanna let you all know that all the answers you want are in my post just read it and also check the links for suggested reading material they will put all your questions to rest here is everything updated and right: http://gotbrew.org or on the devwiki: http://www.ps3devwiki.com/index.php?...Dumping_Metldr so chill sit back relax open your mind up and read

     Thank you for the material this is exactly what I needed. Also thanks for going through the trouble of prepping the tutorial and for verifying the exploit. To be honest I have stopped checking this thread unless I see that you have posted for obvious reasons. Just wanted to give thanks for your contributions. Take care.

297. 

     nomad098
     11-09-2011
     10:44 PM

     297

     this is what Mathieulh said on nother site
     
     

     P.S. Oh! and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique.

     what does shared lsa dump mean?
     and when he says decrypt lv0 is he talking about per console key lv0 or somthing?

298. 

     wtfTroll
     11-09-2011
     10:47 PM

     298

     Originally Posted by nomad098 this is what Mathieulh said on nother site what does shared lsa dump mean? and when he says decrypt lv0 is he talking about per console key lv0 or somthing?

     Meh LV0 is not a per console key

299. 

     AsSiTcH
     11-09-2011
     10:47 PM

     299

     Originally Posted by nomad098 this is what Mathieulh said on nother site what does shared lsa dump mean? and when he says decrypt lv0 is he talking about per console key lv0 or somthing?

     Shared Local Store Address
     No

300. 

     pip1
     11-09-2011
     10:58 PM

     300

     So the question is how long is it going to take before someone posts 3.60+ decrypted firmware files. That would be the next step to unsigned code on 3.60+ not that it matters much if you try to go online sony will ban you and all we really need is the keys.

301. 

     paddyg91
     11-09-2011
     11:20 PM

     301

     Originally Posted by Master_Teeee Peace...

     This is probably the best post on the forum in the past week of *****ing and moaning, I commend you fine sir!

302. 

     AsSiTcH
     11-09-2011
     11:23 PM

     302

     Originally Posted by pip1 So the question is how long is it going to take before someone posts 3.60+ decrypted firmware files. That would be the next step to unsigned code on 3.60+ not that it matters much if you try to go online sony will ban you and all we really need is the keys.

     Do you work for Sony? Last time we were able to go on-line with CFW Sony banned NO ONE.

303. 

     baargle
     11-09-2011
     11:23 PM

     303

     Originally Posted by gregory2590 Shoutout to the devs: If you're working on this now, be the **** careful This is like asking to be sued.

     I'm sure your great words of wisdom will save the lives of many developers. I am honoured to be in your presence oh wise sage. I give gratitude to the Gods for allowing me to bare my gaze upon you. Fine human, thank you, thank you a million thank you, oh courageous knight. Without your words, we would be nowhere, without your courage we would be doomed. You have shown us the way. Now we will conquer all, because of you my friend, because of you.

304. 

     pip1
     11-09-2011
     11:53 PM

     304

     No I don't work for sony but think about this:
     
     For 3.55 cfw anyone could switch to cfw even people who don't own the ps3 (roomates, kids, friends) so sony wasn't too willing to ban its users when they had a "fix" in the works and once the user is on 3.56+ the issue is gone. Someone dumping their flash and manually modding, resigning, and reflashing is more in depth and a sign that some one was serious about hacking thier ps3 and "should be" banned. (I believe that psn belongs to those who don't have modded games and cheats)
     
     Now if we are talking about a fresh exploit and not true CFW I don't see sony banning

305. 

     VIRGIN KLM
     11-10-2011
     12:07 AM

     305

     Actually that would be cool:
     http://www.ps3devwiki.com/index.php?...are#Bootloader
     
     Do you think that this now could get materialized?

306. 

     Elegant
     11-10-2011
     12:20 AM

     306

     Originally Posted by VIRGIN KLM Actually that would be cool: http://www.ps3devwiki.com/index.php?...are#Bootloader Do you think that this now could get materialized?

     So you're proposing we can sign the bootldr with the console key? If we can (I believe it's the same key) and it runs then I don't see how you can't. But consider this: If you can modify the bootldr and sign it AND it cannot be altered with updates. Why not write one to dump lv0 keys while on 3.60? (This requires soldering since we can't use linux or SSH, or its possible since it's not updated to create one that will dump to USB or something and just have it do that then update to 3.60) Then maybe write a lv0 to dump everything else? We have the majority of the needed code from Mathieulh am I wrong?

307. 

     pip1
     11-10-2011
     12:45 AM

     307

     Why can we change it and not sony? doesn't make sence either neither of us can change it or both of us can or am I missing somthing, Is it behind e-fuses but acessible through jtag?
     
     I thought the whole point was once we get the keys from the beginning of the boot process that NO ONE can change we can alter everything from there on which is the entirety of the firmware updates.

308. 

     bost7
     11-10-2011
     12:56 AM

     308

     Maybe i am wrong but i saw here :
     
     
     
     That metldr "connects" to appldr.
     
     Appldr has the keys for the eboot fixes.
     
     Then here is the deal:
     
     Someone "hack"/dump/decrypt it, get the keys and releasing eboots.
     
     No need to release keys and get sued by sony, just the eboots.
     
     (i dont think anyone who was releasing only eboots got sued).
     
     And we can play our games, and leave some devs alone to work more.
     
     Maybe i am telling bu********, but thats my poor logic.

309. 

     ssvetec
     11-10-2011
     12:56 AM

     309

     Originally Posted by luqi Most helpfull post of today, thank you man

     No. Most helpful post of the last 12 months. I've never read a more simple, easy, clear explanation of a particular finding/exploit/hack/whatever than that post.
     
     If noobs cannot understand that post - GTFO! He couldn't have made it clearer than what he wrote. Awesome post.

310. 

     Elegant
     11-10-2011
     01:01 AM

     310

     Originally Posted by pip1 Why can we change it and not sony? doesn't make sence either neither of us can change it or both of us can or am I missing somthing, Is it behind e-fuses but acessible through jtag? I thought the whole point was once we get the keys from the beginning of the boot process that NO ONE can change we can alter everything from there on which is the entirety of the firmware updates.

     AFAIK If Sony made such an update it would have to know the bootldr key. But it can't because it's different per console! In the off chance they did this would involve an update specifically for ONE console. This also wouldn't make any difference since the hardware only responds to this one key even if they updated the bootldr I could still just as easily create my own yet again since the key cannot be altered, EVER.

311. 

     pax109
     11-10-2011
     01:40 AM

     311

     So we know the bootldr is encrypted at the factory with the unique per console keys, what is the chance of the decrypted bootldr being the same for each console with the only difference being the keys used to encrypt it? Could if it was ever released by someone with the required hardware to dump it and decrypt it with their matching per console keys be patched and re-encrypted with your own dumped per console key?

312. 

     VIRGIN KLM
     11-10-2011
     01:46 AM

     312

     Originally Posted by Elegant So you're proposing we can sign the bootldr with the console key? If we can (I believe it's the same key) and it runs then I don't see how you can't. But consider this: If you can modify the bootldr and sign it AND it cannot be altered with updates. Why not write one to dump lv0 keys while on 3.60? (This requires soldering since we can't use linux or SSH, or its possible since it's not updated to create one that will dump to USB or something and just have it do that then update to 3.60) Then maybe write a lv0 to dump everything else? We have the majority of the needed code from Mathieulh am I wrong?

     I just meant that something like bootmii on PS3 would be groundbreaking in the PS3 community, possibly one of the top 5 best ever things materialized in PS3 community. It would alow you to avoid 75% of todays bricks plus it would save up reaaally much time from doing update processes plus developers could use it to test safely their code without having extremelly high risk of a brick that would require a hardware solution to bring back the console to life.
     Think of it like a super advanced with more features Pandora Battery of PSP but for PS3 instead.

313. 

     TizzyT
     11-10-2011
     01:51 AM

     313

     Hmm, this is super exciting, I don't get much of it now but I have been doing further research into similar things as this, hopefully I will eventually completely understand the whole thing., although I doubt I will ever be able to contribute to something so complex (or at least that's how I see it now). Really really great and exciting stuff. Man I wish I was born in a more technically educated place......FML.

314. 

     pip1
     11-10-2011
     02:02 AM

     314

     whats stopping sony from reading the per console key during an update and changing bootloader? bootloader is on the flash memory so it can be changed and if we can use software to read the key why can't sony?
     
     I love when people say can't because in life almost allways you can no matter what it is as long as your smart and try.

315. 

     Elegant
     11-10-2011
     02:15 AM

     315

     Originally Posted by pip1 whats stopping sony from reading the per console key during an update and changing bootloader? bootloader is on the flash memory so it can be changed and if we can use software to read the key why can't sony? I love when people say can't because in life almost allways you can no matter what it is as long as your smart and try.

     I also just stated this... Try rereading my post... I stated that it is IMPOSSIBLE (as in NOT POSSIBLE!) to change the console key therefore if they by some miracle could change the bootldr they can go ahead and change as many times as they feel fit to. Unfortunately for them I still know my key and can change it back when the update is done. They cannot block this, it would require them to physically come to my house disassemble my PS3 and change my parts.
     
     [MENTION=13236]VIRGIN KLM[/MENTION] I agree it would be helpful, in fact after posting I realized the easiest way for us to get the 3.6x+ keys safely could be to enable dual booting because we'll have the ability to explore the 3.60 side of the boot from 3.55 side. Thus skipping the need to solder and edit from that end. Also if I'm not mistaken waninkoko released a flash creator that will create a dev_fflash (that will not conflict with dev_flash), I'm guessing that would be a great place to start

316. 

     hackeyking
     11-10-2011
     02:48 AM

     316

     Lets hope we still have talented people (who havent been pushed away by stupid comments and small children) who can get us somewhere....

317. 

     hackeyking
     11-10-2011
     03:37 AM

     317

     Originally Posted by zaeReiroh2 For us small people, this will do nothing, the devs will be able to play with it and we will, benefit from the end results, so don't worry about it until later

     im no Hobbit...

318. 

     GregoryRasputin
     11-10-2011
     03:42 AM

     318

     lol [MENTION=205304]hackeyking[/MENTION] and [MENTION=203592]nzie[/MENTION], the user [MENTION=206779]zaeReiroh2[/MENTION] is a spam bot.

319. 

     hackeyking
     11-10-2011
     03:44 AM

     319

     Must get to grips better with this place!

320. 

     nzie
     11-10-2011
     03:47 AM

     320

     and i was liking his post.lol

321. 

     mrsoczi
     11-10-2011
     05:21 AM

     321

     Originally Posted by Mathieulh Just so you know, the first exploit from my post, which I like to call the "meta exploit" which allows to decrypt the metadata directly in the shared LS works on the bootloader.

     ??
     
     Quote from PS3Crunch

322. 

     hackeyking
     11-10-2011
     05:59 AM

     322

     There is most likely a bootrom or a crypto engine that decrypts and load the bootloader/metldr.
     
     another from math

323. 

     medi01
     11-10-2011
     06:51 AM

     323

     So the new thing in this was:
     a) how geohot COULD have cracked metldr
     b) a hint of "if you're smart enough, you could use this approach to get boot leader keys", something that Matieulh has already said a while ago on a different occasion
     
     

     Originally Posted by hackeyking Lets hope we still have talented people (who havent been pushed away by stupid comments and small children) who can get us somewhere....

     Let's hope we get enough of "you can't say 'movie sucks' unless you create a better movie" enlightened cretins, that would kiss drama queen's butt long enough for something to come out of it....

324. 

     mcmrc1
     11-10-2011
     06:52 AM

     324

     Original Post from Asure:
     There are two exploits released by Math. One is in source code, and dumps metldr. The keys to old-style 3.55 & 3.56 stuff are inside mtldr. If Sony did not go the 'lv0 vault' route, this exploit would still hold true and allow us to decrypt 3.56+. Except, they didn't, and they moved all into LV0. So the first exploit is cool to know how, but fail for us, Sony changed stuff.
     
     From your pictures, did you deduct LV0 replace metldr? If so, do so now. Then, our goal becomes on 3.6x and 3.7x to decrypt lv0.
     
     Since lv0 is encrypted with the same key0 used to encrypt metldr in 3.56+.. we need a second trick to get that private key they used on metldr.
     This second trick i don't see in math's .c examples. But he explains it..
     
     STEP II)
     Contrary to popular beliefs, you do not need to know the public key to calculate the private key, you just need two decrypted signature, you now know how to dump these, so let's assume you just did, now all you have to do is to bruteforce the curve type by constantly reloading a self to metldr, the curve type being only 1 byte, that would be 64 possibilities.
     
     The explanation Math made before, about how there are two exploits in one, that's about the meta-sploit as he calls it, and the one where you bruteforce a private key.
     I was merely pointing out the need for skeet to get bootloader dumped. If we can dump bootloader already by software, i must have missed that. If you can dump it, do so now
     
     You see, if both bootldr and metldr are same key, what prevents us from say, using the same exploit with a dumped bootldr?
     We need the two meta results back, to start calculation/brute force. So the original exploit should be modified to also print out the meta data.
     
     If all we need is meta results, we don't even need to run the bootldr. Math explained it all allready, but nobody is reading and i lack C skills
     Just get load the ldr, and dump the meta results. All we need to do recycle the exploit example code for metldr. We don't even need execute the code, the bug is in the loading routing which does not check the length.
     
     Once we have dumped metadata for bootldr and metldr, it seems Sony fail in the key0 too, right Math? Otherwise it would not be possible to bruteforce?

325. 

     itriedbutifailed
     11-10-2011
     07:09 AM

     325

     this is worthless like my penis. im going to find 3.6+ keys by myself.

326. 

     TizzyT
     11-10-2011
     07:42 AM

     326

     Originally Posted by itriedbutifailed this is worthless like my penis. im going to find 3.6+ keys by myself.

     good luck.

327. 

     japsander
     11-10-2011
     08:08 AM

     327

     Originally Posted by itriedbutifailed this is worthless like my penis. im going to find 3.6+ keys by myself.

     As worthless as your post then? I think your username describes how you will fare in your quest.
     
     No information is worthless, there are only people who cannot use said information.

328. 

     H3avyRa1n
     11-10-2011
     08:49 AM

     328

     there's new intel floating aroung provided by [MENTION=9827]mathieulh[/MENTION] that surely is extremely helpful..

329. 

     baileyscream
     11-10-2011
     09:01 AM

     329

     from ps3crunch HERE
     
     Mathieulh post #233
     Crunching Developers!
     
     .........................................................................................................................
     Originally Posted by TheFrogEater
     
     math do you think ur exploit can be use to get the keys for cfw ?
     
     
     salut mat il est impossible de t'envoyer un mp donc je te le dis ici, je trouve que t'es vraiment fort et je te remercie pour ton travail aussi bien que récent que passé (psp etc).
     tu penses que ca pourrait apporter quoi a plus ou moins long terme ?
     .........................................................................................................................
     
     The first one I published can be used in conjunction to a hardware hack to get the bootloader to decrypt lv0 for you, you can also calculate lv0's private key through this, this means you can decrypt lv0, encrypt lv0 using the existing decrypted metdata keys, and sign lv0, you just need to use a ps3 to go through the process of decrypting each lv0 revision though. Know that if you sign lv0 you can also use yet another exploit to gain code execution on the bootloader and dump the keys and be able to decrypt lv0 straight on pc.
     
     
     Mathieulh post #234
     Crunching Developers!
     
     ..........................................................................................................................
     Originally Posted by Beharii
     
     Math if all the loaders are loaded by lv0 since 3.56+ what's the use of metldr anymore, and is the per_console_key that is obtained from metldr the same as the one from bootldr since in the wiki it is only stated as per console key. I hope you don't mind answering these two questions since I couldn't figure them out in the wiki.
     ..........................................................................................................................
     
     
     They are not loaded by lv0 they are simply embeded inside one of the lv0 segment in self format, lv0 copies them to the lv1 loaders' table on the xdr and then lv1 fetches them from ram and loads them through metldr just like on earlier firmwares.
     There is a new distinction though, each ldr has its .2 such as appldr.2 which is a new metadata for the loader, if your console happens to have metldr.2, lv1 will feed it the .2 metadata generated with the metldr.2 keysets and private key with the original ldr data sections, metldr.2 will decrypt the *ldr.2 metadata and will use it to decrypt the matching *ldr data sections (so the data section keys match the ones from the original *ldr metadata)
     
     Note that because the signature fail from Segher doesn't work for metldr.2 you cannot use the donut fail to pwn it because you cannot sign your own loader, making the new metldr.2 extreamly hard to exploit (though not impossible, to cut with the suspense it's just the good old metldr with a new keyset, a hardcoded 3.60 min version, compiled with a newer gcc, not much worth exploiting in the first place).
     
     Last edited by Mathieulh; Today at 12:27 PM.
     
     (((((DONT THANK THIS POST AS ITS NOT MY POST. I'M JUST PASSING IT ON)))))

330. 

     ps3tricks
     11-10-2011
     09:02 AM

     330

     [MENTION=177623]baileyscream[/MENTION]
     
     it seems u have been faster then me lol we posted this quotes from Math at same time.
     
     so i will remove my.
     
     Thx again Math for all this great information

331. 

     Buggerlugz
     11-10-2011
     11:14 AM

     331

     If Math is the all-seeing oracle of the scene, why don't he just create a PKG file which extracts a per console key to a file that everyone can use?

332. 

     baargle
     11-10-2011
     11:15 AM

     332

     Duplex have just released a proper of MW3. It's not fixed for 3.55 though...Meaning...That they more than likely have NOT found the keys\circumvention method for 3.60+ firmware, and that since they have cracked NPDRM just used the PSN version eboot as a source. So, with this news as METLDR being useless for 3.60 keys...It seems the last few weeks news is all for nothing.
     
     Thought it was kinda relevent in here?

333. 

     TheEvolution_PT
     11-10-2011
     11:26 AM

     333

     Originally Posted by Buggerlugz If Math is the all-seeing oracle of the scene, why don't he just create a PKG file which extracts a per console key to a file that everyone can use?

     Why you not make one for you?
     ************* [ - Post Merged - ] *************
     

     Originally Posted by baargle Duplex have just released a proper of MW3. It's not fixed for 3.55 though...Meaning...That they more than likely have NOT found the keys\circumvention method for 3.60+ firmware, and that since they have cracked NPDRM just used the PSN version eboot as a source. So, with this news as METLDR being useless for 3.60 keys...It seems the last few weeks news is all for nothing. Thought it was kinda relevent in here?

     With METLDR you can get the keys, because you unlock the LV0 with this exploit if you know how to use.
     Im a noob but i think im right.

334. 

     baileyscream
     11-10-2011
     11:37 AM

     334

     Originally Posted by Buggerlugz If Math is the all-seeing oracle of the scene, why don't he just create a PKG file which extracts a per console key to a file that everyone can use?

     math doesnt do the work for us as he wants other's to actually work on the ps3 and code the work. he used to give the scene everything but now its just "hints" or nudges in the right direction from time to time.
     
     to the scene:-
     if we all calm down on the math flaming and asking for things from him then we might just see him getting envolved more (myself included)

335. 

     kian2002
     11-10-2011
     12:19 PM

     335

     so we can use this to get the key for our ps3
     then dump lv0 with hardware and decrypt using the key
     
     as we now have the key we can update
     
     dump lv0 decrypt
     
     then add keys to cfw 3.55
     
     done
     
     now duel boot is neede

336. 

     xxxblitzxxx
     11-10-2011
     12:37 PM

     336

     Originally Posted by Master_Teeee Okay guys, just registered to post this... Metldr (meta loader) is one of the lowest level functions of the P$3. It is a per console, unique, hardware based code... Meaning the one for your console, is only for your console. Each one has its own. I will refer to this as your 'hard key'. Now, if you remember, back before geohot got sued, he released a set of keys, most important of which (for all your pirates out there), was the appldr (application loader) key. These are public keys, meaning that every P$3 made uses the SAME keys... This is how your P$3 decides whether the .pup (a firmware file [3.55 for example]) is genuine, or fake. These keys are decided by software, and therefore don't physically exist. This means that they can be updated whenever $ony see's fit, and is the reason modern games won't run on old firmwares. Now, if you also cast your mind back, you'll remember that when geohot was about to get sued, he posted a comment similar to, "So no one STILL knows how I got the metldr keys???? ". He mentioned this, because if the metldr encryption key is known, then the soft keys can be decrypted. If the soft keys can be decrypted you can exploit the appldr, and have all your backup managers etc, on any firmware. What makes this metldr key so special, is that, unlike the 'soft' keys, no update can be brought out to modify your metldr key. And, so long as you always know your metldr key (which you can do now), you will ALWAYS know your 'soft' keys, which are what 99% of you are here to try and find out. Put simply: metldr key = soft keys = cfw This is why it's taken so long to get past 3.55. Geohot released the 'soft' keys, using his own metldr exploit (one would imagine was very similar, if not identical to this piece of C), but never released the method with which to obtain the metldr key itself. So the soft keys released could be updated, and, as we all know they were, and the system re-secured... Now however, we have full access to decrypt the soft keys, effectively continuing where geohot left off. I hope that this makes sense to at least a couple of you, and sheds some light as to what this means for the scene, and also why people like math and geo were so reluctant to release these exploits. Peace...

     finally i was hoping an answer like this now we can unlock a wider range for ps3 hope the new cfw will be release this coming hliday by the way tnx for the explantion =)

337. 

     kaiserfoosa
     11-10-2011
     12:46 PM

     337

     Originally Posted by baileyscream math doesnt do the work for us as he wants other's to actually work on the ps3 and code the work. he used to give the scene everything but now its just "hints" or nudges in the right direction from time to time. to the scene:- if we all calm down on the math flaming and asking for things from him then we might just see him getting envolved more (myself included)

     It's called the Riddler syndrome. The cure is a batman.

338. 

     fouzi
     11-10-2011
     12:48 PM

     338

     y math is still explaning how to use this thing on TWITTER ?
     
     didn t he leave the scene ?

339. 

     nzie
     11-10-2011
     01:03 PM

     339

     Originally Posted by fouzi y math is still explaning how to use this thing on TWITTER ? didn t he leave the scene ?

     he always says that

340. 

     baargle
     11-10-2011
     01:04 PM

     340

     Originally Posted by xxxblitzxxx finally i was hoping an answer like this now we can unlock a wider range for ps3 hope the new cfw will be release this coming hliday by the way tnx for the explantion =)

     Except he's completely wrong.
     
     Apparently since 3.60, the keys have been moved out of METLDR.

341. 

     Buggerlugz
     11-10-2011
     01:09 PM

     341

     Originally Posted by fouzi y math is still explaning how to use this thing on TWITTER ? didn t he leave the scene ?

     My point exactly, Sony isn't bothered if he produces the package to extract the per console key, or tells everyone how to do it, they'll have him anyway.
     
     Its obvious he can talk the talk, but can he walk the walk?

342. 

     carldenning
     11-10-2011
     01:32 PM

     342

     Originally Posted by baargle Except he's completely wrong. Apparently since 3.60, the keys have been moved out of METLDR.

     but we dont need 3.56 and upwards keys

343. 

     baargle
     11-10-2011
     01:38 PM

     343

     Originally Posted by carldenning but we dont need 3.56 and upwards keys

     Do we not?

344. 

     carldenning
     11-10-2011
     01:48 PM

     344

     Originally Posted by baargle Do we not?

     think about if your on 3.55 and u install 3.60 how would the ps3 know that the 3.60 fw is real and accepted it , our playstation can decpye anyfirmware becuse of the keys we got on the ps3 but we need the root key to get it . so then we can decypte eg 3.73 fw on a pc using the keys we find on the ps3 . so then we do our magic and sign it back with 3.55 keys . somethink along the lines of that , so no 3.60+ keys needed , but only people on 3.55 fw can install it becuse on 3.56fw and above the 3.55 keys are black listed ,
     
     hope u get what i mean .
     
     if anyone else think im wrong then please correct me

345. 

     laurorual
     11-10-2011
     01:51 PM

     345

     Originally Posted by Master_Teeee Okay guys, just registered to post this... Metldr (meta loader) is one of the lowest level functions of the P$3. It is a per console, unique, hardware based code... Meaning the one for your console, is only for your console. Each one has its own. I will refer to this as your 'hard key'. Now, if you remember, back before geohot got sued, he released a set of keys, most important of which (for all your pirates out there), was the appldr (application loader) key. These are public keys, meaning that every P$3 made uses the SAME keys... This is how your P$3 decides whether the .pup (a firmware file [3.55 for example]) is genuine, or fake. These keys are decided by software, and therefore don't physically exist. This means that they can be updated whenever $ony see's fit, and is the reason modern games won't run on old firmwares. Now, if you also cast your mind back, you'll remember that when geohot was about to get sued, he posted a comment similar to, "So no one STILL knows how I got the metldr keys???? ". He mentioned this, because if the metldr encryption key is known, then the soft keys can be decrypted. If the soft keys can be decrypted you can exploit the appldr, and have all your backup managers etc, on any firmware. What makes this metldr key so special, is that, unlike the 'soft' keys, no update can be brought out to modify your metldr key. And, so long as you always know your metldr key (which you can do now), you will ALWAYS know your 'soft' keys, which are what 99% of you are here to try and find out. Put simply: metldr key = soft keys = cfw This is why it's taken so long to get past 3.55. Geohot released the 'soft' keys, using his own metldr exploit (one would imagine was very similar, if not identical to this piece of C), but never released the method with which to obtain the metldr key itself. So the soft keys released could be updated, and, as we all know they were, and the system re-secured... Now however, we have full access to decrypt the soft keys, effectively continuing where geohot left off. I hope that this makes sense to at least a couple of you, and sheds some light as to what this means for the scene, and also why people like math and geo were so reluctant to release these exploits. Peace...

     ok, now we can get the soft keys to get to a new cfw
     so why is that hard to get that new cfw?

346. 

     hitamonkey
     11-10-2011
     01:58 PM

     346

     Originally Posted by laurorual ok, now we can get the soft keys to get to a new cfw so why is that hard to get that new cfw?

     that's what i don't understand. i have read that lunuxx already dumped a key, so on so forth...
     
     but from all the news recently, all i have been able to gather is once we have that key then we're sorted.
     i by no means understand the technical side of things and am not pushing for a release, just trying to gain some knowledge..
     
     so.. if there are already cfws... now we have a key, why can't another be made already?
     even if we have to make our own dump and stuff that's cool with me, would love to get more involved, but hey, just wondering what else we actually are waiting for?

347. 

     laurorual
     11-10-2011
     02:01 PM

     347

     Originally Posted by hitamonkey that's what i don't understand. i have read that lunuxx already dumped a key, so on so forth... but from all the news recently, all i have been able to gather is once we have that key then we're sorted. i by no means understand the technical side of things and am not pushing for a release, just trying to gain some knowledge.. so.. if there are already cfws... now we have a key, why can't another be made already? even if we have to make our own dump and stuff that's cool with me, would love to get more involved, but hey, just wondering what else we actually are waiting for?

     thats exacly what i was thinking about

348. 

     carldenning
     11-10-2011
     02:03 PM

     348

     Originally Posted by hitamonkey that's what i don't understand. i have read that lunuxx already dumped a key, so on so forth... but from all the news recently, all i have been able to gather is once we have that key then we're sorted. i by no means understand the technical side of things and am not pushing for a release, just trying to gain some knowledge.. so.. if there are already cfws... now we have a key, why can't another be made already? even if we have to make our own dump and stuff that's cool with me, would love to get more involved, but hey, just wondering what else we actually are waiting for?

     i think we got to learn how to use the root keys becuse its diffent to eg 3.55 public keys and private key

349. 

     hitamonkey
     11-10-2011
     02:05 PM

     349

     Originally Posted by carldenning i think we got to learn how to use the root keys becuse its diffent to eg 3.55 public keys and private key

     oh ok so it's just as simple as..
     
     we know how to get them but not what to do with them?

350. 

     carldenning
     11-10-2011
     02:10 PM

     350

     Originally Posted by hitamonkey oh ok so it's just as simple as.. we know how to get them but not what to do with them?

     yeah , we know how to get the rootkey but how to use it

351. 

     fouzi
     11-10-2011
     02:13 PM

     351

     some dev need to step up and make a cfw using that method but no one is brave enough
     after what happened with geo hot

352. 

     mrsoczi
     11-10-2011
     02:20 PM

     352

     Originally Posted by fouzi some dev need to step up and make a cfw using that method but no one is brave enough after what happened with geo hot

     Yeah... a nice, sweet job at Sony. A real martyr.

353. 

     depblkman
     11-10-2011
     02:29 PM

     353

     I don't think that people realize the potential power that has been leaked. eventually, people will come to understand it. I know a lot of people want to play online as well as have cfw but why keep pushing for cfw when the ability to be able to play any game regardless of the FW is at our fingertips? Knowledge is power. We need to keep this in mind as we go forth. IMO, making cfw just for the purpose of going online is a waste of time. the possibility of dual booting gives me hope and hopefully soon, finding a way to dual boot otherOs and GameOs would be the stuff.

354. 

     fouzi
     11-10-2011
     02:37 PM

     354

     its strange how math said that it was leaked but then explaning how to use it

355. 

     hitamonkey
     11-10-2011
     02:44 PM

     355

     Originally Posted by depblkman I don't think that people realize the potential power that has been leaked. eventually, people will come to understand it. I know a lot of people want to play online as well as have cfw but why keep pushing for cfw when the ability to be able to play any game regardless of the FW is at our fingertips? Knowledge is power. We need to keep this in mind as we go forth. IMO, making cfw just for the purpose of going online is a waste of time. the possibility of dual booting gives me hope and hopefully soon, finding a way to dual boot otherOs and GameOs would be the stuff.

     good point, i completely forgot about that regarding my last post.. i was thinking we had to upgrade to play the games but be on cfw, but i realise my mistak enow you brought it up, my bad!!! and as you say, being able to play any games is what i am excited about.

356. 

     mrsoczi
     11-10-2011
     02:48 PM

     356

     From what I've read from one of the devs here it seems that we are able to play 3.56+ games knowing the metldr keys. I mean it leads somehow to 3.55 eboot fixes. Everyone seems to be concentrating on getting the PS3 fully open through bootldr and is not keen on getting those fixes. However I can understand that. If I'm mistaken please correct me.

357. 

     Elegant
     11-10-2011
     02:49 PM

     357

     What needs to happen:
     
     1) Get console key on 3.55 (easy to do now that we have a tut). Must be done on 3.55 since we cannot get it in 3.60.
     
     2) Dump bootldr (Now this is something gitbrew managed to do with software(?) this can probably be done in gameOS or otherOS if so). This file is maintained every update and is unaltered to best of my knowledge so if we perform any kind of modification it will carry from FW to FW.
     
     3) Decrypt bootldr with console key.
     
     4) Modify it (create your own, use Math's code as a basis) so it will execute code and dump the lv0 metadata keys. The lines which those are on are within the SELF/SCE Header. (Abuses chain of trust and therefore gives us private keys)
     
     If we can get this far then we can do some damage.
     
     [MENTION=149378]depblkman[/MENTION] We'd run into the private keys along the way so it would lead to CFW. We may be able to decrypt a game faster than making a CFW but key wise we're getting them at the same time.

358. 

     TheEvolution_PT
     11-10-2011
     03:59 PM

     358

     Anyone already see this:http://pastebin.com/8ZCqqsQq
     Sorry if it double post.

359. 

     Snaydher
     11-10-2011
     04:01 PM

     359

     Link fixed...

360. 

     Rob1980
     11-10-2011
     04:03 PM

     360

     Excuse my "noob" comments and questions, I'm just still a liitle confused.
     
     I'm reading lots of different theories, but some make no sense to me.
     
     According to the diagram on ps3wiki the bootldr, and lvl0 are completely separate from the metldr, surely this exploit does not help us get any closer to bootldr or lvl0?
     
     As for higher firmware cfw, or modified eboots, metldr gives us lv1ldr, lv2ldr, appldr etc...
     
     Ofw 3.55 and below are as above, and we already have the public keys released by geohot, possibly using this exact exploit, allowing us to sign eboots cfw etc.
     
     However, in future firmwares lv1ldr, appldr etc have been moved And weneed lv0ldr / bootldr.
     
     So without those, and without otherOS on higher firmwares surely we can still do nothing without lv0ldr or bootldr?
     
     The way im reading it, and please correct me if I'm wrong, I hope I am, we have gained nothing other than to learn how geohot did what he did, or a similar method, but without any progress from that being possible with this exploit?

361. 

     laurorual
     11-10-2011
     04:17 PM

     361

     Originally Posted by TheEvolution_PT Anyone already see this:http://pastebin.com/8ZCqqsQq Sorry if it double post.

     what is it?

362. 

     mrsoczi
     11-10-2011
     04:28 PM

     362

     That's the dump that user lunnux has made with the new exploit.

363. 

     Elegant
     11-10-2011
     04:37 PM

     363

     Originally Posted by Rob1980 Excuse my "noob" comments and questions, I'm just still a liitle confused. I'm reading lots of different theories, but some make no sense to me. According to the diagram on ps3wiki the bootldr, and lvl0 are completely separate from the metldr, surely this exploit does not help us get any closer to bootldr or lvl0? As for higher firmware cfw, or modified eboots, metldr gives us lv1ldr, lv2ldr, appldr etc... Ofw 3.55 and below are as above, and we already have the public keys released by geohot, possibly using this exact exploit, allowing us to sign eboots cfw etc. However, in future firmwares lv1ldr, appldr etc have been moved And weneed lv0ldr / bootldr. So without those, and without otherOS on higher firmwares surely we can still do nothing without lv0ldr or bootldr? The way im reading it, and please correct me if I'm wrong, I hope I am, we have gained nothing other than to learn how geohot did what he did, or a similar method, but without any progress from that being possible with this exploit?

     metldr exploit gives console key. Console key is just that the console key so in order for the bootldr (the first thing in the link in 3.60+) to operate it would need to be encrypted with the console key since it's, well, the key for the console. Using Math's exploit it is most likely possible to not even need the key and just exploit through it. Take a look at what was written on page 27, 29 and the one prior to this one.

364. 

     yozh
     11-10-2011
     04:38 PM

     364

     Originally Posted by Rob1980 Excuse my "noob" comments and questions, I'm just still a liitle confused. I'm reading lots of different theories, but some make no sense to me. According to the diagram on ps3wiki the bootldr, and lvl0 are completely separate from the metldr, surely this exploit does not help us get any closer to bootldr or lvl0? As for higher firmware cfw, or modified eboots, metldr gives us lv1ldr, lv2ldr, appldr etc... Ofw 3.55 and below are as above, and we already have the public keys released by geohot, possibly using this exact exploit, allowing us to sign eboots cfw etc. However, in future firmwares lv1ldr, appldr etc have been moved And weneed lv0ldr / bootldr. So without those, and without otherOS on higher firmwares surely we can still do nothing without lv0ldr or bootldr? The way im reading it, and please correct me if I'm wrong, I hope I am, we have gained nothing other than to learn how geohot did what he did, or a similar method, but without any progress from that being possible with this exploit?

     well this aint about cfw eboots (piracy) this is the botton of the console, the heart of it, once bootldr key is retrieved, well you pretty much own the console, because neither metldr and bootldr are updateable or revoked, this means that you can install in 1 year ofw 5.55 on your ps3 but your bootldr key is still the same, with this key you can decrypt your consoles stuff, people think that with this whole thing going on they will see a cfw just around the corner, imo thats pretty unlikely because we are not there yet, people need to see the big picture, not just piracy, with those keys found, people pretty much can write the code that they want, sign it at those levels and run it, allowing you to write your own firmware, owning the machine at those levels (metldr, bootldr) and sign everything after those 2 loaders, well you practically can do anything you want...
     
     thats my opinion, i can be wrong, correct me if i am but thats the way i see this whole stuff.
     
     people really need to understand that cfw is no on the horizon, but great things are coming..

365. 

     GregoryRasputin
     11-10-2011
     04:40 PM

     365

     Originally Posted by yozh well this aint about cfw eboots (piracy)

     
     Not meaning to stray off topic, but eboots have nothing to do with piracy, many people buy the games and hope for an eboot fix.

366. 

     VIRGIN KLM
     11-10-2011
     04:53 PM

     366

     Originally Posted by depblkman I don't think that people realize the potential power that has been leaked. eventually, people will come to understand it. I know a lot of people want to play online as well as have cfw but why keep pushing for cfw when the ability to be able to play any game regardless of the FW is at our fingertips? Knowledge is power. We need to keep this in mind as we go forth. IMO, making cfw just for the purpose of going online is a waste of time. the possibility of dual booting gives me hope and hopefully soon, finding a way to dual boot otherOs and GameOs would be the stuff.

     Well I partially agree but dunno if you seen my posts on other threads about some facts why 3.55 starts to get old you'll get what I mean...
     For example 3.72 added a new kernel function for PS2 Classics that would be epicly wanted by everyone and could allow us to play every PS2 game on non-BC consoles.
     There are more reasons like the new PSP emu with antialiasing on 960x540 on 3.70 but my point is that there will be firmwares with nice features why not take potential of them? It's sad and a pitty not to... :/
     The reason that we hack our PS3 (if we are not pure pirates) it's because we want to push it's functionality off limmits right?

367. 

     Elegant
     11-10-2011
     05:07 PM

     367

     [MENTION=13236]VIRGIN KLM[/MENTION] I believe that's true for about 5% of the scene give or take. (Am I lying?) Though I'd personally be a lot happier if I could play some of my PS2 and PSP games on my PS3 through backups

368. 

     VIRGIN KLM
     11-10-2011
     05:12 PM

     368

     Originally Posted by Elegant [MENTION=13236]VIRGIN KLM[/MENTION] I believe that's true for about 5% of the scene give or take. (Am I lying?) Though I'd personally be a lot happier if I could play some of my PS2 and PSP games on my PS3 through backups

     The way is a different story.
     The ability is all that matters and being on 3.72 CFW would allow us to...
     Or atleast if Math wants to help us without releasing anything, just lead us how we can decrypt the contents of a PS2 classic game so we can acquire the optimized self emu file to understand to keep us busy to understand how it works.
     Is that such a big deal?
     

369. 

     yozh
     11-10-2011
     06:05 PM

     369

     Originally Posted by VIRGIN KLM Well I partially agree but dunno if you seen my posts on other threads about some facts why 3.55 starts to get old you'll get what I mean... For example 3.72 added a new kernel function for PS2 Classics that would be epicly wanted by everyone and could allow us to play every PS2 game on non-BC consoles. There are more reasons like the new PSP emu with antialiasing on 960x540 on 3.70 but my point is that there will be firmwares with nice features why not take potential of them? It's sad and a pitty not to... :/ The reason that we hack our PS3 (if we are not pure pirates) it's because we want to push it's functionality off limmits right?

     yes but apparently the features you mention are not off limits, you can update your console and get those features, or just get another ps3.
     
     offlimits would be to use your console at its full power gaining control a 100% of your hardware, and this exploit is the tip of that because with the other missing key (i know you know is stored in the bootldr) you would gain control of the chain of trust, letting you run any code that you want after bootldr, how cool is that!
     
     btw in order to build a 3.7x cfw new keys are needed, and as far as i know or at least no one has made it public, no one has succeeded doing that.
     
     so no, no cfw in the near future

370. 

     baargle
     11-10-2011
     06:25 PM

     370

     Originally Posted by Elegant What needs to happen: 1) Get console key on 3.55 (easy to do now that we have a tut). Must be done on 3.55 since we cannot get it in 3.60. 2) Dump bootldr (Now this is something gitbrew managed to do with software(?) this can probably be done in gameOS or otherOS if so). This file is maintained every update and is unaltered to best of my knowledge so if we perform any kind of modification it will carry from FW to FW. 3) Decrypt bootldr with console key. 4) Modify it (create your own, use Math's code as a basis) so it will execute code and dump the lv0 metadata keys. The lines which those are on are within the SELF/SCE Header. (Abuses chain of trust and therefore gives us private keys) If we can get this far then we can do some damage. [MENTION=149378]depblkman[/MENTION] We'd run into the private keys along the way so it would lead to CFW. We may be able to decrypt a game faster than making a CFW but key wise we're getting them at the same time.

     "If we can get this far then we can do some damage." - well actually, there wouldn't be anything left to hack whatsoever, just documentation of function which isn't hacking.

371. 

     DzhoPS3HAX
     11-10-2011
     06:25 PM

     371

     Originally Posted by TheEvolution_PT Anyone already see this:http://pastebin.com/8ZCqqsQq Sorry if it double post.

     
     
     what is it?

372. 

     baargle
     11-10-2011
     06:30 PM

     372

     Originally Posted by VIRGIN KLM The way is a different story. The ability is all that matters and being on 3.72 CFW would allow us to... Or atleast if Math wants to help us without releasing anything, just lead us how we can decrypt the contents of a PS2 classic game so we can acquire the optimized self emu file to understand to keep us busy to understand how it works. Is that such a big deal?

     The emulator isn't stored in the PS2 classic game you download though, it's stored in the "firmware". (completely obvious)
     ************* [ - Post Merged - ] *************
     

     Originally Posted by DzhoPS3HAX what is it?

     A person on previous page said it's a member of ps3hax's METLDR dump (useless, nothing of note given we can all get our own and not interesting)

373. 

     depblkman
     11-10-2011
     07:34 PM

     373

     Originally Posted by VIRGIN KLM Well I partially agree but dunno if you seen my posts on other threads about some facts why 3.55 starts to get old you'll get what I mean... For example 3.72 added a new kernel function for PS2 Classics that would be epicly wanted by everyone and could allow us to play every PS2 game on non-BC consoles. There are more reasons like the new PSP emu with antialiasing on 960x540 on 3.70 but my point is that there will be firmwares with nice features why not take potential of them? It's sad and a pitty not to... :/ The reason that we hack our PS3 (if we are not pure pirates) it's because we want to push it's functionality off limmits right?

     I can totally agree with that statement. understanding that with new firmware comes new features. I too would love the ps2 kernel on cfw. I have too many good games for my ps2 that i would love to play on ps3. and yes, you are right about pushing the ps3 to it's limits. i don't think that we even scratched the surface of what we can do with it.

374. 

     benedett87
     11-10-2011
     07:58 PM

     374

     eussNL key:
     
     ERK+RIV:
     [eussNL] Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     [eussNL] 0000C740 C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93
     [eussNL] 0000C750 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
     [eussNL] 0000C760 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
     [eussNL] 0000C770 04 05 06 07 80 80 80 80 0C 0D 0E 0F 80 80 80 80
     [eussNL] 0000C780 FF FF FF FF FF FF FF E0 00 00 00 00 00 00 00 00
     PUBLIC:
     [eussNL] Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     [eussNL] 0000EC30 C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29
     [eussNL] 0000EC40 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71
     [eussNL] 0000EC50 01 F3 AE B7 2A 97 50 19 00 00 00 00 00 00 00 00
     
     geohot key :
     
     erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
     riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
     pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
     R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
     n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
     K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
     Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70
     
     
     The mail was sent to ps3crunch on purpose (it is my opinion)
     The question is why that value is obtained using a similar result?
     Or am I wrong?

375. 

     VIRGIN KLM
     11-10-2011
     08:11 PM

     375

     Originally Posted by baargle The emulator isn't stored in the PS2 classic game you download though, it's stored in the "firmware". (completely obvious)

     Fail, it is not... What is obvious is that you haven't checked the posts we did comming down to the conclusion that PS2 Classics DO NOT use anymore any of the firmware included self files.
     Sony scrapped the internal emulator on the ps2_emu, they just left it for BC consoles and for a couple stability reasons.
     It bundles games with a profile-specificated emulator.
     If what you said was true PS3 would recognise the installed PS2 Classics on 3.55 as PS2 Classics or worst case scenario it would say the typical message about PS2 Format Discs on non BC models, but it can't since the important function for recognising PS2 Classics (for advanced users also known as P2 Data Type) is missing on 3.55.
     3,55 Has NO CLUE what the hell is this type of data.
     Think of it like, let's say 1.35 OFW would recognise a PSP Mini or a game with trophies...
     

     Originally Posted by yozh yes but apparently the features you mention are not off limits, you can update your console and get those features, or just get another ps3.

     Fail on reading and quoting.
     You can't play any game you want on OFW on non-BC consoles, and the ones on PSN are lame.
     Also I have zero plans on buying AGAIN a game I own because Sony just decided that it's just ok to milk the cow over and over.
     Secondly, I have no plans on giving a peny again to Sony, either if this is a brand new console (not even used, I want to discourage the idea of people buying Sony products in any way) either paying for a PSN game, no way. 3rd, I cannot buy anything from PSN even if I had a second PS3 on OFW because I DO NOT agree with it's TOS.
     Now you see why I'm correct.

376. 

     xxxblitzxxx
     11-10-2011
     09:13 PM

     376

     Originally Posted by baargle Except he's completely wrong. Apparently since 3.60, the keys have been moved out of METLDR.

     how can he be wrong can you explain ?? =)

377. 

     Persian McLovin
     11-10-2011
     09:55 PM

     377

     Originally Posted by VIRGIN KLM Fail, it is not... What is obvious is that you haven't checked the posts we did comming down to the conclusion that PS2 Classics DO NOT use anymore any of the firmware included self files. Sony scrapped the internal emulator on the ps2_emu, they just left it for BC consoles and for a couple stability reasons. It bundles games with a profile-specificated emulator. If what you said was true PS3 would recognise the installed PS2 Classics on 3.55 as PS2 Classics or worst case scenario it would say the typical message about PS2 Format Discs on non BC models, but it can't since the important function for recognising PS2 Classics (for advanced users also known as P2 Data Type) is missing on 3.55. 3,55 Has NO CLUE what the hell is this type of data. Think of it like, let's say 1.35 OFW would recognise a PSP Mini or a game with trophies...

     Hey man, check out my thread on stuff I have experimenting with via Sony's PS2 emulator for BC consoles without the EE chip:
     
     http://www.ps3hax.net/showthread.php?t=29763
     
     You may find it interesting! Peace.

378. 

     VIRGIN KLM
     11-10-2011
     10:18 PM

     378

     Originally Posted by Persian McLovin Hey man, check out my thread on stuff I have experimenting with via Sony's PS2 emulator for BC consoles without the EE chip: http://www.ps3hax.net/showthread.php?t=29763 You may find it interesting! Peace.

     Don't worry I 've read all of it since your first post!
     I have also (well had since it YLOD) a BC machine without the EE and my cousin has one with both EE and GS.
     So har I haven't experienced even a tiny difference in emulation between them, the ones that failed on one of them failed on the other one too... SSX for example.
     I'm gonna post in your thread some answers on the case since I researched them and I found out why some of these stuff you experienced occured.
     
     I still pray somebody in this scene reallise that there are people who have brain, have heart, and are able to love and thank without being scammers/haters or sucking up.
     I hope Math could hear that.
     ************* [ - Post Merged - ] *************
     

     Originally Posted by benedett87 eussNL key: ERK+RIV: [eussNL] Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F [eussNL] 0000C740 C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 [eussNL] 0000C750 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B [eussNL] 0000C760 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D [eussNL] 0000C770 04 05 06 07 80 80 80 80 0C 0D 0E 0F 80 80 80 80 [eussNL] 0000C780 FF FF FF FF FF FF FF E0 00 00 00 00 00 00 00 00 PUBLIC: [eussNL] Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F [eussNL] 0000EC30 C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 [eussNL] 0000EC40 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 [eussNL] 0000EC50 01 F3 AE B7 2A 97 50 19 00 00 00 00 00 00 00 00 geohot key : erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19 R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17 n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1 K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70 The mail was sent to ps3crunch on purpose (it is my opinion) The question is why that value is obtained using a similar result? Or am I wrong?

     Hmm sounds like a simmilar fail to that fail PS3 giving always back 4 as a random number!
     Also I remember a developer saying that Sony's elf encryption is a joke, this could be what he means...!

379. 

     Elegant
     11-11-2011
     12:43 AM

     379

     I would like to make a bootldr but I'm completely against soldering my PS3 (trial and error, could brick PS3 with a bug in bootldr code, so I would have to have a dump to restore to when I screw up and a way for which to do it). I hope someone has steadier hands than I do and a little bit of knowledge in C (one of the easiest languages ).

380. 

     j89
     11-11-2011
     01:07 AM

     380

     this has been explained in bits and pieces in this thread but here goes:
     Up to 3.55:
     First thing that's run is the bootldr which is encrypted at factory with your per console key. This means that everyone's bootldr dump will look different because it uses a different key. Before this exploit, there was no
     public method to get this key. bootldr then decrypts lv0 using a public key. This means that this key is the same for everyone and thus everyone's lv0 dump will look the same. after the hardware is setup, bootldr and lv0
     essentially don't do much else. One important thing to note is the bootldr cannot be updated, while the lv0 is the lowest possible code that can be updated by sony.
     
     After lv0, you have the imfamous metldr that is run. Think of the metldr as a second bootldr as they are similar. They use the same encryption key(per console key) so, like the bootldr, this means two things:
     1. It is different for each console
     2. Since there was no public method to get this key, it was only able to be decrypted by select few people (e.g. geohot)
     After it is decrypted, its job is to load lv1ldr(hypervisor),lv2ldr(gameos),appldr(where the 3.6+ EBOOT keys are ) and isoldr. Of course all of these loaders are encrypted with a public key (one key decrypts all). These keys are stored inside the metldr.
     
     So then what happened?
     Well, Geohot found an exploit in metldr which allowed him to obtain the per console key. Instead of releasing how
     to obtain your own, he decrypted his own metldr, obtained the public keys for the rest of the loaders and released
     them. This allowed complete control over hypervisor(lv1), gameos(lv2) and the EBOOT keys up to 3.55(appldr) which
     basically is enough for cfw.
     
     How sony patched it:
     Since geohot never released how to obtain the per console key(the key that decrypts metldr and bootldr), or the bootldr public key the bootldr was still not able to be decrypted by the normal person. This means that everything contained inside the bootldr (which is only the lv0) was still secure. so with 3.60+, they moved all the loaders(lv1ldr,lv2ldr,appldr,isoldr) into lv0 (because as i said before lv0 is the very first code that can be updated).
     
     If you haven't figured it out yet:
     This leak allows us to get your own per console key. The first thing that needs to be done with this key is actually obtain a bootldr and lv0 dump. This isn't as easy as it sounds because when the hypervisor is loaded, it hides these two from gameos. This would require a full dump of the NOR using a hardware programmer (what math was talking about) containing the bootldr and lv0 (you could also patch the hypervisor to not hide the bootldr, would be easier). Then it's just as simple as decrypting bootldr->lv0>lv1ldr/lv2ldr/appldr->cfw/3.6+ eboot keys. And no sony can't patch this because there's no where else to hide these encrypted loaders as lv0 was the last place that could be updated via firmware update.

381. 

     raiderscrusade
     11-11-2011
     01:10 AM

     381

     Just thought I'd add it, but in regards to that eussNL key and geohot key, the same values exist in the exact same offsets in the pastebin link to 'root @ alexus hexdump'.
     
     So, this could indeed be epic fail.

382. 

     Elegant
     11-11-2011
     02:48 AM

     382

     [MENTION=206886]j89[/MENTION] you can dump lv0 using gameOS or otherOS. In addition I believe gitbrew managed to dump bootldr from otherOS (this was back in July, and most likely done through a hypervisor patch as you said). But since I haven't really found solid proof that it was done through otherOS or an explanation from them other than a post saying it was accomplished.
     
     Waiting game, lets hope someone has some steady hands to solder and enough intelligence to create a custom bootldr.

383. 

     freshstart
     11-11-2011
     04:16 AM

     383

     i just checked pastebin and i saw something
     
     http://pastebin.com/HwkP0Bfg
     
     

     <Mathieulh> rms ah! you mean using that bug we found ? (about the elfs)

     There it is still a "we found".

384. 

     baargle
     11-11-2011
     05:26 AM

     384

     Originally Posted by xxxblitzxxx how can he be wrong can you explain ?? =)

     As the guy has (fantastically i must say) explained on this page ^
     
     Everything of use has been taken out of METLDR apart from the per console key.

385. 

     xxxblitzxxx
     11-11-2011
     05:30 AM

     385

     Originally Posted by freshstart i just checked pastebin and i saw something http://pastebin.com/HwkP0Bfg There it is still a "we found".

     i hopre this leads us to something very big =)

386. 

     baileyscream
     11-11-2011
     05:43 AM

     386

     Originally Posted by freshstart i just checked pastebin and i saw something http://pastebin.com/HwkP0Bfg There it is still a "we found".

     reading that pastebin the quote :-
     32.[04:46:01] <Mathieulh> now we just have to load them and fetch the data from the shared LS or the mailbox
     sounds like you might just need software to get the ls not hardware after all !!

387. 

     ModIt
     11-11-2011
     07:11 AM

     387

     Originally Posted by j89 this has been explained in bits and pieces in this thread but here goes: Up to 3.55: First thing that's run is the bootldr which is encrypted at factory with your per console key. This means that everyone's bootldr dump will look different because it uses a different key. Before this exploit, there was no public method to get this key. bootldr then decrypts lv0 using a public key. This means that this key is the same for everyone and thus everyone's lv0 dump will look the same. after the hardware is setup, bootldr and lv0 essentially don't do much else. One important thing to note is the bootldr cannot be updated, while the lv0 is the lowest possible code that can be updated by sony. After lv0, you have the imfamous metldr that is run. Think of the metldr as a second bootldr as they are similar. They use the same encryption key(per console key) so, like the bootldr, this means two things: 1. It is different for each console 2. Since there was no public method to get this key, it was only able to be decrypted by select few people (e.g. geohot) After it is decrypted, its job is to load lv1ldr(hypervisor),lv2ldr(gameos),appldr(where the 3.6+ EBOOT keys are ) and isoldr. Of course all of these loaders are encrypted with a public key (one key decrypts all). These keys are stored inside the metldr. So then what happened? Well, Geohot found an exploit in metldr which allowed him to obtain the per console key. Instead of releasing how to obtain your own, he decrypted his own metldr, obtained the public keys for the rest of the loaders and released them. This allowed complete control over hypervisor(lv1), gameos(lv2) and the EBOOT keys up to 3.55(appldr) which basically is enough for cfw. How sony patched it: Since geohot never released how to obtain the per console key(the key that decrypts metldr and bootldr), or the bootldr public key the bootldr was still not able to be decrypted by the normal person. This means that everything contained inside the bootldr (which is only the lv0) was still secure. so with 3.60+, they moved all the loaders(lv1ldr,lv2ldr,appldr,isoldr) into lv0 (because as i said before lv0 is the very first code that can be updated). If you haven't figured it out yet: This leak allows us to get your own per console key. The first thing that needs to be done with this key is actually obtain a bootldr and lv0 dump. This isn't as easy as it sounds because when the hypervisor is loaded, it hides these two from gameos. This would require a full dump of the NOR using a hardware programmer (what math was talking about) containing the bootldr and lv0 (you could also patch the hypervisor to not hide the bootldr, would be easier). Then it's just as simple as decrypting bootldr->lv0>lv1ldr/lv2ldr/appldr->cfw/3.6+ eboot keys. And no sony can't patch this because there's no where else to hide these encrypted loaders as lv0 was the last place that could be updated via firmware update.

     
     
     Thanks you sorting this out into understandble words
     
     So the big questions is , are you able to patch the hypervisior and decrypt the loaders? :D

388. 

     RickDangerous
     11-11-2011
     11:20 AM

     388

     Great post j89! That cleared up a lot of confusion for a newb like me.
     
     So we need to patch lv1ldr (hypervisor) so that lv2ldr (gameos) is able to read and dump the bootldr and then decrypt them using the per console key.
     
     I see there is loads of information about hypervisor reverse engineering in the wiki:
     http://ps3devwiki.com/index.php?titl...se_Engineering
     
     Where can I download a decrypted hypervisor dump? My PS3 is OFW 3.72 so I can't dump my own

389. 

     lunuxx
     11-11-2011
     11:23 AM

     389

     Originally Posted by raiderscrusade Just thought I'd add it, but in regards to that eussNL key and geohot key, the same values exist in the exact same offsets in the pastebin link to 'root @ alexus hexdump'. So, this could indeed be epic fail.

     thats my dump and i gave it to eussNL... so its possible eussNL dug thru it a little more i have yet to find out im too busy with work
     if anyone else wants to take a look at the physical dump (not the pastie, the binary file)
     http://gotbrew.org/dump

390. 

     DzhoPS3HAX
     11-11-2011
     11:28 AM

     390

     so we are near the goal?

391. 

     xxxblitzxxx
     11-11-2011
     11:30 AM

     391

     question does this mean we can now play modern games on cfw ?? =)

392. 

     lunuxx
     11-11-2011
     11:32 AM

     392

     why ask? if it was so then it would be front paged everywhere, nows the time to get up and start trying to contribute

393. 

     DzhoPS3HAX
     11-11-2011
     11:32 AM

     393

     no we must wait before to play modern game
     we are maybe near the goal
     but we must wait a little more
     they are working very hard

394. 

     bost7
     11-11-2011
     11:33 AM

     394

     Originally Posted by xxxblitzxxx question does this mean we can now play modern games on cfw ?? =)

     

395. 

     xxxblitzxxx
     11-11-2011
     11:37 AM

     395

     Originally Posted by bost7

     haha i get you my friend i see what you did there haha
     ************* [ - Post Merged - ] *************
     

     Originally Posted by DzhoPS3HAX no we must wait before to play modern game we are maybe near the goal but we must wait a little more they are working very hard

     i hope we are near our goal i thank those people who are trying really hard to make this possible

396. 

     TheEvolution_PT
     11-11-2011
     12:08 PM

     396

     Dudes im waiting too, it´s very hard but with time everything it´s possible, so stop complaining and acting like childs, just wait and suport the devs, don´t ask stupid questions, with lv0 everything it´s unlocked, and btw read the muther****a thread before you muther****a posting!

397. 

     catalinuxm
     11-11-2011
     12:49 PM

     397

     Dear Dev's,
     Go further to achieve our goals, push your brain to the limit until "THE FAT and SLIM LADY SING" and than only than all the NOOB's of the scene will see, maybe, how hard is to break those fu...ing codes.
     So, my friends, my dear noob's like I am : BE PATIENT, STAY CALM and let them to work, because it is a VERY, VERY, VERY, HARD WORK.
     Let's support them.
     HOOAH Dev's ! YOU

398. 

     depblkman
     11-11-2011
     01:00 PM

     398

     Just think, this is for all the noobs, this will be like the ultimate Christmas gift. Just be patient like a lot of us has been saying for the longest of time and good things will happen.
     
     Sent from my PC36100 using Tapatalk

399. 

     xxxblitzxxx
     11-11-2011
     01:30 PM

     399

     men im truly grateful to GOD that the dev are making a lot of effort so that gamers like us will be given a chance to enjoy the true potential of the ps3 thank you devs =)

400. 

     adrianc
     11-11-2011
     01:45 PM

     400

     I hate to burst everyone's bubble but this means nothing. The chain of trust was fixed by moving loaders into lv0.
     
     Until lv0 is either dumped or decrypted, the loaders, and therefore the keys will remain just out of reach. Cold boot exploits are not possible because lv0 sets up the loaders table before passing execution to lv1. Decrypting lv0 requires pwning the bootloader_PE, which is very difficult.
     If you could sniff the flexio you might be able to dump it that way. Or you could use what is known about the CBE secure boot to preempt bootldr. I suggest the IBM docs as reading material.
     
     -adrianc

401. 

     baargle
     11-11-2011
     01:48 PM

     401

     Originally Posted by xxxblitzxxx question does this mean we can now play modern games on cfw ?? =)

     
     
     

     Originally Posted by xxxblitzxxx men im truly grateful to GOD that the dev are making a lot of effort so that gamers like us will be given a chance to enjoy the true potential of the ps3 thank you devs =)

     
     
     ....
     ************* [ - Post Merged - ] *************
     

     Originally Posted by adrianc I hate to burst everyone's bubble but this means nothing. The chain of trust was fixed by moving loaders into lv0. Until lv0 is either dumped or decrypted, the loaders, and therefore the keys will remain just out of reach. Cold boot exploits are not possible because lv0 sets up the loaders table before passing execution to lv1. Decrypting lv0 requires pwning the bootloader_PE, which is very difficult. If you could sniff the flexio you might be able to dump it that way. Or you could use what is known about the CBE secure boot to preempt bootldr. I suggest the IBM docs as reading material. -adrianc

     Apparently some members at gitbrew dumped the boot loader a few months ago. The key in METLDR can decrypt this dump from what i gather. Don't know their stance on releasing that sort of thing and nobody has actually verified their claims.

402. 

     adrianc
     11-11-2011
     02:02 PM

     402

     Originally Posted by baargle Apparently some members at gitbrew dumped the boot loader a few months ago. The key in METLDR can decrypt this dump from what i gather. Don't know their stance on releasing that sort of thing and nobody has actually verified their claims.

     I believe you are referring to when glevand and I were able to dump a decrypted bootldr from a 256MB phat console (mine). This really means nothing, dumping bootldr on nor consoles was done long before that. Whats odd is that lv1 hides bootldr on phat consoles.
     
     Metldr has no involvement with decrypting bootldr, for that you require a root key.
     
     -adrianc

403. 

     baargle
     11-11-2011
     02:19 PM

     403

     Originally Posted by adrianc I believe you are referring to when glevand and I were able to dump a decrypted bootldr from a 256MB phat console (mine). This really means nothing, dumping bootldr on nor consoles was done long before that. Whats odd is that lv1 hides bootldr on phat consoles. Metldr has no involvement with decrypting bootldr, for that you require a root key. -adrianc

     lol, I see now who you are thanks for clearing that up. Sorry for being a retard. Are you saying that the contents of METLDR are no help in decrypting bootldr\lv0. I think that's the general (mis)conception at the moment amongst the peons.
     
     You've got me curious here as Math seems to be saying that his leaked hack can be applied in principle to a dump a decrypted bootldr\lv0. Does his leaked hack actually provide any practical help with that or is it merely in a philosophical sense in your opinion?
     
     Cheers,

404. 

     baileyscream
     11-11-2011
     02:34 PM

     404

     Originally Posted by adrianc I believe you are referring to when glevand and I were able to dump a decrypted bootldr from a 256MB phat console (mine). This really means nothing, dumping bootldr on nor consoles was done long before that. Whats odd is that lv1 hides bootldr on phat consoles. Metldr has no involvement with decrypting bootldr, for that you require a root key. -adrianc

     hi adrianic how is the court order you recived from sony going?
     you know the one you told us all said you had to remove everything about yourself from the net (inc your twitter acc)
     also i thought you were banned from ps3hax for ripping ppl off over the ps3 development unit.
     very strange to see you back !!

405. 

     Elegant
     11-11-2011
     02:34 PM

     405

     [MENTION=189561]adrianc[/MENTION] is the metldr and bootldr not encrypted with the same key? If so isn't it not entirely possible to sign and encrypt your own bootldr?
     
     [MENTION=177623]baileyscream[/MENTION] Don't start that crap again. That is a completely off topic post take it up somewhere else kthxbye.
     
     [MENTION=101611]baargle[/MENTION] someone needs to explain how the general misconception is wrong first =/ In the case that is, the metldr exploit should still be a good basis for how to make a bootldr exploit. The issue with the bootldr exploit is you need a hardware hack unless there's a way to overwrite the bootldr software wise that I'm not thinking of (entirely possible I guess).

406. 

     baileyscream
     11-11-2011
     02:49 PM

     406

     [QUOTE=Elegant;280387]
     [MENTION=177623]baileyscream[/MENTION] Don't start that crap again. That is a completely off topic post take it up somewhere else kthxbye.[QUOTE]
     
     i'm sorry i thought with this being a news post i was free to greet devs and also inform anyone who doesnt know just what sort of person he is.
     that way when he starts contradicting math they know weather or not to trust him.
     if thats so wrong than sorry

407. 

     j89
     11-11-2011
     03:13 PM

     407

     Metldr and bootldr use the same exact console key and this has been the same since the start. If you can Get your per console key(this exploit) you can decrypt the metldr, if you can decrypt the metldr you can decrypt the bootldr(and the lv0 and every other ldr).

408. 

     luqi
     11-11-2011
     04:53 PM

     408

     j89 ,
     
     youre sure ?

409. 

     adrianc
     11-11-2011
     05:10 PM

     409

     Originally Posted by Elegant [MENTION=189561]adrianc[/MENTION] is the metldr and bootldr not encrypted with the same key? If so isn't it not entirely possible to sign and encrypt your own bootldr?

     They are encrypted with the same key, which is burnt into the CBE efuses. This key is never passed along the chain of trust, so neither metldr or bootldr ever sees their own key.
     
     
     

     Originally Posted by baargle lol, I see now who you are thanks for clearing that up. Sorry for being a retard. Are you saying that the contents of METLDR are no help in decrypting bootldr\lv0. I think that's the general (mis)conception at the moment amongst the peons. You've got me curious here as Math seems to be saying that his leaked hack can be applied in principle to a dump a decrypted bootldr\lv0. Does his leaked hack actually provide any practical help with that or is it merely in a philosophical sense in your opinion? Cheers,

     Metldr dumps will give you some perspective on how secure loaders work, and possibly stimulate some ideas for how you might be able to pwn bootldr. However, there is no easy 'find a key, use a key' solution to be found inside metldr.
     
     

     Originally Posted by j89 Metldr and bootldr use the same exact console key and this has been the same since the start. If you can Get your per console key(this exploit) you can decrypt the metldr, if you can decrypt the metldr you can decrypt the bootldr(and the lv0 and every other ldr).

     This exploit does not enable you to find the hardware root key, merely a much weaker derivative which exists to prove the secure loader has been authorised by hardware.

410. 

     GregoryRasputin
     11-11-2011
     05:12 PM

     410

     Originally Posted by baileyscream hi adrianic how is the court order you recived from sony going? you know the one you told us all said you had to remove everything about yourself from the net (inc your twitter acc) also i thought you were banned from ps3hax for ripping ppl off over the ps3 development unit. very strange to see you back !!

     Why would we ban him, he hasn't done anything wrong, he hasn't broken any rules.
     
     Also your post is off topic and you could receive an infraction for thread derailment, if you want to discuss any thing with [MENTION=189561]adrianc[/MENTION], email him, keep it of this thread.

411. 

     jarmster
     11-11-2011
     07:17 PM

     411

     Now adrianc, do you really think clock glitching will work?
     
     lol, smartcards all over again

412. 

     Elegant
     11-11-2011
     11:21 PM

     412

     [MENTION=189561]adrianc[/MENTION] But Math did state the keys are in fact hard coded in the metldr.
     
     

     Originally Posted by Mathieulh So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0×00 to 0×30, which means you get to dump these too. (Although they are hardcoded in metldr’s code anyway)

     Would this not prove the opposite of what you're saying and the metldr does in fact know the keys? Or are we missing a step somewhere? To me all this says is your root keys have been stored in the metldr all along because Sony decided to again fail and leave them hardcoded in there. Could just be my misinterpretation though.
     
     Also, you said you managed to do a bootldr dump, was this done through GameOS/OtherOS or were you left with no choice but to do a hardware NAND dump? If you managed to do it through GameOS/OtherOS would you be willing to share your secret? I have a NAND console myself and am quite curious how it was done.

413. 

     baargle
     11-12-2011
     08:04 AM

     413

     Lots of conflicting statements from people who all sound plausible...
     
     Someone is talking out their bottom.

414. 

     rafa11
     11-12-2011
     11:51 AM

     414

     I wonder if there's anyone working on this right now?
     Seems that all the fuss raised up by Matieulh was, after all, unnecessary.
     I hope anything will come out of this, but I'm not sure if there's anyone willing to "get their hands dirty" and there's a discussion going on about the utility of this.
     A lot of arguments but no test results so far...

415. 

     fouzi
     11-12-2011
     11:56 AM

     415

     math has left the scene finnaly
     the scene is not big enought for his ego

416. 

     chrisrlink
     11-12-2011
     03:44 PM

     416

     so until we derypt lv 0 were at a standstill again well we can wait

417. 

     Elegant
     11-12-2011
     06:42 PM

     417

     [MENTION=186714]rafa11[/MENTION] Someone did test it. It's on the front page. It's what comes next which involves soldering that becomes an issue.

418. 

     luqi
     11-12-2011
     06:48 PM

     418

     Originally Posted by Elegant [MENTION=186714]rafa11[/MENTION] Someone did test it. It's on the front page. It's what comes next which involves soldering that becomes an issue.

     what you talk about ?
     
     and check this out , please :
     
     PS3 bootldr key
     
     http://pastebin.com/pWVav1qK
     
     
     
     dont know if its true or not ...

419. 

     bost7
     11-12-2011
     06:57 PM

     419

     Originally Posted by luqi what you talk about ? and check this out , please : PS3 bootldr key http://pastebin.com/pWVav1qK dont know if its true or not ...

     I bet 10$ it is fake.

420. 

     Elegant
     11-12-2011
     08:52 PM

     420

     [MENTION=104132]luqi[/MENTION] [MENTION=139681]bost7[/MENTION]
     Each bootldr key is different. It is makes no difference if you find a bootldr key online since it belongs to someone else's console. It will in no way help you. Why? It's a root key belonging to that specific console. That also does not make it fake, it's just useless to you.
     
     Someone did test Mathieulh's exploit that's how someone got their metldr key which is also the bootldr key. I really wish people read. It's what comes after. Knowing the key allows you to decrypt the bootldr and also encrypt a different one. The issue is that you need to solder your PS3 to perform a NAND or NOR dump for the bootldr AFAIK and then replace the bootldr and begin experimenting.

421. 

     baargle
     11-13-2011
     01:17 AM

     421

     Originally Posted by Elegant [MENTION=104132]luqi[/MENTION] [MENTION=139681]bost7[/MENTION] Each bootldr key is different. It is makes no difference if you find a bootldr key online since it belongs to someone else's console. It will in no way help you. Why? It's a root key belonging to that specific console. That also does not make it fake, it's just useless to you. Someone did test Mathieulh's exploit that's how someone got their metldr key which is also the bootldr key. I really wish people read. It's what comes after. Knowing the key allows you to decrypt the bootldr and also encrypt a different one. The issue is that you need to solder your PS3 to perform a NAND or NOR dump for the bootldr AFAIK and then replace the bootldr and begin experimenting.

     Yeah, but it only takes 1 person to do this work dump\decrypt\fiiddle, then we're all covered, right.......(don't know what comes next i can't reverse a car let alone code)

422. 

     Elegant
     11-13-2011
     02:35 AM

     422

     I actually I take that back... if adrianc is really right then we only got a partial if anything of the real root key and it is mostly hidden from us. Which would mean we use the metldr exploit as a basis for a bootldr exploit. That would take even more fiddling.

423. 

     RickDangerous
     11-13-2011
     03:28 AM

     423

     Edit: just ignore this post.

424. 

     Natedogg20050
     11-13-2011
     07:48 AM

     424

     you are totaly wrong do you guys remember ? winocm u know it omg omg omg omg omg omg its jailbroken guy ?
     
     he did jailbreak 3.6.0 with this personal rootkey. but if we want one rootkey for all of us we need to go straight after lv0 becouse this is the deepest we can go.
     
     i cant speak for the new consoles from sony that are not hackable but our consoles with lv0 would be free even for firmware 3.8.0

425. 

     kian2002
     11-13-2011
     11:32 AM

     425

     lv0 can be changed its bootldr we need to get control of.
     This way we can just tell the system to dump lv0 unencrypted to the usb this way sony cant stop it and we can get the keys from every update
     
     this will still not give you cfw 3.73 ect unless some clever person can put back the exploit.
     
     but you will be able to play games above the 3.55

426. 

     fouzi
     11-13-2011
     12:27 PM

     426

     so we have to wait till some dev who is not "selfish'' to do something with this thing
     
     nice good buy present math
     
     thanks and do us all a favor by not coming back

427. 

     Albert Wesker
     11-13-2011
     12:57 PM

     427

     Originally Posted by fouzi so we have to wait till some dev who is not "selfish'' to do something with this thing nice good buy present math thanks and do us all a favor by not coming back

     The Only one who he is doing a favour is you i guess! Without him we wouldn't even have a technique to get the keys, so stop crying you don't have any keys and stay to the topic ungrateful...
     
     @Topic: i'm sure there are some dev's who are working on it at the moment. A higher custom firmware wouldn't be a bad thing, also because Sony announced a 4K update for PS3 but we will see in the future what we will get. I have trust in the devs.

428. 

     fouzi
     11-13-2011
     01:13 PM

     428

     didn t understand much
     +
     nothing really change with him going cuz he doesn t release anything
     
     but there is a lot of smart in the world

429. 

     adrianc
     11-13-2011
     02:19 PM

     429

     The so called "root key" that is inside metldr is actually key_1, which is the EID_root_key.
     
     key_0, aka the secure loader key is what is used to encrypt/decrypt metldr and bootldr. This key never leaves the pervasive logic in the cell.
     
     -adrianc

430. 

     ModIt
     11-13-2011
     02:26 PM

     430

     So math's exploit doesnt help us at all?

431. 

     adrianc
     11-13-2011
     03:06 PM

     431

     Originally Posted by ModIt So math's exploit doesnt help us at all?

     Yep.
     
     
     -adrianc

432. 

     kian2002
     11-13-2011
     03:20 PM

     432

     but the exploit will work on bootldr but we need to hard mod to do it and if we have control of that we have control of lv0 and the keys
     
     correct me if im wrong

433. 

     ModIt
     11-13-2011
     04:20 PM

     433

     Originally Posted by adrianc Yep. -adrianc

     So what is the point in an exploit, if the exploit doesnt exploit anything useful ?

434. 

     TheEvolution_PT
     11-13-2011
     04:49 PM

     434

     The first exploit I explained in Step I which I called the "meta exploit" is used to trick metldr into decrypting the self metadata in the shared Local Store (which can be accessed from the ppu as it's not isolated)
     This exploit works on the bootloader (provided that you can read the shared local store at boot time)
     
     The second exploit explained in step 2 (and used in the leaked files) which I called the "donut exploit" relies on wrapping around the memory to trick metldr into loading a self section onto its own code (and gain code execution), this exploit only works on metldr and doesn't work on metldr.2 because it relies on signing a loader. There is yet another ldr exploit that works on metldr (and metldr.2) and allows to gain code execution but it relies on an hardware implementation flaw and cannot easily be found, because it's not a software exploit (even though it can entirely be triggered by software so long as you at least have code running on the ppu with lv2 privileges)
     
     Mathieulh in ps3crunch

435. 

     Natedogg20050
     11-13-2011
     05:57 PM

     435

     first tell me why the hell adrianc is back here ?
     
     then why does maths exploit dosent help us at all ?

436. 

     Rehv
     11-14-2011
     06:23 AM

     436

     Just don't get over the guy. If I knew something and couldn't release due to lawsuits I'd just tell someone leaked my work and talk about it. The problem here is you ppl that DON'T understand this and keep calling him drama-queen or something like that. For now, I'm just pissed I got a PS3 as a "surprise" gift and can't put it to CFW 3.55 because it came with OFW 3.66. I can only dual boot now, and I'm not sure I wanna mess with solder and stuff.

437. 

     Majidorc
     11-14-2011
     06:51 AM

     437

     Happy Birthday PS3

438. 

     noddy4life
     11-14-2011
     07:09 AM

     438

     I asked PS3 hax in an email the same thing but no reply about adrianc only because I donated

439. 

     baileyscream
     11-14-2011
     09:48 AM

     439

     think i derail a thread?? i think adrianc is doing just that but as you love dev's (and i say that about this 13 year old lightly) then you wont see him as being in the wrong even if he is contradicting your best bud math! lool your funny sometimes!

440. 

     DigitalP1R4t3
     11-29-2011
     09:35 PM

     440

     http://pastie.org/2941787

441. 

     medi01
     12-02-2011
     03:17 PM

     441

     Originally Posted by ModIt So what is the point in an exploit, if the exploit doesnt exploit anything useful ?

     It makes Matheulhulhhuh shine in the news.
     ************* [ - Post Merged - ] *************
     

     Originally Posted by Elegant [MENTION=104132]luqi[/MENTION] [MENTION=139681]bost7[/MENTION] Each bootldr key is different. It is makes no difference if you find a bootldr key online since it belongs to someone else's console. It will in no way help you. Why? It's a root key belonging to that specific console. That also does not make it fake, it's just useless to you. Someone did test Mathieulh's exploit that's how someone got their metldr key which is also the bootldr key. I really wish people read. It's what comes after. Knowing the key allows you to decrypt the bootldr and also encrypt a different one. The issue is that you need to solder your PS3 to perform a NAND or NOR dump for the bootldr AFAIK and then replace the bootldr and begin experimenting.

     bootldr key IS NOT per console, it's ONE FOR ALL. ALL consoles must be able to decrypt firmware update (which is encrypted with that crap), that's ****ING why it must be the same.
     
     "Mateulhs exploit" is ONE ****ING YEAR too late. Geohot got us metloader key ONE YEAR AGO.
     
     And no, metloader key is not "the same as bootloader key", WHERE DID YOU GET THAT CRAP?!?!? What you say makes on fluxing sense, why don't you ****ing get a clue before spreading ****ing FUD newb?

442. 

     GregoryRasputin
     12-02-2011
     03:27 PM

     442

     Originally Posted by medi01 Geohot got us metloader key ONE YEAR AGO.

     
     He actually got it ELEVEN MONTHS AGO, so not quite the year yet, oh and calm down....

443. 

     hamtah
     12-02-2011
     03:32 PM

     443

     Originally Posted by GregoryRasputin He actually got it ELEVEN MONTHS AGO, so not quite the year yet, oh and calm down....

     I wonder why we don't have someone like Geohot. Because of his need for fame, we got a 3.55 CFW.

444. 

     GregoryRasputin
     12-02-2011
     03:35 PM

     444

     Originally Posted by hamtah I wonder why we don't have someone like Geohot. Because of his need for fame, we got a 3.55 CFW.

     fail0verflow would have released it anyway.....

445. 

     mcmrc1
     12-02-2011
     03:37 PM

     445

     Originally Posted by GregoryRasputin fail0verflow would have released it anyway.....

     but not for fame...

446. 

     GregoryRasputin
     12-02-2011
     03:40 PM

     446

     Originally Posted by mcmrc1 but not for fame...

     You sure about that

447. 

     hamtah
     12-02-2011
     03:57 PM

     447

     Originally Posted by GregoryRasputin fail0verflow would have released it anyway.....

     Then why can't we have someone or some group like f0f? Almost one friggen year, AND NOTHING. I would do something IF I was a compute engineer or whatever these talented devs are, but I'm not. So I think we can trust upon these devs to have something, but even release something. Or I could clearly say that these devs don't have hearts like f0f team has.

448. 

     medi01
     12-02-2011
     04:04 PM

     448

     Yep, 11 month is not one year and it makes such a difference in this context and is not nitpicking at all...
     
     

     Originally Posted by GregoryRasputin fail0verflow would have released it anyway.....

     Those deserve tons of credit for finding epic.fail (although I'd prefer them to not let Sony know where the epic **** up was) but they couldn't get to the metldr.
     
     Actually, nobody, but geohot, did. It took mateulh a year to figure how it could have been obtained originally (and we don't even know if that was based on cluses from hotz) and that is the only alternative finding we know.
     
     
     
     
     Oh, and regarding Matieulh's "lv0 decryptor", note that that is NOT direct evidence of having the key. (build string) He could have named _first byte_ of the _hash_ of the real key, and that would have been really hard proof. However version string is the only "proof" he released, but there are number of other ways of obtaining that.

449. 

     Warning
     12-02-2011
     04:06 PM

     449

     Originally Posted by hamtah Then why can't we have someone or some group like f0f? Almost one friggen year, AND NOTHING. I would do something IF I was a compute engineer or whatever these talented devs are, but I'm not. So I think we can trust upon these devs to have something, but even release something. Or I could clearly say that these devs don't have hearts like f0f team has.

     Linux people are hardcore.
     Dongle makers are hardcore.
     Everyone else not so hardcore.

450. 

     mcmrc1
     12-02-2011
     04:16 PM

     450

     Originally Posted by GregoryRasputin You sure about that

     hmm......no