Looks like the PS3 LV0 keys have been leaked and reported to be working!
LV0 keys:
ERK = CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9 AB2D215865878A
RIV = F9205F46F6021697E670F13DFA726212
PUBLIC = A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB 925AAF4AFFF34D41EEB54DD128700D
PRIVATE = 001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3
CURVE_TYPE = 0×33
To quote:
.—-==[22-10-2012]=======================================================—-.
[_ As this was a group effort, we wouldn't normally have lost a word about it |
|ever, but as we're done with PS3 now anyways, we think it doesn't matter |
|anymore [http://pastie.org/4462324]. Congratulations to the guy that leaked |
|stuff, you, sir, are a 1337 haxx0r, jk, you’re an asshole. _]
| |
| Try this bytes… |
| – [erk=CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9AB2D215865878A] |
| – [riv=F9205F46F6021697E670F13DFA726212] |
| – [pub=A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB925AAF4AFFF34D |
| 41EEB54DD128700D] |
| – [priv=001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3] |
| – [ctype=33] |
| …and be amazed. |
| |
[_ People should know that crooked personalities are widespread in this so |
|called 'scene'. Some people try to achive something for fun together and make|
|the wrong decision to trust others and share their results with them, but ofc|
|there got to be the attention seeking fame wh*** that has to leak stuff to |
|feel a little bit better about him-/herself. _]
[_ Now the catch is that it works like this in every 'scene', just that in |
|others it usually doesn't come to light. _]
[_ The only sad thing is, that the others who worked on this won't get the |
|attention they deserve because they probably want to remain anonymous (also |
|they don't care about E-fame <3). _]
| |
[_ PS: This is neither about drama nor E-fame nor 'OMG WE HAZ BEEN FIRST', we |
|just thought you should know that we're disappointed in certain people. You |
|can be sure that if it wouldn't have been for this leak, this key would never|
|have seen the light of day, only the fear of our work being used by others to|
|make money out of it has forced us to release this now. _]
‘—-===========================================[- The Three Musketeers]==—-’
10-22-2012
01:23 PM
10-22-2012
01:29 PM
I was so close.
10-22-2012
01:30 PM
To those wondering this is apparently for the lv0 of 4.25.
10-22-2012
01:32 PM
how was this found?
10-22-2012
01:33 PM
these are legit.
10-22-2012
01:33 PM
I knocked on the case of my ps3 and said pretty please and it gave them to me in a log.
10-22-2012
01:35 PM
i'm testing this now results in minuts
10-22-2012
01:36 PM
10-22-2012
01:37 PM
10-22-2012
01:38 PM
I'm currently trying to verify this as well but I have yet to see anyone able to disprove whether these are legit or not.
10-22-2012
01:38 PM
http://rghost.net/41097133
here it is decrypted
these keys are legit
10-22-2012
01:41 PM
http://pastie.org/private/bevpt5jf9kdjg3vrrv05w
10-22-2012
01:42 PM
[MENTION=210007]zadow28[/MENTION] So what does this all mean?
10-22-2012
01:42 PM
Oh dear god!
10-22-2012
01:42 PM
http://pastie.org/private/bevpt5jf9kdjg3vrrv05w
10-22-2012
01:43 PM
It means DON'T UPDATE. If you do not have CFW and are on 4.25 DON'T YOU DARE UPDATE. With lv0 the sky's the limit. Sony already announced a 4.30 a few hours ago if I'm not mistaken (and no this was not in response to the keys it's just pure coincidence).
EDIT: 4.30 is due out tomorrow DO NOT UPDATE.
10-22-2012
01:46 PM
10-22-2012
01:48 PM
the on i used was 4.21
but i guess they work on 4.25 also
10-22-2012
01:48 PM
Beacuse lv0 IS updatable and metldr 1&2 are NOT (only hardware) that means all produced consoles until today are JB-able ?
10-22-2012
01:48 PM
Frontpage Please..
10-22-2012
01:49 PM
some kind sir please make this FRONTPAGE NEWS!!!
10-22-2012
01:49 PM
I got shivers
10-22-2012
01:49 PM
[MENTION=210007]zadow28[/MENTION] confirms they are legit.. F*uck you BlueDisk..
10-22-2012
01:52 PM
you fock1ng kidding me is this real or what
10-22-2012
01:54 PM
This can't be true... right?
Is this real life? *trying to not scream like a little girl*
10-22-2012
01:55 PM
Poop is about to hit the fan
10-22-2012
01:56 PM
I really hope that soon the PS3 SCENE STATUS will show 4.XX as the highest hackable firmware instead of 3.55
.
100th post
10-22-2012
01:56 PM
here are the 4.25 one the other was from 4.21
http://rghost.net/41097551
10-22-2012
01:56 PM
10-22-2012
01:57 PM
OMG!! Been waiting for two years for this!! Just OMG!!
10-22-2012
01:59 PM
its also on the wiki http://www.ps3devwiki.com/wiki/Keys#lv0
10-22-2012
02:01 PM
Lets get to work people.. It's time to break the chains and run..!!!!
10-22-2012
02:02 PM
much love if it means 3k gets some attention
meh if not
10-22-2012
02:02 PM
So does this mean newer Ps3's can be hacked now or is this still strictly for 3.55 users?
10-22-2012
02:05 PM
[MENTION=194741]ploggy[/MENTION] it would mean anyone on 4.23 can now get cfw, If I am understanding this right.
10-22-2012
02:05 PM
[MENTION=52506]japsander[/MENTION] i mean it should give 3k a chance right since it would be going to update to 4.25 so it must be compatible ?? Or am i missing something here
10-22-2012
02:07 PM
10-22-2012
02:08 PM
That is all.
10-22-2012
02:09 PM
simple question which I think others are asking?
lv0keys..
Usefull to those currently on OFW 4.25, or 4.21 etc...
Or only if your currently on CFW to be able to run an exploit of some sort, ie a pkg or pup file?
10-22-2012
02:10 PM
iv extrackted and decrypted some off the loaders, go search for keys
http://rghost.net/41097829
number 4 is appldr
Key 28 06 59 43 5E EA 33 B1 BD 7A B4 D0 81 13 06 D1
IV EA 0E 83 8B A5 90 57 7A 14 D1 3C 8E 09 FD D1 34[*] Application Info:
Auth-ID [appldr]
Vendor-ID [hv]
SELF-Type [Secure Loader]
Version 04.25
some files inside
that could be not be decrypted
http://rghost.net/41097841
10-22-2012
02:11 PM
10-22-2012
02:14 PM
I have to take off my hat once again in front of the mighty power of anon leaks.
I find it funny though that the guys from the pastie are practically boasting about how they were never going to release these keys and are calling the leaker an as*hole
10-22-2012
02:15 PM
10-22-2012
02:15 PM
Rebug incoming?
10-22-2012
02:15 PM
thx zadow and all the rest
added to scetool, decrypts fine
10-22-2012
02:16 PM
EDIT:
Damn Internet slowwwwwwww
10-22-2012
02:20 PM
Note, the powers that be gave us the private key as well. we can re-sign lv0.
I guess the sky is the limit now.
I guess we also need to figure out what this means for the 'new bootloader' users. Can they use resigned lv0/fw/pup?
10-22-2012
02:20 PM
10-22-2012
02:22 PM
awesome...
just AWESOME.. thanks to whoever did the good work!
10-22-2012
02:26 PM
1 hour passed and everyone are so sure it's true? how so? usually no one believes in such things.
10-22-2012
02:26 PM
dont wanna go throw all the xmmwords
10-22-2012
02:26 PM
This. Is. Awesome.
10-22-2012
02:27 PM
Wow..
What an impeccable last 24 hours.
:applauding:
10-22-2012
02:28 PM
now can we find keys to decrypt all eboot until a new cfw release ?,
10-22-2012
02:28 PM
Thanks evils perm , i remember that someone said if they launch they would not see the day light and someone keep their promise. Really would like to see those who said badddddddd things about the last post when you are defending champion on a bunch of home brewwwwwwww.
10-22-2012
02:29 PM
10-22-2012
02:32 PM
10-22-2012
02:32 PM
YES! Finally! Me and my 3K slim are ever so thankful. Now, who'll be the first one to release a free stable 4.25 CFW out there? And what's gonna be the next KMEAW? Can't wait to see what comes out of this. Tempting to call in sick tomorrow.....
10-22-2012
02:35 PM
Lol, hax is lagging due to this thread!
Again will be waiting until a free cfw is out before I believe it.
10-22-2012
02:36 PM
Don't know why people is so excited has anyone confirmed it's real?
10-22-2012
02:36 PM
Rogero's Avatar
Rogero
Rogero is online now Junior Member
Guys...the wait is almost over.... i say few hours.... maybe less
-------------------------------------
Well Well, what do you know more keys, sadly all this ****storm in the scene will not end unless the pussies behind all the backroom closed-door dealings come out of the woodwork, and name names, until then developers will be scared again, not knowing whom to trust with their work until it is finished, or whom is mole working both sides of the fence, selling off their hardwork to the highest bidder, and all this drama leaves us soon into another backhole, I have already confirmed a number of developers have pulled the plug, so we have keys for now, but left with a buggy half-finished BlueDisk-CFW firmware, and Sony quickly updated their code, so we may be in luck getting a v4.30 out, but tough luck thinking you see an v4.80 custom firmware release after all this **** hit the fan!
Source: 'The Three Musketeers'
10-22-2012
02:36 PM
i want a gold star...as i said they had the keys all along...ive been right twice in a year...yippee a new record...this is amazing news...and thankyou devs for not letting the drm f\/ckers ruin the scene again...let the new cfw rollout and bring with it new life & a new calmness to the scene...long live the resistence....sorry getting carried away...f\/cking awsome news....cant stop smiling.
10-22-2012
02:38 PM
10-22-2012
02:38 PM
Free 4.25 CFW incoming? Please god
Edit: Crap, my console is a 3K model
10-22-2012
02:43 PM
I am pretty sure it goes like this.
Models UNDER 3k = CONGRATULATIONS AND PRAISE THE SUN
Models ABOVE 3k AND 3K ITSELF = Still in the dark, sorry.
3K and up have lv0.2 and that's completely different story than lv0.
10-22-2012
02:44 PM
I downloaded the files and openes them in HEX editor, but don't know hot to explore it....
10-22-2012
02:46 PM
10-22-2012
02:47 PM
who let the dogs out? someone who wanted BlueDisk to fail?!?! e3 maybe???
10-22-2012
02:49 PM
I hate to burst your collective bubbles, but this is not going to help anyone with the new "unhackable" PS3s. Those use different keys for LV0, and even if we could figure out the public keys for those consoles by exploiting metldr, we'd have no way of figuring out the private ones needed to resign LV0 after making changes.
Additionally, for those currently one OFW 3.60+, nothing has changed. You will still need a hardware flasher to install CFW. This is due to the fact that once you have firmware 3.60+, it uses a new key pair to check the validity of the firmware, which we once again have no way of getting the private keys for.
But if you are already on CFW 3.55, look forward to seeing frequent CFW updates in the future, similar to the PSP scene in it's heyday.
By the way, a special **** you to whoever leaked this to Chinese pirates for what was most likely a large sum of cash. While I did want to see the PS3 cracked open eventually, doing this now is going to do nothing but lead to more piracy. I don't particularly like Sony, but they have enough **** to deal with without this happening. I personally could have waited until the PS3's life cycle was complete for these keys. Well, whatever, at least I can buy some new PSN games now that I'd been meaning to get.
10-22-2012
02:52 PM
Lets wait and see...
10-22-2012
02:53 PM
10-22-2012
02:55 PM
10-22-2012
02:57 PM
While we're waiting on the CFW if we get the appldr we should just need to resign it for 3.55 and then the resigning eboots isn't needed. Just need that appldr!
This should also mean the PSP final FW keys will be found and quite possibly the PSVita keys.
10-22-2012
02:57 PM
10-22-2012
03:00 PM
10-22-2012
03:02 PM
10-22-2012
03:06 PM
Hey guys , i am amazed with this progress, but i have a question .. i have a ps3 slim 320GB CECH 2504A model that came with a 3.60 ofw , will be possible to use the upcoming cfw?
10-22-2012
03:12 PM
I can finally install and play GT5 Spec II updates???
YIPPPEEEEEEE!!!!
10-22-2012
03:13 PM
Start working on the Exploits and CFW and I will be here Waiting.
If this leads to 4.25 CFW for all PS3's even above 3.55 Then I will be willing to donate some money, And or time.
10-22-2012
03:14 PM
10-22-2012
03:15 PM
didn't math say something about lv0? can anyone verify if he was right or wrong?
10-22-2012
03:16 PM
http://www.tortuga-cove.com/forums/v...6&p=8516#p8516 <<--- Rogero CEX-4.21 CFW V1.00
10-22-2012
03:17 PM
Now that we have the LV0 keys (including the private signing key which we can get because LV0 is signed using keys that were flawed, similar to the rest of the keys pre-3.60), we can decrypt LV0 and extract the rest of the keys used to encrypt the 3.60+ firmware files. But what we can't do is figure out Sony's new private keys, because they fixed the security flaw that allowed us to get those.
Once you install OFW 3.60+, it uses the new uncrackable keys to check the validity of any firmware you try to install, so it is not possible to go directly from OFW 3.60+ to CFW. But with a flasher you can, because it bypasses the check.
10-22-2012
03:18 PM
It would be easier to have a rebug-style fw with mixed debug ldrs inside with all these goodies... (A lot of work needs to be done to get a safe 4.2x cfw if we ever want to go back to 3.55 at some point.)
10-22-2012
03:19 PM
Now we can Exploit Bootldr!!!! This is epic as ****.
10-22-2012
03:19 PM
10-22-2012
03:22 PM
There's not a single note of how/what was changed (yet) and we can't know if we can ever up/downgrade into this. Or if it works on 4.21 OFW via recovery.. things like that.
10-22-2012
03:23 PM
10-22-2012
03:23 PM
as far as I understand the people with consoles that can be downgraded can download the new CFW without actually downgrading right?
Or am I mistaken?
10-22-2012
03:23 PM
Can anyone please c/d xzyx's comments about 3.55 still being required to get to 4.xx cfw? I'm not sure if I should be looking to buy a 3.55 ps3 or save some money and get a 4.xx model
10-22-2012
03:24 PM
Rogero CEX-4.21 CFW v1.00 Free for All
http://www.mediafire.com/?hrvvaqh7l5gzss9
Untested Via tortuga cove.
10-22-2012
03:27 PM
[MENTION=80372]Will[/MENTION]emse 21 posted this 2 pages ago ;D [MENTION=224021]DEFAULTDNB[/MENTION]
http://www.google.be/url?sa=t&rct=j&...z9tXcZWJjLNN5w
10-22-2012
03:28 PM
10-22-2012
03:28 PM
10-22-2012
03:29 PM
10-22-2012
03:31 PM
10-22-2012
03:38 PM
Three musketeers = E3?
10-22-2012
03:40 PM
10-22-2012
03:40 PM
10-22-2012
03:42 PM
hmm..Rogero
got everything ready...can't resist..any bricks so far? lemme test it for science 
just asking, after this pup can one use the downgrader down425to355.pup they shared earlier?
10-22-2012
03:42 PM
Even if this is fake, its gained enough attention to be front paged as a rumour
10-22-2012
03:44 PM
10-22-2012
03:44 PM
This song reminds me of this, and everything found in the PS3 scene. It fits perfectly.
'Everybody loves you, so don't let them down' and 'They will never forget you til somebody new comes along'
Eagles - New Kid In Town -HD - YouTube
10-22-2012
03:49 PM
can this help people get out of service mode on 3.60+ ? eg resign the lv2 diag .self etc
10-22-2012
03:50 PM
but if it helps people
So the thing is that if you go to the segment in ida pro you see that there are an pattern.
IMPORTANT
This pattern goes for all files.
the keys in exampel.
appldr keys are located in the first yellow area just after the blue.
and there in the start of the area, are also some word like
xmmword_14820 the 1480 bit can change, just under those xmmwords the keys can be located.
in hex
ohh forgot the keys are locate twize. in every loader. iv and pup are seperated once, and together once. side by side .
that you wouldent find in the wiki.
10-22-2012
03:50 PM
can we use these keys to decrypt eboots?
10-22-2012
03:55 PM
Lighten up your path ahead of you, old friend.
10-22-2012
03:55 PM
10-22-2012
04:00 PM
"By the way, a special **** you to whoever leaked this to Chinese pirates for what was most likely a large sum of cash. While I did want to see the PS3 cracked open eventually, doing this now is going to do nothing but lead to more piracy. I don't particularly like Sony, but they have enough **** to deal with without this happening. I personally could have waited until the PS3's life cycle was complete for these keys. Well, whatever, at least I can buy some new PSN games now that I'd been meaning to get.", then I thought it was ****.
Lead to more piracy? 95% of games is already playable for us on the current cfw 3.55 and I DOUBT newer ps3's that uses newer keysets for lv0 or whatnot can use this... It allows us to use our machines as bluray again though, and everything good. And for the newest games. The raise in piracy will be minimal, and it probably won't be larger than the raised amount of sales of those games by those that can now play them.. Nope.jpg.
10-22-2012
04:03 PM
10-22-2012
04:09 PM
As oPolo say's blue ray's will work .now i can get all the blue ray box set i want for Xmas
Loving it
10-22-2012
04:16 PM
I'm surprised my index finger is still attached to my hand after hitting F5 for so long.
I'm beginning to think that when something is leaked and a dev plays the whole "ooooh we didn't want this to be released because of piracy", that they're perhaps talking out of their bumhole and are hoping that in the event of Sony finding them, they can have it as evidence that they didn't leak it or intend for it to be leaked and refer to them posting these posts. Because its happening way too often. Every leak..."we didnt want this out there because of piracy"..."we are very angry". Piracy is inevitable. I'm surprised these guys are devs and they don't get that. I'm not saying that I support piracy, but thinking that it is something that can be controlled is being naive.
10-22-2012
04:32 PM
1. You're a decent and socially intelligent guy. (that sounds weird)
2. You assume the best in people.
3. You assume having qualities of 1.\2. are a needed skill in the art of being an extremely skilled hacker.
...I think we've all learned a lot about the ethos of the modern day hacker as a collective from the PS3 scene over the past 2.5 years. Not all of it is "destroy capitalism and save the world", but instead "We love general Franco"....
Thinking about it....it kinda makes sense
Or I'm just talking crap
10-22-2012
04:34 PM
Good times are back!!
10-22-2012
04:42 PM
Couldn't resist.
10-22-2012
04:45 PM
There are people that know how to blow the ps3 wide open but their hacking spirit is non existent. Sometimes I forget that alot of devs don't care about the scene. I will say though, that there are devs that have the qualities mentioned in 1 and 2 and if we had more like them I wouldn't be sitting in front of my pc half falling asleep not wanting to leave this thread. Because the ps3 would be wide open by now
10-22-2012
04:45 PM
So.. i was reading post's from you guys , bad news to me that i have a ps3 that came with 3.60 ofw ? :x
10-22-2012
04:52 PM
I wonder if I'm screwed I've got a original phat ps3 on OFW 4,25 (it can be downgraded but I can't do it) and I'm not sure if the cfw that could come out of this is installable on my ps3 without downgrading
10-22-2012
04:55 PM
can somone upload the appldr of 4.25 fw??
10-22-2012
04:58 PM
i did on page 5
10-22-2012
05:01 PM
pre-FW3.60 PS3's, aka. the downgradeable ones, they are downgradeable due to the fact that they have the old hackable lv0 and metaloader.
Sony patched the security flaw by adding lv0.2 and metaloader.2, and those use a different keyset, than the one released today. the keyset released today is for the lv0, aka. for the old machines and not for the new.
However, this might either lure new developers to the scene - or - it might somehow help the hacking people in their hacking endavours in terms of hacking lv0.2. Although I think the only one that will now turn their eyes more intensely on the lv0.2 is the DRM people, as this is now the place in the PS3 scene they can earn money. At least for now, and unless they do like Cobra and develop/explores some new functions and develop their own firmware with those features for the already hacked platform.
10-22-2012
05:06 PM
10-22-2012
05:07 PM
10-22-2012
05:14 PM
Rogero's 4.21 CFW 1.00 PUP and the Multiman Starter Pack
10-22-2012
05:15 PM
10-22-2012
05:16 PM
10-22-2012
05:19 PM
I think its just a matter of time right?
Maybe there's hope for us stuck on 3.56+ (without flasher)
10-22-2012
05:26 PM
Clarify something for me. Ive got a pre 3.60 slim with 4.25 OFW. Am i screwed? Is there a soft downgrade available or do I still need E3? I heard something about safemode downgrade. Im so confused right now.
10-22-2012
05:27 PM
I'll build a MFW for 4.25 then test. Ill post back here
10-22-2012
05:28 PM
Nvm Rogero released one
10-22-2012
05:32 PM
10-22-2012
05:45 PM
I geuss I'll just wait and see then
10-22-2012
06:01 PM
10-22-2012
06:08 PM
Going to go play with LV0 keys. i have an extra ps3 to kill.
10-22-2012
06:10 PM
great news
if my blueray drive wasnt broken i would tray this but for now im sticking to cobra cfw.
10-22-2012
06:14 PM
Can we resign eboots or is installing the 4.21 cfw the only solution right now?
10-22-2012
06:15 PM
Leakers, they help the regular users like hackers used to back in the day.
Leakers are this scenes heroes.
10-22-2012
06:20 PM
AWESOME!
Thank you three musketeers!!!
You've stopped the next TB before it even came out!
They can suck it, and suck it hard.
10-22-2012
06:32 PM
************* [ - Post Merged - ] *************
10-22-2012
06:35 PM
10-22-2012
06:37 PM
Went to bed with the scene having a new DRM piece of $hit. Woke up with Rogero 4.25CFW and more importantly the LV0 keys........ Love the roller coaster ride that is this scene. Time to sit back and wait for a new DEX CFW, happy days indeed
10-22-2012
06:37 PM
10-22-2012
06:40 PM
Not while we're waiting for safe, stable MFW's.. Handy to have anyway!
So how do we get the erk + riv keys anyway? Anyone know?
10-22-2012
06:41 PM
https://dl.dropbox.com/u/35197530/lv0.elf this one is from 3.55, since i didn't have any other than this and the jig one.
https://dl.dropbox.com/u/35197530/keys and updated keys file
Usage:
scetool -d lv0 lv0.elf :D
10-22-2012
06:42 PM
Finally...
10-22-2012
06:47 PM
OMG
Sonys is Down !!!
10-22-2012
06:48 PM
now get to work all of you CFW-makers! This day should not be easily forgotten!
I'm on: PS3 (CECH-3004-EU-160GB)
My message to Sony (you can not stop human evolution):
10-22-2012
06:52 PM
Wait so we have the private key? If so we need to resign the lv2diag.self so we can use a factory service mode dongle
10-22-2012
06:58 PM
so, out of curiosity does this make almost every game playable now?
10-22-2012
06:58 PM
10-22-2012
06:58 PM
I´m still waiting for my CDKEY from Bludisk team, i keep refreshing my hotmail inbox but nada,zero,niente,kkkkkkkk
10-22-2012
07:02 PM
10-22-2012
07:03 PM
10-22-2012
07:07 PM
10-22-2012
07:09 PM
10-22-2012
07:11 PM
Muahahahaha! Ofc i´m trolling, relax guys! ;-)
10-22-2012
07:29 PM
10-22-2012
07:34 PM
10-22-2012
07:39 PM
10-22-2012
07:42 PM
If its 4.25 why has no one made a HEN CFW Yet, I'd Rather have that then a full CFW.
10-22-2012
07:45 PM
************* [ - Post Merged - ] *************
10-22-2012
07:47 PM
NVM................
10-22-2012
07:50 PM
So anyone working on a 4.25 CFW? >.> Or decrypting the lvl1.self files for 4.21 Allowing a downgrade?
(Exit FSM)
10-22-2012
07:57 PM
10-22-2012
08:06 PM
And why is there no 4.21-4.25 OFW - 4.21-4.25 CFW
10-22-2012
08:08 PM
10-22-2012
08:12 PM
10-22-2012
08:16 PM
10-22-2012
08:17 PM
The 4.21 CFW has the 3.55 keys in it, Thats why you need 3.55 to install it.
I want to make the process easier, + I could attempt resigning some of the Homebrew.
10-22-2012
08:17 PM
Guys again LV0 keys are static AND work on every LV0 also for the future. To time it looks like that sony can't recover from that cause they can't update your bootldr.
For games just use other keys then 3.55 to sign them. But all this is just a fwe hourts old so site back, relaxe and wait for new stuff that for sure will come.
10-22-2012
08:18 PM
10-22-2012
08:20 PM
LV0 keys for 4.25 ?
10-22-2012
08:21 PM
10-22-2012
08:21 PM
What about consoles stuck above 3.55? Will CFW be available for them soon?
10-22-2012
08:23 PM
10-22-2012
08:24 PM
/me hates his internet connection -.-
10-22-2012
08:24 PM
10-22-2012
08:25 PM
Doesn't LVL0 Decrypt everything, Lvl1-lvl2 and everything else?
10-22-2012
08:33 PM
so from what I understand, every future PS3 release could be patched to be playable in CFW 3.55?
10-22-2012
08:34 PM
10-22-2012
08:35 PM
10-22-2012
08:39 PM
10-22-2012
08:39 PM
10-22-2012
08:41 PM
10-22-2012
08:41 PM
Just when its looks like a real community PS3 scene has formed a bitter sweet release like this hits.
Whoever the 3 musketeers are, they rock... no matter what the outcome is.
Thank you.
bootldr's are next
and then its game over for PS3 DRM
10-22-2012
08:42 PM
10-22-2012
08:42 PM
10-22-2012
08:45 PM
QA FLAG DOWNGRADES for people on ofw???????
10-22-2012
08:45 PM
Next gen will spur the change as the noise fades.
10-22-2012
08:46 PM
10-22-2012
08:46 PM
10-22-2012
08:47 PM
So does this mean a potential 4.25 CFW?
10-22-2012
08:48 PM
This is the greatest day in the History of our sport
10-22-2012
08:56 PM
sooooo.....qa flag downgrading ofw down to 355 to install custom f/w
am i right???
10-22-2012
08:56 PM
10-22-2012
08:59 PM
10-22-2012
09:02 PM
Was posted earlier in this thread. Not sure if it's legit
10-22-2012
09:06 PM
on cechg08 this will be work?
10-22-2012
09:06 PM
10-22-2012
09:13 PM
10-22-2012
09:14 PM
10-22-2012
09:18 PM
10-22-2012
09:20 PM
may be able to downgrade or at least play a few titles (games that are not worth buying).
My hardware: CECH-3004-EU-160GB on OFW 4.25
10-22-2012
09:22 PM
So, is it now going to be possible to add peek/poke to 4.21 dex?
10-22-2012
09:22 PM
10-22-2012
09:23 PM
10-22-2012
09:26 PM
10-22-2012
09:26 PM
I don't believe anything until I see a legitimate & unedited YouTube video of a step-by-step installing of a 4.XX CFW...
10-22-2012
09:29 PM
10-22-2012
09:29 PM
10-22-2012
09:31 PM
10-22-2012
09:31 PM
10-22-2012
09:35 PM
10-22-2012
09:45 PM
10-22-2012
09:47 PM
I'll be making some Firmwares And resigning Apps For people once we get bootldr pwnd and get the keys.
Not In it for the E-Fame, I love to help people out that's all
Every once in a while someone helps me out to so I'm just giving back what I can.
10-22-2012
10:00 PM
10-22-2012
10:03 PM
I'm willing to resign a few eboots once we get the keys. I love messing with this stuff...
Sent from my MB870 using Tapatalk 2
10-22-2012
10:09 PM
10-22-2012
10:12 PM
I registered here just to ask these questions.. if you can post a link or some good keywords so that I can read up on your answer. A simple yes or no, while appreciated, isn't very helpful.
1) Will the Lv0 keys allow RSOD to be fixed on consoles running >3.55OFW?
2) Will the Lv0 keys allow hardwareless downgrades from >3.55OFW? Yes, I know that it isn't possible now, and I know that some consoles have Lz0.2, so they are untouched by these keys, I'm wondering if the keys make the downgrade theoretically possible.
10-22-2012
10:12 PM
yall think since 4.21-25 lv0s the same 4.3 will be?
10-22-2012
10:20 PM
I'm staying on kmeaw till things calm down and there is some testing done. I'll grab the keys and sign a few files while I'm waiting...
Sent from my MB870 using Tapatalk 2
10-22-2012
10:20 PM
It's like that:
Syscon send's ConfigRing to Cell >> Cell boot up with this ConfigRing >> Cell use ConfigRing to decrypt bootloader >> bootloader use ConfigRing to decrypt LV0 and run it >> yada yada yada
So Sony can't change your PCK which even isn't a key in first front. It's a value that will be used to calculate your PCK. After calculating your PCK the console decrypt bootloader and so on.
So you see there are a few thing's that sony only can change with a new hardware revision and not truth a update. This means for now LV0 static keys CAN NOT be changed afterwards. Same goes for PCK, Bootloader, Metloader.
The thing with decrypted bootloader:
You guys forget that we have PCK_0, PCK_1 and so on. Well the so called EID_Master-Key is then our PCK_0 but the mess with that is....Bootloader is not encrypted with PCK_0.
It is encrypted with the first derivation of this value that will be used to calculate your PCK and that's Per Console Factory Key.
Per Console Factory Key is then used to derivate PCK_0.
Till now there is no way to dump or get hands on the Per Console Factory Key.
10-22-2012
10:30 PM
metldr Gets changed all the time, Like with 3.41 and 3.55
LVL0 Can be changed along with LVL1 - Metldr and anything else.
10-22-2012
10:44 PM
metldr can NOT be changed !! You want proof ?? Do a checksum now then update to higher fw and use your flasher to do a dump and do a checksum on metldr again. You will see it's the same checksum. So how could something be changed and still have the same checksum ?? Do your homework Dude. Metldr can only be changed from factory. There for new cons and cons with 3.56 Fw from factory have a metldr_v2. this is happen in factory just like with bootldr NOT with a update.
And i never sayed that LV0 can't be changed i sayed LV0 static keys can not be changed.
10-22-2012
10:52 PM
i knew there was a reason for me holding out for 2 freaking years with 3.55. I will be glad to actually be able to purchase games again. I may not buy them all, but i sure as hell will buy more then i have in the last 2 years.
Regardless of intent thanks to all the devs that do what they do.
-Prim
10-22-2012
10:53 PM
[MENTION=215069]cfwprpht[/MENTION] you used a double negative. Learn to write before you tell someone to learn to read
Sent from my toaster using Tapatalk 2
10-22-2012
11:05 PM
Old:
[SPOILER]
New:
[SPOILER]
Cannot find the Image of what can and cannot be Updated/TL;Didn't look.
10-22-2012
11:06 PM
So I have a slim ps3 that came with kmeaw 3.55 CFW. Can I now play dead or alive 5?
10-22-2012
11:08 PM
10-22-2012
11:12 PM
10-22-2012
11:14 PM
************* [ - Post Merged - ] *************
I'm Done for now Going to bed. Will argue Tomorrow
10-22-2012
11:16 PM
Anyone been able to resign a game? I'll provide an eboot
10-22-2012
11:17 PM
10-22-2012
11:22 PM
please somebody answer me. When I bought it it had 3.55 os and my friend installed the kmeaw cfw for me. But when I tried playing dead or alive 5 it said I needed to update, but I did not want to, coz then it seems I can only play bought games. But since my xbox 360 broke, I could'nt play any latest games like cod mw3 or sleeping dogs. So how can this xploit help me?
10-22-2012
11:24 PM
10-22-2012
11:26 PM
[MENTION=161049]tjhooker73[/MENTION]
That's a nice pic and i know that stuff but before you go into a war and don't know what you trow on some one:
This img shows that sony have changed the boot order. NOT that metldr was updated.
As i sayed don't talk nonsense take your metldr from eg. 3.41 do a cheksum test and save the value. Update your con to 3.55 and again dump your flash take metldr and do a cheksum test. Then come back here and post the values to finally diss me.
Otherwise please stop that. I know what im talking.
ps. to your pm. Why i shal tell you what i have contributed to the scene ?
Do that change the fact what im telling you?
Or is it if i tell you what i and some members of team AC1D have done you and all others don't know cause we do stuff for fun not for fame, would you then talk other to me ??
10-22-2012
11:28 PM
I honestly don't have time to read all 24 pages I seriously would've since I haven't stopped by in months and managed to see THIS on the front page(I had to change my pants twice already) but I have things to do at the moment. I'll keep the page up though.
So let me make this brief.
As someone who originally softmodded his ps3 to 3.55(back when it was first CFWable), then upgraded at some point(back in...march?), would I be able to use CFW that will be provided as soon as it comes out? Or will I have to downgrade with hardware?(bleh) I'm on 4.25 right now and I hear I shouldn't update tomorrow since theres a new OFW coming.
10-22-2012
11:33 PM
"I honestly don't have time to read all 24 pages"
Jeez you are lazy. Your questions have already been answered in previous posts.
10-22-2012
11:36 PM
sssh you weren't supposed to tell anyone
10-22-2012
11:38 PM
Holy Leak, if it weren't for it this scene could have stayed the same for ages.
10-22-2012
11:50 PM
Just signed up to say one word.
Word.
10-23-2012
12:02 AM
can we get the new signing vita keys with this ?
10-23-2012
12:19 AM
So, with these keys, the consoles like mine on 4.25 can be downgraded via software or not ?
10-23-2012
12:26 AM
10-23-2012
12:29 AM
hmmm not updating going to stay on 4.25 OFW .......praying for god on this lol.
been waiting for a very long time since 3.55 XD from a simple mistake i did way back lol.
10-23-2012
01:18 AM
I have been checking ps3hax.net every day for 2 years!! ****k me It's onnn like donkey konggg!! Eat a dick sony!
10-23-2012
01:42 AM
10-23-2012
02:45 AM
I got an easier question:
Last couple of months we had a semi-hack that allowed code to be installed on a 4.XX console (kakaroto's stuff).
In theory, could it work if hb was installed via this method and then used the new keys to run?
10-23-2012
02:55 AM
Finaly hahahahahahhaaaaaa this realy made my day:DDDDDDDDD
10-23-2012
02:59 AM
like ermmmmagerd wheres the new 4.3 CFW lol
jk jk
10-23-2012
03:03 AM
10-23-2012
03:07 AM
10-23-2012
03:10 AM
************* [ - Post Merged - ] *************
10-23-2012
03:18 AM
[MENTION=218762]JustThatDude[/MENTION]
Sorry for asking stupid questions, you mention that if the private key was known there might be a way to do a software downgrade, is this actually doable, i'm not a tech expert in this field sadly, i know i'm on a 4.xx firmware but my PS3 hasn't been used in a few months so i assume its 4.21, its an older NAND based phat so its downgradable quite a bit from my understanding and i have previously used a 3.55 MFW on here, do i have any software based options or am i likely to see anything software based as most flashers require soldering and thats not something that i, or anybody i trust enough, have the skills to do.
10-23-2012
03:25 AM
Hmmm this is interesting, time to get back to reading the rest of the pages.
10-23-2012
03:41 AM
lv0 keys are static for every firmware there is except when you update bootldr at factory, that means these are good for 3.55, 3.56, ... until 4.30 too. you NEED to update bootldr at factory or the keys will STILL work.
10-23-2012
04:13 AM
That also means, If they would want to change lv0 key, they would have ( in new firmwares ) to block off any consoles pre 3.55.. which I think Sony won't do ever.
R.I.P PS3.
10-23-2012
04:15 AM
As far as sony is concerned, "you need to be on the latest OFW, or GTFO"
10-23-2012
04:23 AM
People should start trusting devs that don't want to harm the scene but want to help it. Just like cfwprpht. He knows what he's doing...
I'm just curious what the next few days will happen.
It's time we started to pull together and work together.
Better late than never.
10-23-2012
04:24 AM
I sooo hope his can lead to break free all of the 3k+ consoles and 3.56+ OFW users in a near future but for now, I guess I'm screwed.
10-23-2012
04:37 AM
Actually it's already here according to some posts and threads. Why nubs can't wait
10-23-2012
04:43 AM
We need to got to the appldr if we want to resign 4.21+ eboots for good old 3.55.
Also this is open declaration of war with Sony since we can access PSN while running homebrew (hacking etc.) and that what they don't want the most so I guess heavy counter measures are coming.
10-23-2012
05:09 AM
Yeah, they will remove the ability to play games!
10-23-2012
05:22 AM
10-23-2012
05:28 AM
why not just wait it out and then resign all the new eboots for 3.55 users?
the missing appldr key can be found with the help of the new lv0 key, right?
I am not going to update to any other firmware when there are bricks reported (even from never downgraded consoles like mine).
3.55 FOREVER!!!!
10-23-2012
05:30 AM
10-23-2012
05:37 AM
10-23-2012
05:40 AM
10-23-2012
05:45 AM
10-23-2012
06:32 AM
ill ask again:
Last couple of months we had a semi-hack that allowed code to be installed on a 4.XX console (kakaroto's stuff).
In theory, could it work if hb was installed via this method and then used the new keys to run?
10-23-2012
06:40 AM
very exciting news, will be waithing and reading.
10-23-2012
06:57 AM
So. Does this mean anything for users of latest firmware, like myself? Or what of those who upgrade to today's 4.30 update?
10-23-2012
06:59 AM
if not.. then meh.. no (, not yet).
10-23-2012
07:02 AM
Because i have a console that will happily accept a OFW of a really low level, its an old NAND based phat, but i dont have a hardware flasher as it requires opening the console and soldering parts on, not really my area, will these keys open the chances of there being a software downgrade option or am i still stuck?
10-23-2012
07:09 AM
10-23-2012
07:09 AM
thats what i am wondering too Cypherous. i thought lv0 was access to most of the systems decryption. but i know very little about ps3 internals.
anyone care to answer properly?
10-23-2012
07:14 AM
you can update from 3.55 to 4.25CFW because 3.55 uses the old validation method which has been fixed in 3.60..
there's no exploit found eversince then to sign our own pup's and therefor not possible for us to install CFW's above 3.60 OFW's
10-23-2012
07:15 AM
too many noob questions it must be a thread for them!!
now any fw can be hacked and we can have psn all time but the probleme is sony will start the ban , i wonder if we can spoof console id too remain anonym
10-23-2012
07:26 AM
10-23-2012
07:36 AM
10-23-2012
07:54 AM
Sent from my GT-I9100 using Tapatalk 2
10-23-2012
08:03 AM
Something found interesting thanks to IDA.. someone have an EBOOT.bin encrypted with 4.25 keys?
Someone have 4.21 (or other version) appldr decrypted?
10-23-2012
08:14 AM
10-23-2012
08:54 AM
10-23-2012
09:12 AM
10-23-2012
09:20 AM
kakarotoks tweet today:
Since the LV0 keys have now been leaked, I believe I can now share this info with you, to help out those who are trying to build their own 4.x CFW :
The NPDRM ECDSA signature in the SELF footer is checked by lv2. It first asks appldr to tell it whether or not the signature is to be checked, and appldr will only set the flag if the SELF is a NPDRM with key revision from 3.56+ (the ones without private keys). This means that the SELF files signed with the new 3.56+ keys still don't have their ecdsa checked (probably to speed up file loading).
If appldr says the ecdsa signature must be checked, then lv2 will verify it itself, and return an error if it's not correct. There are many ways to patch this check out.
1 - Patch out the check for the key revision in appldr
2 - Patch out the "set flag to 1" in appldr if the key revision is < 0xB
3 - Patch out the code in lv2 that stores the result from appldr
4 - Patch out the actual sigcheck function from lv2.
5 - Ignore the result of the ecdsa from lv2.
Here is one of the patches (the 4th one, patching out the check function from lv2) :
In memory 0x800000000005A2A8, which corresponds to offset 0x6a2a8 in lv2_kernel.elf, replace :
e9 22 99 90 7c 08 02 a6
With :
38 60 00 00 4e 80 00 20
This is for the 4.21 kernel (that was the latest one when I investigated this), I will leave it as an exercise to the reader to find the right offsets for the 4.25 and upcoming 4.30 kernel files.
And here's another bit of info... in 4.21 lv2, at memory address 0x800000000005AA98 (you figure out the file offset yourself), that's where lv2 loads the 'check_signature_flag' result from appldr, so if you prefer implementing method 3 above, just replace the 'ld %r0, flag_result_from_appldr' by 'ld %r0, 0' and you got another method of patching it out. Either solutions should work just the same though.
Enjoy homebrew back on 4.x CFW....
p.s: Thanks to flatz and glu0n who helped reversed this bit of info.
10-23-2012
09:26 AM
10-23-2012
09:29 AM
10-23-2012
09:34 AM
10-23-2012
09:41 AM
But for now I can't test what I've found
10-23-2012
09:49 AM
10-23-2012
10:00 AM
I guess they never heard of "Sharing is caring" ? :D
10-23-2012
11:36 AM
hope the cfw 4.25 is round the corner, but i am still quite happy with my 3.41 and 3.55
10-23-2012
11:42 AM
ok simple question,lv0 keys are released why aren't we seeing any eboot fixes for 3.55
10-23-2012
11:47 AM
10-23-2012
12:07 PM
10-23-2012
12:15 PM
10-23-2012
12:17 PM
10-23-2012
12:23 PM
i found public keys, but erk and riv are encrypted !
10-23-2012
01:21 PM
hi friends:
i have some confusion, can somebody help me understand following
when we say metldr key (i.e. the key that was released by geohot), is this key used to decrypt metldr or it's the key to decrypt the loaders loaded by metldr i.e. appldr, isoldr etc.
similarly the recently released lv0 key, is it the key to decrypt lv0 or the loaders loaded by lv0
10-23-2012
02:40 PM
i found this :
for example the real 3.60 keys are:
[appldr]
type=SELF
revision=0010
version=0003006000000000
self_type=APP
erk=A5E51AD8F32FFBDE808972ACEE46397F2D3FE6BC823C8218EF875EE3A9B0584F
riv=7A203D5112F799979DF0E1B8B5B52AA4
pub=50597B7F680DD89F6594D9BDC0CBEE03666AB53647D0487F7F452FE2DD02694631EA755548C9E934
priv=
ctype=25
but these keys are diffirent in 4.25 Appldr
here :
[appldr]
type=SELF
revision=0010
version=0003006000000000
self_type=APP
erk=F239349F6472817C6251713DFA2F6A05164B7B37514C660ECDB83B96E6CF2991
riv=29E4B2179AC9DD72A66A1886205751F9
pub=50597B7F680DD89F6594D9BDC0CBEE03666AB53647D0487F7F452FE2DD02694631EA755548C9E934
priv=
ctype=25
the first keys can decrypt 3.60 eboots but the 2nd cant
10-23-2012
02:56 PM
yes i have the exact same problem.
Also i did the appldr from 3.60.
The pup matches but the known IV is nowhere to be found.
10-23-2012
03:04 PM
Will it be possible to get public keys or is it the private key… that key we are missing
Sent from my iPad using Tapatalk
10-23-2012
03:05 PM
10-23-2012
03:07 PM
thats the algorytme that needs it
10-23-2012
03:09 PM
I encountered the same thing when I looked last night.
Either the way key tables work has changed, or there's some form of obfuscation/encryption on the ERK/RIV, but for some reason not on the PUB or the curve type. This is just a couple thoughts I had on it, (from my recollection) key tables used to be repeated twice, and were identical, now there is some repetition, but it doesn't seem to match the old format. Also, there are still two files in lv0 I can't decrypt. There's appldr, isoldr, lv2 lv2ldr(unless I made a mistake, this seems to be there in twice, one version 161KB, and the other 345KB. But they are identical when decrypted). Perhaps these two files we can't decrypt (1.37KB, and 1.12KB) contain what we need.
10-23-2012
03:14 PM
[appldr]
type=SELF
revision=0010
version=0003006000000000
self_type=APP
erk=455FB8466DC4A63D8EB6878480A779BEE34598B1B5FA70A60425928AEC02326E
riv=03D41756AA1924F57138554206C972CD
pub=50597B7F680DD89F6594D9BDC0CBEE03666AB53647D0487F7F452FE2DD02694631EA755548C9E934
priv=
ctype=25
Regards
10-23-2012
03:15 PM
Will it be possible to get this key and when we get this is it so like a open book
Sent from my iPad using Tapatalk
10-23-2012
03:22 PM
10-23-2012
03:27 PM
ya the erk and riv dont match, only the pub and curve
here is a key dump from appldr 4.25 in scetool format
i tried decrypting erk&riv sections with aescbc but the result did not match..
10-23-2012
03:28 PM
does you keyset work. ?
10-23-2012
03:45 PM
REAL
[appldr]
type=SELF
revision=0010
version=0003006000000000
self_type=APP
erk=A5E51AD8F32FFBDE808972ACEE46397F2D3FE6BC823C8218EF875EE3A9B0584F
riv=7A203D5112F799979DF0E1B8B5B52AA4
pub=50597B7F680DD89F6594D9BDC0CBEE03666AB53647D0487F7F452FE2DD02694631EA755548C9E934
priv=
ctype=25
INSIDE 3.60 APPLDR
[appldr]
type=SELF
revision=0010
version=0003006000000000
self_type=APP
erk=455FB8466DC4A63D8EB6878480A779BEE34598B1B5FA70A60425928AEC02326E
riv=03D41756AA1924F57138554206C972CD
pub=50597B7F680DD89F6594D9BDC0CBEE03666AB53647D0487F7F452FE2DD02694631EA755548C9E934
priv=
ctype=25
The second one didn't work in Cygwin with unself with an app self of 3.60, i didn't try with scetool
Regards
10-23-2012
03:49 PM
10-23-2012
03:49 PM
Regards
10-23-2012
04:07 PM
10-23-2012
04:12 PM
normally you find
the keys like this
exampel
45 5F B8 46 6D C4 A6 3D 8E B6 87 84 80 A7 79 BE E_©Fm-ª=ÄÂçäǺy¥ E3 45 98 B1 B5 FA 70 A6 04 25 92 8A EC 02 32 6E ÒEÿ¦Á·pª.%Æèý.2n 03 D4 17 56 AA 19 24 F5 71 38 55 42 06 C9 72 CD .È.V¬.$§q8UB.+r- 50 59 7B 7F 68 0D D8 9F 65 94 D9 BD C0 CB EE 03 PY{h.σeö+¢+-¯. 66 6A B5 36 47 D0 48 7F 7F 45 2F E2 DD 02 69 46 fjÁ6GðHE/Ô¦.iF 31 EA 75 55 48 C9 E9 34 00 00 00 25 00 00 00 00 1ÛuUH+Ú4...%.... = pub 50 59 7B 7F 68 0D D8 9F 65 94 D9 BD C0 CB EE 03 PY{h.σeö+¢+-¯. 66 6A B5 36 47 D0 48 7F 7F 45 2F E2 DD 02 69 46 fjÁ6GðHE/Ô¦.iF 31 EA 75 55 48 C9 E9 34 curve 00 00 00 25 00 00 00 00 IV 50 59 7B 7F 68 0D D8 9F 65 94 D9 BD C0 CB EE 03 PY{h.σeö+¢+-¯. ERK 45 5F B8 46 6D C4 A6 3D 8E B6 87 84 80 A7 79 BE E_©Fm-ª=ÄÂçäǺy¥ E3 45 98 B1 B5 FA 70 A6 04 25 92 8A EC 02 32 6E ÒEÿ¦Á·pª.%Æèý.2nbut looks like the IV and ERK have been tampered with.
Also the revision never seems to match.
10-23-2012
04:13 PM
Anyway, we must reverse the code in appldr.. maybe is only obfuscated with some xor or addition.
10-23-2012
04:20 PM
[MENTION=239646]diesel701[/MENTION] maybe you can ask naehrwert creator of scetool about the use of the erk and iv keys then apply to what we have
i think that the only key to decrypt a self is to have the public key and the way that self is decrypted depend on those iv and erk.
10-23-2012
04:23 PM
[MENTION=210007]zadow28[/MENTION]
What you named a revision is actually a curve type.
@topic
On your place, I would grab a SPU dissassembler and read thru the code to understand the process under the crypted bytes, I doubt they highly obfuscated it that deep level.
10-23-2012
04:28 PM
10-23-2012
04:29 PM
im using the spu procceser within ida pro.
Trouble is that where the keys are that place dont get dissasempled.
10-23-2012
04:34 PM
By the way out of the topic, are there precompiled spu processors for ida out there? Couldnt find any and compiling it from scratch & sdk is beyond my nerves and time -_-.
Actually giving a try to spu-gdb, im no RE other than x86 but still worth a shot.
10-23-2012
04:41 PM
[MENTION=210007]zadow28[/MENTION]
the lv0.elf that you uploaded is 0.5 mb size(loader.rar file page5)
i decrypted 4.25 lv0 and its 0.9 mb size
the first 0.5mb of my lv0.elf is identical to your file
BTW i have a program called Lv0 assault v1.1 released year ago ,i gave it a file with lv0 keys for fun but he cant find the keys lol
10-23-2012
04:53 PM
10-23-2012
04:53 PM
10-23-2012
05:00 PM
If you see, lv0 decrypted is not one file, but appldr, isoldr, lv2ldr, etc. All in one file.
10-23-2012
05:03 PM
I have allready extracted the loaders from the lv0.
on page 2 there is the full lv0 decrypted.
on 5 the lv0 isolated and the loaders extracted.
the loaders inside the lv0 is signed with keys and therefor have to be extarcted and decrypted
10-23-2012
05:12 PM
10-23-2012
05:17 PM
lv0 dumps can be found here: http://www.ps3devwiki.com/wiki/Loade...ulation_in_lv0
10-23-2012
05:22 PM
I'm not very good in explaining things xD
So.. we must see with IDA and reverse some code..
10-23-2012
05:22 PM
and how can i extract loaders from lv0?
found it
10-23-2012
07:43 PM
I've got a PS3(SLIM) that is CECH-2501A, am I good?
10-23-2012
11:36 PM
so any update on the cfw or the progress ?.
10-24-2012
12:31 AM
Be patient everyone, including myself. They will unlock everything now.
10-24-2012
01:21 AM
10-24-2012
01:30 AM
10-24-2012
01:34 AM
So does any of this mean a CFW will be coming out for something over 3.55 anytime soon? Cuz I got a 3k model and can't downgrade to 3.55 X_x
10-24-2012
01:41 AM
Our consoles come with a new bootldr (bootldr2) and new lv0 (lv0.2) which are more secure and have different keys than the previous bootldr and lv0 revisions.
Our lv0 keys have not been leaked/released, so there is no CFW insight for us.
10-24-2012
01:53 AM
So let's hypothetically say a new CFW came out for 4.30. Would people with 3k models (Or any other 'unhackable' modes) be able to install that CFW?
10-24-2012
01:57 AM
10-24-2012
02:01 AM
10-24-2012
02:10 AM
I will just sit tight and hope for the best.
10-24-2012
02:20 AM
lv0 for the ofw 4.30 is decrypted here
http://rghost.net/41122672
10-24-2012
02:24 AM
Amazing! How though?
10-24-2012
02:39 AM
Oh, and whatever obfuscation/encryption they use on the keys is the same between 4.25, and 4.30.
10-24-2012
02:43 AM
10-24-2012
02:47 AM
4.30 was already ready for release by the time this lv0 stuff happened. It is the next firmware update that things will probably get a little hectic.
10-24-2012
02:58 AM
But i don't even think they care enough anymore since they are focusing on the future ps4.
10-24-2012
03:04 AM
I do not like saying Sony can't do anything about a hack. We were proven pretty wrong last time.
10-24-2012
03:12 AM
It's just that i don't think they will invest too much time/money this time just to shut down the few cfw users(globally speaking) that still remain unless we find a way to hack models 2500+.
10-24-2012
04:42 AM
appldr decrypted from lv0 [4.30]:
http://rghost.net/41121050
Feel free to investigate
Regards
10-24-2012
06:24 AM
Hello guys, please i'm extremly noob, help me !
I don't understand, does that mean that we can play on internet with copies of games ?!
I have my ps3 on 4.25, ORIGINAL, not cracked or something, what do i need to do please, explain me i don't understand !!!!!!!
10-24-2012
06:31 AM
2, you cannot install over 4.25 fw
3, read read read! all the info is here if you look for it!
10-24-2012
06:36 AM
so "happy resigning everything for 3.55" starts?
10-24-2012
06:37 AM
seriously ?
are we hoping for 4.25 or something ?
10-24-2012
06:47 AM
10-24-2012
06:50 AM
10-24-2012
06:54 AM
but I thought "appldr decrypted from lv0 [4.30]" ???
how to get those appldr keys?
10-24-2012
07:00 AM
So please tell me.
I have my ps3 4.25 right now, not flashed like i said, it's clean, original.
I need to do nothing ? i mean, i just have to avoid the 4.30 & wait for what you call "key" ?
And how you guys put the these keys into the PS3, is there any tutorial or something ? thanks and yes i know i'm noob
10-24-2012
07:04 AM
you can't get these keys in your ps3 :P
and if you can downgrade your console to 3.55 ( sad, but still required ), then you can run CFW 4.xx.. if not, then well.. wait till they found the key, or an exploit to bypass the checks..
only time will tell mate.. but if you can't downgrade, then simply forget it and keep on waiting
10-24-2012
07:05 AM
Okay, so if you have à PS3 2K model and Youre on OFW 4.25 should you wait for CFW 4.30 Or may you just update to OFW 4.30?
10-24-2012
07:07 AM
http://www.ps3hax.net/showpost.php?p...&postcount=354
10-24-2012
07:10 AM
What's the "3k" Models ? 3k models = Super Slim ?
I have the slim version ^^
Can i downgrade ? is it a bad idea, or it's simple and has no risk ?
we can play on the internet with the copied games then ? thanks !
10-24-2012
07:12 AM
4k = super slim..
it's the model serie (i.e. CECH-3004A)
these consoles are not hacked yet.
10-24-2012
07:18 AM
I'll annoy you until you kick me sorry lol !
Is there any chances? can we have hope ?
Cause it seems it's impossible to downgrade from 4x..
10-24-2012
07:22 AM
10-24-2012
07:24 AM
[MENTION=247699]yimmyayo[/MENTION]
Stop being a prick and educate yourself. Jeez. [MENTION=224021]DEFAULTDNB[/MENTION] already gave you answers.
10-24-2012
07:26 AM
Chill.
Like i said i'm pretty noob, and i need time to understand all this ****, why so mad about it ?
"Jeez"..
10-24-2012
07:44 AM
10-24-2012
07:47 AM
10-24-2012
07:48 AM
10-24-2012
07:52 AM
Rule no 1: you need to have 3.55 on your machine.
If you have a 3.60 machine from factory, then you cant even downgrade it to be a 3.55 machine.
Thats how it is.
10-24-2012
07:55 AM
EDIT: already answered
10-24-2012
07:57 AM
10-24-2012
08:02 AM
10-24-2012
08:06 AM
Okay, so i have a PS3 2K model and i'm on OFW 4.25 should i wait for CFW 4.30 Or may i just update to OFW 4.30(because i can't use the hacks that are used right now)?
10-24-2012
08:16 AM
10-24-2012
08:22 AM
Warning
read before you post bullsh!t links
OKAY NOW EVERYBODY ON 4.30 & 4.25 can downgrade to 3.55 !!
WHAT DO I DO Now pls ?
Goldeneye i added u on both msn & skype plz go on !
10-24-2012
08:23 AM
I'm so excited for the day that 4.21 CFW for 4.21 OFW is released. I can't wait!! : D
10-24-2012
08:26 AM
10-24-2012
08:27 AM
I have a slim (first slim model. 20XXa) on ofw 4.21. I'm really hoping for a way to downgrade without the need of a flasher, as they are WAAAAY too expensive in my country (about 400 bucks, thats just silly).
Well, guess now we have to wait and hope for a solution =P
10-24-2012
08:28 AM
Its not a real downgrader. It is fake. You failed to read yet again.
[MENTION=209174]Goldeneye[/MENTION] change your numbers and email addresses while you still can!!
10-24-2012
08:30 AM
10-24-2012
08:33 AM
I had 3.55 CFW earlier but at some point i missed PSN and i updated it.
10-24-2012
08:41 AM
u 4 real? I thought you need a flasher to downgrade???
10-24-2012
08:43 AM
[MENTION=150712]naddel81[/MENTION] no it is not.
10-24-2012
08:47 AM
....Are the noobs posting in the last few pages real people or a bad computer simulation of human intelligence
Sheesh, I feel like I've got concussion.
3K\4K PS3 - NOTHING TO SEE.
PS3 on OFW 3.60+ - NOTHING TO SEE.
No questions, no maybe, no "awww but if I post enough times"....
WTF, it's like being forced to watch X-Factor, just because you want it, doesn't mean you get it.
10-24-2012
08:57 AM
Sorry people my bad..
DEFAULTDNB
Chill the **** out mate, i'll not say it again, everybody here is talking calmly, i hate when people are trying to trush me, ask goldeneye, i'm talking to him right know, as far as i know i'm not a groupie, now i get it all.
So yeah, deal with it.
10-24-2012
09:09 AM
10-24-2012
09:14 AM
When you write in caps lock
I will chill out fully, when you take the time to read what you are posting, before you hit post.
Fair enough?
10-24-2012
09:18 AM
My ps3 isn't downgradable
10-24-2012
09:21 AM
10-24-2012
12:52 PM
So now that we have lv0 (bootldr) keys what else do we need to have a new cfw for 4.XX without depending on anything from 3.55
10-24-2012
01:02 PM
10-24-2012
01:14 PM
Actually we have broken the chain of trust best possible place. Wouldn't it be possible to manipulate the decrypted .ELF after it has been loaded to memory? That way, we could do a chain of code-caves ( dunno if there is such thing, refering to my old know. from pc :D ) which would do necessary code changes each boot. All with one , modified lv0.
How about that , devs?
10-24-2012
01:38 PM
10-24-2012
01:48 PM
This guy asked a question with his FIRST post, got a reply stating to read the thread so he obviously did and came back and edited his post.
Well done mate.
10-24-2012
01:51 PM
10-24-2012
01:52 PM
As per my understanding , LV0 keys are changeable in up coming firmwares...
So soon this bubble of CFW will burst....Reason is we have keys LV0 not the method how to obtain keys
10-24-2012
02:03 PM
10-24-2012
02:20 PM
What does this mean? I just checked my PS3 and it's 2003A, is this good?
10-24-2012
02:38 PM
10-24-2012
03:59 PM
10-24-2012
06:15 PM
Hey, i finished reading all the posts , i have the same ps3 model of darkwolf23 , a Slim CECH 2504A 320GB 3.60 from factory , i already know that at the moment isnt possible to hack.. what is missing to this consoles can be hacked?
PS: sorry for the bad english, im portuguese .
10-24-2012
06:15 PM
Phat on 4.21 OFW :-( - how tricky is the soldering for a progskeet? Modded my original XBox back in the day, but that had a qsd and decent sized targets. I'm guessing it's much trickier nowadays?
10-24-2012
07:12 PM
Does this mean keys may come soon for CECH-3XXX/4XXX too? I've been itching to get CFW on my slim for homebrew
10-24-2012
07:33 PM
10-24-2012
07:40 PM
Thanks for the reply, yeah I saw this post earlier that kind of answered my question
10-24-2012
08:18 PM
So does this mean rogero or any other well known dev can take out a 4.30 cfw in the near future for 3.55 users dam thats gonna get the exitment back in the seen
Didnt failoverflow state they can update lv0 keys
If so sony can change the keys cant they or am i missing something here
10-24-2012
09:07 PM
10-25-2012
12:14 AM
10-25-2012
12:56 AM
10-25-2012
07:22 AM
10-25-2012
07:31 AM
Reet, I think Ive read this full thread and have 1 question - does any of this mean that we can now software downgrade from 3.56?
10-25-2012
07:35 AM
Its getting closer and closer though
10-25-2012
07:36 AM
10-25-2012
07:37 AM
10-25-2012
07:49 AM
One thing i found out thats interesting.
the lv0 had 6 files inside.
3 that could be decrypted = appldr/isoldr/lv2ldr.
3 that couldent .
But if you look in hex you would notice that the 3 uknown files is simply headers.
I also noticed in the rest of the lv0 files there are encrypted hex sections.
So my guts says that you should try match the headers with some of the encrypted data/hex there you would proberly find the missing lv1ldr. if you succeed
10-25-2012
07:50 AM
So is it possible to jailbreak from 4.25 firmware or you need 3.55?
10-25-2012
07:54 AM
10-25-2012
07:57 AM
10-25-2012
08:07 AM
10-25-2012
08:12 AM
"highest hackable firmware: 3.55".
Ok it wasn't necessary to ask, anyway i understand how it works thanks to previous posts, I need to downgrade to 3.55 and then upgrade it to latest available CWF (4.21).
10-25-2012
08:22 AM
My problem is that people don't use search functions and google.
Also the fact that mainstream sites completely do not understand what the hell is happening in the scene and for who lv0 is really beneficial at this point spreading misinformation amongst people who recently or JUST bought PS3.
They all went "OMG DA PS3 CAN NOW PLAY GAMECUBE GAMES AND YOU CAN PIRATE EVERYTHING!!@#!#!@!".
10-25-2012
08:38 AM
10-25-2012
08:45 AM
and seen this myself.
I checked the lv0 from 3.55 they dont have these header files.
They proberly got some thing to do with decrypting the 3 above files so the iv erk wont show obfuscated
10-25-2012
08:50 AM
decrypted lv1ldr from 4.25 Rogero/Bluedisc:
http://www.multiupload.nl/NC6KCW7WG3
10-25-2012
08:52 AM
Props [MENTION=110475]RikuKH3[/MENTION] so bluedisc used the exact same methodology?
10-25-2012
08:56 AM
10-25-2012
09:08 AM
10-25-2012
09:08 AM
ps: damm to slow ^^
10-25-2012
09:10 AM
care to explain, how to find riv and erk anyone?
10-25-2012
09:16 AM
mmhh im not able to decrypt the lv0 from rogeros, can you upload it
10-25-2012
09:17 AM
10-25-2012
09:19 AM
if using old unself with lv0 keys you can decrypt bluedisk or rogero
10-25-2012
09:19 AM
10-25-2012
09:41 AM
4.25 Rogero lv0 decrypted:
http://www.multiupload.nl/QMBR4C2PA4
10-25-2012
09:53 AM
10-25-2012
09:58 AM
one good thing is
we got the encrypted one and the real ones from 360
7A 20 3D 51 12 F7 99 97 9D F0 E1 B8 B5 B5 2A A4
real one
03 D4 17 56 AA 19 24 F5 71 38 55 42 06 C9 72 CD
"so its simple byte shift"
exampel
http://stackoverflow.com/questions/2...decimal-digits
and i dont know if you notices this pastie from naeworth.
maybe something to do with it, also since the sequnze is about iv and erk
http://pastie.org/5089738
Also i extracted all the files from the lv0 Rogero you send no lv1ldr inside there either same files as the rest off the lv0.
so really wanna know how you extracted the lv1ldr
10-25-2012
10:15 AM
you can extract with hexeditor. just search in decrypted lv0 for SCE and select 1st block upto next SCE
10-25-2012
10:17 AM
But the lv1ldr is not one off the loaders from the rogeros lv0. so wanna know where he found it then.
10-25-2012
10:17 AM
What is riv and erk
Sent from my iPhone using Tapatalk
10-25-2012
10:19 AM
sorry, put wrong files, here is fixed link. 4.21 Rogero lv0 decrypted:
http://www.multiupload.nl/UMQWYE3MH7
10-25-2012
10:29 AM
update
"wrong data"
sorry
but when i use the old read and unself the extension lv0-pub-425/lv0-iv-425 etc dosent work.
any one have the same trouble.
in scetool they work fine
10-25-2012
10:37 AM
Call me what you will but can someone explain how to get the LV0 key to work with my PS3 Console. Also once hacked what will it enable me to do differently?? Thanx in advance!
10-25-2012
10:50 AM
You then place the key into the BD drive and power it on.
You PS3 now allows you personally to fly.
I'm just messing.... or am I
(They mean nothing to anyone but devs, so sit back and relax
10-25-2012
11:03 AM
After that I will send you the lv0 key.
Then you open up your PS3 and you will see a huge keyhole.
It's really big with neon-red light saying "INSERT lv0 KEY HERE".
You enter the key and turn it.
The PS3 will beep and you will hear "CONGRATULATIONS".
Here is my paypal number : READ-THE-THREAD-YOU-CHILD
10-25-2012
11:11 AM
10-25-2012
11:13 AM
Nice I will do that to ;p
Sent from my iPhone using Tapatalk
10-25-2012
11:23 AM
10-25-2012
12:35 PM
On their shoes, I'm guessing business is slow.
10-25-2012
02:59 PM
They were horrible mind, I think this kid kept motor oil in the fridge too and there was a tire in the house. His dad was a mechanic, but even so. I'm being serious here.
...Just realized this has nothing whatsoever to do with your post let alone the OP. Sorry.
10-25-2012
04:16 PM
10-26-2012
08:45 AM
I updated to 4.30, I screwed up didn't I?
10-26-2012
08:49 AM
You can only remedy this by checking if your Ps3 can be downgraded back to 3.55 (use MINVERCHK in my sig below)
If it says you can get to 3.55, then you will need to buy a hardware flasher and FSM dongle to downgrade your console.
Once downgraded and dehashed, you can do what you want.
10-26-2012
09:06 AM
10-26-2012
09:50 AM
10-26-2012
03:55 PM
hi, I have seen this post on ps3 sos, woulph_alfa seems to have found how the encryption
http://www.ps3sos.com/showthread.php...beradas/page23
10-27-2012
05:05 AM
4.20 4.30 appldr key decrypt algo
u8 erk_hkey[] = { 0xAA, 0xF6, 0x5A, 0x91, 0xEC, 0x37, 0x2C, 0x69, 0x09, 0x69, 0x09, 0x0F, 0x59, 0xE5, 0x3C, 0x3E };
u8 iv_hkey[] = { 0x66, 0xBC, 0xB4, 0x17, 0xD1, 0x4A, 0x2B, 0x59, 0x26, 0x40, 0x80, 0x1C, 0x11, 0xB7, 0xB4, 0x9B };
u8 erk_iv[] = { 0xA5, 0x79, 0x8C, 0x25, 0x43, 0x13, 0xBC, 0x54, 0x16, 0x95, 0x1E, 0x24, 0xEA, 0xD3, 0xC9, 0x85 };
u8 iv_iv[] = { 0x2F, 0xF2, 0x36, 0x15, 0x2A, 0x47, 0x76, 0xDA, 0xD3, 0x9B, 0x50, 0x92, 0x44, 0xE8, 0xF5, 0xC2 };
u8 ch73[0xa] = {?? }; //?? your can dump it with an appldr patch!!!
u8 key341s[] = { 0x54,0x6B,0x2F,0xF3,0xFE,0x21,0x6E,0xD2,0xBA,0x86,0x5C,0x79,0x36,0x81, 9,0xA1, //; erk secret NPKEY
0x5F,0x2B, 0xD,0x23,0xC2, 3,0x13,0x54,0xB1,0xF6,0xF3,0x6B, 0xF,0xDB,0x4D,0x46 ,// erk
0x9B,0x87,0x1D,0x64,0x14,0xB8,0xAA,0xCE,0x54,0x2C,0x18,0x10, 0xA,0xC2,0x18,0x93 };// iv
u8 key341[] = { 0xBB,0x4D,0xBF,0x66,0xB7,0x44,0xA3,0x39,0x34,0x17,0x2D,0x9F,0x83,0x79,0xA7,0xA5,
0xEA,0x74,0xCB,0xF,0x55,0x9B,0xB9,0x5D,0xE,0x7A,0xEC,0xE9,0x17, 2,0xB7, 6,
0xAD,0xF7,0xB2, 7,0xA1,0x5A,0xC6, 1,0x11,0xE,0x61,0xDD,0xFC,0x21,0xA,0xF6};
u8 keyd[0x30];
void key430()
{
AES_ctx ctxErk, ctxIv;
u8 ch73shErk[0x10], ch73shIv[0x10];
hmac_sha1(ch73,0xa,erk_hkey,0x10,ch73shErk,16); //16 = 128bit hash
AES_set_key(&ctxErk, ch73shErk, 128);
AES_cbc_decrypt_iv(&ctxErk, key341s, keyd, 0x20, erk_iv, 1);
hmac_sha1(ch73,0xa,iv_hkey,0x10,ch73shIv,16); //16 = 128bit hash
AES_set_key(&ctxIv, ch73shIv, 128);
AES_cbc_decrypt_iv(&ctxIv, key341s+0x20, keyd+0x20, 0x10, iv_iv, 1);
}
#######################################################
how to decypt more secret information from lv0.elf
install IBM cellsdk 3.1 on VMware
run systemsim-cell
click Load-Elf-App menu to load lv0.elf, run or step into..
first halt on 0x8009c90 (4.20 lv0)
patch lv0.elf or reconfig simulator RAM .... try again...
seg002:0000000008019238 off_8019238: .quad 0x20000000000 # DATA XREF: seg006:off_80C5828o
seg002:0000000008019238 # seg006:off_80C5AE0o ...
seg002:0000000008019240 off_8019240: .quad 0x24000000000 # DATA XREF: seg006:off_80C5790o
seg002:0000000008019240 # seg006:off_80C5818o ...
seg002:0000000008019248 off_8019248: .quad 0x28000000000 # DATA XREF: seg006:off_80C5AF0o
seg002:0000000008019250 off_8019250: .quad 0x2401FC00000 # DATA XREF: seg006:off_80C5B50o
seg002:0000000008019258 qword_8019258: .quad 0x10190 # DATA XREF: seg006:off_80C5970o
seg002:0000000008019260 qword_8019260: .quad 0x66000 # DATA XREF: seg006:off_80C5978o
seg002:0000000008019268 qword_8019268: .quad 0x76190 # DATA XREF: seg006:off_80C5BE8o
seg002:0000000008019270 aProgram_write_:.string "program_write_buffer"
I have finished almost all stepping trace into appldr one year ago.
10-27-2012
05:08 AM
10-27-2012
06:07 AM
It's similar...
10-27-2012
06:25 AM
hwat can we use this algo key for?
10-27-2012
07:08 AM
I have been looking at the pastie too. and translate the pastie into an openssl command
test command
that is the 48 hex bytes of the erk+riv (the scrampled one)
then in the command -K 8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B -iv ACA5B101EC4B9497691632917E555472 is where you put you test erk and iv
if it decrypts right the decall.bin would match the one you put in the all.bin
its an little time comsuming to insert all the hex.
and dont know but got an hunch that it could be DEADBEEF [MENTION=122273]evilsperm[/MENTION]
************* [ - Post Merged - ] *************
@ redcfw
that is some off the metadata that is in every signed file by sony eboots etc. but not in the appldr from 3.55-
infact it shouldent be in any decrypted file.
so got some thing with the keys.
buy the way i allready tried these keys myself, didnt work you have to reverse it longer back.
Thats why i use the openssl to test.
10-27-2012
10:45 AM
redcfw, have you tested it? I tested with lv2ldr and it didn't seem to work.
10-27-2012
11:13 AM
ive found the same thing, the 1st and the 3rd key seems like it decrypts the erks,
the 2nd and 4th keys decrypt the rivs
im still trying to confirm its aes, and also the CypherMode, now if that is a sha1 hash in redcfw's post, im inclined to think its aesctr,
for instance retail pkg's use aesctr
************* [ - Post Merged - ] *************
now that i look at more at redcfw's post,
is ch73 the resulting hmac?, looks good recfw, thank you
10-27-2012
12:49 PM
According to recfw's code, hmac is in ch73 (which was [u8 ch73[] = { 0x40, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; //?? i dont get it yet] before he edited his post) and result stored in
u8 ch73shErk[0x10] and ch73shIv[0x10];
Tried with lv2ldr, result is 3da56b9b349048917aa86511f9651f122ac5a6756b6899fc828b305b5cd0ddda88d4d3a54efaa744e2fee5de543da0d7
10-27-2012
12:49 PM
So... where are the keys? :P I'm not good on coding but I think that we can try the algo and see if we get keys.. or not?
10-27-2012
01:08 PM
I'm trying to compile the code from naehwert, but I keep getting the following error:
/usr/include/sys/types.h:9:27: sys/sys_types.h: No such file or directory
Do we have to use a certain Sony SDK?
10-27-2012
01:10 PM
use my ssl command it does exactly the same thing as the pastie.
10-27-2012
01:11 PM
10-27-2012
02:26 PM
Hey guys!
Sorry for my noob question.... I have a CECH-2001A PS3 with 3.60 OFW from factory, it's possible to somehow downgrade it to 3.55 using Progskeet or E3 flasher or anyother way?
Thanks!
10-27-2012
02:29 PM
On a nicer note, if it came with 3.60 OFW, then no i'm afraid.
10-27-2012
02:33 PM
Haha I did. But there is no obivous answer around there... not even in this oficial tutorial:
http://www.ps3hax.net/showthread.php?t=39766
It should have a message "YOU CAN ONLY DOWNGRADE TO A OFW THAT CAME WITH YOUR CONSOLE" or so.
=P anyway, thanks. And =( damn. I guess hackable PS3's are rare
10-27-2012
02:42 PM
10-27-2012
02:47 PM
http://www.ps3devwiki.com/wiki/SKU_Models#PS3_Slim
I'd recommend you run MinVerChk on your PS3 just to be 100% positive.
http://www.demonhades.org/foro/download/file.php?id=332
10-27-2012
02:49 PM
Can I at least update from 3.72 to the new CFW 4.21???
10-27-2012
02:53 PM
No you need to be on 3.55
10-27-2012
02:57 PM
10-27-2012
06:29 PM
And now.. Offtopicness...
AAAAND.. Back to the PS3.
(LOL, this was just to keep you guys awake).
10-29-2012
06:39 AM
Do I need to cut all the pub and rev info and only keep erk and riv info?
I'm trying it with appldr 4.30, but I'm not sure where the offset for the keys ends. It think it starts at 000248A0 or 00024870.
10-29-2012
07:07 AM
10-29-2012
07:08 AM
24870-2489f --> metadata?
248A0-2507f --> app keys
25080-2585f --> app keys copy
25860-258BF --> unknown key?
258C0-25CDF --> npdrm keys
25CE0-260FF --> npdrm keys copy
26100 hmac hash?
Some release groups have the keys... they should explain how they obtained the keys... not only fixes and more fixes for fame. This is not scene.
10-29-2012
07:40 AM
yeah, we need them priv keys, recent PS3MFW key pack, old stuff and maybe some new? it's a mess to sort and nothing new? except for the unknow "xxx.app.keys"
it also includes a lv1.self, supposed to be decrypted from that pack? then we need that lv1-priv-356 key and i doubt its in this pack
using cygwin to decrypt it gives "app-priv-370" error
decrypt the same file using scetool, then its[*] Using keyset [appldr 0x0001 03.15]..and decrypts....need to try something here
did they make a mistake there on 370??! something come to mind about 370 failure or something...
anyway,
they are sitting on the damn priv keys, so we can't make a CFW on our own for now or the key dumps are on purpose a mess to begin with, it easely discourage one from trying to find out..time consuming a bit..lol
and for those sitting on it with that fat ass.....PB etc...f*ck you for being a d*ck and thinking ur the man, oh look someone pasted me the full pack, look ma i can decrypt eboots...
10-29-2012
08:15 AM
Why would anyone drop keys when E3 is raking in the money with their choke hold on the scene.
10-29-2012
08:37 AM
370..31x something...ps3swu.self
$ unself ps3swu.self test.elf
priv file: /home/xx/.ps3//app-priv-370 (ERROR)
or
$ unself ps3swu.self test.elf
compressed self_sections[i].offset 0x880 self_sections[i].size 0x1fc1f6
lol..a mess i told u..once again not my cup a tea to much brain pain...
10-30-2012
03:08 AM
I've got a few questions. Any answers/help will be appreciated.
I am on a PS3 (3k) and have only had for 3 weeks. I understand that I am out of luck and am not expecting an answer on how to install CFW or downgrade. Just looking to understand how the PS3 works.
From what I've read, the older PS3s had an exploit and you've managed to install a CFW on any machine that originally shipped with OFW 3.55 or lower.
To Summarize:
1) Machines that have OFW 3.55 (or lower) can have CFW installed.
2) Machines that originally came with FW 3.55 (or lower) but were upgraded to OFW 3.x or 4.x can be downgraded with hardware flashers.
3) The recent lv0 keys leak lays the PS3 bare open. Despite this the the only fortunate ones that benefit from the leak are the ones with CFW already installed.
Now, I've read Marcan's explanation of what the lv0 leak means to the development community. (Q1) What I fail to understand is if the PS3's highest (or lowest depending on how you look at it) level of security has been compromised why does one have to wait for another exploit to have CFW installed on units that originally shipped with FW > 3.55 ?
(Q2)Also, how does creating CFW 4.x help users who already have CFW 3.X (I may be wrong, but I am guessing access to PSN depends on a different set of keys and not lv0 and that sony can change the keys with every update)?
Any responses would be appreciated. I've read up a little on PS3 and I am asking these questions as a doubt, if you believe that the question(s) have already been asked then just ignore the post rather than post sarcastic responses.
Thanks again.
10-30-2012
07:12 AM
even though we can decrypt the firmware that does not mean it can be installed.
its like seeing something versus touching something, the private key for 3.56+ is still private. if you decrypt the firmware pup and patch in the necessary security bypass it works fine but on from an exploitable firmware.
3.56+ has no security flaw to install an unsigned (or beta) pkg.
the only hope is that someone dumps the fw and converts to DEX. thats all i can think of. there may be some holes in the newer fw and if someone looks hard enough they will find it, but im doubtful.
and cfw 4.30 doesn't benefit much, im staying on rebug 3.55, almost every game now has a patch out there. no need to upgrade. if the firmware is decrypted then vsh.self is available and the psn login info will be uncovered (meaning ****psn will work).
10-30-2012
07:27 AM
Once a new door is found to open the PS3, then you can do what you want.
(A2) It doesn't really benefit 3.55 CFW users, it just makes it easier to pirate without patching files. From the newest decrypted vsh.self we can have PSN on 3.55, we get game patches any way from unSANE and DUPLEX, so I see no need to update IMHO.
Sony moved everything around last time, whats to say they dont do that again and re-encapsulate the keys once more.
10-30-2012
08:21 AM
10-30-2012
08:34 AM
10-30-2012
08:44 AM
They added LV0.2 to the chain (I thought it was software wise, but now I'm guessing its hardware wise??), whats to stop them adding new links to the chain of trust?
I.E: Bootldr > LV0 > LV0.2 > LVX.X > then isoldrs/appldr/lv2ldr/lv1ldr 's within those?
10-30-2012
08:52 AM
You obviously know jack **** about it : LV0.2 is only used for newer PS3, that came with 3.56+ out of the box. Old ps3 with 3.55- from factory don't use lv0.2... They can obviously add any loader they want within the chain of trust after lv0, but if we can decrypt lv0 then we can easily get the keys to decrypt any loader after that...
10-30-2012
09:00 AM
10-30-2012
09:02 AM
I guessed that it was hw related as I wrote it
10-30-2012
09:11 AM
10-30-2012
09:12 AM
10-30-2012
09:24 AM
10-30-2012
09:28 AM
I just realised I read alkare's post wrong.. :D
10-30-2012
09:49 AM
I've a question. Why can't we install a custom firmware on a 3.56+ console?
With these keys we can decrypt and rencrypt the Lv0.self and lv1.self (and other ldrs).
So we can get (and someone have already done) the keys for selfs and sprx, for decrypt modules. We can rencrypt them with private keys (3.55 only) and repkg all to have a PUP.
What is the problem with 3.56+ firmware?
10-30-2012
09:58 AM
appldr of 4.31 decrypted:
http://rghost.net/41239507
Like the other ones, ERK and IV are encrypted
Regards
EDIT: 4.31 PUP -- http://dus01.ps3.update.playstation....d/PS3UPDAT.PUP
10-30-2012
09:58 AM
A. Don't accept our signed pups.
B. Don't accept lv0, boot boot from lv0.2 instead.
Must be a good reason why we can't sign a pup for properly software downgrading of an old console. Maybe they changed something in the pups later on. Or something not yet understood?
Btw. someone asked the exact same thing on the dev wiki..
10-30-2012
10:16 AM
Your first (A) has no evidence. I've unpacked and packed an original firmware and the PS3 with 4.25 accepted it. So we can repack PUPs for 3.56+..
10-30-2012
10:26 AM
10-30-2012
10:37 AM
Anyway, as we can find keys for appldr in lv0, we can also reverse the code and replicate it for making a good PUP for 3.56+ console... (obvioulsly if there is a check in PUPs..)
10-30-2012
01:07 PM
4.31 ofw is out tonight ... will this update kill off any jailbreaking of higher updates
10-30-2012
01:26 PM
10-30-2012
01:51 PM
10-30-2012
03:02 PM
3.56+ has a type of "integrity" check.
10-30-2012
03:19 PM
if I can find the file that contains the marker list ,it will be great, but no luck
10-30-2012
03:37 PM
My understanding is that's simply signed with a private key and we don't have that key to sign it. This talk of "markers" is nonsense and isn't even a valid explanation for a "layman" explanation and just leads to FUD when the person reading your post makes a thread about "finding the markers".
...(Or I could be wrong)
10-30-2012
03:42 PM
We know that Sony changed something in fw 3.56+
We can reduce our search by comparing the changes with fw 3.55
And than just look into Files that make sense and Reverse them.
I would say this downgrade Protections are all the Same in fw > 3.55
So search will be reduced once again.
This is only a theory from me. I just follow this scene and haven't a ps3.
So i cant say that this is correct or not.
10-30-2012
03:46 PM
10-30-2012
04:17 PM
But what i don't understand is, why is it so hard to find it?
I mean there must be a routine which uses hmac to verify the fw
and i thought with lv0 keys its possible to decrypt all.
10-30-2012
04:22 PM
"i thought with lv0 keys its possible to decrypt all."
I love how everyone keeps thinking this.
10-30-2012
04:29 PM
I saw a sketch where the bootldr is the root of a tree and followed by lv0 and all other paths in this tree lv0 is their root.
If this is right than what is my mistake?
10-30-2012
05:49 PM
Decrypt all the firmware is the first part, but we need to reverse the code, understand how it works and this is not sinple and immediate. Sony has obfuscated some keys and part of code to make this process more difficult.
So, in theory with bootldr keys with can make a CFW for 3.56+ for hackable console. Need to work and reverse!
10-30-2012
06:06 PM
To narrow reversing down, i guess to focus on emer_init.self... (This is recovery menu.)
10-31-2012
12:59 AM
Its like we have now learned to read and second step is to understand what we read about ofw.
Thank you for your answer.
10-31-2012
03:01 AM
You need to find an exploit to install CFW on firmware above 3.55.
10-31-2012
03:26 AM
Hrm... You guys don't get that the uodat.pup is signed with an HMAC key. The 3.55 "keys" that we have are revoked in 3.56+ firmwares and we do not have the HMAC for 3.56. The shortcut is to use 3.55 as the launching firmware. That's cutting corners though, the long way is to find the HMAC.
Sent from my flying toaster using Tapatalk 2
11-08-2012
02:23 AM
Still no hope for the 4.25
03-08-2013
11:29 PM
will the new JB work on ps3 3008 4.31v? :/
03-08-2013
11:48 PM
Bring old threads back from the dead much? Nice way to start with ur first post.
No u can't jailbreak ur ps3. No downgrade possible on that model.
03-09-2013
12:28 AM
shouldn't this thread be locked already ? lol
03-09-2013
05:52 PM
nah continue it ;D