|
What are we missing ? chain of trust!!
3.60++http://www.ps3devwiki.com/images/d/d...ochain-360.png:questionmark::questionmark:
|
bootldr .2 (?)
lv0 .2 metldr .2 PCK0 :dontknow: |
not sure. but i found this: Posted by Wololo:
The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn’t an insurmountable problem – hardware flashers will always work – but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW |
Pck0 is coming in some weeks from an group.What can we do with per console key0?
Edit: We need to decrypt 3.56 reverse and studi it and for the 3.70 fw the same. Shuld be easyer to look for changes in seciurety in lower fws. |
PCK0 = we can make any CFW we like forever.
HMAC key is used for installing update pup's. |
the 3k consoles chain of trust is somewhat like this: bootldr--->lv0--->lv0.2 and to make use of the Lv0 keys we need to convince the bootldr to bypass the requirement of lv0.2 check as it is a pre-secure loader and not bound by any specific keyset..
in the 4k consoles the chain of trust is again changed and if an exploit is found for 3k consoles that won't work on these 4k consoles.. @DEFAULTDNB : Whoops, sorry... edited.. any idea of the 4k consoles?? trying to search for it and all I remember is that all ldrs are directly linked to the bootldr itself and since the bootldr is console specific hacking them is nearly impossible.. |
But PCK0 is unique per console, and it will probably need an already exploited system, which by now can also always be updated forever, because of the compromised lv0, so I'd rephrase the question - what can we do with it that we cannot already?
Even if not that much, its ****ing interesting to see these things uncover anyway though. Must also be that way for the hackers :) |
Quote:
http://www.ps3devwiki.com/wiki/CoreOS |
Quote:
************* [ - Post Merged - ] ************* Quote:
|
What we have:
loaders decrypt/metldr keys (geohot, as much as it pains me to say, he was the first to publicly announce the C0CEFE key) = possibilities of decrypting loaders (lv1ldr, lv2ldr, isoldr, appldr) lv0 decrypt/bootldr keys (Juan Nadie) = custom lv0, possibilities of decrypting X.XX firmware (lv0 goes first), possibilities of exploits in future firmwares, (printf on the goddamn screen of your TV showing up) , more keys, etc (eid/ps2 memory card/encdec/ata decrypt)/pck1 (Mathieulh ???) = custom eid0,1,2,3,4 (5 can't be decrypted so far, but if it's true and DEX firmware 4.30 really bricks, the keyseed might be hardcoded there) What we can have: (METHOD TO GET) -> (e)bootrom key/pck0 = custom bootldr, possibilities of decrypting X.XX firmware REGARDLESS of what Sony does (assuming we can execute that method on unhackable firmware, and that unhackable firmware exists, which is highly unlikely) .2 keys (present on higher firmwares, on later 2K and 3K consoles, and so on) -> assuming we used the hypothetical method to get (e)bootrom key/pck0, i think it's possible and safe to assume in a near future we might be able to get CFW over 3.56 and higher. These are my thoughts. Take them with consideration, as i don't deem them 100% correct by myself regarding future keys, i could be though |
| All times are GMT -5. The time now is 10:29 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.