Originally Posted by Loedi
8 h and no responses to you xD but stupid discusion about dongles is very activ , and this usefull information are not even discused
|
hate to kill your hopes... but it is hardly usefull at all.
Originally Posted by zadow28
One question on another topic what exactly is that i holding os back for finding the private-lv1 keys from 3.56, since the all the devcore is decrypted, even the lv1.self ?
|
1. the private key fail applies to (random=4 /f0fjoke) -> no privs, no signing, that is why
reDRM and
3.56DH 'bad idea' are using custom private keys
2. loaders are now in lv0 ->
Boot Order page @wiki
the coreOS files from
OFW 3.56 (2nd) unchanged, just unself'ed with
the keys that where released since day 1 that firmware was out.
Well, you managed to pupextract, then do untar, followed by unpkg for the coreos.pkg and then cosunpkg the content of it plus unselfing files. So if this was a personal learning accomplishment, congratulations, you now mastered the commandline and using opensource
failoverflow ps3tools and
keysets (all are
also on wiki btw if someone else want to try it too)
Originally Posted by zadow28
$ readself lv1.self
[...]
|
It's readself output, pretty useless imo, besides looking for SELF structure. It does not lead to any en/decryption keys.
Tip:
look at USB traffic and what (the how-part is
already on wiki) is poked/copied into coreos /on demand/ and only after several checks are done to make sure coreos was not tampered (
clear dongle SPI flash when poke/poke is detected) and dongle is present. Same attackvector/learningcurve applies to
Cobra/TB
I wish you all luck, and most off all enjoyment in experimenting, reversing, reading, documenting etc.
