[nzie]

nice guide

[squishy]

So am I correct in saying, for the end user, this MAY end up similar to the xbox360 jtag exploit i.e:

Install Linux (xell, xellous) boot to system, extract cpu keys (per console keys)

Open and drop keys into your favorite bootmaker on pc

Flash the nand with said image tailored to the specific system? (pkg or whatever)

Or am I WAY off?

[bost7]

Maybe this is what Math was talking about???? :O

[Albert Wesker]

Originally Posted by Cage Once again. Don't hope for new CFW because it won't happen in a long time, especially with access to PSN. However we are not so far (in theory at least, if everything goes just as planned) from making signed eboots and thus playing new games on CFW 3.55.

I think we are. If i get it right, than someone has to understand the method Mathieulh used to decrypt the metldr and has to use the same method to decrypt the lv 0:

"P.S. Oh! and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique. "

I think that will take some time...

[luqi]

i total agree with you Albert Wesker

what really needs to be investigated is this tweet: http://twitter.com/#!/Mathieulh/stat...22170719436800

// verify metadata offset is not too big //if (data->self_header->metaOffset >= 0x800) //return 0x20; // (cont) http://tl.gd/e2te63

and this tweet: http://twitter.com/#!/Mathieulh/stat...76434690621441

Oh and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique/exploit

both of these hints are very interesting. with another self fail we could get later keys. if we dump a decrypted lv0 we get later keys. two ways right there to get later public keys.

[devstar]

are bootldr and metldr not encryted with the same key eg the per console key so would this mean once i have my per console key from metldr could i use it to decrypt bootldr ? also from what i can fathom u need hardware to dump bootldr but gitbrew already has a dump of it is it public ? would my key decrypt there dump ? lol that just sounds awesome i know

[devstar]

cool so what kinda hardware would i need would it be possible with e3 as my soldering skills are non existant

[8E068EDFA0C8DEA3]

you can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv alot.

who thinks this guy doesn't even have a girlfriend? no disrespect, it just seems totally random and out of place to mention your girlfriend's tv watching habit in a hacking tutorial.

anyways, here is hoping some permanent solution comes out of this.

[freestylemaster]

Just a quick question;

I've compiled hex2key (attached) and tried the first 3 hex line lunuxx posted above @231 and basically all I get is the ANSI code converted from hex code. Is this really what hex2key supposed to do? I mean we could easily get this with an hex editor or am I doing something wrong?
Anyone have any idea?

Rgrds

[lunuxx]

Originally Posted by 8E068EDFA0C8DEA3 who thinks this guy doesn't even have a girlfriend? no disrespect, it just seems totally random and out of place to mention your girlfriend's tv watching habit in a hacking tutorial. anyways, here is hoping some permanent solution comes out of this.

indeed somewhat out of place to mention, but its the truth
i cant do very much on the tv sometimes and id rather not bore everyone in the room by having the tv sit on a black screen fyi

about the hex2key i fixed one and left a note on the wiki so there are 2 links to hex2key the edit is the one i slightly repaired all credit for the app goes to anon for creating it
its supposed to make a binary file