[adrianc]

I hate to burst everyone's bubble but this means nothing. The chain of trust was fixed by moving loaders into lv0.

Until lv0 is either dumped or decrypted, the loaders, and therefore the keys will remain just out of reach. Cold boot exploits are not possible because lv0 sets up the loaders table before passing execution to lv1. Decrypting lv0 requires pwning the bootloader_PE, which is very difficult.
If you could sniff the flexio you might be able to dump it that way. Or you could use what is known about the CBE secure boot to preempt bootldr. I suggest the IBM docs as reading material.

-adrianc

[baargle]

Originally Posted by xxxblitzxxx question does this mean we can now play modern games on cfw ?? =)

Originally Posted by xxxblitzxxx men im truly grateful to GOD that the dev are making a lot of effort so that gamers like us will be given a chance to enjoy the true potential of the ps3 thank you devs =)

....
************* [ - Post Merged - ] *************

Originally Posted by adrianc I hate to burst everyone's bubble but this means nothing. The chain of trust was fixed by moving loaders into lv0. Until lv0 is either dumped or decrypted, the loaders, and therefore the keys will remain just out of reach. Cold boot exploits are not possible because lv0 sets up the loaders table before passing execution to lv1. Decrypting lv0 requires pwning the bootloader_PE, which is very difficult. If you could sniff the flexio you might be able to dump it that way. Or you could use what is known about the CBE secure boot to preempt bootldr. I suggest the IBM docs as reading material. -adrianc

Apparently some members at gitbrew dumped the boot loader a few months ago. The key in METLDR can decrypt this dump from what i gather. Don't know their stance on releasing that sort of thing and nobody has actually verified their claims.

[adrianc]

Originally Posted by baargle Apparently some members at gitbrew dumped the boot loader a few months ago. The key in METLDR can decrypt this dump from what i gather. Don't know their stance on releasing that sort of thing and nobody has actually verified their claims.

I believe you are referring to when glevand and I were able to dump a decrypted bootldr from a 256MB phat console (mine). This really means nothing, dumping bootldr on nor consoles was done long before that. Whats odd is that lv1 hides bootldr on phat consoles.

Metldr has no involvement with decrypting bootldr, for that you require a root key.

-adrianc

[baargle]

Originally Posted by adrianc I believe you are referring to when glevand and I were able to dump a decrypted bootldr from a 256MB phat console (mine). This really means nothing, dumping bootldr on nor consoles was done long before that. Whats odd is that lv1 hides bootldr on phat consoles. Metldr has no involvement with decrypting bootldr, for that you require a root key. -adrianc

lol, I see now who you are thanks for clearing that up. Sorry for being a retard. Are you saying that the contents of METLDR are no help in decrypting bootldr\lv0. I think that's the general (mis)conception at the moment amongst the peons.

You've got me curious here as Math seems to be saying that his leaked hack can be applied in principle to a dump a decrypted bootldr\lv0. Does his leaked hack actually provide any practical help with that or is it merely in a philosophical sense in your opinion?

Cheers,

[baileyscream]

Originally Posted by adrianc I believe you are referring to when glevand and I were able to dump a decrypted bootldr from a 256MB phat console (mine). This really means nothing, dumping bootldr on nor consoles was done long before that. Whats odd is that lv1 hides bootldr on phat consoles. Metldr has no involvement with decrypting bootldr, for that you require a root key. -adrianc

hi adrianic how is the court order you recived from sony going?
you know the one you told us all said you had to remove everything about yourself from the net (inc your twitter acc)
also i thought you were banned from ps3hax for ripping ppl off over the ps3 development unit.
very strange to see you back !!

[Elegant]

@adrianc is the metldr and bootldr not encrypted with the same key? If so isn't it not entirely possible to sign and encrypt your own bootldr?

@baileyscream Don't start that crap again. That is a completely off topic post take it up somewhere else kthxbye.

@baargle someone needs to explain how the general misconception is wrong first =/ In the case that is, the metldr exploit should still be a good basis for how to make a bootldr exploit. The issue with the bootldr exploit is you need a hardware hack unless there's a way to overwrite the bootldr software wise that I'm not thinking of (entirely possible I guess).

[baileyscream]

[QUOTE=Elegant;280387]
@baileyscream Don't start that crap again. That is a completely off topic post take it up somewhere else kthxbye.[QUOTE]

i'm sorry i thought with this being a news post i was free to greet devs and also inform anyone who doesnt know just what sort of person he is.
that way when he starts contradicting math they know weather or not to trust him.
if thats so wrong than sorry

[j89]

Metldr and bootldr use the same exact console key and this has been the same since the start. If you can Get your per console key(this exploit) you can decrypt the metldr, if you can decrypt the metldr you can decrypt the bootldr(and the lv0 and every other ldr).

[luqi]

j89 ,

youre sure ?

[adrianc]

Originally Posted by Elegant @adrianc is the metldr and bootldr not encrypted with the same key? If so isn't it not entirely possible to sign and encrypt your own bootldr?

They are encrypted with the same key, which is burnt into the CBE efuses. This key is never passed along the chain of trust, so neither metldr or bootldr ever sees their own key.

Originally Posted by baargle lol, I see now who you are thanks for clearing that up. Sorry for being a retard. Are you saying that the contents of METLDR are no help in decrypting bootldr\lv0. I think that's the general (mis)conception at the moment amongst the peons. You've got me curious here as Math seems to be saying that his leaked hack can be applied in principle to a dump a decrypted bootldr\lv0. Does his leaked hack actually provide any practical help with that or is it merely in a philosophical sense in your opinion? Cheers,

Metldr dumps will give you some perspective on how secure loaders work, and possibly stimulate some ideas for how you might be able to pwn bootldr. However, there is no easy 'find a key, use a key' solution to be found inside metldr.

Originally Posted by j89 Metldr and bootldr use the same exact console key and this has been the same since the start. If you can Get your per console key(this exploit) you can decrypt the metldr, if you can decrypt the metldr you can decrypt the bootldr(and the lv0 and every other ldr).

This exploit does not enable you to find the hardware root key, merely a much weaker derivative which exists to prove the secure loader has been authorised by hardware.