[Update 2]PS3 Metldr Exploit been leaked - Page 44 - PS3Hax Network

ModIt · 11-13-2011

So math's exploit doesnt help us at all?

adrianc · 11-13-2011

Originally Posted by ModIt

So math's exploit doesnt help us at all?

Yep.

-adrianc

kian2002 · 11-13-2011

but the exploit will work on bootldr but we need to hard mod to do it and if we have control of that we have control of lv0 and the keys

correct me if im wrong

ModIt · 11-13-2011

Originally Posted by adrianc

Yep.

-adrianc

So what is the point in an exploit, if the exploit doesnt exploit anything useful ?

TheEvolution_PT · 11-13-2011

The first exploit I explained in Step I which I called the "meta exploit" is used to trick metldr into decrypting the self metadata in the shared Local Store (which can be accessed from the ppu as it's not isolated)
This exploit works on the bootloader (provided that you can read the shared local store at boot time)

The second exploit explained in step 2 (and used in the leaked files) which I called the "donut exploit" relies on wrapping around the memory to trick metldr into loading a self section onto its own code (and gain code execution), this exploit only works on metldr and doesn't work on metldr.2 because it relies on signing a loader. There is yet another ldr exploit that works on metldr (and metldr.2) and allows to gain code execution but it relies on an hardware implementation flaw and cannot easily be found, because it's not a software exploit (even though it can entirely be triggered by software so long as you at least have code running on the ppu with lv2 privileges)

Mathieulh in ps3crunch

Natedogg20050 · 11-13-2011

first tell me why the hell adrianc is back here ?

then why does maths exploit dosent help us at all ?

Rehv · 11-14-2011

Just don't get over the guy. If I knew something and couldn't release due to lawsuits I'd just tell someone leaked my work and talk about it. The problem here is you ppl that DON'T understand this and keep calling him drama-queen or something like that. For now, I'm just pissed I got a PS3 as a "surprise" gift and can't put it to CFW 3.55 because it came with OFW 3.66. I can only dual boot now, and I'm not sure I wanna mess with solder and stuff.

Majidorc · 11-14-2011

Happy Birthday PS3

noddy4life · 11-14-2011

I asked PS3 hax in an email the same thing but no reply about adrianc only because I donated

baileyscream · 11-14-2011

think i derail a thread?? i think adrianc is doing just that but as you love dev's (and i say that about this 13 year old lightly) then you wont see him as being in the wrong even if he is contradicting your best bud math! lool your funny sometimes!

11-14-2011	#438
Majidorc Apprentice Join Date: Nov 2009 Location: Ir Posts: 16 Likes: 13 Liked 1 Time in 1 Post Mentioned: 0 Post(s) Tagged: 0 Thread(s)	Bday Happy Birthday PS3

		PS3Hax Network - Playstation 3 Hacks and Mods > News > PS3 \| Member News
[Update 2]PS3 Metldr Exploit been leaked

11-13-2011	#431
ModIt Member Join Date: Jul 2011 Posts: 144 Likes: 1 Liked 36 Times in 24 Posts Mentioned: 1 Post(s) Tagged: 0 Thread(s)	So math's exploit doesnt help us at all?

11-13-2011	#433
kian2002 Member Join Date: Sep 2010 Posts: 134 Likes: 0 Liked 22 Times in 15 Posts Mentioned: 3 Post(s) Tagged: 0 Thread(s)	but the exploit will work on bootldr but we need to hard mod to do it and if we have control of that we have control of lv0 and the keys correct me if im wrong

11-13-2011	#435
TheEvolution_PT Member Join Date: Oct 2011 Posts: 400 Likes: 455 Liked 190 Times in 113 Posts Mentioned: 19 Post(s) Tagged: 0 Thread(s)	The first exploit I explained in Step I which I called the "meta exploit" is used to trick metldr into decrypting the self metadata in the shared Local Store (which can be accessed from the ppu as it's not isolated) This exploit works on the bootloader (provided that you can read the shared local store at boot time) The second exploit explained in step 2 (and used in the leaked files) which I called the "donut exploit" relies on wrapping around the memory to trick metldr into loading a self section onto its own code (and gain code execution), this exploit only works on metldr and doesn't work on metldr.2 because it relies on signing a loader. There is yet another ldr exploit that works on metldr (and metldr.2) and allows to gain code execution but it relies on an hardware implementation flaw and cannot easily be found, because it's not a software exploit (even though it can entirely be triggered by software so long as you at least have code running on the ppu with lv2 privileges) Mathieulh in ps3crunch

11-13-2011	#436
Natedogg20050 Member Join Date: Sep 2010 Posts: 33 Likes: 3 Liked 4 Times in 3 Posts Mentioned: 1 Post(s) Tagged: 0 Thread(s)	first tell me why the hell adrianc is back here ? then why does maths exploit dosent help us at all ?

11-14-2011	#437
Rehv Apprentice Join Date: Nov 2011 Posts: 2 Likes: 0 Liked 0 Times in 0 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	Just don't get over the guy. If I knew something and couldn't release due to lawsuits I'd just tell someone leaked my work and talk about it. The problem here is you ppl that DON'T understand this and keep calling him drama-queen or something like that. For now, I'm just pissed I got a PS3 as a "surprise" gift and can't put it to CFW 3.55 because it came with OFW 3.66. I can only dual boot now, and I'm not sure I wanna mess with solder and stuff.

11-14-2011	#439
noddy4life Member Join Date: Mar 2009 Posts: 74 Likes: 8 Liked 10 Times in 5 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	I asked PS3 hax in an email the same thing but no reply about adrianc only because I donated

11-14-2011	#440
baileyscream Senior Member Join Date: Feb 2011 Posts: 1,487 Likes: 531 Liked 1,010 Times in 506 Posts Mentioned: 486 Post(s) Tagged: 0 Thread(s)	think i derail a thread?? i think adrianc is doing just that but as you love dev's (and i say that about this 13 year old lightly) then you wont see him as being in the wrong even if he is contradicting your best bud math! lool your funny sometimes!

User Name		Remember Me?
Password