[монтре]

Originally Posted by VIRGIN KLM Yep it's been proven that this is the story. OVER AND OVER, AGAIN AND AGAIN!

Lol. I've never heard the story, but, a mere observation. I see I'm not the only who thinks this then. Thanks for the confirmation.

But as far as the PS3, Zaf posted a PS3 dump. (http://www.ps3hax.net/showthread.php?t=32837).( As I stated before, I don't know much about console modifying, so give me leniency . . ) Let's say theoretically speaking, this would be the dump necessary to decrypt and find the exploit ? I'm assuming this is a dump of the PS3's recovery ( I may be wrong ). Somewhere in there, is bound to be some kind of exploit, no ?

[VIRGIN KLM]

Originally Posted by монтре Lol. I've never heard the story, but, a mere observation. I see I'm not the only who thinks this then. Thanks for the confirmation. But as far as the PS3, Zaf posted a PS3 dump. (http://www.ps3hax.net/showthread.php?t=32837).( As I stated before, I don't know much about console modifying, so give me leniency . . ) Let's say theoretically speaking, this would be the dump necessary to decrypt and find the exploit ? I'm assuming this is a dump of the PS3's recovery ( I may be wrong ). Somewhere in there, is bound to be some kind of exploit, no ?

It's not like you can glitch your NOR/NAND to do a simmilar hack like XBOX360's reset hack if you're thinking something like this. PS3's Hypervisor may suck but in practice the only thing that is good at is preventing you from doing this, it would break the chain of trust of the PS3 rendering your data corrupt. It's so bad this fact that you can't even modify values on your RAM (to do simmilar hacks to what Action Replay cheats used to do on PS2). Any modification inside this cyrcle corrupts the chain of trust of PS3, which sucks I know.

[монтре]

Originally Posted by VIRGIN KLM It's not like you can glitch your NOR/NAND to do a simmilar hack like XBOX360's reset hack if you're thinking something like this. PS3's Hypervisor may suck but in practice the only thing that is good at is preventing you from doing this, it would break the chain of trust of the PS3 rendering your data corrupt. It's so bad this fact that you can't even modify values on your RAM (to do simmilar hacks to what Action Replay cheats used to do on PS2). Any modification inside this cyrcle corrupts the chain of trust of PS3, which sucks I know.

Yes, that really sucks.! There must be an alternative though.
Chain of Trust . . . Does it apply only to the NOR/NAND ?
Or is this a method used throughout the entire file system ?

[VIRGIN KLM]

Originally Posted by монтре Yes, that really sucks.! There must be an alternative though. Chain of Trust . . . Does it apply only to the NOR/NAND ? Or is this a method used throughout the entire file system ?

http://www.ps3devwiki.com/index.php?title=Boot_Order
You will find all info you need there too.

[монтре]

Originally Posted by VIRGIN KLM http://www.ps3devwiki.com/index.php?title=Boot_Order You will find all info you need there too.

Wait, so why isn't it possible to just dump the PS3 at x boot stage ?

Code:

+ bootldr decrypts lv0 which runs on PPU -> loaders INIT

-For instance

[VIRGIN KLM]

Originally Posted by монтре Wait, so why isn't it possible to just dump the PS3 at x boot stage ? Code: + bootldr decrypts lv0 which runs on PPU -> loaders INIT -For instance

That's the 3.60+ diagram, note that the dump that you will do will be already encrypted, so there's no point in doing so. You need to force your PS3 decrypt itself, inside the process of bootup which is not easily done without breaking the chain of trust plus you need to decrypt the bootldr at first which is not decrypted as of today.

[afiser13]

Originally Posted by монтре But signing with 3.55 keys, wouldn't 4.0 know the keys were expired.? If not, then wouldn't it already be possible to at least 'patch-in' material? ( Even if it isn't signed, and won't run, will it at least be recognized? ) And I beg to differ on the debugging not helping. If one were able to debug, he/she would basically know the inns and outs of the PS3's core functions . . . For instance, knowing what's going on while it's actually IN the process of flashing. FL321: Gamecast was pretty damn awesomeeeeee ! Especially Mortal Kombat!

i would assume some patching to 4.00 would be needed in order for us to sign it with 3.55 keys, im not sure about specifics, but i know it will be the way we run newer firmwares whenever we hopefully break into lv0

no we cannot "patch-in" 4.00 encrypted files into 3.55. 3.55 would not have the proper keys to decrypt what the 4.00 files and would therefore not load it.

the only debugging that has a chance of possibly being leaked is the debug tools sony gives to developers to develop games, games which only run in lv2 or lower on the chain of trust. so if anything, we would only get a lv2 exploit if any debugging stuff were to appear. not only that though, we would need to use a TEST ps3 or a converted TEST retail ps3 to do this debugging, both of which are either expensive or not publically known.

the stuff sony used to debug firmwares and flash firmwares and stuff will never be leaked, sony did that in house and we literally have no chance of getting to it. about as much of a chance of sony's entire firmware source code being leaked.

[Reaper87]

These development kits must be guarded pretty heavily... seems like everything is eventually leaked lol.

[монтре]

Originally Posted by Reaper87 These development kits must be guarded pretty heavily... seems like everything is eventually leaked lol.

Because companies fail to realize that no sworn admission is going to guarantee the safety of the company. On the other hand, could we not just hang the system (via some kind of bug that we would have to find) after lv0 has been decrypted, and dumped before re-encrypted ?

[Reaper87]

Originally Posted by VIRGIN KLM You would need that: Practically and theoritically, if somebody has this model Sony is in huge trouble since you can flash freelly the Southbridge and monitor everything happening on the chain of trust of the PS3 at any firmware, whilst, instant CFW to any firmware and this is equally impossible for Sony to patch as if we could have lv0 and bootldr access to our retail PS3s. The day that you would do that I bet Sony would start of again with the crazy lawsuits, this time involving official Sony developers aswell. YES I AM 1000% SURE WHAT I'M TALKING ABOUT, THIS IS AN ALTERNATE WAY TO GET 3.60+CFW

Originally Posted by монтре Because companies fail to realize that no sworn admission is going to guarantee the safety of the company. On the other hand, could we not just hang the system (via some kind of bug that we would have to find) after lv0 has been decrypted, and dumped before re-encrypted ?

Yes too true. There is always someone out there that has the means and motive to stick it to a company and release an exploit and or use a kit like this.