[kian2002]

well the ps3 will decrypt it or it would not install so maybe we can patch the install proses.

so that the info copys to say a usb stick instead of nor
************* [ - Post Merged - ] *************
has anyone tried to dump the nor during the update proses maybe after the first part where it decrypts then checks the info on the pup
************* [ - Post Merged - ] *************
why do we always have kill good threads ideas ect this what a forum should be all about

[xflarex]

no one is trying to kill the thread, it's just that the idea wouldn't work. nobody is flaming anybody, nor are they being rude or stifling. our scene needs people to show interest in such a way, and Munky is quite capable of submitting another idea to the public that will be enhanced by his new found understanding. His next one or the one after that may simply be brilliant.

"If I find 10,000 ways something won't work, I haven't failed. I am not discouraged, because every wrong attempt discarded is another step forward". - Thomas Alva Edison

[enosrasun]

maybe an memory dump ,because in the memory the pup is decrypted and checked,if you try to dump the nor in the moment is making the update you can corrupt the nor

and it won't work to replace lv0 look here

[kian2002]

ye but when you dump the nor you get the bootldr so you can re flash no problem that is just what you can do in software
************* [ - Post Merged - ] *************
where does the ps3 put the update to decrypt it does not seem to be any info on this

[PsDev]

Originally Posted by munky875821417 Everyone wants keys fro LV0. Are keys necessary?? Why not just load an LV0 from a newer FW with an old firmware and keep your same kernel and lv1 from 355. ***Concept Only*** 1. Discore core_os package (3.56+) 2. Locate lv0 3. Copy lv0 to a discored (3.55) 4. Encrypt discored (3.55) in a pkg *make sure to keep 3.55 lv2 kernel and lv1 self* 5. Make a PUP from the *3.55* core_os pkg with lv0(3.56+) 6. Install PUP. This is just concept. ***BRICK RISK**** The idea is that lv0 will get ran by the bootldr. The bootldr will then run the lv0 with the encapsulated loaders. I know there is a lot more to this but hey. Why not toy around. If anyone has a flasher and wants to try it. Let me know how it goes.

There is a flaw, the loaders are passed over too the metldr. in 3.55 they are not encapsulated so the ps3 is not expecting it. You can't just encapsulate them and try to install if out telling ps3 any other way. it;s still looking in core_os for them not the lv0 in the FW version

[oPolo]

Originally Posted by enosrasun maybe an memory dump ,because in the memory the pup is decrypted and checked,if you try to dump the nor in the moment is making the update you can corrupt the nor and it won't work to replace lv0 look here

I have been considering that myself. The keys are(atleast at some point) unencrypted in the RAM. However, you will need someone skilled with hardware hacking. I believe most hackers/devs in the ps3 scene is skilled with software hacking aspects Besides... You will need to know at what time they are loaded into the ram... and we are speaking nanoseconds here

I thought.. without much knowledge whatsoever of the cell architecture(and without time to understand it Bachelorproject in software development atm :/) that, if you could send a lower clockhertz to the processor on its clockpin, slowing it down, and dump the RAM for perhaps.. the first miliseconds, then you would get a quite finite amount of data that could be the key.. OK, I guess slowing the clock would not be necessary, however, I believe it would make the process easier...

Now even if that would work, however, it's just... the hardwaretools cost $_$, and there is a potential brick chance, and nothing of that can be afforded while on state education grant

[PsDev]

Originally Posted by oPolo I have been considering that myself. The keys are(atleast at some point) unencrypted in the RAM. However, you will need someone skilled with hardware hacking. I believe most hackers/devs in the ps3 scene is skilled with software hacking aspects Besides... You will need to know at what time they are loaded into the ram... and we are speaking nanoseconds here I thought.. without much knowledge whatsoever of the cell architecture(and without time to understand it Bachelorproject in software development atm :/) that, if you could send a lower clockhertz to the processor on its clockpin, slowing it down, and dump the RAM for perhaps.. the first miliseconds, then you would get a quite finite amount of data that could be the key.. OK, I guess slowing the clock would not be necessary, however, I believe it would make the process easier... Now even if that would work, however, it's just... the hardwaretools cost $_$, and there is a potential brick chance, and nothing of that can be afforded while on state education grant

My exploit

[enosrasun]

Originally Posted by kian2002 ye but when you dump the nor you get the bootldr so you can re flash no problem that is just what you can do in software ************* [ - Post Merged - ] ************* where does the ps3 put the update to decrypt it does not seem to be any info on this

if we have acces to the part bingo fully decrypted pup and lv0
and we hit the jackpot

and if this can be done,you can crack any firmware

how ps3 is able to execute the pup update ,if is on 3.55?????

3.55 is hackable and you can get an dump from it (graf method)

and now the big question .....where is the decypted pup(I think ps3 decrypted by per console key) located when is checked ???

[munky875821417]

ddddddddd dd
************* [ - Post Merged - ] *************

Originally Posted by enosrasun if we have acces to the part bingo fully decrypted pup and lv0 and we hit the jackpot and if this can be done,you can crack any firmware how ps3 is able to execute the pup update ,if is on 3.55????? 3.55 is hackable and you can get an dump from it (graf method) and now the big question .....where is the decypted pup(I think ps3 decrypted by per console key) located when is checked ???

anyone can pull apart a pup
************* [ - Post Merged - ] *************

Originally Posted by PsDev There is a flaw, the loaders are passed over too the metldr. in 3.55 they are not encapsulated so the ps3 is not expecting it. You can't just encapsulate them and try to install if out telling ps3 any other way. it;s still looking in core_os for them not the lv0 in the FW version

What about putting lv2-kernel.self and lv1.self from 3.55 inside the 4.xx core_os package. we could probably have peek and poke access

[enosrasun]

Originally Posted by munky875821417 ddddddddd dd ************* [ - Post Merged - ] ************* anyone can pull apart a pup ************* [ - Post Merged - ] ************* What about putting lv2-kernel.self and lv1.self from 3.55 inside the 4.xx core_os package. we could probably have peek and poke access

yes you can pull apart the pup but YOU CAN"T DECRYPT THE FILES FROM THE PUP
so we are talking to let ps3 decrypt the pup for us and then get the dump with decrypted pup ,and you have the keys from lv0

and you CAN'T TAKE THE lv2-kernel .self from another firmware (try to put an truck engine to a small car,see if will fit)
see here the boot order has change
http://www.ps3devwiki.com/wiki/Boot_Order