[No_0ne]

Its almost like the dongles contain the keys to 3.6+ ...they decrypt eboot- rencrypt with 3.55 key....plus w.e drm bs TB adds.

And everyone thought @enosrasun was a fool.

Now if we can just figure out how TB decrypts the 3.6+ eboots we may just be in luck. Hopefully its as easy as 3.6+ keys sitting on the dongle :P

The more realistic scenario is that they decrypt the 3.6+ eboots externally to the dongle (hence why the are always releasing eboots all the time). Then encrypt with their drm keys. If we can crack their dongle at the very least we can get the eboots signed via 3.55 key that have been released thus far by TB

Short term fix.... long term would actually be getting 4.11 keys, so we can actually sign our own and have homebrew again

[zadow28]

Im also looking into the dongle, but i have to see what it does with the cfw also.How they communicate., els we crack the dongle they just change key and cfw. We have to cover all parts.

I have seen indications of master keys not just 3.6+ many have talked about it before.

But have seen alot of it mention digging into dongle stuff.
Off cause i cant find or prove it 100%
.but it says on the first post master key.And it also tell me thats why trueblue are still here after alot of OFW updates from sony

[capostef]

you ,gumbie and gravox ==== Freedom

[No_0ne]

Originally Posted by zadow28 Im also looking into the dongle, but i have to see what it does with the cfw also.How they communicate., els we crack the dongle they just change key and cfw. We have to cover all parts. I have seen indications of master keys not just 3.6+ many have talked about it before. But have seen alot of it mention digging into dongle stuff. Off cause i cant find or prove it 100% .but it says on the first post master key.And it also tell me thats why trueblue are still here after alot of OFW updates from sony

Exactly. If they have private keys from say 3.6+ (3.7,4.11,etc) then there is nothing Sony can do! There have been various methods discussed on how to get thoes keys using hardware. So realistically thats the only thing that would make sense. Otherwise like you have said, their method/exploit would have been blocked.

Now what this means is, what keys are actually on the dongle? I would guess they would be as dumb as leaving say 4.11 private/master key on the dongle. If this is the case then there would be no real need to release eboots regularly. You could have the dongle take care or decrypting with 3.6+ key and re-encrypting with 3.55 keys.

Its most likely the case that they decrypt the 3.6+ eboots on a computer. then encrypt them with there TB encrypt keys(possible the "master key" from your dumb). This is essentially the drm, so if we were able to get the actual keys from the dongle, we could decrypt the eboots, and sign them with 3.5 keys so they would work with current cfw.

The problem with that is that they can update the TB and the keys would have to be retrieved again. So we really would still need 3.6+ keys themselves. At that point we can have our new cfw(in which case the eboots would really matter)

[japsander]

if they had 3.6+ keys then the eboots wouldnt need patching. they would be the same as retail eboots thats correct.

dont forget there is a master dongle key which the one you found reference to could be

[No_0ne]

Originally Posted by japsander if they had 3.6+ keys then the eboots wouldnt need patching. they would be the same as retail eboots

Correct but the cfw is 3.55 based. Hence why they would have to be decrypted then signed via the proper key.

The only other explanation would be that they found a way to create eboots from scratch/reverse engineered eboots.

And I think its fair to say that getting debug eboots has been ruled out a while ago

[zadow28]

Originally Posted by No_0ne Correct but the cfw is 3.55 based. Hence why they would have to be decrypted then signed via the proper key. The only other explanation would be that they found a way to create eboots from scratch/reverse engineered eboots. And I think its fair to say that getting debug eboots has been ruled out a while ago

well we will found out that soon.

by the way its not that hard to find debug eboots, if i can, so can they.

and no i would not say how. but lets gues there are pasties out there that tell.

anyway the debugging of the cfw clearly indicates tampering with the lv1 so its not just pure 3.55 ill will look at the rest and post more findings.we are getting closer.
trueblue knows these, and try scre tactics.

regards

[japsander]

i wouldnt say "ruled out" lol.

dont forget its hard to know who to trust in these times.
we have been misdirected and trolled by "respectable" people before.

there is no way they created eboots from scratch, not without the source code for the game at least

now my guess is that as we have heard chatter about a special TB debug fw is that they have a fw (like rebug) and gained access to dev network again.
again, this was "ruled out" but again, who do you trust?

we as a scene put faith in that french troll for a long time and he turned out to be more harmful than good

there was always the PNM project which was supposed to enable new things but vanished right before TB rose its but ugly head.

it seems to me though that sadly too many people coincidentally stopped work when tb was released and vanished / changed stance etc

Originally Posted by zadow28 by the way its not that hard to find debug eboots, if i can, so can they. and no i would not say how. but lets gues there are pasties out there that tell.

you do realize that if it were true that information alone would put an end to the dongles as they would instantly be obsolete.
if it was true and you held the info back then you would be no better than any of the corrupted who play god with the scene

[zadow28]

well that is stealing and i dont do that, still and its not that hard to find unsecured section of the debug eboot .

and Huufff upload an shell

dont really fall into there level.

but thats just me.

[No_0ne]

The more and more I look at @zadow28 's dumps the more its revealing. There are a lot of references to dongle key. And one mention of a masterKey field. I think its simply the dongles master key.

Now to confirm this, we need to gain access to the so called "masterkey". From here we can attempt to decrypt a eboot released from TB, and see what happens. If we are successful in doing so, then we at least know what key (3.55 or 3.6+) was used to sign it.

If there is something more complex going on (they have 3.6+ private keys) then perhaps we would have to dig further into the dongle