[DjKlown]

Since I'm away.... Let me gwt this str8. Those aren't sonys. Those are tb. And if I'm not mistaken. Only way to change those is if u have lvl0 or bootloader access... And ill stop there til someone confirms that....
************* [ - Post Merged - ] *************
Nm just some troll **** from my limited resources at the moment... It's 4.11 stuff and not tb...

[mcmrc1]

Originally Posted by CrashSerious We looked at it briefly, and moved to Cobra because everything would be applicable to TB. And, also Cobra has at least some use other than warez. (No flames with "but I buy my games, please. I won't respond to them, we all know the major use of TB is piracy and it's ONLY feature is 3.55+ games.) someone could test the keys by (mostly) plugging them into key 3.55 files in their .ps3 directory and making unself fix the corrupted sections of the self.

ok i remember it was the cobra and not the tb you where working on and the idea with the key files was in my head too in an other thread i wrote that too but i don´t know how to make these files i opend the old 3.55 key files with notepad and i thought i can just change the keys somehow but there was just hieroglyphs letters

iam no dev or so it was just an idea it would be nice if a dev would explain how o make those key files or maybe make a program to test such leaked keys so we can respnse and check faster it is fake or not

and thx for your answer...

[svenmullet]

Just C+P them into a hex editor and save.

[edit] here, let me do that for you. Not sure what to rename them before you drop them in your keys folder, but here you go.

Attachment 1234

[defyboy]

Great work Octopus, it is good to see someone making genuine progress rather than deliberately trolling.

Originally Posted by nookupeous Code: 1- Key: A7 0B 81 5A 47 AC 66 F9 7A A6 E7 CA 80 5B 22 19 08 C7 B3 5E 2A 8C F5 A7 23 78 1A 0E D0 84 11 F5 2- Key: A7 0B 81 5A 47 AC 66 F9 7A A6 E7 CA 80 5B 22 19 08 C7 B3 5E 2A 8C F5 A7 23 78 1A 0E F5 D0 84 11. unknown00: C8 DB 12 00 03 00 00 00 34 93 8A BF 44 08 DD 00 80 7F 15 00 04 93 8A BD BF 18 25 00 00 00 00 00 Key: A7 0B 81 5A 47 AC 66 F9 7A A6 E7 CA 80 5B 22 19 08 C7 B3 5E 2A 8C F5 A7 23 78 1A 0E F5 D0 84 11 ivec: 5B E0 07 73 26 5E FD 18 FE AF A4 DA 88 2B F0 DF BC EA 0C 00 32 5B A2 AE EE 6B EE 8E BF 69 BF B9 Final Key 4.11: A7 0B 81 5A 47 AC 66 F9 7A A6 E7 CA 80 5B 22 19 08 C7 B3 5E 2A 8C F5 A7 23 78 1A 0E D0 84 11 F5 According to console crunch Icy and zadow28 have released they true blue eboot keys. Someone with the knowledge to encrypt/decrypt an eboot should test.

I bet those keys came from this book

[Deadman19]

I bet we wouldn't find out until someone will test them... Actions before words, guys.

[landon]

& the drama continue !

[DEFAULTDNB]

When Rebug made LV2 Loader what did they have in-mind to use it for?

[Octopus]

Hello @CrashSerious , @defyboy
Thanks for good words!

Originally Posted by CrashSerious We looked at it briefly, and moved to Cobra because everything would be applicable to TB. And, also Cobra has at least some use other than warez. (No flames with "but I buy my games, please. I won't respond to them, we all know the major use of TB is piracy and it's ONLY feature is 3.55+ games.) someone could test the keys by (mostly) plugging them into key 3.55 files in their .ps3 directory and making unself fix the corrupted sections of the self.

If you have some free space in team I will be glad to help.

I heard some conspiracy theory about Cobra Team had made TB, but I am not sure in it. I dont have a look at Cobra payload, but I reversed TB updater and take a look at Cobra updater. If it made by the same people strange why code so different.

Originally Posted by landon Yes cause that dongle had the auto-destruction function ! it looks to be really impossible to crack those JailBreak 2 dongles !! it's a lost war guys ...

Its easy to avoid all checks

Originally Posted by svenmullet You forgot to post the "0x10 from 800000000035E104" part. Please do so

At adress 800000000035E100 you can see something what Graf_Chokolo called kthread. Im not 100% sure it gets overwritten or not, but I know what can be there, also I know some part of decrypted code, algo is TEA (64 rounds = 32 cycles), so I can made dictionary and bruteforce it.
Not really interested in it because with dongle its in few dozen easer.

Coming back to TB Updater, you can grab there section numbers and offsets.
For example in 2.4 update: 0 - 0x0; A - 0x21F00; C - 0x32F00; E - 0x47700; 10 - 0x58700; 6 - 0x6CF00; 0xF00 and 0x11F00 not written.

Dont set addresses in others updates, just copypast

2.1: 0.
2.2: 0, 4, 2, C, A, 6. 0xF00 0x11F00 0x21F00 0x32F00 0x44F00
2.3: 0, 4, 2, C, A, 6. 0xF00 0x11F00 0x21F00 0x32F00 0x45700
2.5: 10, E, 6. 0x12000 0x2D800

[Pockets69]

Originally Posted by Octopus Hello @CrashSerious , @defyboy Thanks for good words! If you have some free space in team I will be glad to help. I heard some conspiracy theory about Cobra Team had made TB, but I am not sure in it. I dont have a look at Cobra payload, but I reversed TB updater and take a look at Cobra updater. If it made by the same people strange why code so different. Its easy to avoid all checks At adress 800000000035E100 you can see something what Graf_Chokolo called kthread. Im not 100% sure it gets overwritten or not, but I know what can be there, also I know some part of decrypted code, algo is TEA (64 rounds = 32 cycles), so I can made dictionary and bruteforce it. Not really interested in it because with dongle its in few dozen easer. Coming back to TB Updater, you can grab there section numbers and offsets. For example in 2.4 update: 0 - 0x0; A - 0x21F00; C - 0x32F00; E - 0x47700; 10 - 0x58700; 6 - 0x6CF00; 0xF00 and 0x11F00 not written. Dont set addresses in others updates, just copypast 2.1: 0. 2.2: 0, 4, 2, C, A, 6. 0xF00 0x11F00 0x21F00 0x32F00 0x44F00 2.3: 0, 4, 2, C, A, 6. 0xF00 0x11F00 0x21F00 0x32F00 0x45700 2.5: 10, E, 6. 0x12000 0x2D800

a bruteforce on it? really? 64 rounds? but even being a dictionary attack if the word is not present you cant guess it, unless of course you have and idea about what to put in the dictionary.

none the less great work octopus.

[Octopus]

Originally Posted by Pockets69 a bruteforce on it? really? 64 rounds? but even being a dictionary attack if the word is not present you cant guess it, unless of course you have and idea about what to put in the dictionary. none the less great work octopus.

Yeah, thats what I meant. If you look at this adress you will understand there are not alot of values what can be there. Unless dongle write something directly to there, not sure about it.