[JustThatDude]

Originally Posted by DEFAULTDNB Without a vulnerability NOP slide is useless afaik. I once spoke to comex about SSBB expliot on wii and he explained nop slide to me. You need to find a vuln that you can padd out and exploit. I dont think hypervisor will allow this to happen. Kind of like how the tiff header exploits of psp fame used to work. Sony learned from this.

Also maybe that vunability could be used with a flasher to inject the eboot

[tjhooker73]

The flasher cannot inject eboots, also It couldn't work on newer PS3s AKA 3xxx models, due to the new architecture and such.So not practical.

[JustThatDude]

Originally Posted by tjhooker73 The flasher cannot inject eboots, also It couldn't work on newer PS3s AKA 3xxx models, due to the new architecture and such.So not practical.

Okay but if we did find a way to inject a eboot then we would be able to have that hombrew on our system without having to inject the homebrew eboot everytime because the keys would then be signed to the app(if i'm right. once again just trowing out idea's) so if it worked that way we then could extract the signed homebrew with the newest keys verry easily and have signed homebrew for all.

[playerkp420]

[JustThatDude]

Originally Posted by playerkp420

Lol reverse that **** I know how to have a real good time with smoking some weed which is like 10x a day *braggin*

[sbmotoracer]

Something like this will not work.

The ps3's executable files are all encrypted with the same key you are looking to find. You can't change something that is fully encrypted...

[DEFAULTDNB]

You say that but there is obviously a method for tb and e3 to crack and resign 3.56+ eboots without having any keys whatsoever....

I'm sure math said something ages ago about a eboot header fail.

[tjhooker73]

Originally Posted by DEFAULTDNB You say that but there is obviously a method for tb and e3 to crack and resign 3.56+ eboots without having any keys whatsoever.... I'm sure math said something ages ago about a eboot header fail.

They can easily Get the keys, Anyone can. All you need is money, Time, Knowledge, and Expensive hardware. Which is what they have a lot of, Obviously.

[JustThatDude]

Originally Posted by DEFAULTDNB You say that but there is obviously a method for tb and e3 to crack and resign 3.56+ eboots without having any keys whatsoever.... I'm sure math said something ages ago about a eboot header fail.

Yeah well I would like someone experienced to look into NOP Slide

[DEFAULTDNB]

Originally Posted by JustThatDude Yeah well I would like someone experienced to look into NOP Slide

I think its simpler than this.

We have PC based tools to unself/lordself, we just need the TB/E3/anonymous chinese hacker method.

I would put my money on it being PC based tool that implements the fail on an eboot and cracks em wide open, and not PS3 based, so no need for NOP or finding an exploit with which to even initiate the NOP.

TBH I think on PS3-wise: the POC ram dump method could yield more than we think, I wonder how CFWProphet is coming along with that?

Project: POC of PS3 RAM Dump and Decrypting 3.6+ Games It was a long run to get the right peoples involved and set up a new team but finally it's up and we already do some nice progress. This time i want to share a litle POC of a RAM dump of the PS3. At this stage i don't want to say too much but we haven't used any hardware or software modifications and also already have done a dump on OFW 3.74. I used BlackBox a small app for the start to get a better understanding and to prove that i'm right. The attached files are from a 3.55 dump and i also have included some parts of my write down. Especially the offset and bytes of the diff between the orig and the dumped elf. I'll need to work more on the project to find a way to also dump and decrypt 3.6+ EBOOT's but it's only a matter of time.