[tjhooker73]

Originally Posted by ryant001 Math did say that the bootldr suffered from fails similar to the metldr and we know that some devs already have a working exploit and managed to get the keys so i wouldn't completely dismiss this "well tested theory" as fake for now. Maybe some good guy finally decided to share the exploit with us?

Or maybe some kind Anon Decided to Leak us some newish Information

[ryant001]

Originally Posted by itskamel Random Pastie saves the scene.

New frontpage headline: "Random pastie saves the scene, anon did what devs couldn't."
But seriously,someone should take a closer look at that metadata exploit, i would do it myself, too bad i don't have a flasher with dual nor setup.

[Elegant]

That's the problem with half these theories, they're good and yet no one has the tools to test them. I'm quite surprised the people who know/come up with these theories aren't able to test them themselves. No offense.

[ryant001]

Originally Posted by Elegant That's the problem with half these theories, they're good and yet no one has the tools to test them. I'm quite surprised the people who know/come up with these theories aren't able to test them themselves. No offense.

We don't know who tested it(if anyone) but the problem is that if this is real we would have to do it ourselves anyway since i'm pretty sure that the bootldr keys are unique to each console.

[Elegant]

Originally Posted by ryant001 We don't know who tested it(if anyone) but the problem is that if this is real we would have to do it ourselves anyway since i'm pretty sure that the bootldr keys are unique to each console.

There is work involved still but it does give us lv0. You'd need to reverse engineer the bootldr which may or may not be that bad. It knows how to decrypt lv0. Note: From what I gather this does not provide us the bootldr key. Just a decrypted bootldr.

So while it may be true that your bootldr key is console specific, we're really trying to get at a decrypted bootldr to know how it ticks. Once you have that down. There is nothing you can't do on the system in terms of decryption.

[cfwprpht]

You missunderstood. The goal of that is to get a decrypted bootloader which will store decryptet static lv0 key.

This means you then would be able to also decrypt lv0 of 4.21/4.25 FW and get next key for eg. appldr.

Appldr then store the app keys which you will need to decrypt any SELF/SPRX/EBOOT.

If you have the static lv0 keys you don't need any bootloader, metldr or what ever for exploit.

[ryant001]

Originally Posted by cfwprpht You missunderstood. The goal of that is to get a decrypted bootloader which will store decryptet static lv0 key. This means you then would be able to also decrypt lv0 of 4.21/4.25 FW and get next key for eg. appldr. Appldr then store the app keys which you will need to decrypt any SELF/SPRX/EBOOT. If you have the static lv0 keys you don't need any bootloader, metldr or what ever for exploit.

This will allow the keys to bootldr these keys cannot be changed with any update.

From reading that part i assumed that we would get the keys too but it's not a big deal since the result is the same(decrypted bootldr).

[cfwprpht]

And what want you to do with a decrypted bootloader with out being able to resing ?

So i mean to get new keys is a bigger deal then to have a decrypted bootloader which we can't use in any form of.
************* [ - Post Merged - ] *************
Don't missunderstood. I haven't meant you with the last post you answered.

[peshellas]

if i remember correctly someone leaked(maybe released bu math himself) maths lv0 exploit of some sort long ago but it was only part of the method.could be VERY WRONG though, it could be a metldr exploit or not of use at all i dont remember 100%.but if that was part of this method(cause i think i remember something about replacing lv0 with a custom one or something like that sorry i can remember correctly,plus there was something about the dual nand i think) then it would be of great help i think to those with the dual nand flashers(and there are some that could do it apart from those that have it), i just hope those with the tools wont use it for buisness.

[ryant001]

Originally Posted by peshellas if i remember correctly someone leaked(maybe released bu math himself) maths lv0 exploit of some sort long ago but it was only part of the method.could be VERY WRONG though, it could be a metldr exploit or not of use at all i dont remember 100%.but if that was part of this method(cause i think i remember something about replacing lv0 with a custom one or something like that sorry i can remember correctly,plus there was something about the dual nand i think) then it would be of great help i think to those with the dual nand flashers(and there are some that could do it apart from those that have it), i just hope those with the tools wont use it for buisness.

I think you are talking about math's metldr exploit
http://www.ps3devwiki.com/wiki/Dumping_Metldr

Here's a REALLY interesting quote about the (possible) metadata exploit:

The question is, do you really need keys to get a decrypted signature ? Well the real answer is no, thanks to a nifty fail that sony left in in metldr (and the bootloader), you can have the ldr to decrypt the metadata for you, isn't that neat ?