[master737373]

Originally Posted by cfwprpht I stop talking to you cause you dono want to understand. Syscon can not be encrypt with any PCK. Regardless which derivation it is. Oh and by the way, yea sure i don't knowed that there are more then one PCK derivation's. Thank you for teaching me and all others how dump we are being not able to get a derivated PCK out of the update process. ^^ Yea and there for the console can use a derivated PCK in update mode there for sony also can update bootloader and metloader when ever they want. ^^ Seriously?? We are all so dump. Sony use a derivated key to encrypt the syscon douring update but they are not able to encrypt the bootldr and metldr with a derivated key.

Again, barely able to understand a word you're saying. But you don't understand. They can't update bootldr and metldr because the key to encrypt it is on the Cell. They don't have access to the Cell. The only way they can change bootldr is by changing the key, and the only way to change that is by changing the Cell itself.

Seriously, use your brain. I don't want to "learn" from you because you don't know what you're talking about. I know about bootldr and the per console keys. Sony can't change metldr or bootldr. If they did, do you seriously think they wouldn't sued Geohot? All they can do is change how the boot process is handles once lv0 is loaded. That's why they don't care if any other keys are missing. They only care about metldr and bootldr. Want to know why they went after graf so badly? Because what he was working on could've lead to bootldr. I looked at his work, I reversed hypervisor and supervisor just like him and looked at the loaders to learn how to get bootldr. That's one of the main reasons why I know bootldr and metldr aren't changeable. So please, stop trying to sound smart and like you know what you're talking about.

Syscon itself is encrypted per console. NOT WITH A PCK DERIVATIVE. It's encrypted with its OWN key. And that key is different per console. If you truly believe that Sony can update bootldr and metldr, then you need really need to learn the boot process and what each loader can do. The update process is run by, guess what? Hpervisor and supervisor and NEITHER of them have access to bootldr or metldr. Hypervisor has access to syscon though, but ONLY limited access. Also, hypervisor is loaded AFTER metldr is loaded. The hypervisor has NO functions that communicate with metldr or bootldr.

When you learn your stuff, then come back to me.

[JustThatDude]

Originally Posted by master737373 Again, barely able to understand a word you're saying. But you don't understand. They can't update bootldr and metldr because the key to encrypt it is on the Cell. They don't have access to the Cell. The only way they can change bootldr is by changing the key, and the only way to change that is by changing the Cell itself. Seriously, use your brain. I don't want to "learn" from you because you don't know what you're talking about. I know about bootldr and the per console keys. Sony can't change metldr or bootldr. If they did, do you seriously think they wouldn't sued Geohot? All they can do is change how the boot process is handles once lv0 is loaded. That's why they don't care if any other keys are missing. They only care about metldr and bootldr. Want to know why they went after graf so badly? Because what he was working on could've lead to bootldr. I looked at his work, I reversed hypervisor and supervisor just like him and looked at the loaders to learn how to get bootldr. That's one of the main reasons why I know bootldr and metldr aren't changeable. So please, stop trying to sound smart and like you know what you're talking about. Syscon itself is encrypted per console. NOT WITH A PCK DERIVATIVE. It's encrypted with its OWN key. And that key is different per console. If you truly believe that Sony can update bootldr and metldr, then you need really need to learn the boot process and what each loader can do. The update process is run by, guess what? Hpervisor and supervisor and NEITHER of them have access to bootldr or metldr. Hypervisor has access to syscon though, but ONLY limited access. Also, hypervisor is loaded AFTER metldr is loaded. The hypervisor has NO functions that communicate with metldr or bootldr. When you learn your stuff, then come back to me.

Damm thats the best thing I have ever read on the site :blunt:

[cfwprpht]

Dude you soo blinded by your self that you really thought i meant that by word.

However the last post was about to joke on you cause you really think im a noob and know nothing. And the fact that you take my last post serious is proof enough for other's how blind you are.

Anyway i know how they dumped the bootldr. And guess what? There is no LV0 static key in bootloader you fool.

But anyway belive your own **** that syscon is encrypted per console (cause that wouldn't breack the chains of trust) also bootldr have lv0 static keys and all that noob stuff you belive.

Just a hint, if the lv0 keys are in bootldr why then they used a extracted part of code FROM bootldr to get back ConfigRing and with that the static lv0 keys ?

You think i talk BS? Well look at this:
http://www.ps3devwiki.com/wiki/Talk:...d_SPU_Channels

If your able to read then read what that pice of code do
************* [ - Post Merged - ] *************

Originally Posted by master737373 Syscon itself is encrypted per console. NOT WITH A PCK DERIVATIVE.

Mate really your such a fool my whole channel is loughing about you ^^

Per Console Encryption means that something is encrypted with a per console key to only make it run on this console.

But anyway other's are allready to scold with me cause i trie to teach a fool that don't listen. Well need to go back to work and don't bother with such useless guys like you. ^^

[master737373]

Originally Posted by cfwprpht Dude you soo blinded by your self that you really thought i meant that by word. However the last post was about to joke on you cause you really think im a noob and know nothing. And the fact that you take my last post serious is proof enough for other's how blind you are. Anyway i know how they dumped the bootldr. And guess what? There is no LV0 static key in bootloader you fool. But anyway belive your own **** that syscon is encrypted per console (cause that wouldn't breack the chains of trust) also bootldr have lv0 static keys and all that noob stuff you belive. Just a hint, if the lv0 keys are in bootldr why then they used a extracted part of code FROM bootldr to get back ConfigRing and with that the static lv0 keys ? You think i talk BS? Well look at this: http://www.ps3devwiki.com/wiki/Talk:...d_SPU_Channels If your able to read then read what that pice of code do ************* [ - Post Merged - ] ************* Mate really your such a fool my whole channel is loughing about you ^^ Per Console Encryption means that something is encrypted with a per console key to only make it run on this console. But anyway other's are allready to scold with me cause i trie to teach a fool that don't listen. Well need to go back to work and don't bother with such useless guys like you. ^^

Please. Stop talking like you know everything. I don't care about your channel, it's most likely full of people that don't know what they're talking about. You say the keys to decrypt lv0 aren't in bootldr. How do you think lv0 is decrypted? Chain if trust. Read it. That page of the wiki is 80% correct.

And yes, it's hard to understand what you're saying because your English is bad. Syscon being encrypted doesn't break the chain of trust because syscon isn't IN the chain of trust. It's initialized BEFORE the chain even starts. Syscon initializes, sets up hardware, loads the cell THEN the chain of trust is started. I don't care what the wiki says because a lot of it is wrong. People are ready to scold you because you don't know what you're talking about. You probably get your info from other people and claim you know what you're talking about. I know first hand what I'm talking about. You clearly don't. Sony doesn't have access to the Cell. Want to know how I know? Cause I reversed every loader and learned their functions and syscalls. Neither of the loaders have function to access the Cell. Anyone who believes it does is should learn what they're talking about. Without access to the cell, they can't decrypt bootldr and without the ability to decrypt bootldr, they can change bootldr. You're probably thinking "they can just write a new bootldr." Well, they can't. That would involve reencrypting bootldr which they can't without access to the Cell. That's the same with metldr, that's why they never updated metldr, CAUSE IT'S IMPOSSIBLE without physically being there. That's why the implemented metldr.2. And that's why they changed the boot process to have all the loaders in lv0, cause no one had bootldr to decrypt lv0, it's also the lowest Sony can go. They can't go to bootldr. Which is why all you need is the keys to decrypt lv0, which is now public. No need to bootldr because those are the same keys IN bootldr.

You say you "know" how they got bootldr. Well I actually GOT bootldr first-hand. And I didn't use this method. I'm 100% sure people just tell you things and you run off with it believing that's legit.

You probably also think Sony cant patch hardware downgrades, don't you? You seem ignorant enough to believe that.

[cfwprpht]

My last word to your fool:

Syscon send's ConfigRing to Cell >> Cell boot up with CR >> Cell use value in OTP to calculate your Per_Console_Factory_Key and decrypt Bootldr >> Bootldr request's CR from Cell >> Bootldr use CR to decrypt LV0 >> and so on

Done.

[GregoryRasputin]

lol @master737373 and @cfwprpht , get a room

[master737373]

You are ignorant.
************* [ - Post Merged - ] *************

Originally Posted by GregoryRasputin lol @master737373 and @cfwprpht , get a room

Hahaha I'm done with him.

[Abkarino]

Originally Posted by master737373 You are ignorant. ************* [ - Post Merged - ] ************* Hahaha I'm done with him.

Sure you are right
If he or any body else think that Syscon is not encrypted per console then try to exchange 2 Syscon from 2 console with the same board and model number also with the same firmware and see if it will work or not.
It need a hardware work but i had did it my self and i confirmed then that Syscon chip is unique per console

[baargle]

If I was to put my life in anyone's hands based on that tit-for-tat I'd curl up like a baby with the Master.

[KDSBest]

@cfwprpht Please stop talking about it just let it come to nothing.

@master737373 is totaly right with what he is saying.
Some things are mixed up with my information, but the basic idea is the same.

@cfwprpht and @master737373 IMHO you both mixed up alot stuff.
The basic Idea behind all @master737373 talk is bootldr is not updateable. Yeah I told @cfwprpht the same and he argued with me and I just kept my mouth shut. But this is embaressing. Of course it is fail if the update system can patch bootldr.

Since bootldr is per console encrypted, the update process has to decrypt it and reencrypt. This is not possible obviously would be a BIG security fail.

If bootldr doesn't change, lv0 keys can't change. It is given if hardcoded in bootldr or send via config ring doesn't matter.

Now to the per console encrypted and the per console keys.
We assume (and it's well assumed IMHO) that the eFuses are used to create the PCK. Let's call it PCK0. Some things get decrypted with it. I guess bootldr is one thing (guess is not knowing, if I am false with it tell me, but don't flame ). The EID Master Key of your console is a derived key of that PCK to give one example. The key then gets derived again and again and again for other stuff. The basic thing is there is just one PCK saved in the cell eFuses. So @master737373 and @cfwprpht you both talked strange stuff. Some facts are true, but IMHO not everything was right from both of you.

Just my 2 cent.

btw. @master737373 thanks someone had to say that not everything on the wiki is 100% precise