[carldenning]

Originally Posted by furtsiv too many noob questions it must be a thread for them!! now any fw can be hacked and we can have psn all time but the probleme is sony will start the ban , i wonder if we can spoof console id too remain anonym

i remember when 3.55 was the latest ofw and banned consoles could get online via cfw , cant remember how it was dont ,was a long time ago .

[sahibunlimited]

Originally Posted by carldenning i remember when 3.55 was the latest ofw and banned consoles could get online via cfw , cant remember how it was dont ,was a long time ago .

18 months ago when f***psn was released

Sent from my GT-I9100 using Tapatalk 2

[diesel701]

Something found interesting thanks to IDA.. someone have an EBOOT.bin encrypted with 4.25 keys?
Someone have 4.21 (or other version) appldr decrypted?

[carldenning]

Originally Posted by sahibunlimited 18 months ago when f***psn was released Sent from my GT-I9100 using Tapatalk 2

i thought it was with Charles proxy server and PS3DNS

[shareboy]

Originally Posted by diesel701 Something found interesting thanks to IDA.. someone have an EBOOT.bin encrypted with 4.25 keys? Someone have 4.21 (or other version) appldr decrypted?

from fifa13 update v2

Code:

http://www.putlocker.com/file/E83B08119E9C55B9

[diesel701]

Originally Posted by shareboy from fifa13 update v2 Code: http://www.putlocker.com/file/E83B08119E9C55B9

Thanks for the share unfortunally this is a NPDRM file

[miksu123]

kakarotoks tweet today:




Since the LV0 keys have now been leaked, I believe I can now share this info with you, to help out those who are trying to build their own 4.x CFW :
The NPDRM ECDSA signature in the SELF footer is checked by lv2. It first asks appldr to tell it whether or not the signature is to be checked, and appldr will only set the flag if the SELF is a NPDRM with key revision from 3.56+ (the ones without private keys). This means that the SELF files signed with the new 3.56+ keys still don't have their ecdsa checked (probably to speed up file loading).
If appldr says the ecdsa signature must be checked, then lv2 will verify it itself, and return an error if it's not correct. There are many ways to patch this check out.
1 - Patch out the check for the key revision in appldr
2 - Patch out the "set flag to 1" in appldr if the key revision is < 0xB
3 - Patch out the code in lv2 that stores the result from appldr
4 - Patch out the actual sigcheck function from lv2.
5 - Ignore the result of the ecdsa from lv2.

Here is one of the patches (the 4th one, patching out the check function from lv2) :
In memory 0x800000000005A2A8, which corresponds to offset 0x6a2a8 in lv2_kernel.elf, replace :
e9 22 99 90 7c 08 02 a6
With :
38 60 00 00 4e 80 00 20

This is for the 4.21 kernel (that was the latest one when I investigated this), I will leave it as an exercise to the reader to find the right offsets for the 4.25 and upcoming 4.30 kernel files.
And here's another bit of info... in 4.21 lv2, at memory address 0x800000000005AA98 (you figure out the file offset yourself), that's where lv2 loads the 'check_signature_flag' result from appldr, so if you prefer implementing method 3 above, just replace the 'ld %r0, flag_result_from_appldr' by 'ld %r0, 0' and you got another method of patching it out. Either solutions should work just the same though.
Enjoy homebrew back on 4.x CFW....

p.s: Thanks to flatz and glu0n who helped reversed this bit of info.

[ryant001]

Originally Posted by diesel701 Something found interesting thanks to IDA.. someone have an EBOOT.bin encrypted with 4.25 keys? Someone have 4.21 (or other version) appldr decrypted?

You can get the decrypted 4.25 appldr from the first post on page 5, as for the eboot for now there's no game that is encrypted with 4.25 keys but if you want i have darksiders II eboot that uses the 4.21 keys.

[macphreak4evr]

Originally Posted by miksu123 kakarotoks tweet today: Since the LV0 keys have now been leaked, I believe I can now share this info with you, to help out those who are trying to build their own 4.x CFW : The NPDRM ECDSA signature in the SELF footer is checked by lv2. It first asks appldr to tell it whether or not the signature is to be checked, and appldr will only set the flag if the SELF is a NPDRM with key revision from 3.56+ (the ones without private keys). This means that the SELF files signed with the new 3.56+ keys still don't have their ecdsa checked (probably to speed up file loading). If appldr says the ecdsa signature must be checked, then lv2 will verify it itself, and return an error if it's not correct. There are many ways to patch this check out. 1 - Patch out the check for the key revision in appldr 2 - Patch out the "set flag to 1" in appldr if the key revision is < 0xB 3 - Patch out the code in lv2 that stores the result from appldr 4 - Patch out the actual sigcheck function from lv2. 5 - Ignore the result of the ecdsa from lv2. Here is one of the patches (the 4th one, patching out the check function from lv2) : In memory 0x800000000005A2A8, which corresponds to offset 0x6a2a8 in lv2_kernel.elf, replace : e9 22 99 90 7c 08 02 a6 With : 38 60 00 00 4e 80 00 20 This is for the 4.21 kernel (that was the latest one when I investigated this), I will leave it as an exercise to the reader to find the right offsets for the 4.25 and upcoming 4.30 kernel files. And here's another bit of info... in 4.21 lv2, at memory address 0x800000000005AA98 (you figure out the file offset yourself), that's where lv2 loads the 'check_signature_flag' result from appldr, so if you prefer implementing method 3 above, just replace the 'ld %r0, flag_result_from_appldr' by 'ld %r0, 0' and you got another method of patching it out. Either solutions should work just the same though. Enjoy homebrew back on 4.x CFW.... p.s: Thanks to flatz and glu0n who helped reversed this bit of info.

he replied to me on Twitter stating he knew of this (these keys) a while back and nothing came of it. he's done with the scene and has been for some time.

[ryant001]

Originally Posted by macphreak4evr he replied to me on Twitter stating he knew of this (these keys) a while back and nothing came of it. he's done with the scene and has been for some time.

Strange, because a LOT of things are getting done thanks to the new keys and a lot more are going to be released in the next days/weeks.