[DEFAULTDNB]

Originally Posted by HulkWogan And as a bonus you can also get the soles on your shoes replaced whilst you wait.

ROFL, do people even actually still do that??

[HulkWogan]

Originally Posted by DEFAULTDNB ROFL, do people even actually still do that??

I never once see anybody without soles
On their shoes, I'm guessing business is slow.

[baargle]

Originally Posted by DEFAULTDNB ROFL, do people even actually still do that??

I remember a few of the poor kids in school 20 years ago had shoes that had been glued numerous times to fix them and let water in the soles. They also introduced me to the world of banana and sugar sandwiches. My poor little middle class brain was in disbelief...banana sandwiches!!!? Preposutrous....I can't spell that word though but it was some middle classy emotion of dismay and shock.

They were horrible mind, I think this kid kept motor oil in the fridge too and there was a tire in the house. His dad was a mechanic, but even so. I'm being serious here.

...Just realized this has nothing whatsoever to do with your post let alone the OP. Sorry.

[paul44]

Originally Posted by HulkWogan I never once see anybody without soles On their shoes, I'm guessing business is slow.

love it

[maaz1]

I updated to 4.30, I screwed up didn't I?

[DEFAULTDNB]

Originally Posted by maaz1 I updated to 4.30, I screwed up didn't I?

Yup.

You can only remedy this by checking if your Ps3 can be downgraded back to 3.55 (use MINVERCHK in my sig below)

If it says you can get to 3.55, then you will need to buy a hardware flasher and FSM dongle to downgrade your console.

Once downgraded and dehashed, you can do what you want.

[noinok12]

Originally Posted by zadow28 one good thing is we got the encrypted one and the real ones from 360 7A 20 3D 51 12 F7 99 97 9D F0 E1 B8 B5 B5 2A A4 real one 03 D4 17 56 AA 19 24 F5 71 38 55 42 06 C9 72 CD "so its simple byte shift"

Please, Any tip about this?

[Glottiz]

Originally Posted by noinok12 Please, Any tip about this?

i'm also waiting for some tips. maybe someone writes a guide how to decrypt them.

[Abcdf]

hi, I have seen this post on ps3 sos, woulph_alfa seems to have found how the encryption

I bring you good info compiled by me. I've been throwing a couple of hours to file the 4.25 appldr good here's a short summary of what is the content of. Elf I will explain: [1] - WA (Writing and Assignment) is not interested in a lot ... But do not rule ... [2] - AX (allocation and execution) party quite important since it is the only part of "executable" You can look at the content from 100 to 01ba10 Possibly OFFSET is the one responsible for making the decryption of the RIV and ERK. Apart from checks ... [3] - A (Assignment) and finally the most interesting part of the file, in this section I think is where the KEY to decrypt the RIV and ERK (See the second image there is the structure) [4, 5, 6] - WA (Writing and Assignment) Here are the keys of the appldr from 4.25 up to the first keys appldr KEY SAMPLE Código: 40 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 FLAG 00 00 00 7B 00 00 00 01 00 11 60 00 48 CE C6 E6 INFO KEY + INICIO KEY B3 88 23 A6 84 30 26 44 52 D8 0B 14 03 BA 54 86 KEY 40 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 7B 00 00 00 01 00 11 60 00 F8 97 23 39 75 67 AF 39 D3 B6 8E DC F8 07 CE F3 59 B8 D1 2C 40 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 7B 00 00 00 01 00 11 60 00 FD A1 2F 68 C9 11 0E 61 67 D5 F5 07 A6 A0 ED D7 B0 B4 89 D8 What is the encryption method that uses NO IDEA AS IF WE HAD A LONG AND THE .... : P Possibly a little further investigation, if anyone wants me to help out ... welcome! OJO not expect great progress on my part, because currently I have no means eager

any idea?

http://www.ps3sos.com/showthread.php...beradas/page23

[redcfw]

4.20 4.30 appldr key decrypt algo

4.30 appldr .unknown:00028C0C ai r3, sp, 0x20 ; dst ;next cbc key .unknown:00028C0C ; 0x40030000000000000000000000000 //?? .unknown:00028C10 ai r86, sp, 0x30 .unknown:00028C14 .unknown:00028C14 loc_28C14: .unknown:00028C14 brsl lr, readch73 .unknown:00028C18 lr r4, r80 ; key .unknown:00028C1C lr r5, r81 ; key len .unknown:00028C20 brnz r3, loc_28C5C .unknown:00028C24 ai r6, sp, 0x20 ; r6 src .unknown:00028C28 il r7, 0xA ; r7 len .unknown:00028C2C lr r3, r86 ; r3 dst .unknown:00028C30 brsl lr, sha1_hmac_buffer .unknown:00028C34 lr r4, r82 ; r4 src .unknown:00028C38 lr r5, r83 ; r5 len .unknown:00028C3C brnz r3, loc_28C5C .unknown:00028C40 lr r6, r86 ; r6 key .unknown:00028C44 lr r3, r85 ; r3 dst .unknown:00028C48 lr r8, r84 ; r8 iv .unknown:00028C4C il r7, 0x80 ; r7 128 bit .unknown:00028C50 brsl lr, AesCbc128Decrypt .unknown:00028C54 il r2, 0 .unknown:00028C58 brz r3, loc_28C60

u8 erk_hkey[] = { 0xAA, 0xF6, 0x5A, 0x91, 0xEC, 0x37, 0x2C, 0x69, 0x09, 0x69, 0x09, 0x0F, 0x59, 0xE5, 0x3C, 0x3E };
u8 iv_hkey[] = { 0x66, 0xBC, 0xB4, 0x17, 0xD1, 0x4A, 0x2B, 0x59, 0x26, 0x40, 0x80, 0x1C, 0x11, 0xB7, 0xB4, 0x9B };
u8 erk_iv[] = { 0xA5, 0x79, 0x8C, 0x25, 0x43, 0x13, 0xBC, 0x54, 0x16, 0x95, 0x1E, 0x24, 0xEA, 0xD3, 0xC9, 0x85 };
u8 iv_iv[] = { 0x2F, 0xF2, 0x36, 0x15, 0x2A, 0x47, 0x76, 0xDA, 0xD3, 0x9B, 0x50, 0x92, 0x44, 0xE8, 0xF5, 0xC2 };
u8 ch73[0xa] = {?? }; //?? your can dump it with an appldr patch!!!

u8 key341s[] = { 0x54,0x6B,0x2F,0xF3,0xFE,0x21,0x6E,0xD2,0xBA,0x86,0x5C,0x79,0x36,0x81, 9,0xA1, //; erk secret NPKEY
0x5F,0x2B, 0xD,0x23,0xC2, 3,0x13,0x54,0xB1,0xF6,0xF3,0x6B, 0xF,0xDB,0x4D,0x46 ,// erk
0x9B,0x87,0x1D,0x64,0x14,0xB8,0xAA,0xCE,0x54,0x2C,0x18,0x10, 0xA,0xC2,0x18,0x93 };// iv
u8 key341[] = { 0xBB,0x4D,0xBF,0x66,0xB7,0x44,0xA3,0x39,0x34,0x17,0x2D,0x9F,0x83,0x79,0xA7,0xA5,
0xEA,0x74,0xCB,0xF,0x55,0x9B,0xB9,0x5D,0xE,0x7A,0xEC,0xE9,0x17, 2,0xB7, 6,
0xAD,0xF7,0xB2, 7,0xA1,0x5A,0xC6, 1,0x11,0xE,0x61,0xDD,0xFC,0x21,0xA,0xF6};
u8 keyd[0x30];


void key430()
{
AES_ctx ctxErk, ctxIv;
u8 ch73shErk[0x10], ch73shIv[0x10];

hmac_sha1(ch73,0xa,erk_hkey,0x10,ch73shErk,16); //16 = 128bit hash
AES_set_key(&ctxErk, ch73shErk, 128);
AES_cbc_decrypt_iv(&ctxErk, key341s, keyd, 0x20, erk_iv, 1);

hmac_sha1(ch73,0xa,iv_hkey,0x10,ch73shIv,16); //16 = 128bit hash
AES_set_key(&ctxIv, ch73shIv, 128);
AES_cbc_decrypt_iv(&ctxIv, key341s+0x20, keyd+0x20, 0x10, iv_iv, 1);
}

#######################################################
how to decypt more secret information from lv0.elf
install IBM cellsdk 3.1 on VMware
run systemsim-cell
click Load-Elf-App menu to load lv0.elf, run or step into..
first halt on 0x8009c90 (4.20 lv0)
patch lv0.elf or reconfig simulator RAM .... try again...

seg002:0000000008019238 off_8019238: .quad 0x20000000000 # DATA XREF: seg006:off_80C5828o
seg002:0000000008019238 # seg006:off_80C5AE0o ...
seg002:0000000008019240 off_8019240: .quad 0x24000000000 # DATA XREF: seg006:off_80C5790o
seg002:0000000008019240 # seg006:off_80C5818o ...
seg002:0000000008019248 off_8019248: .quad 0x28000000000 # DATA XREF: seg006:off_80C5AF0o
seg002:0000000008019250 off_8019250: .quad 0x2401FC00000 # DATA XREF: seg006:off_80C5B50o
seg002:0000000008019258 qword_8019258: .quad 0x10190 # DATA XREF: seg006:off_80C5970o
seg002:0000000008019260 qword_8019260: .quad 0x66000 # DATA XREF: seg006:off_80C5978o
seg002:0000000008019268 qword_8019268: .quad 0x76190 # DATA XREF: seg006:off_80C5BE8o
seg002:0000000008019270 aProgram_write_:.string "program_write_buffer"
click it, PPE sim img

I have finished almost all stepping trace into appldr one year ago.
click it, SPE sim img