[loike]

Originally Posted by zadow28 I have been looking at the pastie too. and translate the pastie into an openssl command test command Code: Zadow ~/ssl $ openssl aes-128-cbc -d -in all.bin -out decall.bin -nosalt -K ( TEST ERK) -iv (TEST IV ) -p -nopad key=8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B iv =ACA5B101EC4B9497691632917E555472 Code: Zadow @zadow -PC ~/ssl $ openssl aes-128-cbc -d -in all.bin -out decall.bin -nosalt -K 8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B -iv ACA5B101EC4B9497691632917E555472 -p -nopad key=8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B iv =ACA5B101EC4B9497691632917E555472 you have to have an all.bin that is the 48 hex bytes of the erk+riv (the scrampled one) then in the command -K 8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B -iv ACA5B101EC4B9497691632917E555472 is where you put you test erk and iv if it decrypts right the decall.bin would match the one you put in the all.bin its an little time comsuming to insert all the hex. and dont know but got an hunch that it could be DEADBEEF

I'm using your ssl command instead of the pastie by Naehwert. Could you explain it a little bit further?
Do I need to cut all the pub and rev info and only keep erk and riv info?
I'm trying it with appldr 4.30, but I'm not sure where the offset for the keys ends. It think it starts at 000248A0 or 00024870.

[master737373]

Originally Posted by blopa Wooooow! thank you! It seems that I could go to 2.7, weird xD but THANKS!

That's odd, but good.

[noinok12]

Originally Posted by loike I'm trying it with appldr 4.30, but I'm not sure where the offset for the keys ends. It think it starts at 000248A0 or 00024870.

I think the offsets are:

24870-2489f --> metadata?
248A0-2507f --> app keys
25080-2585f --> app keys copy
25860-258BF --> unknown key?
258C0-25CDF --> npdrm keys
25CE0-260FF --> npdrm keys copy
26100 hmac hash?

Some release groups have the keys... they should explain how they obtained the keys... not only fixes and more fixes for fame. This is not scene.

[haz367]

yeah, we need them priv keys, recent PS3MFW key pack, old stuff and maybe some new? it's a mess to sort and nothing new? except for the unknow "xxx.app.keys"
it also includes a lv1.self, supposed to be decrypted from that pack? then we need that lv1-priv-356 key and i doubt its in this pack

Code:

 $ unself lv1.self lv1.elf
  priv file:  /home/xx/.ps3//lv1-priv-356 (ERROR)

another thing weird is "ps3swu.self" from OFW421

using cygwin to decrypt it gives "app-priv-370" error
decrypt the same file using scetool, then its[*] Using keyset [appldr 0x0001 03.15]..and decrypts....need to try something here

did they make a mistake there on 370??! something come to mind about 370 failure or something... ?

anyway,
they are sitting on the damn priv keys, so we can't make a CFW on our own for now or the key dumps are on purpose a mess to begin with, it easely discourage one from trying to find out..time consuming a bit..lol

and for those sitting on it with that fat ass.....PB etc...f*ck you for being a d*ck and thinking ur the man, oh look someone pasted me the full pack, look ma i can decrypt eboots... not really complaining just cannot stand such people, a night at the bar would be total chaos haha

[nicknewbie]

Why would anyone drop keys when E3 is raking in the money with their choke hold on the scene.

[haz367]

370..31x something...ps3swu.self
$ unself ps3swu.self test.elf
priv file: /home/xx/.ps3//app-priv-370 (ERROR)
or
$ unself ps3swu.self test.elf
compressed self_sections[i].offset 0x880 self_sections[i].size 0x1fc1f6
lol..a mess i told u..once again not my cup a tea to much brain pain...

[imranzee]

I've got a few questions. Any answers/help will be appreciated.
I am on a PS3 (3k) and have only had for 3 weeks. I understand that I am out of luck and am not expecting an answer on how to install CFW or downgrade. Just looking to understand how the PS3 works.
From what I've read, the older PS3s had an exploit and you've managed to install a CFW on any machine that originally shipped with OFW 3.55 or lower.
To Summarize:

1) Machines that have OFW 3.55 (or lower) can have CFW installed.
2) Machines that originally came with FW 3.55 (or lower) but were upgraded to OFW 3.x or 4.x can be downgraded with hardware flashers.
3) The recent lv0 keys leak lays the PS3 bare open. Despite this the the only fortunate ones that benefit from the leak are the ones with CFW already installed.

Now, I've read Marcan's explanation of what the lv0 leak means to the development community. (Q1) What I fail to understand is if the PS3's highest (or lowest depending on how you look at it) level of security has been compromised why does one have to wait for another exploit to have CFW installed on units that originally shipped with FW > 3.55 ?
(Q2)Also, how does creating CFW 4.x help users who already have CFW 3.X (I may be wrong, but I am guessing access to PSN depends on a different set of keys and not lv0 and that sony can change the keys with every update)?

Any responses would be appreciated. I've read up a little on PS3 and I am asking these questions as a doubt, if you believe that the question(s) have already been asked then just ignore the post rather than post sarcastic responses.
Thanks again.

[VashTS]

even though we can decrypt the firmware that does not mean it can be installed.

its like seeing something versus touching something, the private key for 3.56+ is still private. if you decrypt the firmware pup and patch in the necessary security bypass it works fine but on from an exploitable firmware.

3.56+ has no security flaw to install an unsigned (or beta) pkg.

the only hope is that someone dumps the fw and converts to DEX. thats all i can think of. there may be some holes in the newer fw and if someone looks hard enough they will find it, but im doubtful.

and cfw 4.30 doesn't benefit much, im staying on rebug 3.55, almost every game now has a patch out there. no need to upgrade. if the firmware is decrypted then vsh.self is available and the psn login info will be uncovered (meaning ****psn will work).

[DEFAULTDNB]

Originally Posted by imranzee (Q1) What I fail to understand is if the PS3's highest (or lowest depending on how you look at it) level of security has been compromised why does one have to wait for another exploit to have CFW installed on units that originally shipped with FW > 3.55 ? (Q2)Also, how does creating CFW 4.x help users who already have CFW 3.X (I may be wrong, but I am guessing access to PSN depends on a different set of keys and not lv0 and that sony can change the keys with every update)?

(A1) You need to wait because you cannot use the door that 3.55 used to exploit the FW. 3.56+ has checks to ensure no modded FW pups are installed, it just throws up an error now to prevent installation.

Once a new door is found to open the PS3, then you can do what you want.

(A2) It doesn't really benefit 3.55 CFW users, it just makes it easier to pirate without patching files. From the newest decrypted vsh.self we can have PSN on 3.55, we get game patches any way from unSANE and DUPLEX, so I see no need to update IMHO.

Sony moved everything around last time, whats to say they dont do that again and re-encapsulate the keys once more.

[master737373]

Originally Posted by DEFAULTDNB (A1) You need to wait because you cannot use the door that 3.55 used to exploit the FW. 3.56+ has checks to ensure no modded FW pups are installed, it just throws up an error now to prevent installation. Once a new door is found to open the PS3, then you can do what you want. (A2) It doesn't really benefit 3.55 CFW users, it just makes it easier to pirate without patching files. From the newest decrypted vsh.self we can have PSN on 3.55, we get game patches any way from unSANE and DUPLEX, so I see no need to update IMHO. Sony moved everything around last time, whats to say they dont do that again and re-encapsulate the keys once more.

The thing is, there's no other place to encapsulate them.