[baargle]

Originally Posted by enosrasun and check some "markers" from FW but only sony know what the "markers" are if I can find the file that contains the marker list ,it will be great, but no luck

I'm pretty sure you just made that up?

My understanding is that's simply signed with a private key and we don't have that key to sign it. This talk of "markers" is nonsense and isn't even a valid explanation for a "layman" explanation and just leads to FUD when the person reading your post makes a thread about "finding the markers".

...(Or I could be wrong) pretty sure that's the case though.

[dnacid]

We know that Sony changed something in fw 3.56+
We can reduce our search by comparing the changes with fw 3.55
And than just look into Files that make sense and Reverse them.
I would say this downgrade Protections are all the Same in fw > 3.55
So search will be reduced once again.
This is only a theory from me. I just follow this scene and haven't a ps3.
So i cant say that this is correct or not.

[dwood18]

Originally Posted by dnacid We know that Sony changed something in fw 3.56+ We can reduce our search by comparing the changes with fw 3.55 And than just look into Files that make sense and Reverse them. I would say this downgrade Protections are all the Same in fw > 3.55 So search will be reduced once again. This is only a theory from me. I just follow this scene and haven't a ps3. So i cant say that this is correct or not.

i think its HMAC

[dnacid]

Originally Posted by dwood18 i think its HMAC

I read a bit in ps3devwiki and i think you are right with hmac.
But what i don't understand is, why is it so hard to find it?
I mean there must be a routine which uses hmac to verify the fw
and i thought with lv0 keys its possible to decrypt all.

[AsSiTcH]

"i thought with lv0 keys its possible to decrypt all."

I love how everyone keeps thinking this.

[dnacid]

Originally Posted by AsSiTcH "i thought with lv0 keys its possible to decrypt all." I love how everyone keeps thinking this.

Tell me please whats wrong?
I saw a sketch where the bootldr is the root of a tree and followed by lv0 and all other paths in this tree lv0 is their root.
If this is right than what is my mistake?

[diesel701]

Originally Posted by AsSiTcH "i thought with lv0 keys its possible to decrypt all." I love how everyone keeps thinking this.

Decrypt all does not mean that we can all create a CFW.
Decrypt all the firmware is the first part, but we need to reverse the code, understand how it works and this is not sinple and immediate. Sony has obfuscated some keys and part of code to make this process more difficult.

So, in theory with bootldr keys with can make a CFW for 3.56+ for hackable console. Need to work and reverse!

[Asure]

To narrow reversing down, i guess to focus on emer_init.self... (This is recovery menu.)

[dnacid]

Originally Posted by diesel701 Decrypt all does not mean that we can all create a CFW. Decrypt all the firmware is the first part, but we need to reverse the code, understand how it works and this is not sinple and immediate. Sony has obfuscated some keys and part of code to make this process more difficult. So, in theory with bootldr keys with can make a CFW for 3.56+ for hackable console. Need to work and reverse!

I know reversing is needed but than i am right with lv0 its possible to make a cfw that can be installed on an ofw.
Its like we have now learned to read and second step is to understand what we read about ofw.

Thank you for your answer.

[zxz0O0]

You need to find an exploit to install CFW on firmware above 3.55.