[hitch1996]

3.60++

[DEFAULTDNB]

bootldr .2 (?)
lv0 .2
metldr .2
PCK0

[daveyp187]

not sure. but i found this: Posted by Wololo:
The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn’t an insurmountable problem – hardware flashers will always work – but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW

[blazek566]

Pck0 is coming in some weeks from an group.What can we do with per console key0?

Edit: We need to decrypt 3.56 reverse and studi it and for the 3.70 fw the same. Shuld be easyer to look for changes in seciurety in lower fws.

[DEFAULTDNB]

PCK0 = we can make any CFW we like forever.

HMAC key is used for installing update pup's.

[poorguy]

the 3k consoles chain of trust is somewhat like this: bootldr--->lv0--->lv0.2 and to make use of the Lv0 keys we need to convince the bootldr to bypass the requirement of lv0.2 check as it is a pre-secure loader and not bound by any specific keyset..

in the 4k consoles the chain of trust is again changed and if an exploit is found for 3k consoles that won't work on these 4k consoles..

@DEFAULTDNB : Whoops, sorry... edited.. any idea of the 4k consoles?? trying to search for it and all I remember is that all ldrs are directly linked to the bootldr itself and since the bootldr is console specific hacking them is nearly impossible..

[oPolo]

But PCK0 is unique per console, and it will probably need an already exploited system, which by now can also always be updated forever, because of the compromised lv0, so I'd rephrase the question - what can we do with it that we cannot already?

Even if not that much, its ****ing interesting to see these things uncover anyway though. Must also be that way for the hackers

[DEFAULTDNB]

Originally Posted by poorguy the 3k consoles chain of trust is somewhat like this: bootldr--->lv0.2--->lv0 and to make use of the Lv0 keys we need to convince the bootldr to bypass the requirement of lv0.2 check as it is a pre-secure loader and not bound by any specific keyset.. in the 4k consoles the chain of trust is again changed and if an exploit is found for 3k consoles that won't work on these 4k consoles..

It goes bootldr-->LV0-->lV0.2--> (lV0.2 is used to check LV0 integrity)

http://www.ps3devwiki.com/wiki/CoreOS

[blazek566]

Originally Posted by DEFAULTDNB PCK0 = we can make any CFW we like forever. HMAC key is used for installing update pup's.

Thanks man will go check it on wiki to learn abit more:D.
************* [ - Post Merged - ] *************

Originally Posted by fuRh7 I didn't say we need to decrypt the bootloader as is practicaly impossible. I said the PCK0 is the key that was used to encrypt the metldr and bootldr, so because of the security flaw of ps3, that gives us the decrypted metldr, there should be somewhere the PCK0 as only this key is able to decrypt the metldr. If this wasn't true, how come the metldr gets decrypted in the first place... when we know the key that has decrypted the metldr, we know practically everything we have to know...

Faund this in another tread. What would heppen if we get the pck0 decrypt metldr see whats going on inside, update to 4.31.....

[zecoxao]

What we have:

loaders decrypt/metldr keys (geohot, as much as it pains me to say, he was the first to publicly announce the C0CEFE key) = possibilities of decrypting loaders (lv1ldr, lv2ldr, isoldr, appldr)

lv0 decrypt/bootldr keys (Juan Nadie) = custom lv0, possibilities of decrypting X.XX firmware (lv0 goes first), possibilities of exploits in future firmwares, (printf on the goddamn screen of your TV showing up) , more keys, etc

(eid/ps2 memory card/encdec/ata decrypt)/pck1 (Mathieulh ???) = custom eid0,1,2,3,4 (5 can't be decrypted so far, but if it's true and DEX firmware 4.30 really bricks, the keyseed might be hardcoded there)

What we can have:

(METHOD TO GET) -> (e)bootrom key/pck0 = custom bootldr, possibilities of decrypting X.XX firmware REGARDLESS of what Sony does (assuming we can execute that method on unhackable firmware, and that unhackable firmware exists, which is highly unlikely)

.2 keys (present on higher firmwares, on later 2K and 3K consoles, and so on) -> assuming we used the hypothetical method to get (e)bootrom key/pck0, i think it's possible and safe to assume in a near future we might be able to get CFW over 3.56 and higher.

These are my thoughts. Take them with consideration, as i don't deem them 100% correct by myself regarding future keys, i could be though