[afterburn]

The info has been going around that the new "lvl0" hack will allow signing and modding of any code.

I was wondering if that would make it possible to use it to take a 3.55 firmware and mod/sign it as say a 4.40 firmware so that it would trick the ps3 into thinking that it was upgrading to a new firmware.

In theory that should get around the issue of the ps3 not allowing a downgrade because it would think that the firmware is newer than what is already on the system.

I know that there will be a lot of people with an opinion on this - but what would be nice is if a known coder could answer this and tell me why it either can or cannot be done.

Thanks

[naddel81]

yes, that will work when you can sign that modified firmware with the right keys to make the PS3 accept it.
those keys will certainly never be caught (private keys).
so you must have to find another way (exploit).

[tjhooker73]

No. Just no. You would need some special private key to Sign that firmware and a public key That we do not have/Cannot get.
I'm not a "Coder" But I'm telling you as of now/Ever its not gonna happen. Unless sony gets robbed and a new jig with all the Current/Future keys gets out then no it wont happen.
Or we get a real Debugging unit and Decap a few things then no.
************* [ - Post Merged - ] *************

Originally Posted by naddel81 yes, that will work when you can sign that modified firmware with the right keys to make the PS3 accept it. those keys will certainly never be caught (private keys). so you must have to find another way (exploit).

We would not need an exploit if we have the Bootldr Keys which we have (Not lv0) Cause we can get the public keys and unlock the firmwares. But no private to sign it. If we got the right private keys then it might be possible. But we would need a lot of keys.

[DEFAULTDNB]

As above, but you would also need HMAC keys for current ofw to allow the modded update to even think about installing on ofw iirc.

[Psgameboy]

Yes, private keys can't be calculated since 3.56+, HOWEVER, I strongly advice you to refresh your memory about:
-lv2 exploit (which was introduced to public as a DRM product by PSJAILBREAK).
-the discovery of the bootldr's private/public keys (those who decrypt/encrypt lv0).
-some juicy information regarding the bootldr exploit (especially JuanNadie's last message on this forum).

Technically, LV2 exploit on latest ofw is probably more than enough.
But If you can combine all of these things with an LV1 exploit together, you should have your answer to what can possibly be achieved for 3k and most (if not all) of the 4k models.

[arwynj55]

Originally Posted by Psgameboy Yes, private keys can't be calculated since 3.56+, HOWEVER, I strongly advice you to refresh your memory about: -lv2 exploit (which was introduced to public as a DRM product by PSJAILBREAK). -the discovery of the bootldr's private/public keys (those who decrypt/encrypt lv0). -some juicy information regarding the bootldr exploit (especially JuanNadie's last message on this forum). Technically, LV2 exploit on latest ofw is probably more than enough. But If you can combine all of these things with an LV1 exploit together, you should have your answer to what can possibly be achieved for 3k and most (if not all) of the 4k models.

do we even have the lv1 keys?

[FreePlay]

Originally Posted by Psgameboy Yes, private keys can't be calculated since 3.56+, HOWEVER, I strongly advice you to refresh your memory about: -lv2 exploit (which was introduced to public as a DRM product by PSJAILBREAK). -the discovery of the bootldr's private/public keys (those who decrypt/encrypt lv0). -some juicy information regarding the bootldr exploit (especially JuanNadie's last message on this forum). Technically, LV2 exploit on latest ofw is probably more than enough. But If you can combine all of these things with an LV1 exploit together, you should have your answer to what can possibly be achieved for 3k and most (if not all) of the 4k models.

From what I last read about these exploits, you still have to have an entry point into the system; you can't just create a hacked firmware and install it over any OFW. That is, new custom firmwares would still have to be installed from 3.55 initially (or any CFW with a higher version).

[Psgameboy]

Originally Posted by arwynj55 do we even have the lv1 keys?

like I said before, 3.56+ private keys can't be obtained or calculated through the console itself, all you can have are the public keys for every ofw revision thanks to the 3 musketeers.

Originally Posted by FreePlay From what I last read about these exploits, you still have to have an entry point into the system; you can't just create a hacked firmware and install it over any OFW. That is, new custom firmwares would still have to be installed from 3.55 initially (or any CFW with a higher version).

Not quite.Yes you need to exploit an OFW which supports the 3k+ models (3.55 isn't good enough due to lack of drivers support, so even if you could install 3.55 base firmware, you would have bricked it).

Theoretically, if you can exploit a 3.6+ OFW, and you have enough privileges to exploit LV1 (which should allow you to install Linux), you can basically use the bootldr exploit that JuanNadie has published and obtain your CELL BE key, i.e you can write your own bootldr and basically do whatever you want (like installing your own cfw for 3k+ models).

[HomeDope]

Would it be possible that when ps3 update occurs. We will modify the packets and send our data instead official?

[zecoxao]

the first thing needed would be not only one, but two things, a usermode and a kernel mode exploit. the usermode exploit would allow usermode execution, and the kernel mode exploit would allow kernel mode execution, the combination of both would be something user-kernel, that we can access within a game, for example(user) and which in turn gains us code execution for lv2(kernel). now, the possibilties would be to either a. start by a game or b. start by vsh. both are usermode land, and if you can enter usermode land, then it's possible to do some things. in games, you can control what's inside a game, while in vsh, you can control what's in the XMB. the next step would be to control lv2, which would require a lv2 exploit. we have two available right now, one requires a special flag in selfs to be executed, the other i have no idea how it works. as for usermode exploits, none are available at the moment for public viewing that i know of. and this is where we are standing at the moment. as for hardware exploits, i have no idea about them.