[mckenziesdaddy]

Originally Posted by NF7 That is not true. The lv0.2 would be hacked. The 3K and 4K models still would not be able to install CFW on it. Because the Software Update process on newer FW's blocked the 3.55 PRIVATE KEYS, which are the last Private keys known to us, so the 3.55 signed lv0.2 would be rejected during System Update. Well, maybe you are right, but that is how I understand PS3 FW's.

I never knew that about blocked CFW updates. You learn something new everyday.

[NF7]

Originally Posted by mckenziesdaddy I never knew that about blocked CFW updates. You learn something new everyday.

Newer FW have new Updater that checks the integrity of the PUP, and the Keys that were used to sign it. That is why, we have the LV0 fully opened, hacked Bootldr, but we still cannot install 4.30CFW from 4.30 OFW, but only from 3.55CFW ... for which we have te Private keys...

[FaxiY]

Originally Posted by NF7 Newer FW have new Updater that checks the integrity of the PUP, and the Keys that were used to sign it. That is why, we have the LV0 fully opened, hacked Bootldr, but we still cannot install 4.30CFW from 4.30 OFW, but only from 3.55CFW ... for which we have te Private keys...

well but the private keys must be somewhere saved in the PS3?
even if its encrypted it must be able to decrypt it how is the ps3 able to read it without decrypting?

i somewhere read(not sure if its a joke) that you have to rob sony offices to get the keys

[DEFAULTDNB]

Originally Posted by FaxiY well but the private keys must be somewhere saved in the PS3? even if its encrypted it must be able to decrypt it how is the ps3 able to read it without decrypting? i somewhere read(not sure if its a joke) that you have to rob sony offices to get the keys

The private keys are not in the PS3.

@NF7 HMAC keys are the ones used in updater IIRC.

[FaxiY]

Originally Posted by DEFAULTDNB The private keys are not in the PS3. @NF7 HMAC keys are the ones used in updater IIRC.

how is it possible that the PS3 checks a FW before updating without the private keys? it must be somewhere saved the console has to compare the keys with the FW-update?

FWs are signed with private keys and the PS3 has to compare it with something in the PS3 itself to check if its official or not

[donkey-punch]

Originally Posted by FaxiY well but the private keys must be somewhere saved in the PS3? even if its encrypted it must be able to decrypt it how is the ps3 able to read it without decrypting? i somewhere read(not sure if its a joke) that you have to rob sony offices to get the keys

The keys are not in the ps3 hence you have to hold trusted Sony employees at knife point to obtain them. But if you can break an ecdsa signature you can avoid the threats with the knife. IMO an exploit is the likely solution, and you have to remember kakarotoks tried in vein to find an exploit (miss guided by the bool shyt merchant math) and found nothing. Most likely their wil be some way to exploit something that was coded by a human, but finding somebody with the talent and enough spare time on their hands and desire to work on it is as likely as you finding the exploit. Just my tuppence worth.

[FaxiY]

Originally Posted by donkey-punch The keys are not in the ps3 hence you have to hold trusted Sony employees at knife point to obtain them. But if you can break an ecdsa signature you can avoid the threats with the knife. IMO an exploit is the likely solution, and you have to remember kakarotoks tried in vein to find an exploit (miss guided by the bool shyt merchant math) and found nothing. Most likely their wil be some way to exploit something that was coded by a human, but finding somebody with the talent and enough spare time on their hands and desire to work on it is as likely as you finding the exploit. Just my tuppence worth.

but how is the PS3 checking if the FW update is official or not?

[donkey-punch]

Originally Posted by FaxiY but how is the PS3 checking if the FW update is official or not?

Because it is signed with private key. Private being the operative word. Sony's private key is protected by an ecdsa signature. It is the most dominant key so to speak. If the ecdsa signed private key says the pup is good to go then the console will swallow the information provided. The priv that was generated by failoverflow is listed as fake so to speak (or generated) therefore visible to Sony security and black listed. I'm half drunk now and could be wrong but pretty sure I'm not.

[FaxiY]

Originally Posted by donkey-punch Because it is signed with private key. Private being the operative word. Sony's private key is protected by an ecdsa signature. It is the most dominant key so to speak. If the ecdsa signed private key says the pup is good to go then the console will swallow the information provided. The priv that was generated by failoverflow is listed as fake so to speak (or generated) therefore visible to Sony security and black listed. I'm half drunk now and could be wrong but pretty sure I'm not.

hmm okay i somehow understand a bit how ECDSA works

http://kakaroto.homelinux.net/2012/0...gorithm-works/

to guess the private key isnt possible because it has 49 digits :D

[digiprog]

Originally Posted by FaxiY hmm okay i somehow understand a bit how ECDSA works http://kakaroto.homelinux.net/2012/0...gorithm-works/ to guess the private key isnt possible because it has 49 digits :D

haha 49 ?? damn that means about 680bit !!!
************* [ - Post Merged - ] *************
i've found this http://en.wikipedia.org/wiki/Elliptic_Curve_DSA