Join Date: Feb 2011
Liked 11 Times in 8 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
[RMS Explains:]►LV0 will NOT be entitled to CFW 3.60
Posted on March 26, 2011 by rms
Hi. It’s been a long time, hasn’t it ? Life was just becoming a bit too busy in the last few days, but finally, I have a proper workstation.
Intel Core i7 970 @ 3.46GHz, 12GB DDR3-1066 RAM (probably going to add 12 more gigabytes..), 2TB SATA 7200RPM hard drive
I’m really happy with this new setup, it runs Windows Server 2008 R2 Enterprise Edition, just for the hell of it. I also had no need for graphics, so I just stuck in a spare GeForce 9500 GT. Task Manager looks soo cool with 12 CPUs .
Anyway, let’s really discuss something PS3 instead of my PC xD, let’s start with Lv0, the most unknown level of the PS3.
Lv0 initializes PS3 base hardware such as PowerPC/PPU portion of Cell/BE, SPU isolation for asecure_loader, and gelic ethernet/WLAN device. Lv0 also proudly proclaims itself as the “Cell OS Bootloader”. In older firmwares, 0.80-ish to 3.56, Lv0 initialized SPU isolation on one of the SPUs, then it loaded and decrypted asecure_loader.
Asecure_loader or metldr then decrypts the isolated loader, in this case, lv1ldr, then lv1ldr decrypts lv1.self.
In 3.60 this changed. Lv0 now has all of the loaders integrated into it as one large fat binary.
All the keys one needs such as Public ECDSA key/AES CBC key and Initialization Vector and ECDSA curve type are in there. Just go ahead and grab them if you can get the ldrs out of the binary.
So, unless you can decrypt Lv0, no 3.60 “CFW” for you . Is there any need for it anyway?
Lv0 also does some more interesting stuff such as SPU mailbox handling, and eEID integrity checks.
Lv0 also used to check for QA flag and proper token, that is now in a spu isolated self in Core OS.
Now, if you did tamper with eEID, lv0 will panic out, and your console will then “YLOD”, and you’d need a flasher for your PS3 to recover