[RatNeurons]

Hey All,
I've been browsing around a bit learning about PS3 security in general (at a high level). From what I've gathered there's 2 things that are keeping newer games from running on 3.55:

1. They're encrypted with 3.56 public keys (which isn't really a problem since that's been leaked, so it's just a matter of decrypting the game and resigning).
2. They use functionality in the newer drivers (sprx files) that aren't present in older firmwares. It's my understanding that a few of the newer games that have been patched to work (Uncharted 3, Battlefield 3) do so because people have patched the game to work-around the new function calls, instead using the older ones. We can't just use the newer drivers present in the 3.56+ firmwares, since we don't have the keys to decrypt them, and they're signed for 3.56.

Anyways, here's my question. What would stop us from:

1. Decrypting the older 3.55 drivers and decompiling them with something like Boomerang to get a baseline (albeit ugly) C project.
2. Based on the leaked SDKs (which contain changelogs and stubs of the drivers) code in the missing functionality (at least what's relavent to games).
3. Recompile and resign the modified drivers for 3.55 and move them into a CFW.

I'm thinking I must be missing something or someone would have done this already, but I thought I'd throw this out here and see if someone could explain why this wouldn't work

[tjhooker73]

The games/anything on the PS3 is actully encrypted 2 times they have 2 keys we have one of them 3.55 and below which allowed us to mathematically figure out the same one key for the lower firmwares. But we have never figured out that second key so we cannot do it. Hope this helped.

[geekyhawkes]

Yes nice idea but as stated above, sadly they kind of have us on this one. Without some kind of help from a leak within sony devs team we are about stuck. Thats why the only real dev in the scene is with MM and 3.55. Sad but true im afraid

[Cheesethief]

Official SDK's are not given the function to sign files. You can create cool stuff with them if you know what you are doing, but Sony did not include the PS3's keys in them or the ability to sign anything. Sony uses something else to sign games.

[RatNeurons]

Ahhh, ok, that actually does help a lot. I figured I must have been missing something; that explains why nobody has done this already Oh well, thanks for all the replies all!

[lukethomasx]

I'm not satisfied with the answers so far. I know we can't use the newer leaked SDK's to sign things, but that's not what he's asking. He said:

What would stop us from:

1. Decrypting the older 3.55 drivers and decompiling them with something like Boomerang to get a baseline (albeit ugly) C project.
2. Based on the leaked SDKs (which contain changelogs and stubs of the drivers) code in the missing functionality (at least what's relavent to games).
3. Recompile and resign the modified drivers for 3.55 and move them into a CFW.

now if I've understood correctly he wants to modify and resign the current sprx files. And as far as I know we do have the ability to sign code for 3.55 or at least to run unsigned code.

so having said all that, what's stopping us from modding the sprx files?

[tjhooker73]

Actually nothing if My knowlege is correct then Linux on ps3 the drivers that took forever actully uses them/ modifies them and so does much homebrew. But my guess as why it hasnt been used much is it could brick i guess. Sorry im tired.


Sent from my jailbroken iPhone 3g using Tapatalk

[Ronnie888]

Yes nice idea but as stated above, sadly they kind of have us on this one. Without some kind of help from a leak within sony devs team we are about stuck. Thats why the only real dev in the scene is with MM and 3.55. Sad but true im afraid

[RatNeurons]

@lukethomasx If I understand tjhooker73's original post, it sounded like the sprx files were encrypted with a different key than the one(s) we obtained that lets people sign games and packages. If that were true, that would be a big reason why my idea wouldn't work.

It is interesting though, because we must have some level of access to modifying firmware files or things like rebug wouldn't be possible. That being said, I was looking through the list of keys for 3.55 and there are about a dozen, so I could see different parts of the firmware being encrypted with different keys.

[lukethomasx]

what part of the pup are the sprx files stored in?