[nookupeous]

Someone should post this information to the devwiki. If someone else hasn't done it within the next couple hours. I will do it after I have my next class.

[Loedi]

I just uptaded dev wiki half a hour ago

[zadow28]

had the wrong link in post 7, have updated the post, with the trueblue cfw devflashes decrypted.


Old link had only one file this have all that where decrypted

[Loedi]

zadow what do we need to get information what we need from this ****ty dongle ? are there parts not decrypted or something ?

[zadow28]

One question on another topic what exactly is that i holding os back for finding the private-lv1 keys from 3.56, since the all the devcore is decrypted, even the lv1.self ?

here i decrypted all.


http://www.mediafire.com/?hl1b1m3jmbiv445 (3.56)



and the lv1.self in the 3.60 ofw needs

lv1-pub-331
lv1-priv-331
lv1-priv-356

Code:

$ readself lv1.self
  pub file:   /home/zadow/.ps3//lv1-pub-331 (ERROR)
  priv file:  /home/zadow/.ps3//lv1-priv-331 (ERROR)
  priv file:  /home/zadow/.ps3//lv1-priv-356 (ERROR)
SELF header
  elf #1 offset:  00000000_00000090
  header len:     00000000_00000700
  meta offset:    00000000_00000290
  phdr offset:    00000000_00000040
  shdr offset:    00000000_001259e0
  file size:      00000000_003d0500
  auth id:        1ff00000_02000001 (Unknown)
  vendor id:      ff000000
  info offset:    00000000_00000070
  sinfo offset:   00000000_000001b0
  version offset: 00000000_00000230
  control info:   00000000_00000240 (00000000_00000070 bytes)
  app version:    3.60.0
  SDK type:       Retail (Type 0)
  app type:       level 1

Control info
  control flags:
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  file digest:
     62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
     82 29 22 e3 f8 79 b4 75 09 36 5e 61 2c ec 5c d4 48 07 fd 85

Section header
    offset             size              compressed unk1     unk2     encrypted
    00000000_00010700  00000000_00000d04 [YES]      00000000 00000000 [YES]
    00000000_0001d010  00000000_0008eaa1 [YES]      00000000 00000000 [YES]
    00000000_000ad510  00000000_000784d8 [YES]      00000000 00000000 [YES]
    00000000_001259f0  00000000_00000000 [NO ]      00000000 00000000 [YES]

Encrypted Metadata
  unable to decrypt metadata

ELF header
  type:                                 Executable file
  machine:                              PowerPC64
  version:                              1
  phdr offset:                          00000000_00000040
  shdr offset:                          00000000_003d0080
  entry:                                00000000_0039e8a0
  flags:                                00000000
  header size:                          00000040
  program header size:                  00000038
  program headers:                      4
  section header size:                  00000040
  section headers:                      18
  section header string table index:    17

Program headers
    type  offset            vaddr             paddr
          memsize           filesize          PPU  SPE  RSX  align
     LOAD 00000000_00010000 00000000_00000000 00000000_00000000
          00000000_00004400 00000000_00004400 rwx  ---  ---  00000000_00010000
     LOAD 00000000_00020000 00000000_00200000 00000000_00200000
          00000000_001c25b0 00000000_001ae5b0 rwx  ---  ---  00000000_00010000
     LOAD 00000000_001d0000 00000000_00400000 00000000_00400000
          00000000_00200000 00000000_00200000 rw-  ---  ---  00000000_00010000
     LOAD 00000000_003d0000 00000000_00600000 00000000_00600000
          00000000_00001050 00000000_00000000 rw-  ---  ---  00000000_00010000

Section headers
  [Nr] Name            Type      Addr              ES Flg Lk Inf Al
       Off                       Size
  [00] <no-name>       NULL      00000000_00000000 00     00 000 00
       00000000_00000000         00000000_00000000
  [01] <no-name>       PROGBITS  00000000_00000000 00 wae 00 000 16
       00000000_00010000         00000000_00004400
  [02] <no-name>       NOBITS    00000000_00004400 00  ae 00 000 128
       00000000_00014400         00000000_00000880
  [03] <no-name>       PROGBITS  00000000_00200000 00 wa  00 000 16
       00000000_00020000         00000000_00117594
  [04] <no-name>       PROGBITS  00000000_003175a0 00 wa  00 000 08
       00000000_001375a0         00000000_0000bf90
  [05] <no-name>       PROGBITS  00000000_00323530 00  ae 00 000 08
       00000000_00143530         00000000_00027e40
  [06] <no-name>       PROGBITS  00000000_0034b370 08  ae 00 000 08
       00000000_0016b370         00000000_00000008
  [07] <no-name>       PROGBITS  00000000_0034b378 00  ae 00 000 08
       00000000_0016b378         00000000_00007e08
  [08] <no-name>       PROGBITS  00000000_00353180 00  ae 00 000 16
       00000000_00173180         00000000_00009980
  [09] <no-name>       NOBITS    00000000_0035cb00 00  ae 00 000 128
       00000000_0017cb00         00000000_0000c498
  [10] <no-name>       PROGBITS  00000000_00369000 00 wae 00 000 08
       00000000_00189000         00000000_0000cd00
  [11] <no-name>       PROGBITS  00000000_00376000 00 wae 00 000 08
       00000000_00196000         00000000_0001e318
  [12] <no-name>       PROGBITS  00000000_00395000 00 wae 00 000 16
       00000000_001b5000         00000000_000098a0
  [13] <no-name>       PROGBITS  00000000_0039e8a0 00  ae 00 000 08
       00000000_001be8a0         00000000_0000fd10
  [14] <no-name>       NOBITS    00000000_003ae5b0 00  ae 00 000 01
       00000000_001ce5b0         00000000_00004000
  [15] <no-name>       PROGBITS  00000000_00400000 00  ae 00 000 01
       00000000_001d0000         00000000_00200000
  [16] <no-name>       NOBITS    00000000_00600000 00  ae 00 000 16
       00000000_003d0000         00000000_00001050
  [17] <no-name>       STRTAB    00000000_00000000 00     00 000 01
       00000000_003d0000         00000000_00000080


zadow
@zadow
-PC ~
$

[Loedi]

8 h and no responses to you xD but stupid discusion about dongles is very activ , and this usefull information are not even discused

[euss]

Originally Posted by Loedi 8 h and no responses to you xD but stupid discusion about dongles is very activ , and this usefull information are not even discused

hate to kill your hopes... but it is hardly usefull at all.

Originally Posted by zadow28 One question on another topic what exactly is that i holding os back for finding the private-lv1 keys from 3.56, since the all the devcore is decrypted, even the lv1.self ?

1. the private key fail applies to (random=4 /f0fjoke) -> no privs, no signing, that is why reDRM and 3.56DH 'bad idea' are using custom private keys
2. loaders are now in lv0 -> Boot Order page @wiki

Originally Posted by zadow28 here i decrypted all. http://www.mediafire.com/?hl1b1m3jmbiv445 (3.56)

the coreOS files from OFW 3.56 (2nd) unchanged, just unself'ed with the keys that where released since day 1 that firmware was out.

Well, you managed to pupextract, then do untar, followed by unpkg for the coreos.pkg and then cosunpkg the content of it plus unselfing files. So if this was a personal learning accomplishment, congratulations, you now mastered the commandline and using opensource failoverflow ps3tools and keysets (all are also on wiki btw if someone else want to try it too)

Originally Posted by zadow28 $ readself lv1.self [...]

It's readself output, pretty useless imo, besides looking for SELF structure. It does not lead to any en/decryption keys.


Tip: look at USB traffic and what (the how-part is already on wiki) is poked/copied into coreos /on demand/ and only after several checks are done to make sure coreos was not tampered (clear dongle SPI flash when poke/poke is detected) and dongle is present. Same attackvector/learningcurve applies to Cobra/TB

I wish you all luck, and most off all enjoyment in experimenting, reversing, reading, documenting etc.

[GregoryRasputin]

Originally Posted by Loedi 8 h and no responses to you xD but stupid discusion about dongles is very activ , and this usefull information are not even discused

I find anything and everything @zadow28 posts here on this forum, very interesting, at least he is experimenting and attempting to do something, rather than sitting and moaning about someone disliking a DRM dongle.

[Loedi]

And thats why i am keeping the info he posted on the first page on the wiki, last time i uptaded it someone deleted the info , so i think He can be very close .

And i hate dongles too but i am not so stupid to argue with every fanboy about it, i know its pain in the ass like we have the same situation some months ago in the mobile scece [ xperia x10 mini pro] some people cracked bootloader but wanted alot of money to give that method , but now here it is opensource , and my ICS builds are based on custom kelner because of it

[euss]

Originally Posted by GregoryRasputin I find anything and everything @zadow28 posts here on this forum, very interesting, at least he is experimenting and attempting to do something, rather than sitting and moaning about someone disliking a DRM dongle.

True that, trial and error are part of the learning game. I just hope I did not discourage people with my hard judgement of not-so-usefullness of some parts. Keep up the good work! And remember: your biggest challenge is always yourself (for everyone).

Originally Posted by Loedi And thats why i am keeping the info he posted on the first page on the wiki, last time i uptaded it someone deleted the info [...]

FYI, that readself paste was deleted by deroad and again reverted to previous state by me because like explained in my previous reply, it is not very usefull other than to show/check the structure of a self file. It does not show keys, does not hash, decompress, decrypt etc.
If you feel I made wrong judgement on your edits when patrolling that page, feel free to repost it on the talk page or discus there why it should be relevant to post.

My apologies hax, for the wiki discussion here, good day