[euss]

Originally Posted by defyboy Sorry people, This script dumps the OtherOS bootloader binary image, Not the bootldr we need to get the lv0 keys. It was written by the 'real' Geoffery Levand. http://dev.man-online.org/man8/ps3-utils/ http://packages.debian.org/sid/admin/ps3-utils The real bootldr that we want to get will be less than 256kb and not contain a whole heap of kernel strings. Dumping the bootldr will not be this easy.

That makes alot of sense, seeing kernelparts after 0x375770 in the "bootldr.bin"

Code:

"bootldr.bin" :: 
CRC-16: 9C6C
CRC-32: 15737478
SHA-1: C27F72287ED3CBC79E9A553C95231C356C633E0D
SHA-256: FDF625A3BEB85C6DCAE72534789F77D09C7AE4C86A80898CFD164332E2C0A8B2
SHA-384: 26CA7D5659BC12248897CCC8999F1DDD83BA3218A5C0434E0114A82CCE21C351AA4B0994E1F0F324C14A5B68D529229F
SHA-512: E3DA6A00126DA232EA69251683EA0612BD663E6C52A067EF8156EC0B838BB929CF08AA93BF46C7C26FA3FE3E66D81E03270FD5817D338B4167967CB7B49A4FA6
MD-2: 5EAF9F1BA8691A045826E32541F110D0
MD-4: 37492D4563F7685FC5DA0CD2ADB9BCC6
MD-5: 0F16158794F9650961F0C52E28F83671

The real Geoff Glevand is quite busy lately: http://git.kernel.org/?p=linux/kerne...ds/for-powerpc

Originally Posted by snowydew It's a partial dump, mostly kernel stuff. It'll help massively though.

Hate to shatter the dream, but I don't think that an OtherOS(++) petitboot/bootldr will help much at all (esp. outside Linux/BSD, into GameOS and secured root area).


Walk along, nothing to see here...

[cyberdude]

Originally Posted by derako this seems waaaay too simple to not have been already done by someone. . am I right? Anyway thanks for the tip PS: with the bootldr decrypted and lv0 keys still encrypted, what could be achieved?

erm...possibly the keys getting unencrypted??!!

[snowydew]

Originally Posted by euss Hate to shatter the dream, but I don't think that an OtherOS(++) petitboot/bootldr will help much at all (esp. outside Linux/BSD, into GameOS and secured root area). Walk along, nothing to see here...

Sall good :P, meds aren't really helping, reason i didn't get too excited over this

[zecoxao]

Damn, i was pretty sure of this one... Anyways, there is more coming from where this came from:

Originally Posted by durandal parts are still encrypted the lv0 keys those aren't stored on the flash eeproms those are stored on a separate chip and are only ever decrypted during initial POST firmware has code to overwrite the keystore chip that's how sony invalidates keys and issues new ones with fw so you could just reflash it to a self-signed key you made then compile and sign a version of openfirmware with that key i gave them everything they need to do it including full source to sony's ofw build environment

THIS was why i was so hyped about... I was starting to wonder why there were strings with glevand's name on the bootldr, and i figured out why now.
So it's not over yet, we can still win this ****

[defyboy]

Originally Posted by durandal parts are still encrypted the lv0 keys those aren't stored on the flash eeproms those are stored on a separate chip and are only ever decrypted during initial POST firmware has code to overwrite the keystore chip that's how sony invalidates keys and issues new ones with fw so you could just reflash it to a self-signed key you made then compile and sign a version of openfirmware with that key i gave them everything they need to do it including full source to sony's ofw build environment

I made it my business to know all of the ps3's hardware, this statement is not correct. The PS3 does not rely on an external key-storage mechanism but rather a chain of trust initiated by a secure Power on Reset procedure that kickstarts bootldr. This is clearly documented in the CBE documents and the patent papers.

[oPolo]

Originally Posted by snowydew It's a partial dump, mostly kernel stuff. It'll help massively though. Sorry, you felt that way... When I was with gitbrew, we tried everything to make the irc and everything else as user friendly as possible and to help whoever we could. Didn't know that was the vibe we were giving off (twitter answered as many questions i could as well as being friendly as possible!)

:O Dont get me wrong! I believe its mostly because, I am European (Danish)..! Twitter, MySpace, AOL(Especially AOL), has never really become a craze over here. I have to date never experienced meeting an AOL user actually, and the only people over here that uses twitter, is famous people(actors, politicians, perhaps musicians).
I have since then made a twitter(oPolo) to be able to follow you, KaKaRoToks and others... And when people see me log into twitter over here, they nearly all ask why I use it, because none of my friend does (and then comes the dilemma of having to explain them about the PS3 hacking community, etc....).
I guess, your mainstream communication channels wasn't that known in Europe, at least not in Denmark, and that was why I felt it. I'm sure that for Americans, your communication forms was a lot more effective, and people did use them. Perhaps even Spaniards and Brits that are located in other areas in Europe than Scandinavia was using them, maybe its just the nordic area of Europe(I would love to call it the Nord because of Game of Thrones) that has not caught up with those social platform/services. Perhaps because we aren't that many in each country.

I guess thats one reason... The other would probably be: You know when you are new in the scene and still at that stage, where you are unsure, whether there exist a method for getting CFW for the newer versions, even though people say no. You wonder even though people say you can't, if you can find a method for playing PS1 games using .iso, by searching on google.. Basically those days, when you haven't seen the big picture yet. You hear about some devs' names here and there.. and once every few days, it was on the frontpage that this guys, "Gitbrew", had just achieved something new.. You kinda felt that they were the hard-at-work, big guys accomplishing something, and it was hard to imagine yourself on an equal level in a talk with them And it was kinda intimidating to imagine yourself contacting them or talking with them

It would probably have felt back then, as if I had ran over to some famous person(/you guys) that I just saw on the street and had casually started talking with them/you, and asked you for your phone number. No homo. Some levels of nervousness had, had to be broken, because of the feeling that there were a social gap made out of respect, due to the difference in experience in the scene

[euss]

Originally Posted by zecoxao / durandal parts are still encrypted

If it /was/ bootldr, then it would have the key for lv0 (and after that, everything below can be decrypted also.)

Originally Posted by zecoxao the lv0 keys those aren't stored on the flash eeproms

They are inside lv0ldr (bootldr) decrypted

Originally Posted by zecoxao those are stored on a separate chip and are only ever decrypted during initial POST

No, that is the key of bootldr itself you are talking about (based on syscon + sysrom + cellbe hw-crypto). Its all in the IBM patents "secured boot / power on reset" and HIG guides, which explain the role of syscon in PoR sequence.

Originally Posted by zecoxao / durandal firmware has code to overwrite the keystore chip

No they cannot, onchip keystore can only be rewritten in factory. You cannot rewrite efuses, only blow more (there are 2^48 keys anyhow, minus a few obvious ones like all zeroes and all 1's).

Originally Posted by zecoxao / durandal that's how sony invalidates keys and issues new ones with fw

No they don't, they use revokation and add new keys to keytables.

Originally Posted by zecoxao / durandal so you could just reflash it to a self-signed key you made

Yes, that is called downgrading, done since 2005 and what JFW-DH (bad idea) and Cobra/Trueblue uses.

Originally Posted by zecoxao / durandal then compile and sign a version of openfirmware with that key

Now you are talking about replacing bootldr, which only can be done if you manage to get CellBE hardware keys inside its efuses ondie.

Originally Posted by zecoxao / durandal i gave them everything they need to do it including full source to sony's ofw build environment

LMAO


Nothing to read, only nonsence, move along...

Originally Posted by defyboy I made it my business to know all of the ps3's hardware, this statement is not correct. The PS3 does not rely on an external key-storage mechanism but rather a chain of trust initiated by a secure Power on Reset procedure that kickstarts bootldr. This is clearly documented in the CBE documents and the patent papers.

Sir... You must be reading the same patents, hardware initialisation guides, CELL BE specifications, secured root, secured SDK, and ps3devwiki's as I have, because that is exactly my point!

If only more people read more documents...

[BobbyBlunt]

Funny how certain people with certain acquired PS3s lead people in the wrong direction.......

[euss]

Originally Posted by BobbyBlunt Funny how certain people with certain acquired PS3s lead people in the wrong direction.......

Funny how those certain people don't seem to have much ps3devwiki, documents and readme affinity either

[carldenning]

im lost. if this isnt old news, how comes this was posted on another site 23 weeks ago ? so its old news on another site but new news on here