[nicknewbie]

1. lets say someone with CFW were to make a raw dump of a game disk and got the "Disk specific sector based encryption key".

2.modified one of the game files that gets executed after start up and repacked it using the well known single layer encryption on disk based selfs.

3.Re-encrypted the entire dump using the prior mentioned key and the proper algorithms.

4.then burned to Blue-ray disk(referred to from here on as the"Payload disk").

5.Massacred a PS3 drive by chopping everything north of the spindle.

6.Loaded up said game disk to pass the PIC authentication until a menu or standby screen was reached DIRECTLY BEFORE SAID MODIFIED FILE WAS PLACED!!!

7.Swiftly and carefully remove game disk and replace with the "Payload disk".

8.Press button to advance to the next section in the game, executing the payload.

9.That person now has the ability to run unsigned code on any firmware, to lets say get keys without soldering over 9000 wires.

This was the concept that the 007 AUF swap trick used on the ps2 that works with every ps2 ever made. It relies on the fact that the drive doesn't just give up, it will keep tracking back and forth looking for data thinking it was a fluke without checking the PIC zone again. This is not patchable. Like the ps2 this method might need a specific game or it might not. But the key here is to keep the file name and every single thing about the files the same except the payload which would be padded up to size to match the original file size.

I'm open to any idea or suggestions, unless you are here to flame and/or "HUURRR dur i need you to fix my ps3 its in demo mode"

[donglehater]

I think Ive had too much to drink cause I was only able to understand 1.


Ok, I didnt understand 1 either.

[nicknewbie]

The PS3dev wiki has info about the encryption used PS3DEV Wiki

[DEFAULTDNB]

1, is there hacked BD firmware? How would this be done?

5, what??

The rest makes sense ... in principle. I clearly don't know enough about BD encryption.

[nicknewbie]

1. under CFW if I'm not mistaken you can access all the files on the drive unencrypted and make a file from them.

Quote from the PS3DEV wiki "On retail discs, there is a per disc key located at offset 0x800 on the disc with a header composed of "Playstation3" and the discs' title id such as "PlayStation3 BCES-00141". I assume that this key is in encrypted format and likely decrypted through lv2 by appldr."

5. The disk has to be swapped in real time so the drive will have to be open and running, with the ability to take one disk off and replace it with another like an old school record player.

Obviously only one person would need to perform this operation to a ps3 to get the keys from new firmware updates then just update the CFW using the new keys.

[DEFAULTDNB]

I think I remember there being a PS2 disc swap method for PS3 waaaaaay back when, where you cut a sun roof in the PS3 to swap the PS2 disc... Wonder if any of those people who made that sacrifice are still about? They could try it out.

[JustThatDude]

So basically the equivalent to hot swapping

[nicknewbie]

The self files on the disk don't get checked for NPDRM, just like pre 3.56 firmware. So as long as the per sector encryption matches the master key on the legit disk it will launch what every you put on it. The only thing the self files do security wise is check to see if the drive has already authenticated the disk via the PIC on the original disk.

Yes basically hot swapping.

EDIT: The replaced file would still have to be repacked and fake signed.

EDIT2:I'm not sure but I think this may only work with pre 3.56 game that has non-random number having ECDSA signatures.

EDIT3:Quote from PS3DEV "Because the binaries on the discs still have to be signed as they are verified and decrypted by appldr, in the event that you would somewhat trick the drive into thinking that your disc is a genuine PS3 disc, you could still not have your own fself ("fake" secure elf, complied with Sony's sdk) in there and get it to run, thus this would never lead to homebrews no matter what some clueless people may claim about it."

The ps3 will have to boot the modified file that was signed with the old non random ECDSA, if not it wouldn't boot the game because the pre 3.56 games were all signed with the non random keys. So unless they drop support for the games people already bought its not going away, just like the ps2 swap trick.
************* [ - Post Merged - ] *************
Any dev's with any input?

[hccompany]

Originally Posted by nicknewbie The self files on the disk don't get checked for NPDRM, just like pre 3.56 firmware. So as long as the per sector encryption matches the master key on the legit disk it will launch what every you put on it. The only thing the self files do security wise is check to see if the drive has already authenticated the disk via the PIC on the original disk. Yes basically hot swapping. EDIT: The replaced file would still have to be repacked and fake signed. EDIT2:I'm not sure but I think this may only work with pre 3.56 game that has non-random number having ECDSA signatures. EDIT3:Quote from PS3DEV "Because the binaries on the discs still have to be signed as they are verified and decrypted by appldr, in the event that you would somewhat trick the drive into thinking that your disc is a genuine PS3 disc, you could still not have your own fself ("fake" secure elf, complied with Sony's sdk) in there and get it to run, thus this would never lead to homebrews no matter what some clueless people may claim about it." The ps3 will have to boot the modified file that was signed with the old non random ECDSA, if not it wouldn't boot the game because the pre 3.56 games were all signed with the non random keys. So unless they drop support for the games people already bought its not going away, just like the ps2 swap trick. ************* [ - Post Merged - ] ************* Any dev's with any input?

I really think you guys ought to give this a try, wouldn't hurt right ? (If I had the possibility I would've done this already...)

[nicknewbie]

I have a PS3 here to do it on just no Bluray burner or Bluray disks.

PS. Don't look into the lovely violet light.

EDIT: Or a PS3 with cfw already on it....