Welcome to PS3Hax, your official PS3 hacks, PS3 Homebrew, and PS3 Downloads scene. Check back daily to keep up with the latest PS3 Hacks and drop by our forums for more PS3 Hacks discussions.
  • Posted by Pirate , on 13/11/2011 , @ 09:46pm

     

    Hate him or love him, Mathieulh still has got skill. He just posted on his Twitter the following picture:

    Yep you may have to check the picture a few times. Mathieulh has managed and showed us he is still capable and released a proof of concept proving that he has decrypted LV0 @ FW 3.73. This of course means CFW up to the latest PS3 firmware!

    HOWEVER, he has went ahead and said the following:

    By the way, I won’t be posting keys, I won’t be posting dumps and I won’t be saying how it was done, time to work gentlemen.

    With the leak last week of the Metldr exploit, he went out and said he would not be releasing anything to the scene again. What is important to take away from this is that Mathieulh has showed us it IS possible, it is not FAR away, and all we need is someone able to get to it.

    Maybe if you guys would be nice to him (instead of flame), he MAY be just kind enough to drop a few hints or ‘leak’ something :)

    Should Mathieulh release his method for decrypting LV0?

    View Results

    Loading ... Loading ...

    Thanks to StevieD for the news tip!

    Stay tuned for more BREAKING news updates on this story, only @ PS3Hax!

    Poll by popular demand if you think this is real or not - no flaming/whining on thread!

    Do you think Mathieulh has managed to decrypt LV0?

    View Results

    Loading ... Loading ...

  • Posted by Pirate , on 14/05/2011 , @ 05:59pm

     

    Important updates at the Read More link. While the PS3 scene is slow now a days and some of you are dreading for the return of PSN, Mathieulh has posted some interesting discoveries on his Twitter. Mathieulh has managed to QA Flag his PS3 and show the hidden options available for it. Before I go on, most of you are probably wondering what in the world does QA Flagged mean?

    To quote:

    QA flag is the internal console flag used by Sony, it enables hidden options and removes restrictions for both retail and debug consoles alike. It is used for QA centers and the R&D Department, there are 2 levels of QA flags, Minimum and Advanced, this console has been set to the Advanced one.

    Now Mathieulh has come out and said that he will not be telling us how he did this, but nonetheless very cool and it will be interesting to see where this will lead to.

    The video below:

    To quote video description:

    I just QA flagged my Metal Gear Solid 4 Limited Edition console and I thought I’d show you the hidden options for the sake of it. (and because I was bored)

    I am sorry for the unstable camera, I only have two hands and the options are hidden and require (along with the actual flag) a crazy button combo to pop up. (I kid you not)

    Sorry I am not telling you how to do this, please do not ask.

    Yes, this video is real

    Here are some interesting Tweets made regarding this:

    Mathieulh Mathieulh:
    @dantezteam It’s an UNMODIFIED RETAIL FIRMWARE.

    @KaKaRoToKS For various reasons, one of them being that you can warez with this, and the flag stays even after updating.

    @KaKaRoToKS The QA flag happens to remove a bunch of restrictions that have the side effect of preventing you to warez.

    @dantezteam The console is QA flagged, The firmware checks for this flag and will enable special features when it finds it.

    @dantezteam Basically it’s what Sony themselves use to allow special debugging on their consoles and loosen restrictions.

    @KaKaRoToKS By the way, Advanced QA flag enables downgrading, just my 2 cents… xD

    UPDATE 1: (more…)

  • Posted by PS3Hax Member News , on 28/03/2011 , @ 07:28pm

     

    Mathieulh recent tweets have basically outlined new information relating to dumping of LV0 for PS3 FW 3.60 and obtaining the new firmwares keys. He has not released the full method on how to do this, but at this point has given enough for someone to figure out the rest. There also a team by the name of “Ps3WeOwnYoU” on Twitter claiming to have cracked the new firmware VIA Mathieulth’s tweets.

    Below are the recent Mathieulh tweets:

    “You can’t overflow user processes, the NX bit applies here, you can only overflow lv2 or a process with higher privileges.”

    “You can update from your pwn pup only from 3.55 or lower, unless you have an exploit.”

    “Of course that should be fixed in upcoming lv0 revisions anyway (By moving the ldrs to the top of lv0)”

    “You run the 3.60 lv0, then you switch the nor, and pull the cell reset line, and you dump the extra KBs where the loaders are.”

    “Basically you have a nor with 3.55 (or lower) lv0 and your own small lv1 code that does the dump, and 3.60 lv0 on the other.”

    ” You wont get all of lv0 but the part with the loaders shouldn’t be overwritten.”

    “You can actually get all the 3.60 keys/loaders without knowing lv0 keys by dumping lv0 from ram with dual nor and signed lv1.”

    “That’s from an older lv0, the method to get the data isn’t the same, the one I posted was a dump, this one is a decryption ”

    “There is a nice way to dump pre 3.55 lv0 as well by using a small lv1 binary, it’s a risky process though.”

    “Oh! You mean my pm ? congrats, you just figured I have had lv0 dumped/decrypted for quite some time xD”

    “Reminds me of those stupid lv2 overflows I spotted ages ago in the bdemu code, which are useless now on 3.55+ anyway.”

    “To those planning on building a 3.56+ pup for whatever reason, the files attributes changed, the group and user ids for the files as well.”

    “The new 3.56+ values for tarballs are the following: owner_id, “0000764″ group_id, “0000764″ owner, “tetsu” group, “tetsu” ustar, “ustar ”

    “You can use fix_tar to use those new values. Use with caution.”

    “By comparison, those are the pre-3.56 values. owner_id, “0001752″ group_id, “0001274″ owner, “pup_tool” group, “psnes” ustar, “ustar “


    To quote a bit more information about LV0:

    So, to decrypt this LV0 thing, we need to get to know it better. In the latest blog post by rms, he has explained briefly what LV0 is in the console’s security.

    Anyway, let’s really discuss something PS3 instead of my PC xD, let’s start with Lv0, the most unknown level of the PS3. Lv0 initializes PS3 base hardware such as PowerPC/PPU portion of Cell/BE, SPU isolation for asecure_loader, and gelic ethernet/WLAN device. Lv0 also proudly proclaims itself as the “Cell OS Bootloader”. In older firmwares, 0.80-ish to 3.56, Lv0 initialized SPU isolation on one of the SPUs, then it loaded and decrypted asecure_loader. Asecure_loader or metldr then decrypts the isolated loader, in this case, lv1ldr, then lv1ldr decrypts lv1.self. In 3.60 this changed. Lv0 now has all of the loaders integrated into it as one large fat binary. All the keys one needs such as Public ECDSA key/AES CBC key and Initialization Vector and ECDSA curve type are in there. Just go ahead and grab them if you can get the ldrs out of the binary.

    So, unless you can decrypt Lv0, no 3.60 “CFW” for you icon razz Decrypt Or Dump LV0 For 3.60 CFW+ Exploit   Mathieulh . Is there any need for it anyway?

    Mathieulh also has some facts to clarify about LV0.

    1. lv0 isn’t a loader it’s a ppu binary

    2. Lv0 isn’t encrypted per console and can be updated with the rest of the coreos

    3. Lv0 is decrypted by the bootloader, there is no such thing as a lv0ldr.

    4. The bootloader keys cannot be updated/modified on EXISTING hardware

    5. lv0.2 is NOT a binary, it’s a new metadata for lv0 which is to be decrypted and verified by a new bootloader (which is to be available on future ps3s), it is NOT used by the current bootloader (and thus in current playstation 3 consoles)

    Time will tell, hopefully PS3 FW 3.60′s “defense” is wearing out :)

    [VIA PS3Crunch]

  • Posted by PS3Hax Member News , on 22/03/2011 , @ 05:07pm

     

    Many people have been talking about the exploit found by Mathielh and some people got too excited about it. His exploit would let us hack all future firmwares which are soon to come.

    Whether or not it can be compared with the exploit that geohot used to obtain metldr keys is still not clear, even from Mathieulh himself since geohot has been keeping his mouth shut about it although he did told everyone on IRC, the metldr exploit was done (or use) on a OtherOS enabled 3.15 console.

    Now, Mathielh posts:

    Actually the revocation list exploit doesn’t allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

    @jarmster
    Ya well without a disassembly i guess its all speculation isn’t it math

    This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

    You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

    Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

    For exemple the following instructions will dump the isolated LS to the SPU mailbox:
    loop:
    rdch $3, ch29
    lqd $3, 0($3)
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    up_one:
    br loop
    br up_one
    Of course you’ll need a ppu payload to fetch the mailbox data.
    Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

    Finally the problem with isoldr and the revoke list exploit isn’t so much that the exploit doesn’t work (it actually does) It’s that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

    When he was asked about the NPDRM key in the equation. Here’s what he said:

    There is more than one npdrm key. It’s not been released because the ones who have the skills to do it do not remotely care about pirating playstation store games (obviously).

    [VIA PS3Crunch]

  • Posted by Pirate , on 06/01/2011 , @ 12:41pm

     

    Mathieulh has just released his PSP/PS3 Game decrypter via his < a href=”http://twitter.com/Mathieulh”>Twitter.
    (more…)

  • Posted by GregoryRasputin , on 02/01/2011 , @ 09:07pm

     

    Its seems that it is raining Master Keys, earlier Mathieulh found the PSP’s Master Keys in the PS3, this means that the PSP is now as fully open as the PS3, here is a IRC log transaction from the source, im not a huge fan of posting IRC logs, but this is too awesome not too.

    < @Mathieulh> got the kirk engine keys
    < @Mathieulh> thx sony xD
    < +rck`d> psp crypto
    < @Mathieulh> well it’s in ps3 but it’s psp keys
    < @Mathieulh> I can encrypt/sign any psp apps now
    < @Mathieulh> lol
    < @Mathieulh> yah
    < @Mathieulh> has drm keyz too
    < @dwrfcrank> Davee: Hey I told you it’s a isolated SPU module >:O
    < @Mathieulh> so you can make your own psn store clone
    < @Mathieulh> on psp

    [07:47] < @Mathieulh> they are inside an isolated module
    [07:47] Mathieulh, what file is the updater ?
    [07:47] < @Mathieulh> which is inside a sprx
    [07:48] plz
    [07:48] what do u need them for? rofl
    [07:48] its psp
    [07:48] < @Mathieulh> DarkHack it’s inside pip
    [07:48] not ps3
    [07:48] < @Mathieulh> pup *
    [07:48] kirk= The hardware crypto engine responsible for almost all aspects of the PSP’s security, including decryption of eboots & prx’s, savefile and adhoc encryption, and idstorage verification. Named after Captain Kirk of Star Trek.
    [07:48] < @Mathieulh> ra you can sign psp apps
    [07:48] even if he releases them there is no point
    [07:48] which file ?
    [07:48] < @Mathieulh> well “sign” xD
    [07:48] < @Mathieulh> cause the signature is hmac-md5
    [07:48] < @Mathieulh> while the encryption is AES128CTR
    [07:49] Mathieulh, which file in the pup is the updater ?
    [07:49] Mathieulh, just one question, how did you decrypt the sprx
    [07:49] < @Mathieulh> darkhacke seriously…. it’s the only fucking self in there
    [07:49] < @Mathieulh> cooled_ I decrypted appldr
    [07:50] like lv2_kernel.self icon razz Mathieulh Has Found The PSP Master Keys In PS3!
    [07:50] i think its time this room became +m for 5 mins hahahaha
    [07:50] < +jas0nuk> Mathieulh, start talking in french
    [07:50] < @Mathieulh> (actually I pwned and dumped it first since I released the keys already)
    [07:50] < @Mathieulh> then I looked for the keys
    [07:50] ra, break kirk means that you can sign homebrew in user mode.. nothing of kernel mode…
    [07:50] < @Mathieulh> grabbed them all
    [07:50] no need be rude Mathieulh ):
    [07:50] < @Mathieulh> used the one I needed to decrypt the sprx I knew had nice shit in
    [07:50] and over 6.XX it’s easyly recokable
    [07:50] < @Mathieulh> then I extracted the isolated module from it
    [07:50] < @Mathieulh> then I decrypted/pwned isoldr
    [07:50] < @Mathieulh> grabbed key
    [07:51] < @Mathieulh> then decrypted the isolated module
    [07:51] == Indy_ [[email protected]] has joined #ps3dev
    [07:51] < @Mathieulh> then I had all the keys + algos there
    [07:51] == HiBit [[email protected]] has joined #ps3dev
    [07:51] < @Mathieulh> tadaa !

    Source Dukio

  • Posted by PS3Hax Member News , on 01/01/2011 , @ 01:25pm

     

    Mathieulh has released the Lv2ldr keys:

    Developer Mathieulh has released the Lv2ldr keys for the PS3. This key is used for decrypting external lv2 versions, as well as use it to decrypt the ps2_emu binaries on the PS3. -jailbreakscene.com

    @Mathieulh

    Lv2ldr keys:

    erk: 94303F69513572AB5AE17C8C2A1839D2C24C28F65389D3BBB1 1894CE23E0798F

    riv:
    9769BFD187B90990AE5FEA4E110B9CF5

    Decrypts all the External lv2 versions from pre 1.00 to anything below 3.40.
    Use the algorithm available here: https://ps3wiki.lan.st/index.php/Self_Crypto
    and here: https://ps3wiki.lan.st/index.php/SELF_F … Decryption

    To perform the decryption.

    Credits:

    Mathieulh, RichDevX, Graf_Chokolo, N_D_T, TitanMKD. (all from a brand new, yet unnamed team.)

    Maybe more to come.

    btw those keys also happen to decrypt the ps2_emu binaries if anyone cares.

    You can also use this : https://github.com/ooPo/ps3sdk To perform the decryption.

    Source: forum.jailbreakscene.com
    Source PSX Scene

  • Posted by PS3Hax Member News , on 07/12/2010 , @ 01:41pm

     

    Mathieulh has updated his twitter with the real USB master key for the PS3 which was revealed by the PS3Yes team. (more…)

  • Posted by Pirate , on 15/10/2010 , @ 08:37am

     

    Confused on which HEX/PSGroove to use? Hermes? Waninkoko? Mathieulh? Lets use all three, the folks over at PS3ITA have released a compiled hex for various boards that brings Hermes v3 + Retail PKG installsupport +  Game Updates fix all in one  these are the latest HEX files so you should be using THESE if you have not upgraded your boards/device in a while.

    Download the file for the HEXs below (props to PS3-Hacks and PSX-Scene for compiled lists)

      • AT90USBKEY (AT90USB1287)
      • Minimus AVR USB (AT90USB162)
      • Maximus AVR USB (AT90USB162)
      • Olimex (AT90USB162 8Mhz)
      • Teensy 1.0 (AT90USB162)
      • Teensy++ 1.0 (AT90USB646)
      • Teensy 2.0 (ATMEGA32U4)
      • Teensy++ 2.0 (AT90USB1286)
      • AVRKey (ATMEGA32U2)
      • TI-84+ Calculator
      • PSFreedom
      • P3Hub1
      • P3Hub2
      • PIC18F2550
      • OpenKubus (ATMEGA16U4 8Mhz)
      • iPod Nano 1G
      • iPod Video 5G
      • Arduino Duemilanove
      • Arduino Mega

        Feel free to PM your updated source for this and I will add to download list/link.

        [DOWNLOAD PSGroove v3 HEX]

      • Posted by Pirate , on 14/10/2010 , @ 09:24am

         

        The new and first game to require firmware 3.42 is the Medal of Honor game, many thought that by patching the PARAM.SFO we could trick the PS3 into bypassing the update - however after testing it does not work…why? Mathieulh has posted on his twitter, that:

        By the way, new game keys were added in the 3.42 appldr, if you get a 0×80010019 error that means the self/sprx can’t decrypt.

        In laymans terms, in the 3.42 FW update, Sony added NEW encryption keys to the new era of PS3 games being released, the older PS3 firmwares (3.41) does not contain these encryption keys, so the PS3 fails to decrypt the games when ran resulting in error (80010019).

        So what next? Well now we have to figure out how to decrypt the EBOOT.BIN for newer PS3 games, allowing us to then redistribute the new encrypted keys…but of course as you can imagine this will take a while to achieve.

        [VIA Mathieulh Twitter]
        [News Source via PSGroove]

        Thanks to condorstrike for the news tip.

      • Posted by Pirate , on 11/10/2010 , @ 06:50pm

         

        It seems that it is possible to make games that do not work currently with backup managers, including updates/patches that result in a black screen, to work. Of course Mathieulh will not update the official PSGroove git with the changes (as backups are disabled by default), but he does outline how to modify the payload to improve game support.

        To quote:

        Mathieulh has revealed another juicey piece of info on his twitter. He has revealed information on patching the 3.41 payload. More specifically, he provides information on a lv2 patch that effectively allows all game updates/patches to work. We reported previously on a few payloads that increased this sort of stability with game updates. However, Mathieulh again has found flaw in how the payloads were patched. He explains that these other payloads missed a check, a check which he reveals below.

        Please note he will not be adding this to the official psgroove payload as he does not support piracy.

        Some game updates use lv2open to check the disc’s param.sfo to make sure the right disc is in the drive and the check fails because psjailbreak patches only patch the vsh open, as such a lot of patches will ask to “insert” the disc if you are playing from a backup, I don’t care much about backups myself but for the sake of it and because some people may actually do a legit use of them, here is the patch : in 3.41 lv2 at offset 0x5745C change to li %r31, 0

        Before you ask, because this is mostly backups related I wont be implementing this on the psgroove payload. If others want to implement this patch, that will be their call.

        More info (technical) via Twitter here and original tweet here.

        [VIA PSGroove]

      • Posted by Pirate , on 10/10/2010 , @ 11:21pm

         

        Today an official update for the original PSGroove has been released. The new payload adds support for retail PKG installs, similar to what Waninkoko did earlier today. However, according to Mathieulh (via Twitter), that was the INCORRECT way to install retail PKG’s hence has updated the PSGroove payload to properly integrate the feature. Do note that there are still certain PKGs that may cause problems while installing, so the offical PSgroove update is a better, and more stable version to allow retail PKG install.

        To quote:

        Retail package support was just added to PSGroove GIT
        ! This patch isn’t the same as Waninkoko’s Hermes v3 !

        * Forcing r11 to 1 like Waninkoko did does work but it is not the solution and might bring issues with specific package types.
        * The right patch to be done is to put a nop at the beginning of the debug algo decryption which checks for the model flag to be 1
        * Also Waninkoko left the original PSJailbreak patch which was not proper either:

        ROM:0002ED00 lhz %r9, arg_7A(%sp)
        ROM:0002ED04 xori %r9, %r9, 0×80
        ROM:0002ED08 addi %r9, %r9, -1
        ROM:0002ED0C rldicl %r29, %r9, 1,63
        ROM:0002ED10 b loc_2ED20

        * They force r29 to 1 which does indeed let you install debug packages,
        * But breaks the retail package install because the code will stop at the debug check if r29 is set to 1.
        * The right way is to actually kill that check.
        * That’s what’s been done by doing a nop to the conditional branch.

        You can grab the source for the updated PSGroove here via Github.

        So, post away the download links to the HEX files and I will keep a list up on the front page (I will also replace Waninkoko’s HEXs compiled earlier today with the PSGroove official ones to prevent any confusion).

      • Posted by Pirate , on 30/08/2010 , @ 12:24pm

         

        Esteemed PSP/PS3 reverse engineer Mathieulh, has stated via his twitter that a member of his team has successfully cloned the PS3 Jailbreak device:

        Someone from our group just successfully cloned the psjailbreak dongle. Going to improve the shell code soon.

        Mathieulh also stated this too:

        We are not releasing anything, we didn’t just rip things off, we know how it works ,the clone is just a POC, we plan on documenting

      • Posted by GregoryRasputin , on 23/08/2010 , @ 03:00pm

         

        Mathieulh has stated on his Twitter that the guys behind PS Jailbreak used GeoHots exploit and strongly advices us to not update to PS3 Firmware 3.42, as this will probably block the PS Jailbreak Dongle, here are Mathieulh’s tweets.

        The psjailbreak guys definitely used Geohot’s exploit, without him it wouldn’t have been possible in the first place.

        This is a very clever hack which allows code to run a high privileges on the system. Updating would be a real shame.

        You should know by the way that this CAN (and most likely will) be updated/fixed by Sony. Avoid updating to 3.42+ at ALL COSTS.

        For those of you interested in following Mathieulh on Twitter, go here


        Image courtesy of Playstation Lifestyle

        EDIT(13th January 2012)
        I know its extremely late to post this, but better late than never.
        But the fact remains, actual fact that is and not guessing, the PS Jailbreak creators DID NOT use GeoHots exploit, there method was totally different.

      • Posted by Pirate , on 22/08/2010 , @ 11:07am

         

        With the steep price of PSJailbreak , and the possibility of the USB being useless/blocked after a firmware update, many are eagerly waiting for an alternative solution. While we wait for the devs to get in their units, Mathieulh has tweeted encouraging news on his Twitter a few hours ago:

        The exact chip for the psjailbreak dongle has been identified, looks like dumping it will be easy.

        We encourage all of you to wait before spending money on buying the PS Jailbreak USB dongle, it is only a matter of time before we get a free/alternative version.

      • Posted by GregoryRasputin , on 31/05/2010 , @ 08:23am

         

        Our very own Senior Member SlyRipper, has just recently posted a thread, in which it shows a screenshot of the twitter page of renowned PSP genius Mathieulh describing how GeoHot made his CFW, not a lot is revealed or explained, just enough for you to catch a grasp of what is happening, in one of the tweets, Mathieulh explains how the CFW method created by GeoHot can be easily patched.
        So the question is, has GeoHot disappeared because he realises that his CFW is of no use, or is he working on refining it so that it cant be patched.

        Continue the discussion here

      • Posted by Pirate , on 18/04/2010 , @ 10:09am

         

        The folks over at Maxconsole have interviewed Mathieulh(well known/respected PSP hacker), about the Playstation 3, the scene and where things are going right now.

        To quote:

        So without further delay, here is the interview between Threedog of MaxConsole and Mathiuelh:

        1: Members have seen you interacting with Geohot, Do you have any personal interest in the PS3 and if so can you tell us anything about your plans? Are you working with Geohot?

        I’ve interacted with a lot of individuals in the past; Geohot is one of them, though one of the most interesting I encountered so far. Although he tends to work alone, we have been exchanging ideas, I helped him with a couple of things, he helped me with a couple of others and so on. He is someone that’s really skilled and I appreciate exchanging thoughts with people like that.

        2: It has taken quite some time to find a way into the PS3, What do you think of Sonys achievements in security? Anything else you want to say about the PS3?

        The playstation 3 security was more the work of IBM than sony’s the idea of using isolated spus as crypto engines in order to hide keys was brilliant, I do not think sony implemented such an idea properly though, as such their current architecture has a few security design flaws on its own that I noticed.

        I believe it has pretty much been security through obfuscation all along.

        3: What do you think of Sonys removal of Other OS as a preventative measure, Do you feel it is right to blame ‘hackers’ or ‘pirates’ for its removal?

        I believe sony wanted a pretext to remove otheros and found one in Geohot’s hack. I do not believe this is the right approach, it would have paid off to talk with hackers and homebrew developers in the first place and give them compromises, in fact the playstation 3 remained unhacked until sony chose to release ps3 slim systems without the otheros feature in.

        4: Assuming you choose to answer the above, Do you have a counter argument for Sonys statements? and do you think Sony could have fixed this without removing the feature?

        Yes of course they could have, there are several existing ways to close this exploit effectively without removing the otheros feature, they wanted it removed and used it as another pretext to do so, pretty much like the phony one they used for the slim console pretexting that they would have to implement support for it on the new hardware (while it actually would have worked just fine on it, should they had enabled option to do it in the first place). The otheros feature did cause a few security concerns regarding the fact that you could pretty much cold boot the console and use otheros to dump lv2, this could easily be fixed by ensuring that the selected os option is only applied upon proper shutdown though.

        5: How far along is development with the PS3? How much control do we really have? How much work is left for a system that is as ‘open’ as the PSP currently is? If you were to compare the PS3′s current development status to another device such as the PSP which stage would you compare it to?

        We already have a lot, and that’s in a sense the problem because we have too much to work with, too much to reverse… These things take time.
        A huge amount of work is required before we get to a level comparable to the one we have with the psp right now. I would say months at least, if not years of work may still be required.

        6: Are you personally working on the PS3 and if so can you tell us what you are up to? Can you tell us of any personal objectives?

        I am working on the ps3, so are countless of other skilled developers out there, as for my objective, that would be unrestricted homebrews on the device, either on top of lv2 or by the mean of a RTOS.

        7: Member Milkyjoe asks, Why doesn’t Mathieulh release his lvl 1,2 and 3 dumps of the PS3 firmware.

        Because that’s copyrighted data (there is no such thing as lv3 by the way) and I am certainly not putting that in the wild. The people that have a need for these either already have those dumps or the capacities to dump them. There is a certain site (which I wont name) that has been literally whining to various developers (including me) so that we “share” (read leak) the dumps in our possession. They claimed they would do wonders so long as they had the dumps in the first place. When someone finally dumped lv1 and released it in the wild, what did this site ever did with the dump ? Nothing. This is what happens when all the “devs” you have can’t use ida or reverse engineer and that the only thing they could ever do is look at strings with an hex editor.
        On that note I will leave you to think about this.

        8: Member Breakdown has asked multiple questions.

        1. Now that you have dumps of the HV etc.. is there any reverse engineering going on and Is it possible to execute homebrew code on a retail machine if so are there any plans to give the public that ability?

        Yes there are a few people reversing these dumps as we speak, things take time, when there is any development, you shall be kept posted.

        2. If developers are capable of creating custom PUP’s would it be possible to patch future official firmwares to retain the Other OS feature for members that have already updated to 3.21?

        No, because of the coreos revocation checks (among other things) this is for now not a possibility.

        9: Will the Other OS/Playstation 3 hardware still be open to the same attacks when Geohot releases his planned method of upgrade?

        Yes it will.

        10: Do you have a rough ETA for when end-users will have something to play with for example homebrew such as a Quake 1 port?

        No idea. You can already play Quake 1 on otheros using linux I believe.

        [VIA]