PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

231w ago - A few weeks back graf_chokolo announced that he decrypted PS3 Firmware 3.50 and work on a free public PS3 Downgrader was underway, followed by a PSGroove Payload update to decrypt PKGs from PlayStation 3 PUP Files with today's update including the OtherOS.self and Lv2diag.self from a PS3 Service JIG decrypted!

Download: Decrypted Lv2diag.self from PS3 Service JIG (Teaser)

To quote via xorloser's blog, linked above, on the PS3 appldr interface reversal progress:

graf_chokolo says: Guys, i know you are waiting for the USB Dongle Master Key from me I have got now 2 fat PS3 with HV 3.15 but unfortunately no SX28 development board yet to exploit it

But i was not idle and the last and this week i was working on reversing of self decryption. And now i'm able to decrypt SELFs and SPRXs on my exploited GameOS by using HV calls only and no GameOS functions at all I reversed the interface to appldr which decrypts SELFs on GameOS 3.41.

So you won't get bored until i get the USB Dongle Master Key, i will make my findings and my source code public very soon and you will be able to decrypt your favourite games and programs by yourself :-) Let the fun begin, guys

Here is a "small" teaser of decrypted Lv2diag.self from service JIG

http://pastie.org/1333833

You cannot decrypt isolated SPUs with appldr, i think, because they are decrypted by isoldr.

I'm able to decrypt hdd_copy.self from 3.42 but not from 3.50

otheros.self decrypted

Graf Chokolo Decrypts OtherOS.self, PS3 Service JIG Lv2diag.self

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.


  • Sponsored Links




#51 - PS4 News - 230w ago
PS4 News's Avatar
Resume discussion here guys: http://www.ps4news.com/forums/ps3-hacks/graf-chokolo-releases-ps3-self-decrypter-psgroove-payload-115646.html

#50 - WheedWhack3R - 230w ago
WheedWhack3R's Avatar
What can I say, I am extremely proud and impressed with your work. I am proud because I Know how hard this console nut was to crack, and I appreciate all the work and personal time that you spent to do this.

You have enlightened and inspired some home-brewers already and more will follow soon. You will be known in the forums as one of the first successful pioneers in the field of decrypting and creating working 7th gen console home-brew apps!!

This is incredible! I dream of using my third party ps2 discs again. I wonder how long from this date in time it will take before a custom GUI editor or component editors will be available.

Time will tell. I wish you the Best of Luck.

#49 - cfwprophet - 230w ago
cfwprophet's Avatar
Thaa they never would lock out here self. Remember back on psp and pandora. They also dont have killed the service mode. Just found a way to block US out of service mode. And the same will happen for ps3 with time.

We need to find out as much as possible about the system. So that even future updates and patches cant kick us out such easelie. Like on psp.Even on the new GO there are exploit's and the aknowledge based on the primäre hack of old psp have lead to all this.

#48 - dinzy - 230w ago
dinzy's Avatar
Quote Originally Posted by mushy409 View Post
How would they patch this exactly? From what I understand the Jailbreak dongle emulates the JIG device used to boot the system into Factory mode.

I dont believe they would go down the route of changing JIG hardware, I think they would change the response challenge in the firmware itself, then update their JIG dongles.

Sony wouldn't lock themselves out of their own consoles (obviously)... unless this is a similar incident to when they removed OtherOS support.

LOADS of people whined, Sony metaphorically slapped everyone with the excuse "We did it to protect everyone's best interests..." more like "We did it to cash in on future hardware & to ditch the freeloaders from our system (Linux Users!)..."

Who exactly is the 'Everyone'? A small group of autistic aliens that sony keep locked up for game testing & feed them on crack & sushi?


Why wouldn't they "lock themselves out" of the consoles if it is the only way to kill this hack? Right now they are ahead, but if the system is fully hacked with CFW and easy downgrade from any FW then they might just kill the jig entirely. M$ spent billions on their warranty extension as a result of poor designing and they were able to still do well.

Sony can spend more on their repair for in warranty and out of warranty repairs by developing a more cost intensive and invasive approach. The jig is just a diagnostic tool, not something that is vital to their business like having a system that is not hackable for basically free and by anyone with very basic skills.

#47 - dondolo - 230w ago
dondolo's Avatar
is there a way to actually decrypt 3.50 eboot.bin then recompiling them for 3.41?

#46 - PS4 News - 231w ago
PS4 News's Avatar
More graf_chokolo updates: http://xorloser.com/?p=297&cpage=9#comment-1849

Here is what my descriptor looks like:

[Register or Login to view code]


vsh.self and sys_init_osd.self decrypted

ps1emu*.self decrypted

ps2 emu cannot be decrypted by appldr because it’s like GameOS, it’s decrypted by lv2ldr, ps2 emu is not an application that can be run on GameOS.

Pretty all SPRX file can be decrypted now
I will just polish a bit my source code and then upload it, guys

Reversing lv2ldr interface and decrypting lv2_kernel.self is next on my list, guys

psp_emulator.self decrypted

bdp_BDMV.self

http://pastie.org/1339258

vsh.self

http://pastie.org/1339271

psp_emulator.self decrypted !!!

http://pastie.org/1339276

ps1_emu.self decrypted !!!

http://pastie.org/1339284

I will release my code today

ESID 0xA is used for dynamic memory allocation and memory mapping, so it’s ok. Every page is 0×1000. You should have several 0xA segments.

ProtectionPage has a member variable log2_size at offset 0×18 (size 1 byte). 0xC means 2^12 = 4kb

And i was wrong about VA in my first post about ProtectionPage ProtectionPage doesn’t contain VA, it’s EA and not VA. EA is converted by page table to VA.

Sorry EA is converted not by page table but by SLB I need a vacation from reversing

bdp_BDMV.self: http://www.ps4news.com/forums/attachment.php?attachmentid=26042

vsh.self: http://www.ps4news.com/forums/attachment.php?attachmentid=26060

psp_emulator.self: http://www.ps4news.com/forums/attachment.php?attachmentid=26061

ps1_emu.self: http://www.ps4news.com/forums/attachment.php?attachmentid=26062

#45 - ESWAMP - 231w ago
ESWAMP's Avatar
Quote Originally Posted by mushy409 View Post
How would they patch this exactly? From what I understand the Jailbreak dongle emulates the JIG device used to boot the system into Factory mode.

I dont believe they would go down the route of changing JIG hardware, I think they would change the response challenge in the firmware itself, then update their JIG dongles.

Sony wouldn't lock themselves out of their own consoles (obviously)... unless this is a similar incident to when they removed OtherOS support.

LOADS of people whined, Sony metaphorically slapped everyone with the excuse "We did it to protect everyone's best interests..." more like "We did it to cash in on future hardware & to ditch the freeloaders from our system (Linux Users!)..."

Who exactly is the 'Everyone'? A small group of autistic aliens that sony keep locked up for game testing & feed them on crack & sushi?

As i recall sony did so non Licensed hardware such as usb and controller do not work on the 3.50.

#44 - PS4 News - 231w ago
PS4 News's Avatar
Some more comments from graf_chokolo: http://xorloser.com/?p=297&cpage=8#comments

I can see now every syscall used by Lv2diag.self Now we can look for exploits in SELFs

Lv2diag.self uses services provided by HV processes a lot, especially Update Manager

#43 - polly316 - 231w ago
polly316's Avatar
it doesn't matter if this leads to a 350 hack 3.51 will be faster with 3.52 faster still, this is way its always flied.

#42 - Darkzero51521 - 231w ago
Darkzero51521's Avatar
Well if they updated their firmware, then updated their hardware, all they'd have to do is use their old jig devices to update to the newest firmware? If anyone sent them a broken ps3, they'd update it before fixing. That locks out hackers from updating passed a certain point, and at the same time leaves them able to fix people's ps3s who have old firmware. It'd also fix ps3s with new firmware.