Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links
Sponsored Links
Home PS4 News - Latest PlayStation 4 and PS3 News

JaicraB Releases KeyFindPuP v0.1, Details PS3 LV2 Dump Progress


Sponsored Links
255w ago - Update: An English update of JaicraB's KeyFindPuP application is now available HERE courtesy of kakashigr.

Just over a month ago JaicraB attempted to dump the PS3 Hypervisor LV2 (GameOS) and revealed how it was done, and today he has released a KeyFindPuP application alongside details on their PS3 LV2 dump progress.

Download: KeyFindPuP for Dumps PS3 v0.1b

To quote, roughly translated: Good! For business reasons I have not had occasion to pursue my hobby. Although we have less time to devote some time still.

We stayed with the method of Dump LV2, but will not be entirely useful without appropriate software, which is why I open the door in case anyone wants to help do not hesitate.

Contact hadesteam@hotmail.com. HadesTeam? A small nonprofit group, we just like to learn. This group consists mainly of the following persons: JaicraB, DemonHades, Calimba, DanteHades and Druid. That said, do not hesitate to help.

Mainly we want to Lv2? As you know the PUP has a number of checks with Hmac_Sha1. If we make a clean dump of the process of installation of the Key PUP Hmac_sha1 achieve in this struggle to unpack a PUP to carry out changes and re-create the Hash.

How?

We need a otheros.bld as simple as cash. A BLD with built the exploit and a stand to dump the memory. If someone offers volunteer program, contact. Once we have the dump is necessary to search for the Key. I have designed a program which facilitates the task: jaic_Hmac_sha1_file.zip Provide us find the Key.

Extra Information

The installation of the PUP has three phases:
1. Checking the hash described in PUPHeader.bin
2. UPDATE to unpack the hard disk cache area Fat32.
3. Verification and update of hardware modules.

Process

Having a second hard drive formatted with the PS3 and have the BLD (see above). Enter the first drive and enter the recovery with the PUP in a USB.

The first process to run the PUP from the recovery checks described in the file hashes PUPHeader.bin. If everything is correct UPDATE unpacks the hard disk. At that time makes a reset and return to continue the installation.

At that time you restart and have lost the KEY, as it would be replaced by other data. Solution? Motherboard Keep constantly fed and cause instant shutdown.

"The next day the board will explain how to keep the system fed without being noticed. (Is curious to see the fan on the hard drive and other peripherals and the red light on.) Also explain how to cause instant off with a small bug on the BIOS controlled."

With these two methods can turn off the PS3 at any time hold the RAM and make a Dump.

Objectives

Getting the key to restructuring a Hmac_Sha1 and PUP. The advantage of being able to change modules update. If you want to help hadesteam@hotmail.com.

Today, not having the special BLD we are investigating the BD player with good results. Greetings!

PD: ItSuGa has volunteered to translate this page into English. Still under construction, but you can see it in http://jaicrab-en.blogspot.com/. Thanks ItSuGa.

JaicraB Releases KeyFindPuP v0.1, Details PS3 LV2 Dump Progress

JaicraB Releases KeyFindPuP v0.1, Details PS3 LV2 Dump Progress

JaicraB Releases KeyFindPuP v0.1, Details PS3 LV2 Dump Progress

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!

Comments 89

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#89 - sapperlott - 252w ago
sapperlott's Avatar
Quote Originally Posted by kakashigr View Post
Well, I guess using the memory exploit you can have access to these files and from what I understand they are decoded (or are able to be decoded by using metldr or coldboot attack on lv2).
Reading George's blog entry about the wallpaper hack, it seems that he has patched the HV to allow him to access the flash from OtherOS. That way he has easy access to the files in the flash.

#88 - tjay17 - 252w ago
tjay17's Avatar
Hopefully those twitter messages will help and hopefully something will be found out soon.

#87 - PS4 News - 252w ago
PS4 News's Avatar
Quote Originally Posted by kakashigr View Post
Quotes from twitter:

Here are a few more related Twitter updates:
@marcan42 I agree with you, and I predict that the hybrid fw was premature... flashing nand with mem patched hv, rather than a pup.

@RichDevX But, couldn't we change the pup that detects it?

@Omega191 it's also very simple to detect hybrid fw...

@Omega191 it's not a pup issue, the hard coded version numbers would be different. VSH/PRXs would be much newer than the kernel/hv

@Omega191 it can be checked with a single syscall, which is also available to games

#86 - kakashigr - 252w ago
kakashigr's Avatar
Well, I guess using the memory exploit you can have access to these files and from what I understand they are decoded (or are able to be decoded by using metldr or coldboot attack on lv2).

#85 - tragedy - 252w ago
tragedy's Avatar
Quote Originally Posted by kakashigr View Post
So the whole point of this keyfinder is moot.

Not really. Until someone finds a way of decoding self/sprx files, we can't look at what's inside this sprx to check if the HMAC code is there or not.

#84 - CJPC - 252w ago
CJPC's Avatar
Quote Originally Posted by kakashigr View Post
Does this file also reside inside the update PUPs? And if so, inside which .pkg (from the tar) is it in?

Well - the file does yes, inside one of the dev_flash PKG's (with pretty much, all of the rest of the dev_flash contents)

#83 - kakashigr - 252w ago
kakashigr's Avatar
Quotes from twitter:
@Mathieulh I have a hard time believing they'd use only HMAC to sign PUPs. Unless they're totally retarded. Which could be, for all I know.

@marcan42 It's not actually, but I have no idea why geohot isn't showing up. The hmac key to resign pups is in software_update_plugin.sprx

@marcan you can swap the pup's tarballs to have the 3.21 vsh on top of the 3.15 coreos, then swap the tarball with sysconf_plugin.sprx.

@marcan42 that's how geohot's "cfw" is done, though I have never seen the point in such a hack, it could be stopped by sony in next updates.

@marcan42 they are, the pups are just containers, the files in them are then signed but you can swap one signed file for another

@marcan42 what was much more stupid of them was to put the key in a vsh's prx rather than in the application loader.

@marcan42 of course the tarballs and the updater self inside the pups are all encrypted with the self crypto and have a stronger signature.

So the whole point of this keyfinder is moot.

Does this file also reside inside the update PUPs? And if so, inside which .pkg (from the tar) is it in?

#82 - PS4 News - 254w ago
PS4 News's Avatar
Quote Originally Posted by dondolo View Post
well done, thank you kikishigr

Agreed, and +Rep for the effort in doing it kakashigr! I have updated the Site News with it as well.

#81 - dondolo - 254w ago
dondolo's Avatar
Quote Originally Posted by kakashigr View Post
Here is jaicrab's key finder hexedited in english. I just don't know spanish and I used google translate..

Everything makes sense except this "Mensaje" thing which translates to "Message".. I guess this means something else huh?

i just wrote the word "mensaje" in wikipedia, then i transalted to english.. it means MESSAGE well done, thank you kikishigr

#80 - kakashigr - 254w ago
kakashigr's Avatar
Here is jaicrab's key finder hexedited in english. I just don't know spanish and I used google translate..

Everything makes sense except this "Mensaje" thing which translates to "Message".. I guess this means something else huh?

 

Sponsored Links

Sponsored Links

Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News