Team AC1D Uncovers How Current PS3 Games Work on Lower CFW

[DeVil3o3]

This is exactly what I mean! Please just wait for a few days or weeks for AcidCFW release or someone else to use this info to hack newer games without any dongles! Really should have some kind of a stable release before telling whole scene these things as people will always try to do these things, Like me!

Upsilon said he used CFWload1.0, there are 2 dumps because one dev_flash dump is from 4.00 and one is from 3.73. There is no actual release so don't do anything to mad to your ps3 yet!! This is just info cfwprophet is providing for some people to play with if they are willing to take the risk... most should just wait for an ac1dCFW release.

I think the problem with this hack will be getting for example vsh.self patches for the 4.00 vsh.self , also nas_plugin and other important files to allow things like unsigned pkgs to install and debug/unsigned eboots/selfs to run , need the offsets and a way of decrypting/reencrypting 4.00 files, not sure if available tools allow this yet? We dont want to add files from 4.00 and bring all the new 4.00 security along with the files.

I think what everyone would like to see is cfwprophet give us a POC cookie that is something like one file from newer firmware we can try that will work (add something cool) and show us what you mean, can we get any features from newer firmware now with your idea?

[Admin]

I have merged all of these threads for now... if you want me to promote this post to the main page let me know also cfwprophet and +Rep!

[elser1]

great work ac1d team..

i own a lot of the new games and can upload and sprx files you need from the originals if that helps anyone.

[DeVil3o3]

First of all, none of the code the dongle uses comes from the creators. All files used come directly from higher PS3 firmwares.

How can you be 100% sure of this about all sony original files?

and what does "arsch karte" , all translator gets is "asscard" lol!

[barrybarryk]

I'm pretty sure even if you had the 4.0 SDK you still wouldn't be able to decrypt the retail eboots. I thought the eboots need decrypting with separate keys to the encryption keys, even with the encryption keys and the 4.0 SDK you'd need the matching decryption keys from the PS3 firmware to decrypt them. And they do need decrypting before resigning because the new keys don't exist in the older firmwares.

I thought it was already confirmed the eboots had been decrypted from their original 3.60+ keys and re-encrypted using a custom algo before distribution which the dongle/CFW/Backup manager decrypts.

[DeVil3o3]

I thought I seen something like that on another site too but I suppose with all the DRM and modified eboots flying around no-one really knows 100% whats happening!

[spunkybunny]

The best way to get back at dongles is to decrypt their eboots and remove the DRM patches from them. Wouldn't that be hilarious. They release a patch then we release a patch to remove their drm so it works with any CFW.

We already know they have been edited to work on 3.55 so just remove the need for the dongle and its all good.

I have merged all of these threads for now...

I realised you merged them when I tried to post before. I wrote the comment then when I clicked post it said the thread was gone and it didn't post.

Doesn't matter, after it got merged it was no longer was valid anyway.

I'm pretty sure even if you had the 4.0 SDK you still wouldn't be able to decrypt the retail eboots. I thought the eboots need decrypting with separate keys to the encryption keys, even with the encryption keys and the 4.0 SDK you'd need the matching decryption keys from the PS3 firmware to decrypt them. And they do need decrypting before resigning because the new keys don't exist in the older firmwares.

I thought it was already confirmed the eboots had been decrypted from their original 3.60+ keys and re-encrypted using a custom algo before distribution which the dongle/CFW/Backup manager decrypts.

You need the same key to encrypt and decrypt it. Thats like a door with 1 lock but 2 different keys, only 1 key will work and the other will fail.

What the dongle creators do remove the firmware keys, and insert their own key. NOT the way the scene should go. I'm with everyone else here and tell EVERYONE to NOT get those dongles. Piracy should ALWAYS be free and WITHOUT DRM so when you insert your own DRM your as bad as the companies your pirating from in the first place.

Everyone should STOP and let them die off. There is no need for them. Remove their DRM and you have a perfectly working eboot that will work in 3.55CFW.

[RiseOfCthulu]

yo dude i have the 3.60 sdk and i can't decrypt anything with it.

[barrybarryk]

No, retail eboots use assymetric encryption. The encryption key is different to the decryption key. The decryption key inside the PS3 FW can only decrypt (We normally call it the public key) the encryption key that's used when it is signed is different (We call it the private key).

The Public and Private keys are linked mathematically, it's this link that Sony had messed up in lower firmwares which let us generate the private keys from the public ones but that hole has been fixed now so there is no way to generate the linking private key (to sign for 3.6+ FW) from the public key (from inside 3.6+ FW).

decryption can't be done without the key from the firmware.

[elser1]

why can't some of the experts get the key from the firmware? i don't know much about it obviously, but others seem to. i'm sure if all the ps3 news experts worked together they could give it a good shake at least..