Just an Idea of injecting a PS3 exploit
Hey. Since we can use a server mapper, ie for connecting to retail-servers from sp-int-accs etc
How about mapping a gameupdate to a local-network Computer. In this case we could sign a Modified-Game-Update [with an exploit included] with newer keys and a OFW-console would install it, and even run it, if the exploit is in the eboot.
So the last thing would be to use ORIGINAL sys-calls in our modified-eboot to gain access.
11-26-2012 #2Banned User
- Join Date
- Oct 2012
I understand what you're getting at, but if it was possible to sign something that later consoles would accept. Then we wouldn't need to do what your saying , We could just install something locally , Sorry but I'm almost certain this isn't going to happen anytime soon, Good thinking though. Until an exploit is found for 3.56+ firmware consoles we are out of luck.
The main problem is that we cannot sign things with newer keys since we don't have 3.56+ private keys
Weren't the 4.31 keys released a few days ago?
For PUPs we dont, but i thought for pkgs we have. I know we cannot sign PUPs to install on 3.55+ I'm talking about a gameupdate for example: COD-MW3.
We can sign the 1.23 gameupdate pkg with later keys to use in 4.xx CFWs or DEX-OFW, but on CEX-OFW we cannot install this pkg.
But if COD wants to connect to internet, it IS downloading and installing this pkg from their servers. If we map the URL of that pkg to a modified pkg on a local computer, an OFW would download and install that modified pkg.
And If you start that game on OFW it will run the EBOOT.BIN of the installed update... So if the modified EBOOT.BIN only uses sys-calls available in OFW we might execute user code on OFW...
ConsoleDev, i know that you have a lot of experience and knowledge, so if you tell me this way wont lead to something, I trust you, just wanted to make sure, that you know that I talk about gameupdates and not PUPs.
I don't have experience and knowledge at all, I only have a basic idea of how things work
From what I know we need private keys, now we have just public keys and we don't have private. For PUPs we need also HMAC key that is used to verify the FW packages. Basically public keys allow you to decrypt and verify while private keys allow us to sign and encrypt.
Maybe I could be wrong, but either way I'm not the best person to explain these things so don't trust me so much.