Hey there.

So... you use an ad blocker. That's cool. Sometimes we do too.

But without ad revenue, we wouldn't even be here. And we might not be here much longer.

Please disable your ad blocker and click to continue.

Page 1 of 39 1211 ... Last
  1. #1
    Join Date
    Apr 2005

    PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

    Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

    To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

    Originally Posted by Mathieulh (via Twitter):

    I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

    So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

    Actually the revocation list exploit doesnít allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

    This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

    You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

    Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

    For exemple the following instructions will dump the isolated LS to the SPU mailbox:

    rdch $3, ch29
    lqd $3, 0($3)
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    br loop
    br up_one

    Of course youíll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

    Finally the problem with isoldr and the revoke list exploit isnít so much that the exploit doesnít work (it actually does) Itís that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

    There is more than one npdrm key. Itís not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

    Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.

    More PlayStation 3 News...

  2. #2
    barrybarryk Guest
    I wonder why he decided to tweet about it if he never intends on releasing it.

  3. #3
    macneil187 Guest
    Somebody is scared of sony

  4. #4
    Join Date
    Apr 2005
    Probably for e-fame, although he's digging his own grave in doing so sadly as now if one ever gets released down the road Sony can track it back to his proclamation.

    I still don't follow why post-Geo/Graf busts people aren't posting on such things anonymously though.

  5. #5
    thereturn Guest

    In other words

    No exploit found. Sick of efamers.

    If you don't release it, then you don't have it, and should be treated as a liar. If all efamers were treated as liars and shunned by the community, then this would stop.

  6. #6
    barrybarryk Guest
    Exactly, and there's no real need for a 3.56 exploit though, hell we've still only scratched the surface of what's possible with 3.55. No point fracturing the dev community just quite yet.

  7. #7
    austindriver13 Guest
    Quote Originally Posted by barrybarryk View Post
    I wonder why he decided to tweet about it if he never intends on releasing it.
    1) He doesn't want Sony to bone him
    2) If hackers know that there is indeed an exploit then it gives them something to work towards, rather than wasting time looking, and ultimately guessing.

    Now that they know for sure that there is an exploit it will draw a lot of attention to the issue- someone else will figure it out.

  8. #8
    jarvis Guest
    Although I know he's done some good work, if you don't release it, it doesn't really exist. Obviously threats from Sony are working just like they wanted. If he really wanted to stick it to Sony, he should have kept his mouth shut, and released it anonymously never claiming credit for it.

  9. #9
    Denida Guest
    Ja, probably on attention, he always seemed to be very into that, but who knows...

  10. #10
    Zhar Guest
    He would never release it, mad Sony or not, my guess is if and when someone else discovers it and say they will release it he will release it just before them so he gets all the fame, again. Standard e-peen BS.

    also, imb4 he starts tweeting about how ungrateful people are.

Page 1 of 39 1211 ... Last

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Log in