PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

June 8, 2011 // 11:38 am - Here is a brief update from PS3 hacker Waninkoko, sharing his thoughts on how to develop a full-fledged PS3 CFW 3.60 / 3.61 followed by some details from groveritos below.

This news comes following a PlayStation 3 Custom Firmware hybrid update to PS3 CFW VENIX S-PLUS Spoofing 3.65. To quote, roughly translated:

1. Private keys can not be calculated for any firmware> = 3.56, and are NOT in any site, which for some are private (only the Sony has, and if we make a mistake it was thanks to them which they applied the algorithm So encryption of data and a few mathematical operations could calculate the private keys).

2. IF you can create a CFW 3.61, the only obstacle is to get the public keys, which can be drawn SI, with varying degrees of difficulty but you can. Each loader is encrypted with a private key and decrypted with the corresponding public key. But the lowest level loader in a FW is encrypted and decrypted with the root key, which is invariably because the root public key used to decrypt the loader is located in the metldr (obviously, the metldr will have to have the public key to decrypt the loader) and metldr NOT be updated in any way, so that the root key can not be changed from one version to another firmware because it is sad if any.

So if you want to create a CFW of 3.61, changing the LV2 to add new features, we have to go hacking the chain of loaders to get on. Example:

METLDR -> LV0LDR -> LV0 -> LV1LDR -> LV1 -> LV2LDR -> LV2

More or less this is the chain of loaders (do not know if there is some small variation in FW 3.61).

METLDR, as I said, NO you can update.

METLDR LV0LDR decode the root key (LV0LDR loader is the lowest level, if we do not have to METLDR) and executes it.

LV0LDR LV0 decode the LV0-key (this key if you can change between versions of firmware as LV0LDR SI is upgradeable and can therefore LV0 encrypt a private key and update LV0LDR to decode it with the new corresponding public key) and runs.

Decrypts LV0 LV1LDR ....

LV2 LV2LDR decrypts the lv2-key and executes it.

Therefore, if you want a CFW, we need to decipher LV0LDR (with the root key, which geohot public and will never change), change LV0LDR change LV0 decryption key (the change of a key that is capable of decoding a LV0 encrypted with a private key that we DO know ... that private key? anyone, as if we generate a key), encrypt LV0LDR with the root key, and we can modify LV0 to our liking and is now LV0 deciphered with a different public key, which we know the private key. And so we change the whole chain to LV2, modify and recifrarlo with the new key we've chosen.

Well, that's the way broadly told (when I say encrypt / decrypt, I do not mean the contents of the loaders, because it works with AES encryption and symmetric and there is no question of public / private key, but I mean really at the head of such loaders, for signature, which uses RSA keys is where public / private partnerships, with the sole purpose of checking that these loaders have NOT been changed).

In the case of FW 3.61 the track is a bit more complex as there are RSA public key and AES keys that are easy to obtain, but hey, there are methods to obtain, there are people who have them, and therefore it is not impossible .

Now, we must take into account that a CFW can be installed only if the console is in a FW 3.55 or lower, because higher versions will make use of a new updater, which verifies the upgrade package (internal data the PUP, so I understand) by checking with new firms (which had not previously existed and are now mandatory) which we have neither the public nor the private key (the public can take, but privately we can forget and here no no chain so we can prevent this ... the updater is a separate application of FW and no longer has to do with the above explained).

Said this last, some will think that if the upgrade to a CFW 3.56/3.60/3.61 and thou mayest not reinstall any other CFW (that is, you stay forever in that CFW or FW actualizais an official). The answer is yes, but hey, is not inevitable and that, in creating this CFW, we can modify the VSH (or one) to use the old updater (which does not check new firms and therefore we have no obstacle to install new CFW), or modify the APPLDR to allow us to load the new updater but modified to not check signatures (the new updater can be changed, of course, but also need to modify our FW APPLDR currently installed to the recifrar updater with a private key known and APPLDR then be able to decrypt and run).

And that's all.

From groveritos:

[Register or Login to view code]

Waninkoko Explains How to Develop a PS3 CFW 3.60 / 3.61

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew.

#180 - technodon - August 17, 2012 // 4:59 am
technodon's Avatar
ModderExcess, stop posting bs on this forum. i explained to you about public and private keys and you wouldn't even know what they were if it wasn't for me. you have the 4.21 keys? Oh My God.. lol post them in IRC and let euss take a look public keys are only useful for decrypting so we can add them to 3.55 and pirate new gemes yea! as for getting the private keys. it ain't gonna happen since sony fixed the sign fail bug that failover flow team found. why are you doing this???

#179 - ISSAlcatraz - August 17, 2012 // 3:37 am
ISSAlcatraz's Avatar
This seems like a fake. why ? let me explain: every Ps3 dev will tell you the same there are currently no way for a 3.56+ CFW!

#178 - ModderExcess - August 16, 2012 // 8:11 pm
ModderExcess's Avatar
Hello Everyone! ModderExcess here and i'm currently working on a 4.20 CFW. So far I have the public keys and once i get the private keys for authentication then we will have the 4.20 CFW.


To prove i'm a legit hacker, here are the following confirmed working releases i have made. [Don't hate on the Performance Boosters. These were requested by a friend so i released them]

[The only working CFW I have working as of now are 3.55 CFW i made awhile ago.]

Current Confirmed working releases As of now! [ModderExcess]

Custom Firmwares:

3.55-CFW: [Supports Backup Manager]

Performance Boosters:

4.21-PB [FIX]: Coming Soon [Sorry for the run error]

NOTICE: I need to fix the 4.21 Performance Boost as there is an error when in the browser and listening to music. Basically what happened was the dev_flash file i put in there wasn't made correctly so it cause LVL1 not to work and you will get an error that the firmware cannot be run and it restarts the PS3. [Very sorry if your currently using that 4.21-PB]

NOTE: The CFW is Free. I have a policy on all my content.

-No surveys
-No passwords
-No bs


PSN: ModderExcess & madd123
XBL: madd123 [Banned till 12/31/9999] [Don't have system anymore]

REMEMBER: Searching over the internet for jailbreaks that have surveys will always be FAKE. Please never do another survey because your supporting others BS.


#177 - technodon - July 19, 2012 // 8:35 am
technodon's Avatar
i saw this video on youtube, it looks a very convincing fake. if it just 4.11 spoofed then non of the vita stuff would appear in the XMB. .

Another BS one: TLK SilverFoxDevs Blue Armageddon PS3 JailBreak 4.21

Thanks To Following For Helping! C00kieMonstah (Cookie Sponser), Zac (Founder), Shaz (Derper), Dylan Yoder (Leader), TLK (More Derping)


I Said This Before And I WIll Say It Again.(SilverFoxDevs) I'm Not Responsible If You Get Caught While On The Jailbreak.

How To Get Online On Blue Armageddon:

Download Elite Mossy's Patch Blocker. Put In The IP And Proxy In Internet Settings And Sign In To PSN. The SilverFoxDevs Team Is Not Responsible For Any Thing You Do With This Jailbreak. Pirating Is Illegal.

You Can Install A Backup Manager (Will Upload ON My Page) But You Cant Put The Blame On Us If You Get Caught While On This Jailbreak. We Said On The Agreement Page And We Say It Again. DO NOT PIRATE.

Main Features Revised In Blue Armageddon By SilverFoxDevs:

1. LV1 Hypervisor Patched To Allow Mapping Of Any Area (Needed For LV2 Poke)
2. LV2 Kernel Patched To Add Peek&Poke System Calls To LV2.
3. Package Installer Patched To Install Debug Packages.
4. Application Launcher Patched To Run Homebrew
5. Communication To Sony Patched (So That You Don't Get Caught, Use Proxy's To Get On PSN)
6. Add "Install Package Files" icon to The XMB Category (NOT IN BETA)
7. Add "/app_home" icon To The XMB Category. (NOT IN BETA)
8. Replaced "Video" With "Homebrew" Category. (NOT IN BETA)
9. Regions Settings Fake So You Can Access 'TV' Even If It Is Not Supported In Your Country. (NOT IN BETA)

By Installing This You Agree That You'll Post "TLK OWNED YA" On GlitchyJoey's Wall.

One more fake:

#176 - firplay - July 18, 2012 // 12:31 am
firplay's Avatar
if this is not true we never can play pes 2012?

#175 - tiagomanson - July 16, 2012 // 10:36 pm
tiagomanson's Avatar
geohot come back

#174 - pinoytechno - July 13, 2012 // 8:02 am
pinoytechno's Avatar
i wish there a geohot again on ps3 hacking scene!!!

#173 - mitsos123 - July 11, 2012 // 4:51 pm
mitsos123's Avatar
thanks for the updates

#172 - pinoytechno - July 7, 2012 // 8:37 am
pinoytechno's Avatar
i think they stock on cfw 3.55 because geohot have the talent to hack the ps3!

when geohot stop hacking the ps3 the other hacker only stay on geohot 3.55!

#171 - ps3hen - July 2, 2012 // 9:08 am
ps3hen's Avatar
Well it's real... in a sense. It's a "Custom FW" if you call changing the Update type (CEX/SEX/DEX) identifer "Custom"