PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

June 8, 2011 // 1:38 pm - Here is a brief update from PS3 hacker Waninkoko, sharing his thoughts on how to develop a full-fledged PS3 CFW 3.60 / 3.61 followed by some details from groveritos below.

This news comes following a PlayStation 3 Custom Firmware hybrid update to PS3 CFW VENIX S-PLUS Spoofing 3.65. To quote, roughly translated:

1. Private keys can not be calculated for any firmware> = 3.56, and are NOT in any site, which for some are private (only the Sony has, and if we make a mistake it was thanks to them which they applied the algorithm So encryption of data and a few mathematical operations could calculate the private keys).

2. IF you can create a CFW 3.61, the only obstacle is to get the public keys, which can be drawn SI, with varying degrees of difficulty but you can. Each loader is encrypted with a private key and decrypted with the corresponding public key. But the lowest level loader in a FW is encrypted and decrypted with the root key, which is invariably because the root public key used to decrypt the loader is located in the metldr (obviously, the metldr will have to have the public key to decrypt the loader) and metldr NOT be updated in any way, so that the root key can not be changed from one version to another firmware because it is sad if any.

So if you want to create a CFW of 3.61, changing the LV2 to add new features, we have to go hacking the chain of loaders to get on. Example:

METLDR -> LV0LDR -> LV0 -> LV1LDR -> LV1 -> LV2LDR -> LV2

More or less this is the chain of loaders (do not know if there is some small variation in FW 3.61).

METLDR, as I said, NO you can update.

METLDR LV0LDR decode the root key (LV0LDR loader is the lowest level, if we do not have to METLDR) and executes it.

LV0LDR LV0 decode the LV0-key (this key if you can change between versions of firmware as LV0LDR SI is upgradeable and can therefore LV0 encrypt a private key and update LV0LDR to decode it with the new corresponding public key) and runs.

Decrypts LV0 LV1LDR ....

LV2 LV2LDR decrypts the lv2-key and executes it.

Therefore, if you want a CFW, we need to decipher LV0LDR (with the root key, which geohot public and will never change), change LV0LDR change LV0 decryption key (the change of a key that is capable of decoding a LV0 encrypted with a private key that we DO know ... that private key? anyone, as if we generate a key), encrypt LV0LDR with the root key, and we can modify LV0 to our liking and is now LV0 deciphered with a different public key, which we know the private key. And so we change the whole chain to LV2, modify and recifrarlo with the new key we've chosen.

Well, that's the way broadly told (when I say encrypt / decrypt, I do not mean the contents of the loaders, because it works with AES encryption and symmetric and there is no question of public / private key, but I mean really at the head of such loaders, for signature, which uses RSA keys is where public / private partnerships, with the sole purpose of checking that these loaders have NOT been changed).

In the case of FW 3.61 the track is a bit more complex as there are RSA public key and AES keys that are easy to obtain, but hey, there are methods to obtain, there are people who have them, and therefore it is not impossible .

Now, we must take into account that a CFW can be installed only if the console is in a FW 3.55 or lower, because higher versions will make use of a new updater, which verifies the upgrade package (internal data the PUP, so I understand) by checking with new firms (which had not previously existed and are now mandatory) which we have neither the public nor the private key (the public can take, but privately we can forget and here no no chain so we can prevent this ... the updater is a separate application of FW and no longer has to do with the above explained).

Said this last, some will think that if the upgrade to a CFW 3.56/3.60/3.61 and thou mayest not reinstall any other CFW (that is, you stay forever in that CFW or FW actualizais an official). The answer is yes, but hey, is not inevitable and that, in creating this CFW, we can modify the VSH (or one) to use the old updater (which does not check new firms and therefore we have no obstacle to install new CFW), or modify the APPLDR to allow us to load the new updater but modified to not check signatures (the new updater can be changed, of course, but also need to modify our FW APPLDR currently installed to the recifrar updater with a private key known and APPLDR then be able to decrypt and run).

And that's all.

From groveritos:

[Register or Login to view code]

Waninkoko Explains How to Develop a PS3 CFW 3.60 / 3.61

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.

#140 - Bartholomy - November 28, 2011 // 7:19 am
Bartholomy's Avatar
Uhm. Well, till now MW3 TB fix is not public yet. And ye, could be a fake. If Sony will not dig 'em quickly, maybe we can talk again about it

#139 - HeyManHRU - November 28, 2011 // 7:10 am
HeyManHRU's Avatar
We'll have to wait and see, most videos can easily be faked, it's not hard to put in the TB dongle while the camera is not focused on the PS3. The best proof we can get is a working CFW release.

Also there might have been a TB fix for MW3, Eboot.bin patches are posted here after PARADOX get their hands on it and release it to the public.

#138 - Bartholomy - November 28, 2011 // 7:10 am
Bartholomy's Avatar
No, TB doesn't have an MW3 fix yet. Let's see

#137 - young blade - November 28, 2011 // 7:06 am
young blade's Avatar
So MW3 didnt have a TB-less fix yet..?? Is this really proof..??

#136 - Bartholomy - November 28, 2011 // 6:34 am
Bartholomy's Avatar
Interesting video. I was wondering when Sony was going to sue a new dev going to release a new CFW for free backups. Are they spanish, maybe? Great work, boss.

#135 - moja - November 28, 2011 // 12:25 am
moja's Avatar
Ok, now incorporate the TB patch into cfw to autopatch on the fly and we can put this behind us.

#134 - PS4 News - November 27, 2011 // 10:39 pm
PS4 News's Avatar
As this is our ongoing thread of (mostly bs) PS3 Custom Firmware videos, below are some that surfaced this weekend from TheKuKus1 via YouTube. Based on a rough translation, it appears this alleged DO-RITE PS3 CFW allows users to use True Blue games without the dongle.

DO-RITE cfw for Flesi and Thekukus

this is the first video of the DO-RITE cfw we are starting with the subject and the INIC on ps3, but tomorrow or you will have a game loaded with a fix


thanks for giving me this opportunity ps3pirata

DO-RITE cfw flesi and ps3 without true blue

video by flesi to see people that do not need cfw true blue


cfw DO-RITOS cargando Call of duty MW3

here is the video loading call of duty modern warfare 3, had a cut, but without battery kedaba me fix it

DO-RITE cfw MW3 game loading without cuts and camera flash

cfw video loading RITES DO-MW3 and the flash of the camera to make it look bnn, I feel the ps3 is crap at least get a little clean

One more below, unrelated to the previous ones:

#133 - Erz - October 13, 2011 // 9:07 pm
Erz's Avatar
That is true, especially after what happen to GH... It's really bring a big impact to other PS3 hackers....

If continue like this, I'm afraid maybe there will be no other CFW for the Public to see (T.T)

#132 - racer0018 - October 13, 2011 // 8:57 pm
racer0018's Avatar
This is a hard subject to talk about because no one knows. Well except for the person/people that made it or are going to make it. And well in to someone releases it or makes it, the public will not know. Can it be done, some way I think so. Will the public ever see it, not sure. Who knows, only time will tell. Just my two cents. Thanks

#131 - Erz - October 13, 2011 // 8:24 pm
Erz's Avatar
Hahaha ^^

Well even it's really use a dongle then I think I will accept it. At least I can play New Release backup games >_