PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

218w ago - Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

Originally Posted by Mathieulh (via Twitter):

I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

Actually the revocation list exploit doesn't allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

For exemple the following instructions will dump the isolated LS to the SPU mailbox:

loop:
rdch $3, ch29
lqd $3, 0($3)
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
up_one:
br loop
br up_one

Of course you'll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

Finally the problem with isoldr and the revoke list exploit isn't so much that the exploit doesn't work (it actually does) It's that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

There is more than one npdrm key. It's not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.


PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.


  • Sponsored Links




#381 - PS4 News - 132w ago
PS4 News's Avatar
As this thread is old and closed, I have posted the KaKaRoToKS exploit update in the ongoing LV0 thread here for those interested: http://www.ps4news.com/ps3-hacks-jailbreak/ps3-lv0-keys-leaked-4-21-4-25-and-4-30-cfw-updates-incoming/

#380 - LKJHGFDSA - 160w ago
LKJHGFDSA's Avatar
He didn't. He just wants attention. He's lied many times before, please don't believe what he says.

Even if there were a new 3.56 exploit, it'd be completely useless. (Though progress is always nice)

#379 - lfcaid - 160w ago
lfcaid's Avatar
you guys know this guy is bull right hes such a twat.

1) he never release anything he finds.
2) he was asked by KaKaRoToKS to help him with the 4.00+ jb and he purposely pointed him and his team in the wrong direction and made them study something useless for months and months and then he made KaKaRoToKS jb process really slow and he knew he was doing it on purpose also wen he spoke about it to KaKaRoToKS he then emailed sony and told them what to fix

#378 - Badger1975 - 160w ago
Badger1975's Avatar
You know I believe that when we buy a system, it's ours to do what we want to do with it and as long as we don't use any part of it or it's software to make money for ourselves, then I don't see any reason for a company to sue us for doing something with it.

I am talking about the PS3 for 1. We buy the system and we use it until it seems lame and boring to us and we want to mod it or it's software to add something we like like Hombrew or such and yet we seem to get in trouble because the company feels we messed with something that wasn't supposed to be touch but yet I feel that we bought the machine and technically we should have our way with it as long as we are not selling any part of it that we modded ourselves or anyone modded for a profit for ourselves.

I think if we want to mod the PS3 to use other stuff we made or someone else made then I think we should be able to as long as we don't make money from it and it doesn't allow any piracy to be done.

Sony shouldn't be after us for this and they should be after the ones that are stealing they're firmware and selling them modded.

Don't everyone agree to this. I do.

#377 - thorrenat - 168w ago
thorrenat's Avatar
How to help? As a betatester maybe?

#376 - capostef - 170w ago
capostef's Avatar
Nabnab have you found the source from CrashSerious?

#375 - CS67700 - 170w ago
CS67700's Avatar
Nah, Gehot proved that he was reliable in the Apple scene, can't doubt about that. The kid has talent, but he has a huge ego too (who wouldn't ? you're an hypocrite if you say you wouldn't do the same with his talent).

The lamers of this scene are mathieulh and his little friends. He keeps stealing work from others and pretending he did it (we never saw him release something once, never, just pretend it's his work when something got leaked).

Stabbing Geohot in the back after everything he brought to the scene, i find it pretty pathetic. At least he brought results and wasn't playing drama "i will release ... i won't release... oh i may release ... finally i wont, LOL"

This kid also had balls to go in court with Sony, say anything you want but i doubt you have even half of his courage and couldn't do the same (i dare you to say the contrary).

He fought for the scene against a huge company that could have whipped him with a finger. 90% of peoples blame him, but in his situation they would run under their mom's skirt like cowards.

At least he released something, half of devs in this scene are either drama queens with small tool or big mouthed kids who think computer engineering can be mastered for breakfast.

#374 - hawkY - 170w ago
hawkY's Avatar
hahahaha good one even though i don't get it , sorry i'm stupid when it comes to developing...

#373 - Nabnab - 170w ago
Nabnab's Avatar
Actually is not to skip, it's to get

I'm gonna say a bad example

A key = Key -> the PS3 is a door -> you, you are the transport, the person who gonna put the key into your door.

If somebody come behind you, he can take your key and run away, back later to open your door.

I know it's a bad example sorry for that but it's to represent that simply

#372 - hawkY - 170w ago
hawkY's Avatar
Didn't you say that we can skip the ECDSA entirely ?