PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

221w ago - Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

Originally Posted by Mathieulh (via Twitter):

I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

Actually the revocation list exploit doesn't allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

For exemple the following instructions will dump the isolated LS to the SPU mailbox:

loop:
rdch $3, ch29
lqd $3, 0($3)
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
up_one:
br loop
br up_one

Of course you'll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

Finally the problem with isoldr and the revoke list exploit isn't so much that the exploit doesn't work (it actually does) It's that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

There is more than one npdrm key. It's not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.


PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.




#341 - jesterking1 - 173w ago
jesterking1's Avatar
again... can someone please post some cliff notes for us lazy folks?!

#340 - mod632 - 173w ago
mod632's Avatar
OMG was almost half finished with reading (even tho i didin't understand much) then i scroll'd down to see how much is left i was... shocked

#339 - PSPSwampy - 173w ago
PSPSwampy's Avatar
Ouchy, my head!

Very nice post though, might be one to revisit when the pain subsides

#338 - inginear - 173w ago
inginear's Avatar
i wonder if there is a way to "rip" a valid signature from a game, put that into a modified 4.0 so that no matter what is launched from the game category, that same valid signature gets used every time.

#337 - Nabnab - 173w ago
Nabnab's Avatar
Quote Originally Posted by moja View Post
Awesome explanation. I don't know about impossible cfw though. Surely there is another exploit somewhere that can bypass signatures like other consoles.

Also, as neat as ECDSA is to me, I feel like this is something easy for a math expert to come up with. Are there really that many systems that rely on the same model? I guess if it ain't broke...

Actually have a way to bypass this problem but it's too early because it still need some experiment

But Kaka give some good information about ECDSA

#336 - tonybologna - 173w ago
tonybologna's Avatar
Wow! What a math lesson that was reading. I took Calculus in college but man that's not for me!

#335 - moja - 173w ago
moja's Avatar
Awesome explanation. I don't know about impossible cfw though. Surely there is another exploit somewhere that can bypass signatures like other consoles.

Also, as neat as ECDSA is to me, I feel like this is something easy for a math expert to come up with. Are there really that many systems that rely on the same model? I guess if it ain't broke...

#334 - immortal001 - 173w ago
immortal001's Avatar
Thanks for the ECDSA explanation KaKaRoToKS

#333 - henrykazuka - 173w ago
henrykazuka's Avatar
Quote Originally Posted by CS67700 View Post
PS: HeyManHRU, Brazil is still considered as a third world country at the moment : en.wikipedia.org/wiki/Third_World

I don't think you actually read that article, it states that third world countries are those "that remained non-aligned with either capitalism and NATO (which along with its allies represented the First World), or communism and the Soviet Union. Due to the fact that many underdeveloped countries are in the Third World, a common stereotype has arisen to designate underdevelopment in anything as "third world" in a pejorative way"

And if you look at en.wikipedia.org/wiki/Developing_country Brazil is considered a newly industrialized country, so i guess it's above the stereotype of "third world"

#332 - syphonlord - 173w ago
syphonlord's Avatar
we need an enigma machine lol