PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

216w ago - Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

Originally Posted by Mathieulh (via Twitter):

I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

Actually the revocation list exploit doesn't allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

For exemple the following instructions will dump the isolated LS to the SPU mailbox:

loop:
rdch $3, ch29
lqd $3, 0($3)
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
up_one:
br loop
br up_one

Of course you'll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

Finally the problem with isoldr and the revoke list exploit isn't so much that the exploit doesn't work (it actually does) It's that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

There is more than one npdrm key. It's not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.


PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!


  • Sponsored Links




#311 - LKJHGFDSA - 170w ago
LKJHGFDSA's Avatar
Hopefully this discredits Methloser once and for all.

& KaKaRoTo, if you're reading this, well done. Thanks for your efforts. Don't give up - anything is possible.

#310 - jesterking1 - 170w ago
jesterking1's Avatar
Cliffnotes (summary in shorter words).

I went through and read it: Mathieulh is a lying drama queen who is dumber than a box of rocks and trying to derail actual progress.

the number needed to generate the signature to sign packages in 4.00 HEN is near impossible to figure out. Nothing is 100% impossible, but without massive computing power (think enigma) it would take a very very long time to decrypt.

That's pretty much what I got from this.

Quote Originally Posted by MimmoD360 View Post
That's true! someone else will make backup managers running on this cfw.


If they can figure out how to get peek and poke working... goodluck

#309 - br4insick - 170w ago
br4insick's Avatar
At the end of the day, you gotta give it up to $ony for holding it down as long as they have. I love my ps3 way more but i love the xbox scene way more too.

is it because the xbox scene have better devs that work better together or is it because the xbox was easier to hack or both?

#308 - NTA - 170w ago
NTA's Avatar
lol?

#307 - jesterking1 - 170w ago
jesterking1's Avatar
cliffnotes?

#306 - NTA - 170w ago
NTA's Avatar
But full compatibility with roms for DC and N64 emulators are very much something that I look forward too if it becomes possible along with custom button mapping of course although I wouldn't mind having the best of both worlds >_>

Really looking forward to playing new games

#305 - dbraganti - 170w ago
dbraganti's Avatar
I agree with you, never said i was not interested in run backups and i also think the same as you. Everyone who wants a CFW to rub their SNES emulator is nothing more than an liar.

The main point i was trying to expose is that there are plenty of games here and everyone who owns a ps3 can buy some. The choice of buy or not is of each one and that i will never argue against...

#304 - Xyth - 170w ago
Xyth's Avatar
There is a misunderstanding here. We'll able to run applications means we can run backup managers but backup managers won't be able to run backups unless there's a payload/peek&poak solution.

And no you can't make eboots for 3.41 that's a different thing.

#303 - daveribz - 170w ago
daveribz's Avatar
If Kakarato really has a way of installing custom PKGs, backups are possible. You just make PKGs off retail games, which is already possible. All these new games will work since the HEN is for 4.00!

#302 - muny21 - 170w ago
muny21's Avatar
I think everyone needs to stop the bs. The ONLY reason anyone wants any of their game consoles or handhelds hacked IS for the ability to play back ups. I do not care if anyone wants to be 'PC", politically correct, in forums and say they do not use back up managers for anything but their legally owned games. They are liars and hypocrites.

I am sure even kakaroto uses back ups but yet wants to be against them. Just silly. He even talks about cracking the securities in games in his whole rant but then at the end says that he will not enable piracy on his release. Bet the one he keeps for himself allows piracy. Just hate hypocrites. Rant over, back on topic.

This does not prove Math wrong, not that I like the guy or am sticking up for him. Just a bunch of words writing on a forum page. Until there is tangible evidence for all to see then I believe none of these devs. Just wait and watch. But I believe that the ps3 scene is dead and we got all we could out of it.