Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links

Home PS4 News - Latest PlayStation 4 and PS3 News

PS3 3.70 Appldr Keys Surface, 3.65-4.30 Appldr Keys in Development


Sponsored Links
123w ago - Similar to Shark Week, this appears to be PS3 Key week with the latest additions being the PS3 3.70 Appldr (VSH.elf) Keys surfacing while a list of the PlayStation 3 version 3.65 to 4.30 Appldr Keys in SCETool format is also in development.

Download: PS3 3.70 Appldr Keys (VSH.elf) Decrypted by ItsKamel / PS3 3.70 Appldr Keys (VSH.elf) Decrypted (Mirror) / PS3 3.70 Appldr Keys (Mirror #2) / PS3 3.70 Appldr Keys (Mirror #3) / PS3 4.25 Keys by razorx / PS3 lv0 key + 3.60 + 3.70 key by Mistawes / Battlefield 3 EBOOT Decrypted by lewy20041 / Resident Evil Operation Raccoon City (REORC) Decrypted by windrider (Password: SupLeechers) / multiMAN 3.70 [EBOOT_FIX] by slarty1408

This adds to the recent PS3 LV0 (Bootldr) Keys leak, the PS3 4.25 / 4.30 Decrypted APPLDR Keys, the PS3 LV0 and Encapsulated CEX 4.30 Loaders, the PS3 4.21 LV1 and lv2_dump from 4.21 acquired by zadow28 when the Sycall table was found at offset 0x346390, the PS3 LV0 4.25 / LV2 4.25 / LV0 4.30 dumps decrypted and the PS3 4.25 Keys for MFW Builder.

Today's update begins with dosjuanes posting the PS3 3.70 Appldr Keys on Spanish site Elotrolado (linked above), followed by Chinese hacker Luckystar (via bbs.duowan.com/thread-29248664-1-1.html) developing a PS3 Appldr Keys 3.65 to 4.30 list in SCETool format as outlined below.

From dosjuanes on the PS3 3.70 Appldr Keys, roughly translated:

[Register or Login to view code]

From razorx: Here's the .ps3 keys i've put together (linked above) for you all just extract the zip into your .ps3 folder and your done the zip contains:

  • lv0-ctype-425
  • lv0-iv-425
  • lv0-key-425
  • lv0-priv-425
  • lv0-pub-425

From slarty1408: Hi ppl, Just thought i'd add the 3.70 keys to deank's multiMAN[EBOOT_FIX] tool (linked above) so you can fix your own eboots/games. i will add more keys as i get hold them... I have only only tested it with 1 game by the way so any feed back would be great.

From cory1492: None of the keys are decrypted. The ERK/RIV of all keys (app/npdrm/spp) in the raw decrypted appldr are decrypted before use by appldr at runtime. Look at the working 3.70 posted earlier (or any of the previous keys) pub and search it out.

From Luckystar comes a PS3 3.65-4.30 Appldr Keys WIP, roughly translated: Appldr 4.30

[Register or Login to view code]

The extracted from appldr 4.3 from 000248A0-000260F0. The PUB is right. erk and riv incorrect. The estimated or anergistic, send a sce header to the ok.

From aldostools on Mistawes keys dump (above): 1. make sure you have this added to keys file:

[Register or Login to view code]


2. make sure that the key revision of your SELF is 0x0016 and that it is not a NPDRM self.

I tested the keys with Saints Row The Third, and it decrypted the ELF... shift+Enter.

[Register or Login to view code]

Key Revision [DEBUG] means that your file is a FSELF. You just need to unfself it and sign the ELF with the keys that you want (eg. 0x01)

These 3.70-3.73 keys are just for retail SELF files signed with keys 0x0016. SELF files from PKG use NPDRM keys (unless they are custom made PKG created using make_package_npdrm). Yes... there used to be a tool that resigned your FSELF just pressing Ctrl+Enter on the eboot.

The current "3.70 keys" are only for key revision 0x0016 and self type = APP (retail eboot). If you have an "update/patch" eboot 3.70, it will not be decrypted with these keys, because they are self type = NPDRM and use a different key. Key revision 0x0016 is used by apps signed for 3.70, 3.72, 3.73 and 3.74.

Most of these have been confirmed by users including EussNL and ItsKamel and added to the PS3 wiki here: ps3devwiki.com/wiki/Keys. As always, we will update this article as new PlayStation 3 Keys are discovered and posted publicly.


PS3 3.70 Appldr Keys Surface, 3.65-4.30 Appldr Keys in Development

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!
Sponsored Links
Sponsored Links

Comments 252 Comments - Go to Forum Thread »

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#222 - LiQUiDxSNaKe - 119w ago
LiQUiDxSNaKe's Avatar
if this is true, could it lead to a 3.60 full cfw without flashers?

#221 - niwakun - 119w ago
niwakun's Avatar
Quote Originally Posted by SethPDA View Post
I think this means good news for PS3 Slim 3k users if it is not fake. I really do think there are people who are willing to leak out information just to help people. I have a PS3 Slim 120GB serial CECH-3001A. Originally it came with 3.72 and I accidentally upgraded it to 4.31 which is the current one. I already know that my console cannot be downgraded to 3.55 to use CFW using the current methods.

I hope someone will make some progress with this to help people like me


PS3 3K and 4k series using lv0.2 and this exploit is based on old one which is lv0 (or bootldr as it says)

#220 - PS4 News - 119w ago
PS4 News's Avatar
Following up on the previous PS3 Lv0ldr / Bootldr clarifications by marcan42 and wololo, today PlayStation 3 hacker naehrwert has shared some details based on reverse-engineering the exploit used to dump it.

To quote from his blog: The Exploit

As the exploit that was used to dump lv0ldr/bootldr/howeveryouliketocallit is public now, let's have a closer look at it to understand what's going on. Here is what I have reversed from lv0 (it shares the syscon portion of the code with its SPU counterpart):

[Register or Login to view code]

The syscon library implements some high level functions, e.g. to shutdown the console on panic or to read certain configuration values. Every of this functions internally uses another function to exchange packets with syscon and the exchange function uses the read_cmpl_msg one to get the answer packet. The top-level function will pass a fixed size buffer to the exchange function.

So if we are able to control syscon packets, e.g. by emulating MMIO (and thanks to IBM we are), we can change the packet size between the two packet readings and overwrite the caller stack. And if we first copy a little stub to shared LS and let the return address point to it, we can easily dump the whole 256 kB.

Nothing more left to say now, let's wait and see if this is going to be fixed in future firmware versions (we just have to check lv0 fortunately).

More PlayStation 3 News...

#219 - SethPDA - 119w ago
SethPDA's Avatar
I think this means good news for PS3 Slim 3k users if it is not fake. I really do think there are people who are willing to leak out information just to help people. I have a PS3 Slim 120GB serial CECH-3001A. Originally it came with 3.72 and I accidentally upgraded it to 4.31 which is the current one. I already know that my console cannot be downgraded to 3.55 to use CFW using the current methods.

I hope someone will make some progress with this to help people like me

#218 - zhigge - 120w ago
zhigge's Avatar
can't wait. things are getting interesting.. lets just hope they give up on security being so strict in the new system.. there is room for legal and illegal.

#217 - G Sus - 120w ago
G Sus's Avatar
nah i wouldnt either, hopefully technodon will give it a wirl for us.

i find being in FSM one of the most scarey moments of ps3. only thing that's ever been worse was flashing for cex to dex. and back again .

#216 - Blade86 - 120w ago
Blade86's Avatar
There is even a 4.21 one. But without Hardware-flasher I dont dare to try it...

#215 - UrKoS - 120w ago
UrKoS's Avatar
Wish i had found all this before upgrading to 4.31 grrrr

Sent from my GT-I9100 using Tapatalk 2.

#214 - G Sus - 120w ago
G Sus's Avatar
wouldnt that mean we could use FSM to install cfw and then use the new Lv2diag.self to get out of it, in fw 3.60 and above ?

even if not the cfw, does this give us the possibility of a tool to get out of FSM ? above 3.55

#213 - ConsoleDev - 120w ago
ConsoleDev's Avatar
Maybe someone more experienced than me could help to clarify this thing.. It seems that zadow28 managed to find a lv2diag.self file signed with the 3.60/3.61 keys in the ps3tmgui program that was a part of the official SDK.

If possible can someone tell me more about that?

DO NOT TRY THIS!


[Register or Login to view code]


 

Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News