Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links
Sponsored Links
Home PS4 News - Latest PlayStation 4 and PS3 News

PS3 LV0 (Bootldr Keys) Leak Development Clarification By Wololo


Sponsored Links
127w ago - Following up on the recent explanation by marcan42 (scroll down), today PlayStation 3 and Vita hacker wololo has added some clarification of his own below.

To quote from his blog (linked above): PS3 Blown open, Scene chaos, LV0 keys Leaked and Working!

Leaks, chaos and drama have been something common, and on the heels of the PSVita chaos comes the PS3s turn with both good and bad news. This event is so huge that it will completely change the PS3 hacking scene and leave Sony in the wake.

Sony will be turning in their graves today as the PS3 has been basically blown wide open thanks to other events leading up to that. In the wake of this leaves Sony in huge trouble and mostly exhausted due to the amount of progress the hacking scene has made on their devices especially with the recent Psvita PSP EMU kernel exploit.

It’s been absolute chaos in the PS3 scene for the last few days and fair enough to say has been chaotic over the last few years. Ill break down what happened and what this means for the developers and users, keep reading...

Background Information

The similarity in events is extremely blatant but its started a little over two years ago when the first piracy-enabled firmware and USB dongle combo named the “PS3Jailbreak” was released. The release nuked a weakness in the PS3′s simple USB protocols. This in return created a hole allowing the OS to be patched that furthermore allowed content to run from the HDD. In the aftermath the group fail0verflow allowed people to encrypt files in a mirror system that replicated Sony s methods.

Of course this lead to tons of piracy and eventually Geohot’s public release of the “metldr” root key. Sony got really mad in short and decided to bring the ban hammer down on Geohot who has yet to be heard from recently. Sony found a way to protect their system by fixing everything in the system with the 3.60 firmware update. The jailbreak was patched, the USB exploit patched and left the system somewhat secure, until now in association with the new PS3 4.30 firmware update.

So what happened?

The jerks, which is an understatement, that have been behind the PS3 dongle business will always be hated and trashed constantly and the recent stunt from the people behind the BlueDiscCFW team just put a nail in the coffin. A hacking group called “The Three Musketeers,”, in short, had the Lvl0 keys which were leaked. The Three Musketeers were not going to release the keys because of the known outcome of doing so.

The Chinese hacking team “BlueDiscCFW,” somehow got a hold of the keys and planned to charge money for users who wanted the exploit. Its disgusting they would do that and The Musketeers realized this. With that in mind, The Three Musketeers tried to immediately stop BlueDiscCFW’s profiting from the LV0 exploit, The Three Musketeers released the LV0 custom firmware free to the public. The funny part is the BDCFW was taken down immedietly. The Three Musketeers released a statement on it saying

“You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now.”

It was a two faced leak and is oddly similar to that Sam Jordam incident or Linux hack. They then released a full announcement and statement on the matter:

[Register or Login to view code]

Try this bytes...

[Register or Login to view code]

...and be amazed.

People should know that crooked personalities are widespread in this so called ‘scene’. Some people try to achieve something for fun together and make the wrong decision to trust others and share their results with them, but ofc there got to be the attention seeking fame whre that has to leak stuff to feel a little bit better about him-/herself.

Now the catch is that it works like this in every ‘scene’, just that in others it usually doesn’t come to light. The only sad thing is, that the others who worked on this won’t get the attention they deserve because they probably want to remain anonymous (also they don’t care about E-fame <3).

PS: This is neither about drama nor E-fame nor ‘OMG WE HAZ BEEN FIRST’, we just thought you should know that we’re disappointed in certain people. You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now. [-The Three Musketeers]

What does this mean?

With the release of the LV0 keys mean, eventually, having all the keys available. The LV0 is not patchable, which is to say there is nothing at all Sony can do to fix this. The final bullet in the chamber as hit Sony hard. What actions they will take are not known, but if things continue in the scene I can guarantee they will be pushing the date of the PS4 closer as new hardware is really all they can do. Sony already moved all the loaders.

The only other option would be to put the loaders in bootldr, but that isn’t possible since bootldr is locked to being console specific and is impossible to update. Behind LV0 is just bootldr, which is encrypted with specific console keys. This leak will in time lead to a 4.25 CFW which can be installed on mostly any PS3 even on Slims and the recent new slim models. Keep in mind that fail0verflow released metldr private keys like I said above. Well, surprise, metldr is loaded by lv0ldr, even on 3.60+.

The leak contains a private key, it’s the string after PRIV=. The greatest part is that the key isn’t tied up to a specific firmware. The problem with 3k model Playstation3 consoles is that they have a new LV0 version named lv0.2, which means new keys for the loader. What this means is that consoles which are able to downgrade to 3.55 can install 4.25 CFW even if they’re on 4.25 OFW. The bad news incorporated with this is that 3K and higher consoles’ LV0 keys are static, they are not console specific.

Sony can change LV0 with a new firmware update. But, bootldr is per console and is the way of decryption for LV0. If we have bootldr then the console is wide open and a CFW could be made to work on any console. Bootldr cannot be changed or denied unless there is a hardware change.

Even if we had bootldr then anyone with a downgradable console could have a CFW firmware. Whoever has bootldr and wanted to leak it would bring the greatest massacre and ban-hammer of all time by any company ever, I can garuntee whoever releases it will have no where to run or hide so it would of course need to be anonymous to highest level with no traces to be found. Bootldr is something that’s way more protected and valuable than metldr.

Closing Statement

This is the beginning of a very long and heavily scheduled future of the PS3 hacking scene. The release of the LV0 key means that any system update released by Sony going forward can be decrypted fully with no effort. Sony has no cards in this game. As of today LV0 is now decrypted for ever until the end of time.

There is a lot of reverse engineering to get the decrypted loaders from it since Sony had changed a lot of security algorithms to protect these loaders inside LV0 however, rest assure every PS3 developer is hot on the news of everything going on. No one will be able to find 4.XX LV1, LV2_kernel, AppLDR keys inside the decrypted LV0 so there would need to be an investigation regarding how Sony store these keys right now.

Already hard at work Multiman and Rogero have released new CFW along with other developers working hard. Rogeros new CEX 4.21 CFW FFA was pulled however due to bricking issues, so be alert to that. With this we may in some vary valuable information, in a way, that’ll help get some much needed help in also hacking the Vita but that’s not something to be confirmed. Although in given time more information and understanding on this will come, so stay tuned.

Update: Here is another update from wololo (via wololo.net/2012/10/25/clarifying-the-confusion-on-the-ps3-development/), to quote:

Clarifying the confusion on the PS3 development

If you read my post about the LV0 keys being leaked recently then you know it could be a lot to take in and hard to understand. Hopefully this will help clear up everything.

Marcan, who is a valuable asset of the Wii and PS3 hacking scene has made some posts that will help clear the air on things, it helps clarify and break things down even more than what I had previously said in the original article both in technicality and in simplicity. I’ve bolded the important parts that you should pay attention to in his answers.

More Technical Information

“The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it).

This second-stage bootloader verifies lv0. Sony signed lv0 using the same broken process that they used for everything else, which leaks their private key. This means that the lv0 private key was doomed from the start, ever since we demonstrated the screwup at the Chaos Communication Congress two years ago.

However, because lv0 is also encrypted, including its signature block, we need that decryption key (which is part of bootldr) before we can decrypt the signature and apply the algorithm to derive the private key. We did this for several later-stage loaders by using an exploit to dump them, and Geohot did it for metldr (the “second root” in the PS3′s bizarre boot process) using a different exploit (we replicated this, although our exploit might be different).

At the time, this was enough to break the security of all released firmware to date, since everything that mattered was rooted in metldr (which is bootldr’s brother and is also decrypted by the per-console key). However, Sony took a last ditch effort after that hack and wrapped everything after metldr into lv0, effectively using the only security they had left (bootldr and lv0) to attempt to re-secure their platform.

Bootldr suffers from the same exploit as metldr, so it was also doomed. However, because bootldr is designed to run from a cold boot, it cannot be loaded into a “sandboxed” SPU like metldr can from the comfort of OS-mode code execution (which we had via the USB lv2 exploit), so the exploit is harder to pull off because you don’t have control over the rest of the software.

For the exploit that we knew about, it would’ve required hardware assistance to repeatedly reboot the PS3 and some kind of flash emulator to set up the exploit with varying parameters each boot, and it probably would’ve taken several hours or days of automated attempts to hit the right combination (basically the exploit would work by executing random garbage as code, and hoping that it jumps to somewhere within a segment that we control – the probabilities are high enough that it would work out within a reasonable timeframe). We never bothered to do this after the whole lawsuit episode.

Presumably, 18 months later, some other group has finally figured this out and either used our exploit and the hardware assistance, or some other equivalent trick/exploit, to dump bootldr. Once the lv0 decryption key is known, the signing private key can be computed (thanks to Sony’s epic failure).

The effect of this is essentially the same that the metldr key release had: all existing and future firmwares can be decrypted, except Sony no longer has the lv0 trick up their sleeve. What this means is that there is no way for Sony to wrap future firmware to hide it from anyone, because old PS3s must be able to use all future firmware (assuming Sony doesn’t just decide to brick them all...), and those old PS3s now have no remaining seeds of security that aren’t known.

This means that all future firmwares and all future games are decryptable, and this time around they really can’t do anything about it. By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s.

From the homebrew side, it means that it should be possible to have hombrew/linux and current games at the same time. From the piracy side, it means that all future games can be pirated. Note that this doesn’t mean that these things will be easy (Sony can obfuscate things to annoy people as much as their want), but from the fundamental security standpoint, Sony doesn’t have any security leg to stand on now.

It does not mean that current firmwares are exploitable. Firmware upgrades are still signed, so you need an exploit in your current firmware to downgrade. Also, newer PS3s presumably have fixed this (probably by using newer bootldr/metldrs as trust roots, and proper signing all along).”

They are indeed the bootldr keys (I was able to decrypt an lv0 with them). Consider this confirmation that the story is not fake.

Can this be used to sign binaries to run homebrew on OFW PS3s (ala the PSP key leak)? Are those private keys sufficient to sign homebrew software such that they will run in unmodified firmware?

No. The keys are used for two purposes: chain of trust and chain of secrecy. The compromise of the keys fully compromises the secrecy of the PS3 platform permanently, as you can just follow the links down the chain (off-line, on a PC) and decrypt any past, current, or future firmware version. Current consoles must be able to use any future firmware update, and we now have access to 100% of the common key material of current PS3s, so it follows that any future firmware decryptable by current PS3s is also decryptable by anyone on a PC.

However, the chain of trust can be re-established at any point along the line that can be updated. The chain of trust is safely rooted in hardware that is near impossible to modify (i.e. the CPU’s ROM and eFuse key). The next link down the chain has been compromised (bootldr), and this link cannot be updated as it is specific to each console, so the chain of trust now has a permanent weak second link. However, the third link, lv0, can be updated as it is located in flash memory and signed using public key crypto.

This allows Sony to secure the entire chain from there onwards. Unless you find a vulnerability in these updated links, you will not be able to attack them directly (applications, e.g. homebrew software, are verified much further down the chain). The only guaranteed way to break the chain is to attack the weak link directly, which means using a flash writer to overwrite lv0. Once you do so, the entire chain collapses (well, you still need to do some work to modify every subsequent link to turn off security, but that is easy).

If you have old firmware, you have at least some other weak links that, when compromised, allow you direct access to break the bootldr link (replacing lv0), but if you run up to date firmware you’re out of luck unless you can find a weakness or you use hardware.

Old PS3s are now in the same boat as an old Wii, and in fact we can draw a direct comparison of the boot process. On an old Wii, boot0 (the on-die ROM) securely loads boot1 from flash, which is securely checked against an eFuse hash, and boot1 loads boot2 but insecurely checks its signature. On an old PS3, the Cell boot ROM securely loads bootldr from flash, which is securely decrypted and checked using an eFuse key, and then bootldr loads lv0 but checks its signature against a hardcoded public key whose private counterpart is now known.

In both cases, the system can be persistently compromised if you can write to flash, or if you already have code execution in system context (which lets you write to flash). However, in both cases, you need to use some kind of high-level exploit to break into the firmware initially, particularly if you have up-to-date firmware. It just happens that this is trivial on the Wii because there is no game patch system and Nintendo seems to have stopped caring, while this is significantly harder on the PS3 because the system software has more security layers and there is a game patch system.

Breaking it down into simple and easy to understand words

Since Marcan’s answers can be a bit difficult to digest, I’ve broken them up into the form of questions and answers with the special help of ViRGE on this. This will clear alot of it up for those less technical.

Q: What exactly has been recovered?

A: The keys used by bootldr to decrypt/verify lv0, and by reversing the process the private keys used by Sony to sign lv0. If we consult our handy 3.60+ chain of trust diagram, we can see that bootldr is at the very root of the chain of trust, with lv0 being the first module it loads.

Q: So what can we do with the lv0 signing key?

A: In short, we can use it to decrypt lv0, modify it to patch out any lv0 security checks, and resign it with a legitimate key that bootldr will accept. With the chain of trust broken and lv0 no longer enforcing the security of the modules that it controls, we can then start modifying lv1ldr, lv2ldr, appldr, isoldr, etc to patch out their security checks and add CFW functionality.

Q: Can Sony “fix” this like they did for the 3.55 exploit?

A: No. With 3.55 the keys metldr used to verify its dependent modules were recovered. So Sony simply stopped using the now-insecure metldr and started using bootldr (which was still secure) to load.. Sony doesn’t have any more secure modules like bootldr left so like I said in my original post they have no options and cant fix anything; without getting too technical, we now have the keys to every “common” hardware module that is able to decrypt Sony-signed modules. The only thing left are the modules that use per-console keys, which are useless for booting common firmware (which must be decryptable by every PS3)

Q: So bootldr is fixed in hardware?

A: Correct. Like metldr, bootldr cannot be software updated by Sony. It’s hard-coded in hardware. As a reminder, bootldr/metldr themselves can’t be exploited, but because of the keys we have recovered we can make them load anything we want, nullifying whatever security they provide.

Q: What about future firmwares?

A: Good news! We can decrypt those too. Sony can use various coding tricks to make the process more difficult (this is called obfuscation), but they can’t stop us by using keys. We will always be able to decrypt lv0, and as long as we can figure out how to navigate lv0 we can figure out how to decrypt and modify its dependent modules. For those of you that follow Sony hardware this is much like how the earlier PSPs were hacked. So we can always decrypt the firmware and will be able to create newer CFWs as long as we can get past any obfuscation by Sony.

Q: So the PS3 is utterly and completely broken?

A: To an extant yes, debatable but unlike the 3.55 hack we have mostly everything needed. Sony will never be able to re-secure existing consoles.

Q: What about consoles running firmware newer than 3.55?

A: Because all “old” consoles use the same keys to verify modules like lv0, at a minimum we can decrypt, patch, and resign the firmware. The problem is that we need a way to convince the PS3 to flash our modified firmware.

With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn’t an insurmountable problem – hardware flashers will always work – but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW.

Q: What about newer consoles?

A: So there’s the real problem. Remember how we said bootldr and metldr are fixed in hardware? Sony can create new hardware, and update those modules in the process. By using new hardware in conjunction with new firmware for that hardware, Sony could completely change the keys used to secure the system. Without getting too technical, all of this progress comes from the fact that Sony was sloppy and did a poor job of implementing their security on earlier consoles, which is what lead to the first keys being leaked.

Sony could always issue new hardware with new keys and a fixed security system at which point we’d be completely locked out of that new hardware. It’s entirely possible they’ll do this (if they haven’t done so already), so much like the PSP we’re going to end up with a limited number of consoles that have hardware-based flaws that can be exploited. Of course we then found new ways of exploiting the PSP anyhow, and ultimately were able to exploit every PSP made in one way or another.

If you are on anything higher than 3.55 it doesn’t mean you are out, there are ways to downgrade if your model is one thats able, otherwise you are just not able to do anything right now until more dev work is done. So sit tight and hold on. Again stay tuned, more info and news will be definitely coming.

In summary, all future PS3 games will be crackable and CFW versions of all future firmware can be made. However, 3.56+ (3k Slim and 4k Super Slim) ship with Bootldr2 which we do not have keys for, still require hardware to downgrade and of course many newer PS3s remain protected from downgrading.

From KaKaRoToKS (via playstationlifestyle.net/2012/10/23/daily-reaction-the-ps3-hack-the-ethics-the-impact-guest-starring-kakaroto/) to quote:

"Seb: I’d like to think that I’ve been pretty open minded about hacking in previous interviews I’ve held, but you have to wonder what ‘The Three Musketeers’ were thinking when they shared the keys with other people. You can’t trust anyone on the internet, and it was sadly naive to believe that one of the people they gave it to wouldn’t try to sell it. Now, they’re probably worrying whether Sony is looking for them, preparing to sue them.

I’m all for being able to do what you want with your own technology, you bought it, do what you want with it. But, just like when I buy a pen I shouldn’t pour the ink all over my face, individuals need to be responsible for what they do with the tech. Hack it, crack it, turn it into a toaster, whatever – but if letting people know what you did and how you did it could lead to piracy, then don’t release it, don’t share it.

Youness: There is no denying that there is a part of responsibility in what is being done by the hackers, but to be honest, you can’t really predict what will happen in the future, and you can’t be responsible for what others do. Don’t forget that this release of the lv0 keys doesn’t add such a huge advantage to the hacking community, but the keys were never meant to be released, because it was still somehow opening up potential piracy which is something the true hackers are absolutely against.

The secret of the keys was well guarded, but somehow it got leaked (after many many months), and the reason for the release was to prevent some greedy company (dongle manufacturer) from profiting from the piracy it could have enabled. In the end, it happened, it’s unfortunate, but I wouldn’t sweat (or rejoice) too much over it. The release wasn’t about the fame or the “being first”, it was about countering an immoral act.

Dan: Even though there is much debate about what rights consumers have regarding what they are able to do with the products they purchase, the ability to do something does not always give a free pass to the action. As such with the release of the keys, the ability to break into a device you own is, in my opinion, very much your right, but the knowledge and ramifications of the information become that person’s liability. As it would be for someone who owns a car and decides to modify it, if it became unsafe to be around, the responsibility would fall on its owner.

With all that said, the problems that fell on Sony in the wake of the eventual hacks are something that will be remembered forever. The cost to Sony, and their consumers, is not something that will likely ever be measured. So is there a point where the ability to do something does not outweigh the potential ramifications?

Youness: Well, of course, the ability to do something does not give you a free pass to do it. However doesn’t that go both ways? The ability to remove Linux from the PS3 does not give Sony the right to do it, and in the end, when you look at the facts, that’s what initiated the whole thing. There is always a need for a moral compass. Sometimes it’s about whether or not the benefits outweigh the negatives, but sometimes there are some undeniable rights that cannot be tossed out the window.

As an example, you can’t remove freedom of expression of the press if you think it might cause a civil war… Yes, the benefits (freedom of expression) do not outweigh the negatives (potential death of a population), but it doesn’t mean you can suddenly silence everyone and use that as an excuse. The car example that Dan gave is a good one, and sure, you can mod your car all you want, as long as you don’t take it on the road from the moment it doesn’t pass regulations.

What I am mostly angry about is when I see people playing the “devil’s advocate” thinking about the loss to Sony, loss from piracy, and loss from emulators and homebrew. I do want to see them complaining about all those things, as long as I see them also complain about the loss to the consumer.

Loss of Linux support (which comes with loss of your data), loss of the right to class action sue, loss of hundreds of games legally bought online because “your account was banned”, loss of your game collection when your PS3 goes for repair and suddenly gets replaced by an inferior model that doesn’t have backward compatibility, loss of money after being forced to buy the same game multiple times. Why isn’t anyone complaining about those issues just as hard as they complain about piracy and homebrew. Both, in my eyes should be defended equally, don’t you agree?

Seb: Look, I’m all against Sony having removed Linux, and if we did DR back then we could have had you on and joined in on your complaints. But what’s done is done, it’s bad, but two wrongs do not make a right. Just because Sony was a dick, doesn’t mean we should all be dicks back. Previous PS3 hacks allowed people who had a PS3 that had Linux to revert back to older FW, they had the opportunity. This hack serves little purpose than to open the floodgates to more piracy.

Again, loss of an account or paying double for a game sucks, but it’s very rare. You talk about weighing up the positives and negatives, but that’s an example of where a small amount of people will benefit from having their accounts back, but a huge amount of developers and publishers will suffer, and then, ultimately, gamers who end up getting less games.

I do complain about those issues, and perhaps I should more, but taking matters into your own hand, no matter the collateral, isn’t the right way. In the end, nobody wins.

Youness: Well, some are trying to get back at Sony for what they did, and usually they don’t get very far because when hate or corruption or whatever is your drive, then you simply won’t succeed. But I agree with you, two wrongs don’t make a right. Sometimes though I wonder, when you get 10 wrongs and you still don’t do anything about it, how likely will there be a 11th wrong?

I know you don’t like it when that bad stuff happens and that’s why I like PSLS, you do defend both sides. But I’d like to correct one misconception you seem to have.. no, this new hack won’t open any floodgates. It serves absolutely no purpose for anyone who wasn’t already on a custom firmware, so it won’t add any new users into the ‘piracy world’.

As for your comment about “no matter the collateral”, don’t worry, I can reassure you that that’s not the case! This release is just one of many things that could be released, it happened to be leaked, but there are other hacks, information, exploits that could lead to piracy that simply get buried because of this collateral. Even these lv0 keys, as I said will have a very minimal impact (if any) on the piracy, but they were not released for the simple case of “maybe, just maybe, it could help piracy, even though I can’t think of any way for it to”, so the hackers behind it prefered to stay on the safe side rather than be sorry later.

Don’t always assume that the hackers are always trying to hack everything for their own selfish reasons. Being a true hacker means you have skills, and skill comes with experience, and with experience comes the moral compass that we spoke about. As far as I know, all the piracy enabling hacks were dirty little hacks made by young and irresponsible teenagers who were looking for their 15 minutes of fame. It is unfortunate though that they used the legitimate work of others as a stepping stone.

How long has it been since there was any significant development in the PS3 hacking scene? Almost 2 years now! It’s not because it became impossible, it’s simply because we have access to homebrew and Linux, so there is no need to hack it further (or release new hacks). It’s not a fight about “who will win”, it’s a simple matter of “are we happy about it”.

Another huge reason why the hacking scene has dried up is because of the piracy, not all hacking scenes are like this (think of the iPhone or Android hacking), but the PS3 (and generally Sony followers) scene is one of the worst in terms of self-entitled kids and piracy, and most of the hackers felt that it does not deserve their attention anymore. Tired of the drama and the whining and the piracy, most of us have decided to retire.

Dan: While none of this is to simply place the blame on anyone, or any single group. It is more the discussion about how to stand up for the things you believe, “irregardless” of what other might think. Although, as an online community that connects the world together in a way that generations could not have imagined. We must at some point realize. much like the ancient proverb from Uncle Ben goes: “With great power, comes great responsibility.”

So regardless of what side of this gray line you fall, the simple fact that at the end of the day – the consumer will always be hit the hardest. So when a corporation, or developer wrongs its user base, what lengths we go to defend our rights should always keep in mind the just how far your reach can really go in this modern era."

From JuanNadie comes a guide on How to Dump the PS3 Bootldr / PS3 BOOTLDR.BIN Dump by zecoxao

Wow... such hostility against me just cause I said that one my future projects was trying to adapt the btldr exploit to hardware so we can hack (ie run unsigned code) on all consoles. I think I deserve the opportunity to explain myself before you start doubting me.

That means releasing the btldr exploit (which it patchable) before the others devs can even check if its remotely possible but it is the only way to get redemption so let's start...

DUMPING THE BOOTLDR

As you know the bootldr is one of the two loaders that are signed per console and it was the only part of the system that haven't been hacked.

Once you load it the same way as metldr (via SigNotify) it would start requesting different addresses that we don't control. You can take a look on my user page to the dma sequence that it produces.

As you see it access a lot of different addresses and we don't have control of any of them so the first objective was to control the input/output.

The sandbox

The objective was to redirect the flows of data to our controlled buffers so we know what is written or read. To achieve that a driver was created.

This driver performs two functions:

  • the first is creating lv1 peek/poke using the patched lv114 that comes with OtherOs++ and other CFW.
  • the second is reserve a block of consecutive memory that would be used as an HTAB.

The SPU is told to use our HTAB which in turns redirects to our user buffers. To get the physical address... the user pages are locked on memory and then using an old trick found by geohot their real address is retrieved.

At this point we have control of what the SPU reads BUT if consecutive small accesses are done we have no control if we want to change something in between.

The first exploit

I'm calling this an exploit but actually is a bad implementation of a feature cause it should be disabled on isolation. The feature is called the MFCLSACMP. Basically is a register on the spu that is checked before doing a dma op. If the source/target address on the SPU is inside the mask defined by this register then dma is stopped and an interruption is reported. Until this interrupt is cleared the dma is not started.

Great, so we control what it reads and when it is read... the first objective was achieved total control of the I/O. That is what you can see on my user page on wiki.

However this all so allowed me to find the biggest problem on using the booldr as an oracle... the config ring.

The config ring is a series of bits that syscon sends to the cell before during the power up... On this cell implementation the config ring is accessible from inside the spu as a read once channel. So unless I could find a way to refill the channel the bootldr couldn't be used as oracle. Even worse at this point I didn't know how the config ring was read (although an undocumented channel was on top of the list).

I spent a couple weeks trying to figure the problem. Finally I posted the log on the wiki looking for help. Obviously some approach. We exchanged info. I gave then the tools and they gave me means of validating my hypothesis (those on the log)

We worked a lot of time on this. Remember that I was trying to get an oracle not an exploit so filling the config was a must... several thing were tried but none worked.

After a month or so I started checking other projects while thinking of what to do. Then after several months I decided to try to exploit it instead of using it.... given the log the entry point was clear...

The bootldr exploit

If you see the log you'll see a lot of data exchanging between the spu and the syscon. graf had described it on his bible so it was known... but the log also said that the data was read twice once to read the header and once to read header + data.

On the header was a variable length. So I decided to change the len between both reads.... didn't work until i corrected also the chksum... and then BINGO! unexpected behavior... a possible exploit was found.

The advantage of this exploit is that it gave us a lot of points to test. The info was shared and two of us friendly raced one against the other to find the correct possibility.

I won the race of finding the execution point although I lost the one for dumping. The winner was command 0x20 which is an info message... casually the config error message... so their own protection had given us the bootldr.

That's the story of the exploit... it was then decided that I got the ultimate decision of releasing the exploit and any of us could leak the keys... however they asked me too hold it until SONY has reacted to the dex conversion and I told them that I would not release them until I got the appldr keys by myself.

I suppose they passed the keys to others and them at some point the keys probably arrived to EXETrimAll and N0DRM (I don't think they exploited trublue...). Meanwhile i was in the middle of my holidays and when I come back they were releasing non-stop so I didn't see that it was necessary to leak them.

Unfortunately they also leaked to a scoundrel that sell the key to discblu. That forced some one that have the key to make it public.

You said that I'm angry cause someone leak the key... nope. I was angry with discblu... and with some hacker that reappeared just to say that he already knew how to do it. As you can see the method is completely software and does not use the signature bug (except for installing the cfw... but then all the apps need to credit them). If you persist I'll tell you that this can also be done on a 3.15 with geohot pulse exploit.

The code: http://www.sendspace.com/file/wvknol

I have attached the code of a working version for latest exploitable slim. I know that also works on other version but I don't know which ones. It is only valid for NOR consoles cause it expects a full NOR flash as one of the parameters.
It has two programs. One is a kernel module so it must be load with insmod.
The second its a user program that takes as parameter the speID (i recommend using 0 that is normally enabled), the flash file and a debug file with the buffers. the actual dump is WRITTEN TO DUMP.BIN

If the exploit worked you should see the text "Interrup". If it didn't try modifying line 799 correctPacket(0x40, 0, 0); by incresing the first parameter (0x40). Thats the len that is send on the second read.

The dump is shifted by as a side effect of the bug. For me it was 0x800 bytes... but others got different result. The start function must be at 0x400 once shift is corrected

BTW the code is ugly and there is a lot of data that is not used so if someone has questions please ask me (on this or other ps3 related things)... I'll be available until sunday... then I'll definitely leave. Now I'll explain my idea for the hardware solution.

Improving the exploit

THE FOLLOWING IS ALL THEORETICAL AND IT WILL PROBABLY NOT WORK (I'M NOT A HARDWARE EXPERT AND THAT'S THE MOST DIFFICULT PART)

In this case the objective is not dumping the bootldr but get code execution. Using an small payload a program will be copied to spu. That program will just copy a patched unencrypted lv0 to the memory and tell the PPU that code was loaded successfully.

By achieving that we would have full control of the system. Our patched lv0, will load an original lv1ldr (required to get the ATA keys) which will load an original lv1 but before giving control to level1 our level0 will patch it so we still have control. Same with lv2 and vsh.

As I said basically the bug consist of changing the response len between the first read and the second. That is easily done if you control the buffer where the data is located (exploitable consoles). But we want to do this before anything is loaded

So we need to change the comm between syscon and cell before any software outside the cell is loaded... the only option is a hardware interceptor. This hardware will intercept the communications and change it so the exploit is triggered (This is called a man in the middle attack). The payload will be sent as part of the 0x20 command reply... if the bug is trigger properly we know that our payload will start around 0x3E010.

In addition to this I recommend adding a second flash chip that will contain the patched firmware. That will allow the user to go from patched to official with a switch

As you see the device I propose is not a drm device... it actually triggers an exploit similar to the ODE device that whats announced (BTW that is perfectly done with the info that glevand posted).

The questions is: Is all of this possible?... well from the software part I'm pretty sure but I don't know if the hardware can be build or if the cost will be too much.

In any case if it is possible, there is enough info on this post to make it...

Unfortunately there is also a enough info to patch the bug (if they didn't already). However it would only be patchable on factory...

Finally, from redcfw: As I know, many peoples working hard for the scene, some release it, some not.

FF13 CFW fix - 100% exploited TrueBlue LV2, with VM step tracing bldr1&2
act.dat&rif algo - someone has got it few years ago - from PSP

Here is some step debugging code:

[Register or Login to view code]

4.20 4.30 key algo

[Register or Login to view code]

Code:

[Register or Login to view code]

From Naehrwert via pastie.org/5089738 (attached below).

From zadow28: I have been looking at the pastie too. and translate the pastie into an openssl command

Test command

[Register or Login to view code]

Code:

[Register or Login to view code]

you have to have an all.bin that is the 48 hex bytes of the erk+riv (the scrampled one)

then in the command -K 8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B -iv ACA5B101EC4B9497691632917E555472 is where you put you test erk and iv, if it decrypts right the decall.bin would match the one you put in the all.bin its an little time comsuming to insert all the hex. and dont know but got an hunch that it could be DEADBEEF evilsperm

[Register or Login to view code]

See the last two lines

[Register or Login to view code]

that is some off the metadata that is in every signed file by sony eboots etc. but not in the appldr from 3.55-infact it shouldent be in any decrypted file. so got some thing with the keys.

[Register or Login to view code]

its simply saying the firmware version in this case 4.3 by the way i already tried these keys myself, didnt work you have to reverse it longer back. Thats why i use the openssl to test.

From BuC-ShoTz: long time no talk bro. i've found the same thing, the 1st and the 3rd key seems like it decrypts the erks, the 2nd and 4th keys decrypt the rivs. i'm still trying to confirm its aes, and also the CypherMode, now if that is a sha1 hash in redcfw's post, i'm inclined to think its aesctr, for instance retail pkg's use aesctr. now that i look at more at redcfw's post, is ch73 the resulting hmac?, looks good recfw, thank you.

From zxz0O0: According to recfw's code, hmac is in ch73 (which was [u8 ch73[] = { 0x40, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; //?? i dont get it yet] before he edited his post) and result stored in
u8 ch73shErk[0x10] and ch73shIv[0x10];

Tried with lv2ldr, result is:

[Register or Login to view code]

PS3 LV0 (Bootldr Keys) Leak Development Clarification By Wololo

PS3 LV0 (Bootldr Keys) Leak Development Clarification By Wololo

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!

Comments 252

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#172 - Ps3scener - 126w ago
Ps3scener's Avatar
in regards to the keys and the fw updates coming, it is possible to create a 4.30 jailbreak that does not require 3.55 installation. i have some files to leak which could help a experienced dev team create the jailbreak that we are all waiting for. all i ask is for a reply.

#171 - technodon - 126w ago
technodon's Avatar
key works on 4.31 too, checked the psn passphrase and they are both the same

#170 - Hernaner28 - 126w ago
Hernaner28's Avatar
Well, come on now, chuchi chuchi, we want Worms Revolution fixed I would buy it, it's really cheap, but firstly I don't have PSN access, and secondly I don't own a credit card and PSN cards are expensive.

Wouldn't you love drinking bear and playing it 4-player with friends?? Hmm yeah it sounds weird but it'd be cool .. lol

#169 - niwakun - 126w ago
niwakun's Avatar
Keysets that dont work from the recent PS3 keys release

APP Type Key set
001C, 001D, 001E

NPDRM Type Key set
001C

keys work from 3.61 - 4.21 .............. 4.25 - 4.30 keys are not valid

#168 - ConsoleDev - 126w ago
ConsoleDev's Avatar
Nice to hear these things, but too bad that the private keys are missing

#167 - PS3GAMER20111 - 126w ago
PS3GAMER20111's Avatar
Keys are confirmed true by pr0p0sitionjoe and he said we are going to see many new psn games working on 3.55.

salute to pr0p0sitionjoe.

#166 - G Sus - 126w ago
G Sus's Avatar
yup can't confirm there real, lol

Also from oakhead69:

OK here is the process I used to reverse the V4 Keys, EDATKEY1 and EDATHASH1 from my PS3. 99% of what I will post here is already public domain, I will just pull it together in one place here. I used IDA and a customised version of KDS Best's SPU Emulator

JuanNadie posted here the SH1 hashes of the EDAT keys and hashes and I can confirm that these are correct. The encrypted EDAT hashes and keys can be found in the 4.xx appldr.elf. sorg posted these. So the 3 keys you are missing are the KEY, the IV and the ERK.

The KEY and the IV are in the appldr and are un-encrypted. You can use the IDA or an SPU emulator to figure it out, just work backwards from the below spu code at 28BE4 (I think this offset is for F/W version 4.27 if I remember correctly)

The ERK is generated from the contents returned by channel 73. The appldr reads channel 73, 3 times which is the FW version check channel. So in FW 4.30 it will return 0xkk04kk30 0xkkkkkkkk 0xkkkkkkkk where k is the hash initilisation for generating the ERK. 04 30 is F/W version number.

The appldr strips out the F/W version leaving you with the 0xkkkkkkkkkkkkkkkkkkkk 10 byte hash initialisation (ch73 in the code below).

To get the values from channel 73 and you will have to write an isolated SPU to read these values. It has to be an isolated SPU as channel 64 controls the access to channel 73 and one of the last things the appldr does it to isolate channel 73 by writing 0x60000 to channel 64. This information was posted one forum somewhere, just can't remember where. Just Google it (may edit my post later when I find it).

I wrote my spu isolated module based on the dump_encdec_keys by glevand. Just Google and you will find the associated wikis and gits. ps3devwiki.com/wiki/Making_Isolated_SPU_Modules_and_Loaders is a good starting point. You will have to do a bit of hand calculation for the branch offsets to shoehorn in some code something like this to read ch73 3 times.

[Register or Login to view code]

OK so you should now have the encrypted keys (sorg posted) the KEY, the IV and the hash seed for the ERK. When you find the encrypted keys based on the post from sorg this will lead you as it did me to the following code in the appldr.

[Register or Login to view code]

Independently of me redcfw also found the same SPU code and generated C code from it and posted it. I had already generated the following C# code from the SPU code and below is an example for edathash1, it was good to see him confirm the same code as at the time I had still had not figured out how to read ch73.

[Register or Login to view code]

There you have it how to reverse the EDATKEY1 and EDATHASH1 from your CFW 4.xx PS3. Sorry bit of a brain dump, will tidy the post up later if I get the time and add more links to the information sources. I am sure I should credit more people than I have here. If and when I add the source links I will add credits.

Please do not ask me for any of the keys needed here or for the final EDAT keys as I will not post them for obvious reason. As I have already said 99% of this information is already available in forums and wikis. I have just pulled the information together here. Hope you have as much fun as I did playing with the SPU code.

#165 - windrider42 - 126w ago
windrider42's Avatar
I have heard they are the real deal, and guys already fixed Borderlands 2 for 3.55.

Also from Abkarino: Revokation List key are confirmed by me with 4.31 prog.srvk using scetool:
[code]
C:\Users\MHassan\Desktop\SCETools>scetool -i C:\Users\MHassan\Desktop\SCETools\p
rog.srvk
scetool 0.2.9 (C) 2011-2012 by naehrwert
NP local license handling (C) 2012 by flatz
[*] SCE Header:
Magic 0x53434500 [OK]
Version 0x00000002
Key Revision 0x0000
Header Type [RVK]
Metadata Offset 0x00000000
Header Length 0x0000000000000200
Data Length 0x00000000000000E0[*] Metadata Info:
Key 05 51 4A D4 82 CD 77 0C C0 58 C1 53 3C B0 92 1B
IV B2 4E ED 49 39 2A 0D CB 03 58 15 9A F1 67 DD BD[*] Metadata Header:
Signature Input Length 0x00000000000001C0
unknown_0 0x00000001
Section Count 0x00000002
Key Count 0x0000000E
Optional Header Size 0x00000000
unknown_1 0x00000000
unknown_2 0x00000000[*] Metadata Section Headers:
Idx Offset Size Type Index Hashed SHA1 Encrypted Key IV Compressed
000 00000200 00000020 01 01 [YES] 00 [NO ] -- -- [NO ]
001 00000220 000000C0 02 02 [YES] 06 [YES] 0C 0D [NO ][*] SCE File Keys:
00: 80 B6 91 44 54 B7 D1 C1 8D 1A ED 39 81 7E E5 2F
01: 84 21 9F 5E 00 00 00 00 00 00 00 00 00 00 00 00
02: D0 BC 27 84 22 30 34 C8 21 DA 58 B6 F0 F7 4A E0
03: C9 FC BC 30 9C A2 15 06 D5 BA 02 F6 FF CC 13 2A
04: 63 BB 9C EF F8 D7 26 45 68 77 94 4C 66 9E A2 1B
05: 87 09 C6 27 3C B7 79 2D 62 6E 14 90 66 F5 BD 86
06: 4B B8 B8 38 51 20 BD 76 9F BA 83 66 04 75 EC 47
07: 6C 84 1D D2 00 00 00 00 00 00 00 00 00 00 00 00
08: D0 BC 27 84 22 30 34 C8 21 DA 58 B6 F0 F7 4A E0
09: C9 FC BC 30 9C A2 15 06 D5 BA 02 F6 FF CC 13 2A
0A: 63 BB 9C EF F8 D7 26 45 68 77 94 4C 66 9E A2 1B
0B: 87 09 C6 27 3C B7 79 2D 62 6E 14 90 66 F5 BD 86
0C: 5B D0 37 88 54 91 80 4C C1 F3 1F 70 AA 9D 0A B5
0D: 17 CA FB 25 69 19 85 85 D1 3A E4 37 00 00 00 00[*] Revoke List Header:
type_0 0x00000004
type_1 0x00000001
Version 04.31
Entry Count 0x00000006[*] Program Revoke List Entries:
Type Check Version Auth-ID/unk_3 Mask
lv2 == 04.31 0000000000000002 FFFFFFFFFFFFFFFF
Application == 04.31 vsh FFFFFFFFFFFFFFFF
Application == 04.31 10700005FE000001 FFFFFFFFFFFFFFFF
Application == 04.31 sys_init_osd FFFFFFFFFFFFFFFF
Application == 04.31 sys_audio FFFFFFFFFFFFFFFF
Application

#164 - ConsoleDev - 126w ago
ConsoleDev's Avatar
Following up on the previous PS3 Keys leak and PS3 4.30 Decryption, on this Halloween Day even more PS3 Keys ranging from 3.65 to 4.30 including Appldr and NPDRM (PSN) have now surfaced with details below!

Download: PS3 Keys 3.65 to 4.30 / PS3 Keys 3.65 to 4.30 (Mirror) / SCETool v0.2.9 with PS3 Keys by Brenza / True Ancestor + Haz367's Resigner.bat + PS3 Keys by DEFAULTDNB (run resigner.bat only, hit "0" to decrypt and hit "5" to sign for oldskool 3.55) / multiMAN 3.15-4.20+ [EBOOT_FIX].rar by slarty1408 / PS3 Downgrade 3.60++ (Lv2diag.421.self) from r3pek / VSH.elf (Rogero CFW 4.30) Patched for ReActPSN 2.xx by StealthLord / PS3 Keys for Deank ebootFIX / mMKeys v1.0 Alpha + multiMAN [EBOOT_FIX] testing App-Keys by romhunter / PS3 Keys Up To 4.31 Pack by razorx / PS3 SDAT/EDAT v3 and v4 Keys

From danixleet: VSH.self can be decrypted, as its signed with appldr keys for this firmware version.. With this recent leak of Appldr / NPDRM keys we can now make SEN/Spoofer's for when a new OFW is released.. Here is OFW 4.30 VSH.self & VSH.elf.

From IRC:

[itwong] just came across lv2diag.421.self? is this for downgrading 3.60++ ps3s?
[Rare] no
[itwong] what is this for ?
[itwong] euss, any idea what that lv2diag.421.self does?
[euss|_] itwong, you have the file, you tell me
[itwong] im wondering if it will kick the console out of factory mode
[itwong] cuz for 3.56+, before once it enters factory mode, i will be stuck in that mode
[r3pek] on a side note: http://www.multiupload.nl/3CHY6IQVXU
[r3pek] it's the file itwong was talking about

From tny.cz/72b4c5a7 (and pastebin.com/HciwadTZ / pastebin.com/9FVX1p5p / pastie.org/5144289) comes some PS3 NPDRM (PSN) and Appldr Keys up to 4.30:

[Register or Login to view code]

From anonymous (via pastie.org/5169661): This to finish the previously leaked keys. To the other team, we are on our way to pck0. Want a race?

[Register or Login to view code]

From aldostools on these keys: bad revision... they should be revision=0000 (corrected above now). Indeed they work for 4.20, 4.21, 4.25, 4.30 and 4.31.

From Brenza: Here's LV1 keys for 4.30 and 4.31

[Register or Login to view code]

From slarty1408 on the multiMAN 3.15-4.20+ [EBOOT_FIX]: Hi ppl I've added 2 more sets of keys FW 4.00-4.11 and FW 4.11-4.20+ (4.00-4.30 keys added) it should fix most retail eboots now i think I've only tested it with:

  • Transformers Fall of Cybertron = FW 4.11
  • XCOM Enemy Unknown = FW 4.21

Both went through fine have not got time to test as for kids and work good luck ppl let me know if i missed anything ? Thanks...

PS: Please say thanks to deank for this tool as he done all the hard work... I've just done hex code to file.

From CaptainCPS-X: Advice for those decrypting EBOOT.BIN's, and expecting the game to run without problems. Games don't only use encrypted EBOOT.BIN, there are encrypted .SPRX / .SELF / .SDAT as well, so only patching EBOOT.BIN will not work on all game backups, maybe some games don't make use of secondary encrypted files, but there are many that do.

From aldostools: To decrypt/resign the EBOOT you always should provide the klicensee as parameter (if the SELF use klicensee):

To decrypt:

[Register or Login to view code]



To resign add to the command line parameters:

[Register or Login to view code]



From PatrickBatman: Here just fix your own games: Put scetool (ver 0.2.9), data folder with added new keys, EBOOT.BIN and .bat below in a folder.

[Register or Login to view code]

You can use the batch above just for updates with eboot, when the command window pauses after it makes .elf you then edit the elf sys_proc_param at hex 13 BC C5 F6 from 41 to 34, or this new hex that was mentioned. Save .elf then let command window continue.

"--np-content-id=UP0082-BLUS30927_00-SDPATCH000000002" in the batch needs to be changed to whatever the name of the sony update is without A102-V100-PE.pkg part for example.. you can get rid of all the np stuff, content id, & change self type to APP, for disc eboots.

For NPDRM sprx/self bruteforce or use IDA and and follow calls on NP_exit_spawn to the parameter for Klicensee key on the EBOOT.elf
then in the batch change --np-app-type=USPRX & add --encrypt "self/SPRXname.elf" "self/SPRXname.self" -l "klickey" in place off --encrypt EBOOT.ELF EBOOT.BIN then if .sprx rename .self to .sprx

You can use the "free" klic on EBOOT.BIN w/ sprx/self "-l 72F990788F9CFF745725F08E4C128387" and if you want make SCE Version TRUE in HEX at offset 397 changing 00 to 01 on EBOOT.BIN. This should basically be it, although I am tired so you'll figure out if you cant then just wait.

From zadow28: i actuallly managed to dump the sysrom also. Don't know much about it though, but here it is.

Download: sysrom.bin

Also the hypervisor is found in the dump.. use the PS3_HV_Dump.idc in ida pro it finds it.

[Register or Login to view code]

From zecoxao: Just figured it out: 20090102-111352-LV1-FW4.21.7z

i dumped it from Rebug Toolbox. and yes, it was on 4.21 REX

From zadow28: i have various dumps this is from rex: LV1-FW4.21.BIN another one from
xmb rogero, yeah i patch the lv1: lv1.bin

More important its how we use this. Also i dumped the sysrom, not sure if thats the same, as sycon. If it is then its what we need, on QA.

From zecoxao: i'll provide the link for you to analyze. also this dump contains both kernels, DEX kernel and CEX kernel, on 4.21 REX ros0 and 1. sysrom is probably SYS(CON EEP)ROM. Download: 20090102-121542-FLASH-NOR-FW4.21.7z

From PatrickBatman comes an NPDRM Batch File, to use: Drag and drop eboot on to it (--np-content-id=SET074-NPUB30409_00-BTTF10200000GAME. Change this to the game content id your doing --np-app-type=EXEC change this in NPDRM .bat to UEXEC only if the game is an update)

From sorg: according to LV1loader, ch73 should contain version value. so for v4.21 it looks:

[Register or Login to view code]

for v4.25:

[Register or Login to view code]

etc... But! for appldr v4.21, 4.25, 4.30 erk_hkey/iv iv_hkey/iv are the same. encrypted EDATKEY/HASH are also the same. so, ch73 should not contain FW version, IMHO.

From anonymous (via pastie.org/private/avbxlh6jg7089sh5m4bg) also comes the PS3 4.31 isoldr and lv2ldr keys below as well:

[Register or Login to view code]

From zadow28: Well the lv0.2 is simply the header(metadata) for the lv0 so if you cut the header of the normal lv0 and replace it with the lv0.2.

[Register or Login to view code]

So conclusion. You need to dump the bootloader 2 to get the keys for the lv0 version 2 its the same files just different headers aka keys. they secured the new consoles so good, that they dont work with flashers. don't hang me up on that.
but guess that's the problem. So unless someone finds an way, to read strait from the motherboard.

From zecoxao: cool, ps2_netemu gets decrypted. i suppose now it'll be possible to get the ps2 klicensee and try to achieve ps2 emulation on ps3 by iso loading.

From aldostools: As leaked lv1ldr keys, these lv2ldr and isoldr keys can be used to decrypt the lv2 and iso selfs for 4.20-4.31 (4.20, 4.21, 4.23, 4.25, ... 4.30, 4.31) And as far as I know the revision for [lv2ldr] is revision=0000 (not revision=001F)

Here is an updated KEYS file: aldostools.org/temp/keys My "ps3keys" app can be used to convert the keys from scetool format to .ps3 format for MFW Builder, deank's [EBOOT_FIX], etc.

[Register or Login to view code]

From zecoxao: Unless there's a fail in the ECDSA code, i hardly think it's possible to get any more private keys. There was one, it was fixed. Now everything must be signed 3.55 and below. regarding 3.56 and above, you can see true ECDSA working, and thus the concept of private public key criptografy is shown. you can know the public key but you can't know the private key, because only some people know about it, and i'm talking the ones who make the firmware, so the decision to get private keys is pointless now.

From zadow28: private keys are out off the question thats for sure. But if you really examine the lv0 and lv0.2 it makes sense bootldr2 is just like the normal bootldr. just without the randomfall exploit, so no calculation. the new consoles uses the same lv0 as we know it just with header lv0.2. pretty easy to test cut hex at offset 0x0000000000000500 in the lv0 (old) copy the lv0.2 thats 0x00000000000004F0 long so fits perfect. Run throw scetool

[Register or Login to view code]

of course we cant decrypt it, since we dont have the new bootldr keys. (bootldr2) Now for the lv0.. inside are 4 isolated headers. after a lot of hex editing you would find that they belong to appldr/lv1ldr/lv2ldr/isoldr. thats strictly for the new version. funny thing is, that they didn't made new files at all, just new headers, with the same result.

So on new consoles, example the decrypted lv1ldr would, look 100% the same, as the one we can decrypt. Also the loader headers are different length, than the old version.So that suggestion that they change the algorithm, no crypto expert, but still.

Actually there are two files, hidden inside the ps3tmgui.exe lv2diagnose ones signed with 3.60 keys. of course it would be console suicide to use them, still wonder no one have found that out yet.

Download: BINARY.rar

[Register or Login to view code]

yes i know it was there, but the possibillty that it would brick someones console is very high, and i dont know that much about, the lv2diagnose. this is from sdk 4.0 (prodg) so guess its used when the dex have an softbrick, when debugging. happens a lot when using prodg. you can get into FSM just not out most likely nothing at all is gonna happen.. still you never know.

From aldostools: lv1ldr 4.20-? -> these are the same keys for lv1ldr 4.30-? lv2ldr 4.20-? -> these are the same keys for lv2ldr 4.30-? isoldr 4.20-? -> these are the same keys for isoldr 4.30-?

And the selfs with the the following names are also decrypted with the isoldr keys for 4.20-4.30: spp_verifier 4.20-? spp_verifier 4.30-? spu_pkg_rvk_verifier 4.20-? spu_pkg_rvk_verifier 4.30-? I would appreciate if someone could explain me how to decrypt sv_iso_for_ps2emu.self and me_iso_for_ps2emu.self

Regarding the Appldr table, I believe that the key *not "0x1E"*, it is not even an appldr key. It could be a key for some other purpose.

The keys for 4.20-? were added to the wiki... IMO the version should be 4.20-4.26 (4.26 SEX is the latest 4.2x) or simply 4.20-4.31
The spp_verifier/spu_pkg_rvk_verifier were not added... they decrypt with isoldr keys for versions 4.20-4.31
The "appldr" that I think are not appldr "4.31" keys are the erk=46BD089122... IMO, appldr keys revisions 1C, 1D, 1E are 4.20-4.31

From zadow28: yes they work for all , they follow the hexidimal letters so so after 0x1F its should be 0x20 4.31 = 0x20, you can count back from there.

From Mustapha: Interesting string in the decrypted ps2_netemu.elf caution: image counts exceeded, %d maximum to show/SELECT IMAGE TO BOOT. Up/Down to select, Cross to boot, Triangle to exit... Hmm, Sony has a PS2 disc image front end ready to go?!

From Abkarino: Here it is just for you Zadow from your old friend Abkarino. There is 2 dumps i had uploaded for you or for any body else willing to play with it. This is a dump from metldr.2 console and from updated metldr console (3.6x) that both can not be downgraded. Hope to hear good news from you.

From zxz0O0 (Adrahil) comes PS3 SPP and RVK 4.25 Keys for decrypting the default.spp, prog.srvk and pkg.srvk from 4.xx Firmware below with additional details HERE:

spp_verifier 4.25 (probably 4.20 - 4.31):

[Register or Login to view code]

If you want to use with scetool you have to use manual keyset (scetool is confused because both keysets 3.55 and 4.25 have revision 0)

rvklist 4.25 (probably 4.20 - 4.31):

[Register or Login to view code]

scetool format:

[Register or Login to view code]

As always all of the current PlayStation 3 Keys decrypted can be found archived on the PS3 Wiki (ps3devwiki.com/wiki/Keys) for those seeking them.

Finally, from zecoxao comes one more crypto fail, PS3 selfs without npdrm footer as follows:

This pkg contains a self, that doesn't contain an npdrm footer.

Download: http://ares.dl.playstation.net/cdn/EP4345/NPEB00863_00/boMeZZKzGeQgZaUOIFJyVwxcPllEGyBkGYTIiDULXtjwOJZjZQXvytAflhKaWtJurFlnXtaFPYLiYxyGLvyTUoVeEPAzcKgONTTGV.pkg

[21:20:11] flatz: there is a package which have NPDRM eboot.bin
[21:20:19] flatz: and non-NPDRM self
[21:20:30] flatz: self doesn't have footer signature
[21:20:34] flatz: so you can replace it with custom one
[21:20:46] flatz: and app will load it

And there you have it. the so called argument between math and kakaroto was over this specific thing (the NPDRM footer).

There might be more packages like this one

WORKS ON ALL FIRMWARE VERSIONS! IF YOU WANT A HEN, DO NOT UPDATE IF YOU'RE ON OFW!

We need to know in which version this was patched, credit to flatz for the finding, i'm just reporting back. How to test:

Download: cachemgr.self / cachemgr.self (Mirror)

Replace cachemgr.self with that, and use ps3xport to put game on PS3.

More apps and patches:

[22:28:13] flatz: app:

[Register or Login to view code]

patch:

[Register or Login to view code]



app:

[Register or Login to view code]

patch:

[Register or Login to view code]

From IronMAN: This is ability to run your own self files on OFW but not on latest ofw, because it patched already.

4.46 - working.
4.65 - not working.

From zecoxao: lol, we tested again. IT VOOOOOOOOOOOOOOOOOOOOOOOOOOOORKS. ON FCKING LATEST FIRMWARE The code runs but the app crashes New cachemgr.self, shouldn't hang now...

From mysis: Sony seemed to forgot to implement an api for spawning npdrm child-processes, thats why those apps do use non-npdrm signed selfs.

[19:43:21] [flatz]: doesn't work at all on 4.66 OFW
[19:43:25] [flatz]: we can close thread

More PlayStation 3 News...

#163 - SoraKing11 - 126w ago
SoraKing11's Avatar
wait... so, was the key real?

 

Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News