Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links
Sponsored Links
Home PS4 News - Latest PlayStation 4 and PS3 News

PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert


Sponsored Links
123w ago - Following up on the previous PS3 Lv0ldr / Bootldr clarifications by marcan42 and wololo, today PlayStation 3 hacker naehrwert has shared some details based on reverse-engineering the exploit used to dump it.

To quote from his blog: The Exploit

As the exploit that was used to dump lv0ldr/bootldr/howeveryouliketocallit is public now, let's have a closer look at it to understand what's going on. Here is what I have reversed from lv0 (it shares the syscon portion of the code with its SPU counterpart):

[Register or Login to view code]

The syscon library implements some high level functions, e.g. to shutdown the console on panic or to read certain configuration values. Every of this functions internally uses another function to exchange packets with syscon and the exchange function uses the read_cmpl_msg one to get the answer packet. The top-level function will pass a fixed size buffer to the exchange function.

So if we are able to control syscon packets, e.g. by emulating MMIO (and thanks to IBM we are), we can change the packet size between the two packet readings and overwrite the caller stack. And if we first copy a little stub to shared LS and let the return address point to it, we can easily dump the whole 256 kB.

Nothing more left to say now, let's wait and see if this is going to be fixed in future firmware versions (we just have to check lv0 fortunately).


PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!

Comments 252

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#232 - PS4 News - 94w ago
PS4 News's Avatar
Here are some more PS3 SDAT/EDAT v3 and v4 Keys from kongen12 (via pastebin.com/KuE3zk5u)

[Register or Login to view code]


From aldostools: According to (ps3devwiki.com/wiki/Keys#EDAT) the "keys" above are edat-key-0, edat-key-1, and edat-hash-0, edat-hash-1. sdat-key is different.

EDAT

edat-key-0: BE959CA8308DEFA2E5E180C63712A9AE (SHA1: 84E9FC3574EAA11A9462FFA53D5EA46B4D0003BF)
edat-hash-0: EFFE5BD1652EEBC11918CF7C04D4F011 (SHA1: 8A721A06ABC7BB9BF398C5EF5D6F1FD997BC0A56)
edat-key-1: 4CA9C14B01C95309969BEC68AA0BC081 (SHA1: 6ECDFEC0A11890C1F2A689062D3EFE562317B2FB)
edat-hash-1: 3D92699B705B073854D8FCC6C7672747 (SHA1: F7B2917B1FA260FD51D37716A91036651F6F42F2)

SDAT

sdat-key: 0D655EF8E674A98AB8505CFA7D012933
sdat-sha1:

#231 - kaito kid - 95w ago
kaito kid's Avatar
Hi everyone, I want ps3keys up to 4.41 or 4.40 because I have 4.31 keys.

#230 - GlobalTroll - 102w ago
GlobalTroll's Avatar
Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61)

from LV1LDR.ELF FW3.61

[Register or Login to view code]


Unscrambling script: key_unscrambler.py

[Register or Login to view code]


Scramling script: key_scrambler.py

[Register or Login to view code]


#229 - nintendo1516 - 104w ago
nintendo1516's Avatar
very cool news

#228 - PS4 News - 110w ago
PS4 News's Avatar
Here are some more purported PS3 keys for Firmware 4.31 from MARKUS++: pastebin.com/raw.php?i=zsQzfm7R

[Register or Login to view code]


Also below are unconfirmed PS3 RSA KEYS from haleskinn and via pastebin.com/rwapY2Ng:

[Register or Login to view code]



[Register or Login to view code]


#227 - phuqt - 118w ago
phuqt's Avatar
What are these keys?

#226 - cfwmark - 118w ago
cfwmark's Avatar
HO! HO! HO! MARRY CHRISTMAS!

http://www.2shared.com/document/JchheLNq/ps3key.html

FILE NAME: ps3key.txt

#225 - yllan - 118w ago
yllan's Avatar
goodnight, here are some file which could be used for development a check

3.60 CEX - LV1 Embedded Files (Twitter: UpSilon_Y)

[Register or Login to view code]


Can you look if it please, thank you: https://anonfiles.com/file/9e345a2bec8c657c330e8c1351cc2e3b

source: logic-sunrise.com

#224 - SammyG0080 - 119w ago
SammyG0080's Avatar
here are actual lv1 lv2 dump from 431/430 if any one wants to browse around...

http://rghost.net/42400635

#223 - xr3b0rn - 119w ago
xr3b0rn's Avatar
Here is my official topic about the keys because you have missing keys or because the older version has misstypes. i'm using real legit keys fresh from the ps3 dev wiki 100% working on scetool !!! Thanks all readers

MISSING KEYS !!! CANNOT HAVE THE CFW INSTALLABLE ON 4.XX IF THOSE KEYS ARE MISSING!!!

OK here is list: Lv1-priv-431!!! and all spu_pkg_rvk_verifier keys also missing !!! PLZ IF U FOUND OR HAVE THEM , SEND THEM TO ME AND THE CFW WILL BE MADE IN NO TIME!!!

README

I tried to make a beta and got error at the msg.xml so i tried to fix it ... then back on ps3 this time dosen't scans it ... i've been extracting-n-pacting on and off 4 you guys ... till it works

OKAY GUYS DOWNLOAD THIS AND PUT IT IN THE MFW KEYS FOLDER

http://www.mediafire.com/?8dvbtzfl4ob8ibg

FOR MFW TO READ THE KEYS AND WORK

HERE IS THE FAMOUS AND NEWEST MFW MASTER WITH MY LATEST KEYS !!!

link: http://www.mediafire.com/?bxstfqk1jo1h8q6

BEWARE: CANT HACK LV1 WITHOUT PRIV keys

Here is list !!

UPDATED *OK* LIST FOR KEYS

[Register or Login to view code]


link for download: http://www.mediafire.com/?havr53oc4f648w0
signed pkg-pub-retail: http://www.mediafire.com/?v50zr1z0fl0kyw8

MetLDR -3.55-

[Register or Login to view code]



Update: OKAY GUYS DOWNLOAD THIS AND PUT IT IN THE MFW KEYS FOLDER: http://www.mediafire.com/?8dvbtzfl4ob8ibg

FOR MFW TO READ THE KEYS AND WORK

HERE IS THE FAMOUS AND NEWEST MFW MASTER WITH MY LATEST KEYS [UPDATE3] !!!

Link : http://www.mediafire.com/?m82bq7mz42i872h

BEWARE : CANT HACK PS3 WITHOUT PRIV keys

Here is list !! UPDATED *OK* LIST FOR KEYS

[Register or Login to view code]

link for download: http://www.mediafire.com/?hehbwdxta4e3oti

signed pkg-pub-retail: http://www.mediafire.com/?v50zr1z0fl0kyw8

MetLDR -3.55-

[Register or Login to view code]


 

Sponsored Links

Sponsored Links

Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News