Today Spanish PlayStation 3 developer S0uL
has shared details on discovering the PS3 Firmware 3.6+ Keys, which comes a few days after Sony PS3 hacker Mathieulh leaked
the 3.6 X-Platform-Passphrase http://twitter.com/#!/Mathieulh/status/112579654803664896 that the PSN passphrase changed in version 3.70.
To quote, roughly translated: Hello demons,
Well, this is a tutorial for discovering the keys of 3.6 + made by S0uL and DemonHades (thanks for the info and review Demon) for all guys who think it is easy to discover the keys.
- A brain;
- Electronic Hardware expensive:
- KNOWLEDGE plate design; <This long as it is to get through sockets>
- KNOWLEDGE SMD and BGA; <for desoldering or soldering smd components bga>
- Oscilloscopes High Frequency; <for to logging of the frecuencias>
- KNOWLEDGE ASM CFP <for to modify part of the lv and implement new funciones>
- KNOWLEDGE in the Architecture of the PS3; <for know what a lv>
Let's go see the whole process:
To have the keys, we need to have the decryption LV0. The desempaquetea LV0 is in RAM, and is decrypted with the key bld. There, the keys are already in the SPU, which is like a safe, impossible to enter (are isolated from the outside).
When the loaders and lv are already loaded in the SPU, the lv1 clean all traces of the lv and loaders decompressed in memory. But who gives the order to clean? The lv1, so it is playable in an exploitable version!
To solve the problem, you need to make a lv1 modified to copy the area of interest, the memory of LV0 and put it somewhere else, to then remove it, thereupon continue its routine cleaning and mapping. Thus, we have the memory LV0 safe. And so the LV0 gets exposed to everything.
From there, we have the appldr, which needs to be decrypted with the LV0, and with that we have "keystore".
Well, it's so simple to discover the keys? I do not think so
More PlayStation 3 News