Sponsored Links

Sponsored Links

Page 12 of 39 FirstFirst ... 2101112131422 ... LastLast
Results 111 to 120 of 382



  1. #111
    Contributor semitope's Avatar
    Join Date
    Feb 2009
    Posts
    605
    Sponsored Links
    Sponsored Links
    These guys keep assuming that no-one interested in enabling backups is smart enough to hack the system. As if everyone who was against backups was involved in the original hack (majority of the ppl against back-ups couldnt hack it either) and as if backups are somehow less of an evil than playing emulators and homebrew. If you enable homebrew legally someone is bound to hack it to play backups. Its not "the dumb pirates" like you hope it is.

    Almost all of the hackers were silent till the jailbreak dongle, then came to life after fail0verflow. Ya couldn't do it.

    I was wondering about his definition of a cracker too. Painting hacker as a righteous thing and crackers negatively.
    Last edited by semitope; 03-24-2011 at 12:45 PM Reason: Automerged Doublepost

  2. #112
    Senior Member barrybarryk's Avatar
    Join Date
    Oct 2010
    Posts
    1,082
    Sponsored Links
    Sponsored Links
    you're missing the point, it's the dumb pirates that play games and immediately stop buying them as soon as a hack comes along. This harms the games industry in a big way. Most people even while having access to backups still buy good games.

    And I'm not touching the semantics of being a hacker or a cracker or which is right and wrong because it's a ridiculous argument to get into.

  3. #113
    Senior Member Jordandyckes's Avatar
    Join Date
    Oct 2007
    Posts
    99
    Sponsored Links

    Lightbulb [THEORY] Installing homebrew on 3.60

    Sponsored Links
    I was thinking about this today, but don't want to perform it on my console in case I get banned at the moment.

    If you took my PS3 Download Manager 3.71 - [Register or Login to view links] and downloaded a PKG file from the Playstation Store, Located it on your PC, Unsigned it / extracted it and put it back again with the same signature, you could transfer the modified content to the Playstation just like downloading the orginal.

    Because the orginal 3.55 signed content, must surely still work because of the games you've purchased etc... It's just a matter of installing it onto the console.

    Can anyone confirm this theory works? as I don't have the tools to extract / sign pkg files and don't want to risk getting banned as I have a lot of legit trophys and stats in games.

    Or is their a reason this won't work? I like learning new things

    Thank you. (Fingers Crossed )

  4. #114
    Senior Member Tidusnake666's Avatar
    Join Date
    Sep 2008
    Posts
    802
    Sponsored Links
    Sponsored Links
    AFAIK, on 3.60 Sony uses real random numbers, so there's no possibility that we can know the private key (with which we can sign things).

    I seriously doubt we can know even public key (for decrypting) with all that newly-implemented security on 3.60

  5. #115
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,463

    PS3 Hacker Mathieulh on 3.60 Firmware LV0 Dump Exploit & Keys

    Today PS3 hacker [Register or Login to view links] has tweeted some new details on dumping LV0 from PlayStation 3 3.60 Firmware and obtaining the new keys, followed by [Register or Login to view links] claiming he has already reproduced it to confirm it works.

    Below are all the tweets, as follows:

    Mathieulh's Tweets:
    • xShadow125 You can update from your own pup only from 3.55 or lower, unless you have an exploit.
    • xShadow125 Of course that should be fixed in upcoming lv0 revisions anyway (By moving the ldrs to the top of lv0)
    • xShadow125 You run the 3.60 lv0, then you switch the nor, and pull the cell reset line, and you dump the extra KBs where the loaders are.
    • xShadow125 Basically you have a nor with 3.55 (or lower) lv0 and your own small lv1 code that does the dump, and 3.60 lv0 on the other.
    • xShadow125 You wont get all of lv0 but the part with the loaders shouldn’t be overwritten.
    • xShadow125 You can actually get all the 3.60 keys/loaders without knowing lv0 keys by dumping lv0 from ram with dual nor and signed lv1.
    • To those planning on building a 3.56+ pup for whatever reason, the files attributes changed, the group and user ids for the files as well.
    • The new 3.56+ values for tarballs are the following: owner_id, "0000764" group_id, "0000764" owner, "tetsu" group, "tetsu" ustar, "ustar"
    • You can use fix_tar to use those new values. Use with caution.
    • By comparison, those are the pre-3.56 values. owner_id, "0001752" group_id, "0001274" owner, "pup_tool" group, "psnes" ustar, "ustar"
    • Ps3WeOwnYoU You need to either decrypt or dump lv0, then you can get the encrypted loaders and decrypt them with the metldr key. Good luck.

    So, to decrypt this LV0 thing, we need to get to know it better. In the latest blog post by [Register or Login to view links], he has explained briefly what LV0 is in the console’s security.

    Anyway, let’s really discuss something PS3 instead of my PC xD, let’s start with Lv0, the most unknown level of the PS3. Lv0 initializes PS3 base hardware such as PowerPC/PPU portion of Cell/BE, SPU isolation for asecure_loader, and gelic ethernet/WLAN device. Lv0 also proudly proclaims itself as the "Cell OS Bootloader".

    In older firmwares, 0.80-ish to 3.56, Lv0 initialized SPU isolation on one of the SPUs, then it loaded and decrypted asecure_loader. Asecure_loader or metldr then decrypts the isolated loader, in this case, lv1ldr, then lv1ldr decrypts lv1.self. In 3.60 this changed. Lv0 now has all of the loaders integrated into it as one large fat binary.

    All the keys one needs such as Public ECDSA key/AES CBC key and Initialization Vector and ECDSA curve type are in there. Just go ahead and grab them if you can get the ldrs out of the binary.

    So, unless you can decrypt Lv0, no 3.60 "CFW" for you . Is there any need for it anyway?

    Mathieulh also has some facts to clarify about LV0.

    1. lv0 isn’t a loader it’s a ppu binary
    2. Lv0 isn’t encrypted per console and can be updated with the rest of the coreos
    3. Lv0 is decrypted by the bootloader, there is no such thing as a lv0ldr.
    4. The bootloader keys cannot be updated/modified on EXISTING hardware
    5. lv0.2 is NOT a binary, it’s a new metadata for lv0 which is to be decrypted and verified by a new bootloader (which is to be available on future ps3s), it is NOT used by the current bootloader (and thus in current playstation 3 consoles)

    But wait, messing with this thing could lead to the YLOD tragedy, unless you have those expensive NOR flasher you might want to proceed, and that’s according to rms again.

    Lv0 also does some more interesting stuff such as SPU mailbox handling, and eEID integrity checks. Lv0 also used to check for QA flag and proper token, that is now in a spu isolated self in Core OS. Now, if you did tamper with eEID, lv0 will panic out, and your console will then "YLOD", and you’d need a flasher for your PS3 to recover.

    Finally, from [Register or Login to view links] on lv0: Lv0 initializes PS3 base hardware such as PowerPC/PPU portion of Cell/BE, SPU isolation for asecure_loader, and gelic ethernet/WLAN device. Lv0 also proudly proclaims itself as the "Cell OS Bootloader". In older firmwares, 0.80-ish to 3.56, Lv0 initialized SPU isolation on one of the SPUs, then it loaded and decrypted asecure_loader.

    Asecure_loader or metldr then decrypts the isolated loader, in this case, lv1ldr, then lv1ldr decrypts lv1.self. In 3.60 this changed. Lv0 now has all of the loaders integrated into it as one large fat binary. All the keys one needs such as Public ECDSA key/AES CBC key and Initialization Vector and ECDSA curve type are in there. Just go ahead and grab them if you can get the ldrs out of the binary.

    So, unless you can decrypt Lv0, no 3.60 "CFW" for you. Is there any need for it anyway?

    Lv0 also does some more interesting stuff such as SPU mailbox handling, and eEID integrity checks. Lv0 also used to check for QA flag and proper token, that is now in a spu isolated self in Core OS. Now, if you did tamper with eEID, lv0 will panic out, and your console will then "YLOD", and you’d need a flasher for your PS3 to recover.

    PS3 Hacker Mathieulh on 3.60 Firmware LV0 Dump Exploit & Keys

    More PlayStation 3 News...

  6. #116
    Senior Member Bishoff's Avatar
    Join Date
    Jun 2010
    Posts
    244
    game on once again!

  7. #117
    Forum Moderator racer0018's Avatar
    Join Date
    Aug 2007
    Posts
    698
    It will be nice to see how this plays out. Thanks.

  8. #118
    Registered User fabian9907's Avatar
    Join Date
    Jun 2009
    Posts
    50
    oh boy, here we go! Hopefully this can work out nice.

  9. #119
    Senior Member elser1's Avatar
    Join Date
    Oct 2010
    Posts
    2,419
    i thought the ps3 was totally hacked.. sony was owned.. it was an epic fail... i guess not.. oh well.

    wish that was true and every system on planet was totally jbd and sony accepted defeat..

  10. #120
    Member snoekie's Avatar
    Join Date
    Jul 2006
    Posts
    47
    Didn't he shout a month ago that he cracked 3.60? Did he uncrack it? I'm so confused.

 

Sponsored Links

Page 12 of 39 FirstFirst ... 2101112131422 ... LastLast
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News