Sponsored Links

Sponsored Links

Page 1 of 39 12311 ... LastLast
Results 1 to 10 of 382



  1. #1
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,863
    Sponsored Links

    PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

    Sponsored Links
    Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

    To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

    Originally Posted by Mathieulh (via [Register or Login to view links]):

    I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

    So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

    Actually the revocation list exploit doesnít allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

    This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

    You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

    Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

    For exemple the following instructions will dump the isolated LS to the SPU mailbox:

    loop:
    rdch $3, ch29
    lqd $3, 0($3)
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    rotqbyi $3, $3, 4
    wrch ch28, $3
    up_one:
    br loop
    br up_one

    Of course youíll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

    Finally the problem with isoldr and the revoke list exploit isnít so much that the exploit doesnít work (it actually does) Itís that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

    There is more than one npdrm key. Itís not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

    Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.

    PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

    PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit

    More PlayStation 3 News...
    Attached Files Attached Files

  2. #2
    Senior Member barrybarryk's Avatar
    Join Date
    Oct 2010
    Posts
    1,082
    Sponsored Links
    Sponsored Links
    I wonder why he decided to tweet about it if he never intends on releasing it.

  3. #3
    Registered User macneil187's Avatar
    Join Date
    Jan 2011
    Posts
    1
    Sponsored Links
    Sponsored Links
    Somebody is scared of sony

  4. #4
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,863
    Probably for e-fame, although he's digging his own grave in doing so sadly as now if one ever gets released down the road Sony can track it back to his proclamation.

    I still don't follow why post-Geo/Graf busts people aren't posting on such things anonymously though.

  5. #5
    Registered User thereturn's Avatar
    Join Date
    Sep 2010
    Posts
    4

    In other words

    No exploit found. Sick of efamers.

    If you don't release it, then you don't have it, and should be treated as a liar. If all efamers were treated as liars and shunned by the community, then this would stop.

  6. #6
    Senior Member barrybarryk's Avatar
    Join Date
    Oct 2010
    Posts
    1,082
    Exactly, and there's no real need for a 3.56 exploit though, hell we've still only scratched the surface of what's possible with 3.55. No point fracturing the dev community just quite yet.

  7. #7
    Registered User austindriver13's Avatar
    Join Date
    Apr 2008
    Posts
    23
    Quote Originally Posted by barrybarryk View Post
    I wonder why he decided to tweet about it if he never intends on releasing it.
    1) He doesn't want Sony to bone him
    2) If hackers know that there is indeed an exploit then it gives them something to work towards, rather than wasting time looking, and ultimately guessing.

    Now that they know for sure that there is an exploit it will draw a lot of attention to the issue- someone else will figure it out.

  8. #8
    Senior Member jarvis's Avatar
    Join Date
    Apr 2010
    Posts
    95
    Although I know he's done some good work, if you don't release it, it doesn't really exist. Obviously threats from Sony are working just like they wanted. If he really wanted to stick it to Sony, he should have kept his mouth shut, and released it anonymously never claiming credit for it.

  9. #9
    Senior Member Denida's Avatar
    Join Date
    Oct 2010
    Posts
    118
    Ja, probably on attention, he always seemed to be very into that, but who knows...

  10. #10
    Contributor Zhar's Avatar
    Join Date
    Jun 2007
    Posts
    32
    He would never release it, mad Sony or not, my guess is if and when someone else discovers it and say they will release it he will release it just before them so he gets all the fame, again. Standard e-peen BS.

    also, imb4 he starts tweeting about how ungrateful people are.
    Last edited by Zhar; 03-05-2011 at 10:22 PM

 

Sponsored Links
Page 1 of 39 12311 ... LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News