Sponsored Links

Sponsored Links

Page 1 of 3 123 LastLast
Results 1 to 10 of 23



  1. #1
    Senior Member Mantagtj's Avatar
    Join Date
    Feb 2008
    Posts
    293
    Sponsored Links

    PS3 LV2 Loader, METLDR, Application Keys and SHA1 Hashes!

    Sponsored Links
    Today the PS3 LV2 Loader (lv2ldr), METLDR, Application / IV (initialization vector) keys and SHA1 hashes used to verify the keys have been publicly released by various PlayStation 3 developers. Below they are all listed, as follows:

    [Register or Login to view links] released the SHA1 hashes of the different PS3 keys:

    [Register or Login to view links] <-- sha1 hashes for some keys
    Code:
    a3d8fbcf120177844c848c72afe8bf7e5fa29ab4  iso-ctype-315
    287e056ab77c7a10ec73108e63f12b811ff0f888  iso-iv-315
    161e5c4ca0064bddf445c19d89f703384e504f41  iso-key-315
    9739847f294d869b4c73fc8115be3f60cf660c4c  iso-priv-315
    755d0f717cf0af17f60ef0810a45009245869b5c  lv2-ctype-315
    1160bc28c9547067c7b5d3661b822290a1474d9f  lv2-iv-315
    9aa78cc3d63be7858a875819717f3965527dd046  lv2-key-315
    73340c5b90402552b333331e9b4189c1cae6e9ba  lv2-priv-315
    94fba8ed9675ee9d55dc6dc220b26bb162eb6ccc  spp-ctype-315
    8ba0748dc57f79ce508bda47633c01897175008b  spp-iv-315
    160d0eac80f0750c3afcfdde3070e75fa5fff864  spp-key-315
    87fef0cbf46e06c4fa592d6e4f3f1bf4c9f7fca1  spp-priv-315
    b5ab517f7f92cc8604f9e08ebf09e545a06c454d  pkg-ctype-315
    ff6b278b7993cccd82837abe8f46a228a93931f4  pkg-iv-315
    78624dbfa916a34655678e2eb41ab232156a4acf  pkg-key-315
    70e4aa4864197ad39d9226d4c55ea345aa2de287  pkg-priv-315
    e1fbd73372cbd3708c1cbe8f95aa2eedeee70406  rvk-ctype-315
    3003dcb2385cc8a60fa3566a2cc0e7a76fde680a  rvk-iv-315
    e1468a087ecc12af0393b811f826a1bfe23cc891  rvk-key-315
    bd20f3764db0d29898f3cb72bababbe73b4b3332  rvk-priv-315
    [Register or Login to view links] posted the PS3 LV2, PKGs, RVK, ISO, and Application keys (also crediting RichDevX, Graf_Chokolo, N_D_T, and TitanMKD) that can be used to decrypt via the PS3 SELF Crypto / PS3 SELF File Format and Decryption algorithm:

    PS3 0.80 / 3.15 Lv2ldr keys:

    erk: 94303F69513572AB5AE17C8C2A1839D2C24C28F65389D3BBB1 1894CE23E0798F
    riv: 9769BFD187B90990AE5FEA4E110B9CF5

    Decrypts all the External lv2 versions from pre 1.00 to anything below 3.40.

    PS3 3.40 / 3.41 lv2 keys:

    erk (12AB0): 57 5B 0A 6C 4B 4F 27 60 A0 3F E4 18 9E BA F4 D9 47 27 9F D9 82 B1 40 70 34 90 98 B0 8F F9 2C 10
    riv (12AD0): 41 1C B1 8F 46 0C E5 0C AF 2C 42 6D 8F 0D 93 C8

    PS3 0.80 / 3.15 Application loader keys:

    erk-315 79481839C406A632BDB4AC093D73D99AE1587F24CE7E69192C 1CD0010274A8AB
    riv-315 6F0F25E1C8C4B7AE70DF968B04521DDA

    erk 4F89BE98DDD43CAD343F5BA6B1A133B0A971566F770484AAC2 0B5DD1DC9FA06A
    riv 90C127A9B43BA9D8E89FE6529E25206F

    erk AAC20B5DD1DC9FA06A90C127A9B43BA9D8E89FE6529E25206F 8CA6905F46148D
    riv 7D8D84D2AFCEAE61B41E6750FC22EA43

    erk-080 95F50019E7A68E341FA72EFDF4D60ED376E25CF46BB48DFDD1 F080259DC93F04
    riv-080 4A0955D946DB70D691A640BB7FAECC4C

    erk D91166973979EA8694476B011AC62C7E9F37DA26DE1E5C2EE3 D66E42B8517085
    riv DC01280A6E46BC674B81A7E8801EBE6E

    erk F9EDD0301F770FABBA8863D9897F0FEA6551B09431F6131265 4E28F43533EA6B
    riv A551CCB4A42C37A734A2B4F9657D5540

    PS3 0.80 to 0.92 Revision 0 Application loader keys:

    erk-rev0 95F50019E7A68E341FA72EFDF4D60ED376E25CF46BB48DFDD1 F080259DC93F04
    riv-ev0 4A0955D946DB70D691A640BB7FAECC4C

    PS3 0.95 to 3.31 Revision 1 Application loader keys (from and in updaters):

    erk-rev1 79481839C406A632BDB4AC093D73D99AE1587F24CE7E69192C 1CD0010274A8AB
    riv-rev1 6F0F25E1C8C4B7AE70DF968B04521DDA

    PS3 Unknown keys, seem not to be in use:

    erk-unk1
    4F89BE98DDD43CAD343F5BA6B1A133B0A971566F770484AAC2 0B5DD1DC9FA06A
    riv-unk1 90C127A9B43BA9D8E89FE6529E25206F

    erk-unk2 AAC20B5DD1DC9FA06A90C127A9B43BA9D8E89FE6529E25206F 8CA6905F46148D
    riv-unk2 7D8D84D2AFCEAE61B41E6750FC22EA43

    erk-unk3 D91166973979EA8694476B011AC62C7E9F37DA26DE1E5C2EE3 D66E42B8517085
    riv-unk3 DC01280A6E46BC674B81A7E8801EBE6E

    erk-unk4 F9EDD0301F770FABBA8863D9897F0FEA6551B09431F6131265 4E28F43533EA6B
    riv-unk4 A551CCB4A42C37A734A2B4F9657D5540

    He also tweeted the following: In fact it decrypts most of the application selfs the 3.15 appldr key decrypts updaters too Looks like the isolated secure loaders aren't that secure anymore eh ? Looking for the curve list now. Ok so now if you can calculate K You'll also need to use a pre 3.40 lv2ldr but that's kinda obvious. By your lv2 I obviously mean custom firmware (for instance replace lv2_kernel) with a linux kernel. (of course you still need to flash it) Just one last thing, if you decrypt 2 lv2_kernel, you can calculate m then k, if you get k, and the keys I tweeted, you can have your lv2. btw those keys also happen to decrypt the ps2_emu binaries if anyone cares.

    P.S. The self revision is located at 0x00000009 in the self header, it defines the key set in use.

    [Register or Login to view links] released the PS3 METLDR keys:

    PS3 3.41 METLDR keys:

    GG SONY!!!!!

    I'm in your console borrowing your metldr keys

    3.41 kernel keys as semi proof, more to come

    erk(12AB0): 57 5B 0A 6C 4B 4F 27 60 A0 3F E4 18 9E BA F4 D9 47 27 9F D9 82 B1 40 70 34 90 98 B0 8F F9 2C 10
    riv(12AD0): 41 1C B1 8F 46 0C E5 0C AF 2C 42 6D 8F 0D 93 C8

    Finally, [Register or Login to view links] also shared geoldr, to quote:

    Happy New Year!

    Run this as a 2nd stage from metldr. Listen for mail

    As usual, there are no release dates ever. But pretty cool eh? It's a real loader.

    PS3 LV2 Loader, METLDR, Application Keys and SHA1 Hashes!

    More PlayStation 3 News...
    Attached Files Attached Files

  2. #2
    Registered User boybergamo76's Avatar
    Join Date
    Sep 2007
    Posts
    7
    Sponsored Links
    Sponsored Links
    there are the real keys? O___O

  3. #3
    Registered User brill's Avatar
    Join Date
    Nov 2005
    Posts
    1
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by boybergamo76 View Post
    there are the real keys? O___O
    Nah, they are the hash signatures of the keys in hex form. I suppose to prove to everyone that they have them without actually releasing them.

    They seem to match the signatures of the publicly known ones (lv2 and pkg) Since they aren't salted I suppose it's feasible to run the ivs through a 0-9 A-F 16 byte rainbow table but I'm not so sure about the 64 byte key.

    Either way, anyone knowledgeable enough about this kind of stuff would just find it easier to grab the keys themselves using the techniques described during the conference rather than bruteforcing them from a SHA-1 signature which, funnily enough, would take a lot more effort and computing power.

  4. #4
    Registered User talruum's Avatar
    Join Date
    Nov 2007
    Posts
    37
    Sponsored Links
    Sponsored Links
    Geohot posted this right now
    GG SONY!!!!!

    I'm in your console borrowing your metldr keys

    3.41 kernel keys as semi proof, more to come
    erk(12AB0): 57 5B 0A 6C 4B 4F 27 60 A0 3F E4 18 9E BA F4 D9 47 27 9F D9 82 B1 40 70 34 90 98 B0 8F F9 2C 10
    riv(12AD0): 41 1C B1 8F 46 0C E5 0C AF 2C 42 6D 8F 0D 93 C8
    I'm quite almost sure that debug -> retail must be a metldr change... and we can't do that yet

  5. #5
    Registered User Ossi's Avatar
    Join Date
    Sep 2010
    Posts
    5
    here is the decrypted lv2_kernel.self from the 3.41 : http://www.ps3news.com/forums/attach...chmentid=27093

    I decrypted it with ooPo's PS3 SELF Decryption Code and the the keys by Geohot :
    Code:
    erk = 0x57,0x5B,0x0A,0x6C,0x4B,0x4F,0x27,0x60,0xA0,0x3F,0xE4,0x18,0x9E,0xBA,0xF4,0xD9,0x47,0x27,0x9F,0xD9,0x82,0xB1,0x40,0x70,0x34,0x90,0x98,0xB0,0x8F,0xF9,0x2C,0x10
    
    riv = 0x41,0x1C,0xB1,0x8F,0x46,0x0C,0xE5,0x0C,0xAF,0x2C,0x42,0x6D,0x8F,0x0D,0x93,0xC8
    Output :
    Code:
    ossi@VGN-TX1HP-W:~/Downloads/ooPo-ps3sdk-906379f$ ./decrypt-self lv2_kernel.self out.self 0
    
    metadataInfo:
      unknown00: C8 3B 11 00 03 00 00 00 04 DB F7 BF 44 C8 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
      key:       C1 05 46 79 CE BD A4 EE 41 5E 43 12 0E 70 2C 6F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
      ivec:      8B F9 2A FE B9 36 60 12 85 08 C9 90 CE 45 DD 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    
    metadataHeader:
      unknown00    = 0
      size         = 380
      unknown02    = 1
      sectionCount = 2
      KeyCount     = e
      unknown05    = 30
      unknown06    = 0
      unknown07    = 0
    
    metadataSectionHeaders[00]
      dataOffset    = 10400
      dataSize      = 16147B
      unknown02     = 2
      programIndex  = 0
      unknown04     = 2
      sha1Index     = 0
      keyIndex      = 6
      ivecIndex     = 7
      unknown09     = 2
    
    metadataSectionHeaders[01]
      dataOffset    = 1718C8
      dataSize      = 2C0
      unknown02     = 1
      programIndex  = 3
      unknown04     = 2
      sha1Index     = 8
      keyIndex      = FFFFFFFF
      ivecIndex     = FFFFFFFF
      unknown09     = 1
    
    metadataKeys[00]: 01 B9 D0 0B BC BD 9D A5 FC 63 BB ED 65 7F 0E 83 
    metadataKeys[01]: B6 7D 5B AC 00 00 00 00 00 00 00 00 00 00 00 00 
    metadataKeys[02]: F6 8E 3B A4 40 42 1F 6F 0B 92 B3 8E 24 5B 0C 77 
    metadataKeys[03]: F4 53 05 00 EB A9 18 9F 0C 30 5E 10 45 B8 0A 09 
    metadataKeys[04]: C3 34 0A 92 64 E4 46 E8 29 AC C4 32 B5 2E 4F 76 
    metadataKeys[05]: E3 E1 00 A3 17 D6 DF 01 95 2B 42 53 EF 2F 36 CA 
    metadataKeys[06]: CC 28 68 92 05 72 E0 55 A9 07 67 0C 6E 41 29 45 
    metadataKeys[07]: 41 B9 B8 F4 D3 EC FE 65 73 A5 32 11 87 A4 50 59 
    metadataKeys[08]: BD 9E 08 3A 4A 2D CD 21 4F A5 5A 0C 72 29 1A 4B 
    metadataKeys[09]: A2 7A E8 EE 00 00 00 00 00 00 00 00 00 00 00 00 
    metadataKeys[0A]: F6 8E 3B A4 40 42 1F 6F 0B 92 B3 8E 24 5B 0C 77 
    metadataKeys[0B]: F4 53 05 00 EB A9 18 9F 0C 30 5E 10 45 B8 0A 09 
    metadataKeys[0C]: C3 34 0A 92 64 E4 46 E8 29 AC C4 32 B5 2E 4F 76 
    metadataKeys[0D]: E3 E1 00 A3 17 D6 DF 01 95 2B 42 53 EF 2F 36 CA 
    
    SECTIONS: 
    SECTION 01: 10000 ==> 10000 (3028)
    SECTION 02: 13080 ==> 13080 (2B0458)
    SECTION 03: 2C34E0 ==> 2C34E0 (24014)
    SECTION 04: 2E7500 ==> 2E7500 (80)
    SECTION 05: 2E7580 ==> 2E7580 (166C8)
    SECTION 06: 2FDC50 ==> 2FDC50 (5F00)
    SECTION 07: 303B50 ==> 303B50 (42BD0)
    SECTION 08: 346720 ==> 346720 (A2D0)
    SECTION 09: 3509F0 ==> 3509F0 (11C2F0)
    SECTION 0A: 3509F0 ==> 3509F0 (41)
    Attached Files Attached Files

  6. #6
    Registered User Moegames's Avatar
    Join Date
    Oct 2010
    Posts
    10
    wow things are really starting to roll.. it puts a smile on my face for sure. Good work and love how everything is chipping in ..reminds me of the old xbox original days in ways.

  7. #7
    Registered User sensi's Avatar
    Join Date
    Jun 2010
    Posts
    24
    Is it possible to change the firmware version this way? for PSN access?

  8. #8
    Senior Member Pcsx2006's Avatar
    Join Date
    Feb 2009
    Posts
    326
    Now that is the best gift of new year for developers not for the common users, thanks to failoverflow team.

    And yeah thanks to GeoHot too after all its all possible bcz of him.

  9. #9
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,488
    Moved to the main page now, and +Rep to Mantagtj as well.

  10. #10
    Registered User tjay17's Avatar
    Join Date
    Apr 2010
    Posts
    421
    This is great I wonder how long before I can get pack to the psn now.

 

Sponsored Links

Page 1 of 3 123 LastLast
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News