Sponsored Links

Sponsored Links

PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit


Sponsored Links
185w ago - Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

Originally Posted by Mathieulh (via [Register or Login to view links]):

I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

Actually the revocation list exploit doesn't allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

For exemple the following instructions will dump the isolated LS to the SPU mailbox:

loop:
rdch $3, ch29
lqd $3, 0($3)
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
up_one:
br loop
br up_one

Of course you'll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

Finally the problem with isoldr and the revoke list exploit isn't so much that the exploit doesn't work (it actually does) It's that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

There is more than one npdrm key. It's not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.






Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 381 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

Bartholomy's Avatar
#366 - Bartholomy - 138w ago
I agree about the past. But today Sony is what i wrote.

They are on DMCA mode , for everything. They sent a DMCA to Gary Wayne Bowser (aka Garyopa) too, just because his website was hosting some OFW and CFW, go figure what kind of trash is now this company people daily support buying their products. Look the last EULA. THEIR product now is untouchable. For the reasons you wrote, agree. Their image was damaged. They lost and every day are at risk of losing contracts, and games could disappear. Looking the last big fails of this company, with PSPGO and now PSVITA, if they lose their face a spit more, Sony can fail.

You know what? They will not shrink. Devs will, a lawyer and it's done. Do you remember that guy who was going to release a new PSN method for go online? Guess what happened to him.. Noone saw his release, we just saw his life gone. I admire your work. Just be sure nothing will happen to both of you. Losing both of you, this scene will not be struck. Will just disappear. And what will remain will be just a commercial dongle..

cfwprophet's Avatar
#365 - cfwprophet - 138w ago
I have to clarify a missunderstood of me. Nabnab didn't take to kaka he just have read his post that shows on twitter and that kakarotoks have a debug console which was a retail one befrore.

Not that some one spread this on the web and produce a new drama with it. We dono need more drama's. We all in scene need to calm done a bit and try to make this scene good again

Nabnab's Avatar
#364 - Nabnab - 138w ago
Actually Sony never complaining about any hack/piracy if you check it correctly, it's just a different think happen on the PS3, it's because with some monster ego dev and weird PS3 users, the people claim, it was easy to hack the PS3 (when is not, all come from internal Sony stuff) so badly, download games and insult the Sony company.

On a way, i can understand Sony, because they didn't really attack any users or dev on the PSone/PS2/PSP, when i see some people claim Geohot do so good stuff, i was claiming he does completely the inverse of what i real dev will do... when you a dev/hacker like that, you never claim something from that way and all what Geohot did, it was a completely a mistake.

He didn't find anything => the stuff was from the past and it was a surprise for him that the PS3 have a PPC and that you need to code in C (he had a PS3 and don't know it), just to clarify something, ok it's intelligent but he never find any exploit on Apple product or any Sony product, it was not him, it was other dev that find exploit and use work from other to be in the top of everything, he release stuff that not supposed to be release => need to ask the owner before it.

Just do a small research of PS3 scene, Geohot etc... he make the piracy/hack a f.... commercial and every he claim he can push out Sony before they do this action.

Have a misunderstood about the Sony Action, i don't defend Sony for other stuff they made but it's clearly a misunderstood, Why Sony do this ? it's because of all the pub/insult they have received from the PS3 Scene, touching too much the company, etc... also they didn't give warning to the PS3 users but to the guy who claimed so much stuff that he did not.

Remember that Sony = Company, they need to make money but have also human person who work, they can be fired just for that... take the place of the worker who work in here, if you want to hack, do piracy, it's your problem, you can do it but i never seen in my life a person who claimed like Geohot or some people that they did something like that to make only piss off Sony.

I check the past and i see no action from Sony, just try to make the product better
I check the past and i see no action from Microsoft (only ban, so ?) also if you check how much Windows was pirated, Microsoft don't really care, this make good pub for the company
I check the past and i see no action from Nintendo (only try to stop the card) but they have reason, did you see the peace of crap R4, etc ?...

I mean come on, don't be paranoia, they didn't have really action from any company to a person, the only think about it was for people who make money with stuff that is free and also some mistake

I don't support the company that close the product like that but it's also a challenge for the dev/hacker that make sense but apparently we lost all that and it's more about make money with free stuff and be famour to be on every web tv channel etc...

Who talked about it when you have actually a PS3 completely open with a CFW (do you imagine that we can do everything we want) and also who talk about ECDSA ? Kakarotoks said the way he find to make a HEN was not possible because of that but he didn't say all
and also said he don't want to waste the time... but anyway why you talk about him in here ?

and why waste that much time on that than work on something else, if you try to stop some of the work, you waste your time.
i already showed that we can do something on 4.0 and i don't need any keys for that, have already the tool, source and everything.

CS67700's Avatar
#363 - CS67700 - 138w ago
Kakaro said it would take an eternity to brute force it, even with a huge team (he said something like 4000 peoples everyday ?).
Forget it, you can't brute ECDS ....

Hopefully it will be hacked one day, but not soon ..

hawkY's Avatar
#362 - hawkY - 138w ago
BS man... wtf are you talking about anyway ??

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News