Sponsored Links

Sponsored Links

PS3 Hacker Mathieulh Finds PlayStation 3 Firmware 3.56 Exploit


Sponsored Links
194w ago - Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

Originally Posted by Mathieulh (via [Register or Login to view links]):

I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

Actually the revocation list exploit doesn't allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

For exemple the following instructions will dump the isolated LS to the SPU mailbox:

loop:
rdch $3, ch29
lqd $3, 0($3)
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
up_one:
br loop
br up_one

Of course you'll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

Finally the problem with isoldr and the revoke list exploit isn't so much that the exploit doesn't work (it actually does) It's that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

There is more than one npdrm key. It's not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.






Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 381 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

BookofEli's Avatar
#346 - BookofEli - 146w ago
That's not entirely true, I'm following your posts and it is very interesting, still KaKaRoToKS did a great Job explaining ECDSA which was interesting.

Considering your statements you won't have to get any keys and thus it's still possible to run homebrew/backups on PS3 FW >3.55 by bypassing any key requirements with "devtools".

Nabnab's Avatar
#345 - Nabnab - 146w ago
Actually the PS3 Scene are too concentrate to the Keys and too blind to see what is the best way about all that, we don't need any Keys, we have enough stuff and tool for that.

Look like that nobody read the my post about a possible 4.0 alternative... also this is more a leave the scene and check somewhere else.

CS67700's Avatar
#344 - CS67700 - 146w ago
Lets face it guys, might not be totally impossible but almost impossible at the moment. Meaning we wont see this scene moving forward anytime soon.

I'm packing my 3.55 in a corner, buying a new one soon, you never know. I'm not hoping anymore, it was obvious seeing the inertia of the scene that nothing was gonna happen for some time.

Maybe in a few years when PS4 will be here someone will find another way in.

drphuz's Avatar
#343 - drphuz - 146w ago
Not without the proper keys. The Keys are the answer to everything, both good and evil.

Bartholomy's Avatar
#342 - Bartholomy - 146w ago
Amazing post, about ECDSA.

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News