153w ago - Today the PS3 LV2 Loader (lv2ldr), METLDR, Application / IV (initialization vector) keys and SHA1 hashes used to verify the keys have been publicly released by various PlayStation 3 developers. Below they are all listed, as follows:
Fail0verflow released the SHA1 hashes of the different PS3 keys:
http://pastie.org/private/0unla7m2kxdlehmepzkktw <-- sha1 hashes for some keys
He also tweeted the following: In fact it decrypts most of the application selfs the 3.15 appldr key decrypts updaters too Looks like the isolated secure loaders aren't that secure anymore eh ? Looking for the curve list now. Ok so now if you can calculate K You'll also need to use a pre 3.40 lv2ldr but that's kinda obvious. By your lv2 I obviously mean custom firmware (for instance replace lv2_kernel) with a linux kernel. (of course you still need to flash it) Just one last thing, if you decrypt 2 lv2_kernel, you can calculate m then k, if you get k, and the keys I tweeted, you can have your lv2. btw those keys also happen to decrypt the ps2_emu binaries if anyone cares.
P.S. The self revision is located at 0x00000009 in the self header, it defines the key set in use.
Run this as a 2nd stage from metldr. Listen for mail
As usual, there are no release dates ever. But pretty cool eh? It's a real loader.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Nah, they are the hash signatures of the keys in hex form. I suppose to prove to everyone that they have them without actually releasing them.
They seem to match the signatures of the publicly known ones (lv2 and pkg) Since they aren't salted I suppose it's feasible to run the ivs through a 0-9 A-F 16 byte rainbow table but I'm not so sure about the 64 byte key.
Either way, anyone knowledgeable enough about this kind of stuff would just find it easier to grab the keys themselves using the techniques described during the conference rather than bruteforcing them from a SHA-1 signature which, funnily enough, would take a lot more effort and computing power.