143w ago - Just over a week ago PlayStation 3 hacker Mathieulh confirmed finding a PS3 3.56 Exploit, and today drizzthacks tweeted part of an IRC chat log where Mathieulh stated the following regarding PS3 Firmware 3.60 running homebrew code, as follows:
"[03:15] while you are insulting me like morons, I already have code running on 3.60, and I am laughing, and guess what ? I am happy I stopped sharing, you can hate me for it, I don't care."
He followed up with the following Tweets: To those planning on building a 3.56+ pup for whatever reason, the files attributes changed, the group and user ids for the files as well. The new 3.56+ values for tarballs are the following: owner_id, “0000764″ group_id, “0000764″ owner, “tetsu” group, “tetsu” ustar, “ustar”
You can use fix_tar to use those new values. Use with caution. By comparison, those are the pre-3.56 values. owner_id, “0001752″ group_id, “0001274″ owner, “pup_tool” group, “psnes” ustar, “ustar”
3.60 isn’t “hardcore security” anyway, it’s just Sony thinking they are safe hiding everything inside lv0. You can’t decrypt lv0 without the bootloader keys. Your best bet is to look at 3.56, decrypt loaders, look for exploits, profit. You need to either decrypt or dump lv0, then you can get the encrypted loaders and decrypt them with the metldr key. Good luck.
On IRC, Mathieulh also posted a video of his own but then privatized it currently rendering it unavailable:
Mathieulh: actually you want video proof, let's share one for the lol Mathieulh: http://www.youtube.com/watch?v=nknwBz-2v8c
Shortly following, another PS3 3.60 JailBreak video (http://www.youtube.com/watch?v=JZfES89eZwM) was posted followed by the user removing it and reposting it (http://www.youtube.com/watch?v=Qohuq0Vvm6M) with another account.
From IRC on the alleged PS3 3.60 JailBreak video:
mastag23: just fyi: http://www.youtube.com/watch?v=JZfES89eZwM&feature=player_embedded mastag23: that is fake mastag23: it would look legit if he hadn't of ran the debugging station launcher mastag23: You fail "Connected from 192.168.0.2 on port 1000" (port might be wrong pretty blurry. mastag23: This is a debug unit. That can't be done on a retail unit. Run the Debugging Station Launcher on a retail and the debug tools won't connect to it, yours obviously does mastag23: debugging station launcher cant be connected to on retail mastag23: if he hadnt of posted debugging station launcher mastag23: he would be believable
KaKaRoTo: Fandangos, worked on ps3mfw for 5 weeks before i got busy with other stuff KaKaRoTo: and now i'm working on something new and revolutionizing that will also take some months of work KaKaRoTo: (hopefully ) KaKaRoTo: anyways, the theory says that it will jailbreak all future versions, but it needs probably 2 or more months of work to get it to actually be tested.. KaKaRoTo: then need to test and see if it works KaKaRoTo: first, like I said thousnads of times, there will be no more cfw above 3.55 KaKaRoTo: secondly, math didn't find any exploit, someone else did, math just tweeted it KaKaRoTo: and no, my hack isn't based on that, there's no fun in using someone else's work Mathieulh: KaKaRoTo actually it was me and rms, I found one fixed in 1.10 a few instructions below Mathieulh: told rms to look for the exploit Mathieulh: and he found the other instead xD Mathieulh: which I had missed KaKaRoTo: Mathieulh, ah ok, that's not what i was told, cause you kept referring to it as "the rms exploit" in the private chan Mathieulh: yah xD KaKaRoTo: and didn't know rms wanted his name to be known
The video shows a package installing and the new online save function, which was added in PlayStation 3 Firmware 3.60.
Time will tell, but my feeling from the videos and the tweeting... this may be the real deal.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
We know how it works and have explained a lot of times. The dongle puts your con into debugger mode. In this special mode you can debug games and thats what they do. They use the system embended debugger to let you play those games.
They take the official game selfs from disk and dump out the elf via the sdk, then re-encrypt them as debug selfs and on a special way thats it.
But it takes a bit more work to get this for free for every one done. The keys have nothing to do with it. They use drm just to hide and to be able to milk us all a bit longer till a free version is done.
And if someone finds how it works, it should be possible of doing the same thing comparing the eboots without the keys with the ones with keys.
In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.
its a shame they all think its such a big deal.. its only video games not cure for cancer.. sure it would be great and mean a lot to alot of us but in reality its not that big of a deal, but the way they act gives them a feeling of power i guess.. i don't really understand such behavior, myself i get most enjoyment out of trying to help others..
i wish i bought an xbox when i had the spare cash.. but i love psn too much so ill stick to my ps3 and grin and bare it.. LOL
sorry if it sounds stupid, but we seem to already have the equation ecds uses, cant we extrapolate the variables using multiples ps3 on ofw 4.00 and HFW 4.00?
For what i saw the ECDS encryption only works fine if there is only one or a few machines with the same key. With multiple ps3's its possible to extrapolate, and the higher the number the easier it is.