Sponsored Links

Sponsored Links

Video: PS3 3.60 JailBreak Rumor, Mathieulh Claims Running Code


Sponsored Links
176w ago - Just over a week ago PlayStation 3 hacker Mathieulh confirmed finding a PS3 3.56 Exploit, and today [Register or Login to view links] tweeted part of an IRC chat log where Mathieulh stated the following regarding PS3 Firmware 3.60 running homebrew code, as follows:

"[03:15] while you are insulting me like morons, I already have code running on 3.60, and I am laughing, and guess what ? I am happy I stopped sharing, you can hate me for it, I don't care."

He followed up with the following Tweets: To those planning on building a 3.56+ pup for whatever reason, the files attributes changed, the group and user ids for the files as well. The new 3.56+ values for tarballs are the following: owner_id, “0000764″ group_id, “0000764″ owner, “tetsu” group, “tetsu” ustar, “ustar”

You can use fix_tar to use those new values. Use with caution. By comparison, those are the pre-3.56 values. owner_id, “0001752″ group_id, “0001274″ owner, “pup_tool” group, “psnes” ustar, “ustar”

3.60 isn’t “hardcore security” anyway, it’s just Sony thinking they are safe hiding everything inside lv0. You can’t decrypt lv0 without the bootloader keys. Your best bet is to look at 3.56, decrypt loaders, look for exploits, profit. You need to either decrypt or dump lv0, then you can get the encrypted loaders and decrypt them with the metldr key. Good luck.

On IRC, Mathieulh also posted a video of his own but then privatized it currently rendering it unavailable:

Mathieulh: actually you want video proof, let's share one for the lol
Mathieulh: [Register or Login to view links]

Shortly following, another PS3 3.60 JailBreak video ([Register or Login to view links]) was posted followed by the user removing it and reposting it ([Register or Login to view links]) with another account.

From IRC on the alleged PS3 3.60 JailBreak video:

mastag23: just fyi: [Register or Login to view links]
mastag23: that is fake
mastag23: it would look legit if he hadn't of ran the debugging station launcher
mastag23: You fail "Connected from 192.168.0.2 on port 1000" (port might be wrong pretty blurry.
mastag23: This is a debug unit. That can't be done on a retail unit. Run the Debugging Station Launcher on a retail and the debug tools won't connect to it, yours obviously does
mastag23: debugging station launcher cant be connected to on retail
mastag23: if he hadnt of posted debugging station launcher
mastag23: he would be believable

KaKaRoTo: Fandangos, worked on ps3mfw for 5 weeks before i got busy with other stuff
KaKaRoTo: and now i'm working on something new and revolutionizing that will also take some months of work
KaKaRoTo: (hopefully )
KaKaRoTo: anyways, the theory says that it will jailbreak all future versions, but it needs probably 2 or more months of work to get it to actually be tested..
KaKaRoTo: then need to test and see if it works
KaKaRoTo: first, like I said thousnads of times, there will be no more cfw above 3.55
KaKaRoTo: secondly, math didn't find any exploit, someone else did, math just tweeted it
KaKaRoTo: and no, my hack isn't based on that, there's no fun in using someone else's work
Mathieulh: KaKaRoTo actually it was me and rms, I found one fixed in 1.10 a few instructions below
Mathieulh: told rms to look for the exploit
Mathieulh: and he found the other instead xD
Mathieulh: which I had missed
KaKaRoTo: Mathieulh, ah ok, that's not what i was told, cause you kept referring to it as "the rms exploit" in the private chan
Mathieulh: yah xD
KaKaRoTo: and didn't know rms wanted his name to be known














The video shows a package installing and the new online save function, which was added in PlayStation 3 Firmware 3.60.

Time will tell, but my feeling from the videos and the tweeting... this may be the real deal.




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 381 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

PS3 News's Avatar
#1 - PS3 News - 178w ago
Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.

To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.

Originally Posted by Mathieulh (via [Register or Login to view links]):

I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.

So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.

Actually the revocation list exploit doesn't allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.

This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)

You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)

Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions

For exemple the following instructions will dump the isolated LS to the SPU mailbox:

loop:
rdch $3, ch29
lqd $3, 0($3)
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
up_one:
br loop
br up_one

Of course you'll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.

Finally the problem with isoldr and the revoke list exploit isn't so much that the exploit doesn't work (it actually does) It's that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.

There is more than one npdrm key. It's not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).

Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.

More PlayStation 3 News...

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News