93w ago - Following up on his
previous update, today Sony PlayStation 3 hacker
No_One has made available some PDF documentation that details how Project PNM PS3 NOR Manager works including schematics, explanations, a bill of materials (BOM), and diagrams.
Download:
Project PNM PS3 NOR Manager Schematics PDF
To quote: Hi mates, Here is the PDF documentation that explains how PNM works from an hardware point of view:
- schematics
- explanations
- bill of materials (BOM)
- diagrams
Coming soon:
- A virtual SOCKET #3 to access (Read/Write) the PS3 NOR (on motherboard itself) It will give the ability to manage what others flashers around do without removing the embedded NOR.
Realtime tests on a PS3 in differents situations:
- Static switching between 2 firmwares
- Dynamic switching
Tasks finished these last 2 days:
- serial link has been enhanced (speed) to 1Mbit/s
- virtual SOCKET #3 instanciated in the FPGA
- Teraterm macros to help managing DUMP/UPDATE (not yet fully functionnal)
- automatic detection of the firmware flashed
- some minor software updates
See ya very soon for more progress !
Cheers
No_One
Update: Let me give some clarifications. To make simple:
- private keys are used to decrypt (and sign) files needed to build a firmware.
- public keys are used to decrypt files like "EBOOT.BIN", SELF/SPRX files and so on.
If a new exploit is found to obtain privates keys then CFW will appear again.
Even if PNM project only aims to manage a TRUE dual firmware console, it may lead to public keys.
I won't explain it how.
What does that mean ?
It means devs will probably include public keys (ie 3.70) in a 3.55 CFW (like it has been done for 3.56 keys). But i would like to underline that there some tricks that could be used by SONY to prevent such methods. I won't explain them here.
Now, concerning the NOR flash. It only embeds a part of the firmware. The other part is stored in the internal HDD. To manage a TRUE dual firmware, it will be necessary to have both these parts (ie 3.41 HDD + 3.70 HDD).
I won't talk about the SYSCON in this post since most people reading won't understand what it is.
The lame method will consist to swap HDD. But good news, there are some identified tricks to keep everything in only ONE HDD
Again, to make things clear: PNM is NOT a project to promote piracy ! The main goal is to have a 3.41/3.55 CFW with Linux/homebrews and an OFW to continue enjoying last games, PSN... But like any "weapon", PNM can be used for nice perspectives but also in "bad hands" for obscure aims.
Cheers
No_One
Well this is no good. I tried installing Rebug D-Rex 4.30.2 but kept getting an error that it's corrupt from the main update screen and from the recov...
that's old news mate..like last year old.. LOL
"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.
Sony updated its consoles to block the software and took legal action against distributors in many countries.
However, according to pytey, it may not be so easy to fix the problem this time.
"The only way to fix this is to issue new hardware," he said. "Sony will have to accept this."
In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.
"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.
"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."
But the team found that Sony had made a "critical mistake" in how it implemented the security.
"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.
"However, Sony wrote their own signing software, which used a constant number for each signature."
This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.
"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.
Using a similar technique he was able to extract the entire master key for the system, which he subsequently publish online along with a demonstration of it in action.
However, he has not released the method he used to extract the key.
"There is no reason to," he said.