Sponsored Links

Sponsored Links

PS3 3.70 Appldr Keys Surface, 3.65-4.30 Appldr Keys in Development


Sponsored Links
101w ago - Similar to [Register or Login to view links], this appears to be PS3 Key week with the latest additions being the PS3 3.70 Appldr (VSH.elf) Keys surfacing while a list of the PlayStation 3 version 3.65 to 4.30 Appldr Keys in SCETool format is also in development.

Download: [Register or Login to view links] by ItsKamel / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2) / [Register or Login to view links] (Mirror #3) / [Register or Login to view links] by razorx / [Register or Login to view links] by Mistawes / [Register or Login to view links] by lewy20041 / [Register or Login to view links] by windrider (Password: SupLeechers) / [Register or Login to view links] by slarty1408

This adds to the recent PS3 LV0 (Bootldr) Keys leak, the PS3 4.25 / 4.30 Decrypted APPLDR Keys, the PS3 LV0 and Encapsulated CEX 4.30 Loaders, the PS3 4.21 LV1 and lv2_dump from 4.21 acquired by zadow28 when the Sycall table was found at offset 0x346390, the PS3 LV0 4.25 / LV2 4.25 / LV0 4.30 dumps decrypted and the PS3 4.25 Keys for MFW Builder.

Today's update begins with dosjuanes posting the PS3 3.70 Appldr Keys on Spanish site Elotrolado (linked above), followed by Chinese hacker Luckystar (via bbs.duowan.com/thread-29248664-1-1.html) developing a PS3 Appldr Keys 3.65 to 4.30 list in SCETool format as outlined below.

From dosjuanes on the PS3 3.70 Appldr Keys, roughly translated:

[Register or Login to view code]

From razorx: Here's the .ps3 keys i've put together (linked above) for you all just extract the zip into your .ps3 folder and your done the zip contains:

  • lv0-ctype-425
  • lv0-iv-425
  • lv0-key-425
  • lv0-priv-425
  • lv0-pub-425

From slarty1408: Hi ppl, Just thought i'd add the 3.70 keys to deank's multiMAN[EBOOT_FIX] tool (linked above) so you can fix your own eboots/games. i will add more keys as i get hold them... I have only only tested it with 1 game by the way so any feed back would be great.

From cory1492: None of the keys are decrypted. The ERK/RIV of all keys (app/npdrm/spp) in the raw decrypted appldr are decrypted before use by appldr at runtime. Look at the working 3.70 posted earlier (or any of the previous keys) pub and search it out.

From Luckystar comes a PS3 3.65-4.30 Appldr Keys WIP, roughly translated: Appldr 4.30

[Register or Login to view code]

The extracted from appldr 4.3 from 000248A0-000260F0. The PUB is right. erk and riv incorrect. The estimated or anergistic, send a sce header to the ok.

From aldostools on Mistawes keys dump (above): 1. make sure you have this added to keys file:

[Register or Login to view code]


2. make sure that the key revision of your SELF is 0x0016 and that it is not a NPDRM self.

I tested the keys with Saints Row The Third, and it decrypted the ELF... shift+Enter.

[Register or Login to view code]

Key Revision [DEBUG] means that your file is a FSELF. You just need to unfself it and sign the ELF with the keys that you want (eg. 0x01)

These 3.70-3.73 keys are just for retail SELF files signed with keys 0x0016. SELF files from PKG use NPDRM keys (unless they are custom made PKG created using make_package_npdrm). Yes... there used to be a tool that resigned your FSELF just pressing Ctrl+Enter on the eboot.

The current "3.70 keys" are only for key revision 0x0016 and self type = APP (retail eboot). If you have an "update/patch" eboot 3.70, it will not be decrypted with these keys, because they are self type = NPDRM and use a different key. Key revision 0x0016 is used by apps signed for 3.70, 3.72, 3.73 and 3.74.

Most of these have been confirmed by users including EussNL and ItsKamel and added to the PS3 wiki here: ps3devwiki.com/wiki/Keys. As always, we will update this article as new PlayStation 3 Keys are discovered and posted publicly.




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 244 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

PS3 News's Avatar
#234 - PS3 News - 66w ago
Following up on the previous PS3 SDAT / EDAT v3 and v4 Keys, today PlayStation 3 developers flat_z and naehrwert have shared some PS3 3.60+ Loader Keys and Phat HDD Encryption tools (including a full EncDec Emulator to encrypt or decrypt game discs) with details below followed by the Lv1ldr Crypto Keys as well.

Download: [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] by Abkarino / [Register or Login to view links] by NiceShot / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] by zecoxao / [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2) / [Register or Login to view links] by TehUnkn0wn / PS3 4.46 Keys by Acid Burn1 / franzes80

Key Scrambling

Starting with firmware version 3.60 loader keys have been encrypted. Look [Register or Login to view links] for a tool that decrypts them. Besides that, [Register or Login to view links] an implementation of the cryptographic algorithm which is used to encrypt/decrypt lv1ldr from lv0 and root scramble key at the SPU side.

Root scramble keys

[Register or Login to view code]

Scramble keys

[Register or Login to view code]

Scrambled keysets

[Register or Login to view code]

EDAT keys

[Register or Login to view code]

From flat_z (via ps3devwiki.com/index.php?title=HDD_Encryption):

Phat Consoles

  • On the PHAT consoles AES-CBC-192 is used for HDD encryption and AES-CBC-128 for VFLASH encryption.
  • So no tweak and tweak key here. Each sector is encrypted with the same zeroed IV.
  • VFLASH is encrypted once with ENCDEC key and zeroed IV!
  • Data key is of size 32 bytes but only the first 24 bytes are used for HDD and 16 bytes for VFLASH.
  • See also [Register or Login to view links] (contains scripts of ENCDEC emulator for both types of consoles).

From naehrwert (cdn0.meme.li/instances/600x600/39151418.jpg): The "Y U NO" picture I posted before

Btw. this means we might know now how cobra and 3k3y got their drive emulators working on latest consoles..

From zecoxao: First thing are the scrambled keys. Sony obfuscated the keys in order to make hard our access to them. those are called scrambled keys. Second thing is hdd encryption by glevand was incomplete. partially because he only had a slim and not a phat. now it's complete. Third thing is supposedly how cobra and 3k3y takes care of the drive keys on newer consoles. they basically don't even grab the keys, and all that's needed are sv_iso keys.

naehrwert already knows how that works. hence that meme. all you need is sv_iso keys lol

The keys should be these ones:
[code]
2A F9 18 23 CE 38 59 8E 8D 66 24 5F 69 8A B5 72

Ps3scener's Avatar
#233 - Ps3scener - 69w ago
found these but not sure, 3.60 and 3.61 Private keys

if you grabbed all the keys from gitorious. including 4.40 and 4.41 you should be able to make some sort of a jailbreak. unfortunately i can't patch lv 1 on 4.41. so anyone who can, feel free to try.

dunno why its a little bit bigger in size but these are lv 1 private keys by the way

PS3 News's Avatar
#232 - PS3 News - 69w ago
Here are some more PS3 SDAT/EDAT v3 and v4 Keys from kongen12 (via pastebin.com/KuE3zk5u)

[Register or Login to view code]


From aldostools: According to (ps3devwiki.com/wiki/Keys#EDAT) the "keys" above are edat-key-0, edat-key-1, and edat-hash-0, edat-hash-1. sdat-key is different.

EDAT

edat-key-0: BE959CA8308DEFA2E5E180C63712A9AE (SHA1: 84E9FC3574EAA11A9462FFA53D5EA46B4D0003BF)
edat-hash-0: EFFE5BD1652EEBC11918CF7C04D4F011 (SHA1: 8A721A06ABC7BB9BF398C5EF5D6F1FD997BC0A56)
edat-key-1: 4CA9C14B01C95309969BEC68AA0BC081 (SHA1: 6ECDFEC0A11890C1F2A689062D3EFE562317B2FB)
edat-hash-1: 3D92699B705B073854D8FCC6C7672747 (SHA1: F7B2917B1FA260FD51D37716A91036651F6F42F2)

SDAT

sdat-key: 0D655EF8E674A98AB8505CFA7D012933
sdat-sha1:

kaito kid's Avatar
#231 - kaito kid - 69w ago
Hi everyone, I want ps3keys up to 4.41 or 4.40 because I have 4.31 keys.

GlobalTroll's Avatar
#230 - GlobalTroll - 76w ago
Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61)

from LV1LDR.ELF FW3.61

[Register or Login to view code]


Unscrambling script: key_unscrambler.py

[Register or Login to view code]


Scramling script: key_scrambler.py

[Register or Login to view code]


Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News