125w ago - Today the PS3 LV2 Loader (lv2ldr), METLDR, Application / IV (initialization vector) keys and SHA1 hashes used to verify the keys have been publicly released by various PlayStation 3 developers. Below they are all listed, as follows:
Fail0verflow released the SHA1 hashes of the different PS3 keys:
http://pastie.org/private/0unla7m2kxdlehmepzkktw <-- sha1 hashes for some keys
a3d8fbcf120177844c848c72afe8bf7e5fa29ab4 iso-ctype-315
287e056ab77c7a10ec73108e63f12b811ff0f888 iso-iv-315
161e5c4ca0064bddf445c19d89f703384e504f41 iso-key-315
9739847f294d869b4c73fc8115be3f60cf660c4c iso-priv-315
755d0f717cf0af17f60ef0810a45009245869b5c lv2-ctype-315
1160bc28c9547067c7b5d3661b822290a1474d9f lv2-iv-315
9aa78cc3d63be7858a875819717f3965527dd046 lv2-key-315
73340c5b90402552b333331e9b4189c1cae6e9ba lv2-priv-315
94fba8ed9675ee9d55dc6dc220b26bb162eb6ccc spp-ctype-315
8ba0748dc57f79ce508bda47633c01897175008b spp-iv-315
160d0eac80f0750c3afcfdde3070e75fa5fff864 spp-key-315
87fef0cbf46e06c4fa592d6e4f3f1bf4c9f7fca1 spp-priv-315
b5ab517f7f92cc8604f9e08ebf09e545a06c454d pkg-ctype-315
ff6b278b7993cccd82837abe8f46a228a93931f4 pkg-iv-315
78624dbfa916a34655678e2eb41ab232156a4acf pkg-key-315
70e4aa4864197ad39d9226d4c55ea345aa2de287 pkg-priv-315
e1fbd73372cbd3708c1cbe8f95aa2eedeee70406 rvk-ctype-315
3003dcb2385cc8a60fa3566a2cc0e7a76fde680a rvk-iv-315
e1468a087ecc12af0393b811f826a1bfe23cc891 rvk-key-315
bd20f3764db0d29898f3cb72bababbe73b4b3332 rvk-priv-315
Mathieulh posted the PS3 LV2, PKGs, RVK, ISO, and Application keys (also crediting
RichDevX,
Graf_Chokolo,
N_D_T, and
TitanMKD) that can be used to decrypt via the
PS3 SELF Crypto / PS3 SELF File Format and Decryption algorithm:
PS3 0.80 / 3.15 Lv2ldr keys:
erk: 94303F69513572AB5AE17C8C2A1839D2C24C28F65389D3BBB11894CE23E0798F
riv: 9769BFD187B90990AE5FEA4E110B9CF5
Decrypts all the External lv2 versions from pre 1.00 to anything below 3.40.
PS3 3.40 / 3.41 lv2 keys:
erk (12AB0): 57 5B 0A 6C 4B 4F 27 60 A0 3F E4 18 9E BA F4 D9 47 27 9F D9 82 B1 40 70 34 90 98 B0 8F F9 2C 10
riv (12AD0): 41 1C B1 8F 46 0C E5 0C AF 2C 42 6D 8F 0D 93 C8
PS3 0.80 / 3.15 Application loader keys:
erk-315 79481839C406A632BDB4AC093D73D99AE1587F24CE7E69192C1CD0010274A8AB
riv-315 6F0F25E1C8C4B7AE70DF968B04521DDA
erk 4F89BE98DDD43CAD343F5BA6B1A133B0A971566F770484AAC20B5DD1DC9FA06A
riv 90C127A9B43BA9D8E89FE6529E25206F
erk AAC20B5DD1DC9FA06A90C127A9B43BA9D8E89FE6529E25206F8CA6905F46148D
riv 7D8D84D2AFCEAE61B41E6750FC22EA43
erk-080 95F50019E7A68E341FA72EFDF4D60ED376E25CF46BB48DFDD1F080259DC93F04
riv-080 4A0955D946DB70D691A640BB7FAECC4C
erk D91166973979EA8694476B011AC62C7E9F37DA26DE1E5C2EE3D66E42B8517085
riv DC01280A6E46BC674B81A7E8801EBE6E
erk F9EDD0301F770FABBA8863D9897F0FEA6551B09431F61312654E28F43533EA6B
riv A551CCB4A42C37A734A2B4F9657D5540
PS3 0.80 to 0.92 Revision 0 Application loader keys:
erk-rev0 95F50019E7A68E341FA72EFDF4D60ED376E25CF46BB48DFDD1F080259DC93F04
riv-ev0 4A0955D946DB70D691A640BB7FAECC4C
PS3 0.95 to 3.31 Revision 1 Application loader keys (from and in updaters):
erk-rev1 79481839C406A632BDB4AC093D73D99AE1587F24CE7E69192C1CD0010274A8AB
riv-rev1 6F0F25E1C8C4B7AE70DF968B04521DDA
PS3 Unknown keys, seem not to be in use:
erk-unk1
4F89BE98DDD43CAD343F5BA6B1A133B0A971566F770484AAC20B5DD1DC9FA06A
riv-unk1 90C127A9B43BA9D8E89FE6529E25206F
erk-unk2 AAC20B5DD1DC9FA06A90C127A9B43BA9D8E89FE6529E25206F8CA6905F46148D
riv-unk2 7D8D84D2AFCEAE61B41E6750FC22EA43
erk-unk3 D91166973979EA8694476B011AC62C7E9F37DA26DE1E5C2EE3D66E42B8517085
riv-unk3 DC01280A6E46BC674B81A7E8801EBE6E
erk-unk4 F9EDD0301F770FABBA8863D9897F0FEA6551B09431F61312654E28F43533EA6B
riv-unk4 A551CCB4A42C37A734A2B4F9657D5540
He also tweeted the following: In fact it decrypts most of the application selfs the 3.15 appldr key decrypts updaters too
Looks like the isolated secure loaders aren't that secure anymore eh ?
Looking for the curve list now. Ok so now if you can calculate K
You'll also need to use a pre 3.40 lv2ldr but that's kinda obvious. By your lv2 I obviously mean custom firmware (for instance replace lv2_kernel) with a linux kernel. (of course you still need to flash it) Just one last thing, if you decrypt 2 lv2_kernel, you can calculate m then k, if you get k, and the keys I tweeted, you can have your lv2. btw those keys also happen to decrypt the ps2_emu binaries if anyone cares.
P.S. The self revision is located at 0x00000009 in the self header, it defines the key set in use.
GeoHot released the PS3 METLDR keys:
PS3 3.41 METLDR keys:
GG SONY!!!!!
I'm in your console borrowing your metldr keys
3.41 kernel keys as semi proof, more to come
erk(12AB0): 57 5B 0A 6C 4B 4F 27 60 A0 3F E4 18 9E BA F4 D9 47 27 9F D9 82 B1 40 70 34 90 98 B0 8F F9 2C 10
riv(12AD0): 41 1C B1 8F 46 0C E5 0C AF 2C 42 6D 8F 0D 93 C8
Finally,
GeoHot also shared
geoldr, to quote:
Happy New Year!
Run this as a 2nd stage from metldr. Listen for mail
As usual, there are no release dates ever. But pretty cool eh? It's a real loader.
Hi, Im John from the USA. I've had a PS3 since release. It somehow disappeared when moving and I ended up getting a SLIM about a year and a half to tw...
geohot got flamed from people because he didnt wanted to share his complete progress with the world. which was indeed right!
i'm pretty sure, everything what happend now to the community and the ps3. was a reaction of geohots work and the reaction from sony about it.
I always get 'Bad file structure or read error (line 2953). Continue?' and other random warn on ida 6.
thanks- yes that was a cut paste error, i have it right in the source.
the problem was i was using ibm sdk. i swiched over to ps3toolbox and it works fine now.
also people don't flame geohot because his work is rubbish, they flame him because he's an arrogant douche.
have fun