Lv0 decrypted in 3.72

Yep you may have to check the picture a few times. Mathieulh has managed and showed us he is still capable and released a proof of concept proving that he has decrypted LV0 @ FW 3.73. This of course means CFW up to the latest PS3 firmware!

 

HOWEVER, he has went ahead and said the following:

 

By the way, I won’t be posting keys, I won’t be posting dumps and I won’t be saying how it was done, time to work gentlemen.

 

With the leak last week of the Metldr exploit, he went out and said he would not be releasing anything to the scene again. What is important to take away from this is that Mathieulh has showed us it IS possible, it is not FAR away, and all we need is someone able to get to it.

 

Maybe if you guys would be nice to him (instead of flame), he MAY be just kind enough to drop a few hints or ‘leak’ something

Saltinis: http://www.ps3hax.net/#ixzz1dedrcpFK

taigi taigi taigi, galimybe yra, reik tik kazko kas db pakartotu darba, arba priverstu autoriu parodyt tai.

Cia kalba eina apie 3.73 cfw ar apie spoofa?

cfw.

Tai labai geros naujienos

Tai jaigu isleis cfw 3.73 turetu buti galima eiti i psn kol iseis nauja ofw?

Lol, vistiek lv0 key ar dumps nedave, vargseliui turbut vel pritruko demesio, kaip pries kelis menesius skelbesi pilnai jailbreakines 3.60 OFW, o galiausiai is viso to liko tik snipstas. Tik jam ir girtis del nieko, o po to verkia, kad visa psx-scene flamina ant jo :|

Today PlayStation 3 developer xx404xx on IRC has shared his PS3 Metldr / Per Console Key0 findings thus far.

 

Included below are a PS3 EID Rootkey Dumper (SELF) which is loaded through lv2patcher, an EID Decrypter Script, the required EID Static Keys and more, as follows:

 

Quote:

[xx404xx] lol wtf you can write to metldr!!!!!!

[xx404xx] 0x17014 - Write eEID/Write metldr Holy crap, it writes passed data to the region of FLASH memory where eEID or metldr data is stored !!! And GameOS is allowed to use this service !!! Do not experiment with this service if you don't know what it does or else your PS3 will not work anymore !!!

[xx404xx] http://img841.imageshack.us/img841/1...apimage3en.png

[xx404xx] http://img824.imageshack.us/img824/5...mapimage3f.png I highly recommend you all go look at that

[xx404xx] Is anyone taking a look at that paste bin? http://pastebin.com/rFD5ASJa (via http://pastie.org/private/qwndjafrtkvhe9cikbxhg from lunuxx)

[xx404xx] Here's a pic from this leaked doc i found

[xx404xx] http://img684.imageshack.us/img684/7...mapimage6k.png

[xx404xx] http://pastebin.com/rFD5ASJa there's no per console key 0 in the guide

[xx404xx] and you need this leaked doc

[xx404xx] ill go upload it

[xx404xx] the per console key0 is only for my console......

[xx404xx] but you can obtain your own lv0

[xx404xx] im upploading the doc now

[xx404xx] i was hesitant about leaking this

[xx404xx] but here you go, you will need this info

[xx404xx] http://uppit.com/caofvtbovo2y/Cell_Broadband_Engine.doc

[xx404xx] it has doc on the spu's

[stronzolo] what do you think about the picture who math posted on the twitter ?

[xx404xx] real

[xx404xx] he already told us how he does it....

[stronzolo] us = who ?

[branan] everybody. His thing about metldr from a couple days ago applies to bootldr just as well

[xx404xx] it's no secret

[stronzolo] so why math can do it... and others can't ? what's wrong ?

[xx404xx] lol if he didnt want other's knowing about it mabye he shouldnt tweet so many hint's.......

[xx404xx] we can do it

[xx404xx] read the docs

[xx404xx] he talk's about how we dump the local storage from the spu's

[stronzolo] 404 when do we know if your key is key 0 ?

[xx404xx] when someone prep's a step by step guide to dump bootldr

 

From pastebin.com/rFD5ASJa: (img573.imageshack.us/img573/5026/newbitmapimage4z.png)

 

BootOrder explained (Thank's wiki) VERY IMPORTANT (per_console_key_0 is not the key which will be derived, but is the key which has derived per_console_key_1) We have pck1 using the dumper, in order to obtain pck you need to dump it out of ls. In order to do that with hardware you should look into math's comment's about dumping a shared lsa.

 

In order to do this with software you should either use math's bootldr exploit or you need to exploit the spe secure runtime.... (Not all that hard with the two recent exploit's)

 

With Runtime Secure Boot feature, an application can run a check on itself before it is executed to verify that it has not be modified and compromised.Secure Boot is normally done only at power-on time, but the Cell BE processor can Secure Boot an application thread multiple times during runtime. (PS3'S doesn't do this right as you can see in the failoverflow vid)

yra kaip yra. bet jis turi gebejimu, nesvarbu kad urodina kaip kazkas sake scenoj "elgias lyg 16-metis, vidurines mokyklos mokinys, atstumtas bendraklasiu"

keys released http://www.ps3hax.net/showthread.php?t=30097&page=77

tikiuosi tai nera eilinis nuspogejusio ackariko baeris.butu pats laikas 3,73 paleisti i arena nes fifa labai nieko butu pabelsti su hebryte po bongo

Panasiai

O ką būtent reiškia tas LV0 ir LV1.?

Geros zinios susijusios su cfw 3.73 http://www.ps3hax.net/2011/11/exclusive-lv2diagobjectivesuite-winstructions-leaked-leading-to-3-73-cfw/

man atrodo kad jie greiciu pasidarys bentley is teslos kuri lenda is siknos negu nauja cfw isleis

Dar viena naujiena apie cfw 3.73 http://www.ps3hax.net/2011/11/kakaroto-announces-jailbreak-for-3-73/

Jau kuriama cfw 3.73