Technological discussion on PS3 security and crack.*

not hard to do 2 different version of FW I guess, either check model automatically through PSN or 2 separate FW from their site. It just has to closed down all possible future exploit that current lv0 key might bring.
 
took a peek at neogaf, seems like there are multiple version of the cfw in work already. So there is no way that PSN can detect cfw at all now? I thought someone said before that there a rootkit or something that Sony implemented pass fw 3.56 that can the detect it. As long as this doesn't cause chaos on popular online game, I don't care. There are still many online games that doesn't require online pass.
 
I suspect OP unlocks will be available on warez sites, I don't think it's going to be a mojor obstacle for motivated people.

I just hope that majority of current CFW users are mature enough to not play online with cheats :|
 
that seems to be the real problem with ps3 hacks. from what i can gather a bit here and there, some people are pretty frustrated with the amount of hacks going on on psn and even quit the ps3 because of it.

say you're a serious cod player or something, going online to hacks and cheats all the time would put you off the ps3. i have seen i think some youtubers who went through just that cycle. from "ps3 is the best ps3 foreva" to " thats it, too much hacking online, i quit ps3"
 
also, for the pass year from the initial hack until now, many online games released in between especially all 1st party ones comes with online pass. Ppl have to think twice before they use hacks or cheats online. I heard hacked consoles can hide their console id, but this allow the publisher to band the online pass key instead of the system or ip. So cheaters will have to pay again if they get banned and want to play online. But Black Ops 2 doesn't have online pass like previous cod games I think.........

edit: just out of curiousity, is it possible to have new l0 keys for the new super slim model?

Marcan of Wii and PS3 hacking has this to say:


Q: So what can we do with the lv0 signing key?
A: In short, we can use it to decrypt lv0, modify it to patch out any lv0 security checks, and resign it with a legitimate key that bootldr will accept. With the chain of trust broken and lv0 no longer enforcing the security of the modules that it controls, we can then start modifying lv1ldr, lv2ldr, appldr, isoldr, etc to patch out their security checks and add CFW functionality.

Q: Can Sony "fix" this like they did for the 3.55 exploit?
A: To the best of anyone's knowledge, no. With 3.55 the keys metldr used to verify its dependent modules were recovered. So Sony simply stopped using the now-insecure metldr and started using bootldr (which was still secure) to load up everything instead. Sony doesn't have any more secure modules like bootldr left; without getting too technical, we now have the keys to every "common" hardware module that is able to decrypt Sony-signed modules. The only thing left are the modules that use per-console keys, which are useless for booting common firmware (which must be decryptable by every PS3)

Q: So bootldr is fixed in hardware?
A: Correct. Like metldr, bootldr cannot be software updated by Sony. It's hard-coded in hardware. As a reminder, bootldr/metldr themselves can't be exploited, but because of the keys we have recovered we can make them load anything we want, nullifying whatever security they provide.

Q: What about future firmwares?
A: Good news! We can decrypt those too. Sony can use various coding tricks to make the process more difficult (this is called obfuscation), but they can't stop us by using keys. We will always be able to decrypt lv0, and as long as we can figure out how to navigate lv0 we can figure out how to decrypt and modify its dependent modules. For those of you that follow Sony hardware this is much like how the earlier PSPs were hacked. So we can always decrypt the firmware and will be able to create newer CFWs as long as we can get past any obfuscation by Sony.

Q: So the PS3 is utterly and completely broken?
A: Right again! Unlike the 3.55 hack we really do have it all this time. Sony will never be able to re-secure existing consoles.

Q: What about consoles running firmware newer than 3.55?
A: Because all "old" consoles use the same keys to verify modules like lv0, at a minimum we can decrypt, patch, and resign the firmware. The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn't an insurmountable problem - hardware flashers will always work - but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW.

Q: What about newer consoles?
A: Ahh. So there's the real problem. Remember how we said bootldr and metldr are fixed in hardware? Sony can create new hardware, and update those modules in the process. By using new hardware in conjunction with new firmware for that hardware, Sony could completely change the keys used to secure the system. Without getting too technical, all of this progress comes from the fact that Sony was sloppy and did a poor job of implementing their security on earlier consoles, which is what lead to the first keys being leaked. Sony could always issue new hardware with new keys and a fixed security system at which point we'd be completely locked out of that new hardware. It's entirely possible they'll do this (if they haven't done so already), so much like the PSP we're going to end up with a limited number of consoles that have hardware-based flaws that can be exploited. Of course we then found new ways of exploiting the PSP anyhow, and ultimately were able to exploit every PSP made in one way or another.

Alot more from source: http://wololo.net/talk/viewtopic.php?p=189997#p189997
 
Last edited by a moderator:
Q: What about newer consoles?
A: Ahh. So there's the real problem. Remember how we said bootldr and metldr are fixed in hardware? Sony can create new hardware, and update those modules in the process. By using new hardware in conjunction with new firmware for that hardware, Sony could completely change the keys used to secure the system. Without getting too technical, all of this progress comes from the fact that Sony was sloppy and did a poor job of implementing their security on earlier consoles, which is what lead to the first keys being leaked. http://wololo.net/talk/viewtopic.php?p=189997#p189997
That's encouraging for future platforms. The security system should be robust going forwards as long as properly implemented.
 
Does this mean that playing on PSN will be hell in a couple of months? I.E. Is this a good reason to reactivate my gold subscription?
 
Does this mean that playing on PSN will be hell in a couple of months? I.E. Is this a good reason to reactivate my gold subscription?
PSN was already accessible several times with CFW so this new hack doesn't change much in this regard and and even though the PS3 might be unable to differentiate between a official firmware and a proper signed custom firmware, I don't see a reason why when PSN is involved it wouldn't be able to see if the firmware is as expected or modified and block the access again.
Since you still need a PS3 on 3.55 (or a hardware flasher to downgrade) I wouldn't suspect a sudden increase of PS3s with CFW either.
 
PSN was already accessible several times with CFW so this new hack doesn't change much in this regard and and even though the PS3 might be unable to differentiate between a official firmware and a proper signed custom firmware, I don't see a reason why when PSN is involved it wouldn't be able to see if the firmware is as expected or modified and block the access again.
Since you still need a PS3 on 3.55 (or a hardware flasher to downgrade) I wouldn't suspect a sudden increase of PS3s with CFW either.

This is the beginning of a very long and heavily scheduled future of the PS3 hacking scene. The release of the LV0 key means that any system update released by Sony going forward can be decrypted fully with no effort. And in time... soon very soon.. people will be able to update to cfw .. regardless of what firmware their on.
 
TAnd in time... soon very soon.. people will be able to update to cfw .. regardless of what firmware their on.
Maybe but that's just speculation right now because it requires the discovery of a completely new exploit that enables this possibility. So far we don't have any indication whether such an exploit does exist/will be found or not.
 
Maybe but that's just speculation right now because it requires the discovery of a completely new exploit that enables this possibility. So far we don't have any indication whether such an exploit does exist/will be found or not.

I think one of the cfw dev rebug or something already said CFW 4.3 is coming....

The newer PSP was fully open was because of the of the key leaked from the PS3 hack, the PS3 was able to sign all the minis for PSP hardware. It wasn't really a new discovery irc. From what it looks like to me, this may open the sale opportunities to the 3rd world countries but they have to stick to selling older PS3 models and sell pre hacked systems. To be honest, PS2 didn't really reach that 150m+ sales for being secured, neither did the wii.... Since no body even track the software sales in those 3rd world countries, all pirate has to buy serial number in order to play. That's at least some money coming in for the publishers compare to back then on PS2 time.
 
I think one of the cfw dev rebug or something already said CFW 4.30 is coming....
I don't think a cfw 4.30 would be very surprising. That's exactly what this new leak enables. Decrypt new firmwares, modify them and resign them with the old private key that is already known.
But this doesn't mean you can install this cfw 4.30 on any PS3 you want. There's still the 3.55 limit because higher private keys are unknown and not possible to get.

In the Q&A senas8 posted above Marcan said it as well:
"Q: What about consoles running firmware newer than 3.55?
A: Because all "old" consols use the same keys to verify modules like lv0, at a minimum we can decrypt, patch, and resign the firmware. The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn't an insurmountable problem - hardware flashers will always work - but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW."

So yes, with a hardware flasher you can of cause downgrade (with supported models) and then use the newer cfws from 3.55 but the necessity of 3.55 will only change if someone finds a new exploit.
 
Back
Top