[NEWS][MAJ]Les clés LV0 dans la nature : News - PS3-Infos

[NEWS][MAJ]Les clés LV0 dans la nature   

Les news du Hack PS3 postées sur PS3 Infos

[NEWS][MAJ]Les clés LV0 dans la nature

Messagepar Attila » Lun 22 Oct 2012 20:40

imageLe LV0 de la PS3 n'avait jusque là pas encore dévoilé ses clés au public. C'est maintenant du passé vu que les clés LV0 viennent d'être dévoilées.

Avec ces clés il sera maintenant possible de pouvoir mettre la main sur l'isoldr, l'appldr, le lv2ldr et le lv1ldr qui avaient été intégrés au lv0 depuis le firmware 3.60.

C'est une grande avancée et nous attendons beaucoup dans le futur !
ERK = CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9 AB2D215865878A
RIV = F9205F46F6021697E670F13DFA726212
PUBLIC = A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB 925AAF4AFFF34D41EEB54DD128700D
PRIVATE = 001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3

[_ As this was a group effort, we wouldn't normally have lost a word about it |
|ever, but as we're done with PS3 now anyways, we think it doesn't matter |
|anymore []. Congratulations to the guy that leaked |
|stuff, you, sir, are a 1337 haxx0r, jk, you're an asshole. _]
| |
| Try this bytes... |
| - [erk=CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9AB2D215865878A] |
| - [riv=F9205F46F6021697E670F13DFA726212] |
| - [pub=A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB925AAF4AFFF34D |
| 41EEB54DD128700D] |
| - [priv=001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3] |
| - [ctype=33] |
| ...and be amazed. |
| |
[_ People should know that crooked personalities are widespread in this so |
|called 'scene'. Some people try to achive something for fun together and make|
|the wrong decision to trust others and share their results with them, but ofc|
|there got to be the attention seeking fame wh*** that has to leak stuff to |
|feel a little bit better about him-/herself. _]
[_ Now the catch is that it works like this in every 'scene', just that in |
|others it usually doesn't come to light. _]
[_ The only sad thing is, that the others who worked on this won't get the |
|attention they deserve because they probably want to remain anonymous (also |
|they don't care about E-fame <3). _]
| |
[_ PS: This is neither about drama nor E-fame nor 'OMG WE HAZ BEEN FIRST', we |
|just thought you should know that we're disappointed in certain people. You |
|can be sure that if it wouldn't have been for this leak, this key would never|
|have seen the light of day, only the fear of our work being used by others to|
|make money out of it has forced us to release this now. _]
'----===========================================[- The Three Musketeers]==----'

MAJ : KaKaRoToKS nous donne plus d'informations sur comment faire un CFW grâce à ces clés, en nous disant comment désactiver des protections :
Since the LV0 keys have now been leaked, I believe I can now share this info with you, to help out those who are trying to build their own 4.x CFW :
The NPDRM ECDSA signature in the SELF footer is checked by lv2. It first asks appldr to tell it whether or not the signature is to be checked, and appldr will only set the flag if the SELF is a NPDRM with key revision from 3.56+ (the ones without private keys). This means that the SELF files signed with the new 3.56+ keys still don't have their ecdsa checked (probably to speed up file loading).
If appldr says the ecdsa signature must be checked, then lv2 will verify it itself, and return an error if it's not correct. There are many ways to patch this check out.
1 - Patch out the check for the key revision in appldr
2 - Patch out the "set flag to 1" in appldr if the key revision is < 0xB
3 - Patch out the code in lv2 that stores the result from appldr
4 - Patch out the actual sigcheck function from lv2.
5 - Ignore the result of the ecdsa from lv2.

Here is one of the patches (the 4th one, patching out the check function from lv2) :
In memory 0x800000000005A2A8, which corresponds to offset 0x6a2a8 in lv2_kernel.elf, replace :
e9 22 99 90 7c 08 02 a6
With :
38 60 00 00 4e 80 00 20

This is for the 4.21 kernel (that was the latest one when I investigated this), I will leave it as an exercise to the reader to find the right offsets for the 4.25 and upcoming 4.30 kernel files.
And here's another bit of info... in 4.21 lv2, at memory address 0x800000000005AA98 (you figure out the file offset yourself), that's where lv2 loads the 'check_signature_flag' result from appldr, so if you prefer implementing method 3 above, just replace the 'ld %r0, flag_result_from_appldr' by 'ld %r0, 0' and you got another method of patching it out. Either solutions should work just the same though.
Enjoy homebrew back on 4.x CFW....

p.s: Thanks to flatz and glu0n who helped reversed this bit of info.!-Enjoy!Source :!-Enjoy!és PS3 :
Avatar de l’utilisateur
Administrateur du site
Messages: 7572
Inscription: Ven 3 Sep 2010 11:53

Re: [NEWS][MAJ]Les clés LV0 dans la nature

Messagepar KillerBot » Mer 24 Oct 2012 19:05

Un CFW proche pour ceux ayant un OFW 3.56+ ?
Messages: 39
Inscription: Jeu 2 Juin 2011 20:00

Re: [NEWS][MAJ]Les clés LV0 dans la nature

Messagepar Itachijiraya » Mer 24 Oct 2012 19:28

Avatar de l’utilisateur
Messages: 616
Inscription: Ven 3 Sep 2010 16:54

Re: [NEWS][MAJ]Les clés LV0 dans la nature

Messagepar KillerBot » Jeu 25 Oct 2012 13:24

Probablement : donc les clés lv0 permettront aux hackers de "déterminer" le chaînon manquant indispensable à la réalisation d'un bon CFW ? (Car je lis des mots un peu partout genre appldr....)
Messages: 39
Inscription: Jeu 2 Juin 2011 20:00

Re: [NEWS][MAJ]Les clés LV0 dans la nature

Messagepar Attila » Jeu 25 Oct 2012 13:47

oui !
Avatar de l’utilisateur
Administrateur du site
Messages: 7572
Inscription: Ven 3 Sep 2010 11:53

Retourner vers News


  • Articles en relation
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 8 invités