Mathieu Explains 3.60 Exploit - Will Lead to Application Keys and Eventually 3.60 CFW

Published on 04-21-2011 05:34 PM

69 Comments

The cats out of the bag, after many subtle hints, Mathieu explains his exploit and how it will lead to application keys. With the help of this loader exploit, devs can now obtain the Bootloader keys which will lead to the Application keys and eventually, a 3.60 CFW! With application keys, Portal 2 and future 3.60 encrypted games may soon be playable!

Attachment 1139

Synopsis of Mathieu's explanation of the exploit:

The function that copies the SCE header from the shared LS to the isolated Local Store doesn’t check the header’s size.

[So] you craft a self with a HUGE header so [that] it overwrites ldr code as it gets copied to the isolated LS and you wait [for] the loader to jump to it.

[Then] you can get lv0 decrypted, once you get lv0 decrypted, you get appldr, once you get appldr, you get 3.60 application keys, [and] once you get that, you [get] warez.

Mathieu's full conversation regarding the exploit:

X nah, not a single line of code, at least not for the implementation
but finding the exploit itself
is EASY
except no one has gone looking
I’ve seen lots of askings and whining, very little looking xD
if someone who remotely knows spu reversing starts looking
he’ll find it
at the very worse in a matter of hours
the bug is ******ly stupid to begin with
LV0, EID0, anything with coreOS imo should not be done without a hardwareflasher. Atleast with that you can undo the mess.
yeah
I am a bit of a red head here xD
you keep saying that, but I suck at SPU assembly
you’d find it even if you fail at it
you just need to know where to look
just look at how selfs are processed by ldrs
and you’ll find it
hell, I’ll help you, it’s about overflowing a certain buffer
yes, that is what defyboy and I tried to document in the ps3devwiki : bootprocess and loader locations etc.
well if you know how selfs are processed by loaders, it’s easy
another hint
it happens before the ecdsa check
my earlier guess btw was that it was a header overflow, which gave access to the local storage
It’s a ******ed exploit
if you want to know what it is, I’ll tell you
the function that copies the SCE header from the shared LS to the isolated Local Store
doesn’t check the header’s size
\o/
it’s just THAT ******ed
implementing it isn’t easy though
cause loaders have failsafes and ****
header size fail
lol
?
but now that you know, you can try it on your own
X1 yes
you craft a self with a HUGE header
so it overwrites ldr code as it gets copied to the isolated LS
and you wait the loader to jump to it
lolol must try heh
X1 it’s a total ***** to implement
but feel free xD
if someone pwns the bl with this and gets the keys, he’ll have my kudos
cause finding the exploit is the easy part
Sony’ll fix it now, but it’s not like I care much
their “unhackable” ps3s are probably already on the way

Mathieu explains the impact the exploit/keys have on Sony:

why would they care about bootldr keys?
ps3devnews etc. host metldr keys, appldr keys etc.
X1 cause you can get lv0 decrypted
once you get lv0 decrypted
you get appldr
once you get appldr
you get 3.60 application keys
once you get that
you warez
also, with those keys you can sign your own lv0, no ps3 fw update can beat you then
yah
you can have your 3.60+ custom firmware then
and warez even more
and mess with the psn again
and so on

Source: PS3Church

Share
- Share this post on
- Digg
- Del.icio.us
- Technorati
- Twitter

Categories:

65 Comments

MadnessImport - 04-21-2011, 05:47 PM
- Reply
"once you get appldr
you get 3.60 application keys
once you get that
you warez
also, with those keys you can sign your own lv0, no ps3 fw update can beat you then
yah
you can have your 3.60+ custom firmware then
and warez even more"

Ok I laughed till i barfed

ANYTHING Turkish will say is only Gona make me laugh harder if he post's here because ill agree

its becoming nothing but piracy these days

DG_Legend-PSG - 04-21-2011, 05:48 PM
- Reply
Wasn't it also said that CFW 3.55 wasn't be able to be patched by a firmware update, cause we found the "keys", yet Sony patched it with 3.56 . I'm not trying to sound too demanding, but what guarantee do we have this time 'round?

Arnaud Cohen Scali - 04-21-2011, 05:48 PM
- Reply
MatNooblh should stop talking and release something. this guy is boring

happyface-PSG - 04-21-2011, 05:50 PM
- Reply
AWESOME AWESOME! IVE BEEN REFREASHING SINCE THE RELEASE OF PORTAL 2 HOPING FOR THIS KIND OF GOOOOOD NEWS. YES! Mathieu YOU ARE THE FUKIN MAN!

PHPMyPS3 - 04-21-2011, 05:51 PM
- Reply
Mathieu is not very intelligent. Basically he tells the PS3 developpers what to do to prevent the 3.60 security from being broken. Well I don't even think Mathieu found an exploit this guy is ALL TALK.

Storm Respect - 04-21-2011, 05:56 PM
- Reply
Originally Posted by PHPMyPS3

Mathieu is not very intelligent. Basically he tells the PS3 developpers what to do to prevent the 3.60 security from being broken. Well I don't even think Mathieu found an exploit this guy is ALL TALK.

At least he is trying

One2thr456svn - 04-21-2011, 06:01 PM
- Reply
Originally Posted by Arnaud Cohen Scali

MatNooblh should stop talking and release something. this guy is boring

Man the only thing that is boring is people coming on here stating that the scene is this or that, or asking someone else to release something, If Math didn't release anything I would not blame him, cause it seems that the majority of people do is whine and complain without any addition to the movement at all, and If and I use the word "If" anything 3.60 get released, it would be a plus, but not a necessarily a major need. It would be cool just to hack it because $ony is actin like a spoiled baby. As for me I am comfortable with the 3.55, and no PSN. I am thankful for the work the guys put in, but seeing how $ony is ******g with everybody if you do release it, just be safe about it.....

Kingj13-PSG - 04-21-2011, 06:06 PM
- Reply
Keep up the good work guys can't wait to give portal 2 a run.

Cagutinho - 04-21-2011, 06:08 PM
- Reply
Its not just about piracy. But without a cfw 3.60, if you want homebrews you cannot play 3.60 games (like Portal 2), original game or not.

So, if you people want more support at homebrews, will have to accept the 3.60cfw with open arms, because if it does not come to us, people will start to give up the homebrews in a choice to play new games, and so, consequently, the homebrew support will decrease.

Lots of people want something more solid or stable, that can allow us to play all the titles of PS3, and also use homebrews (like emulators). PSN is not important... but I cant see advantages in give up tons of new games (like Portal 2, and so much more that will come from now) just to use some homebrews, so the scene starts do "die".

STALKER - 04-21-2011, 06:14 PM
- Reply
GOOD WORK, Show sony What can we do !!!

Lestat-PSG - 04-21-2011, 06:25 PM
- Reply
This is taking too long. By the time they release this Sony will have 3.61 and we will have to start all over again. With geohot down already, Seems to me that Sony has already won.

NulVoid - 04-21-2011, 06:43 PM
- Reply
For those of you complaining read this

I’ve seen lots of askings and whining, very little looking xD
if someone who remotely knows spu reversing starts looking
he’ll find it

if you want to help out go to this link:

http://www.ps3news.com/forums/ps3-li...in-112032.html

NulVoid - 04-21-2011, 06:46 PM
- Reply
If anyone want to complain read this

I’ve seen lots of askings and whining, very little looking xD
if someone who remotely knows spu reversing starts looking

if you don't know spu reversing look here:

http://www.ps3news.com/forums/ps3-li...in-112032.html

richguas1970 - 04-21-2011, 07:32 PM
- Reply
Its funny how people can complain so much, even when bones are thrown at them.. rofl.. I guess its hard for some kiddies to be humble and thankful for what is freely given.. Lets be honest, piracy is an uncontrollable force SONY will never silence..
I mean, did Microsoft.. lol

CFW and homebrew is the PS3 scene..
I still support idea of multi-booting the PS3, as it might solve most of our woes..
A PS3 OFW/PS3 CFW/ LINUX.. wow, What a lustrous PS3 to have..

houdrummer - 04-21-2011, 07:40 PM
- Reply
Originally Posted by richguas1970

I still support idea of multi-booting the PS3..

I do too. I would rather have 3.55 cfw and 3.60 ofw on the same machine than a 3.60 cfw.

DGPRodiGY-PSG - 04-21-2011, 07:41 PM
- Reply
Originally Posted by DG_Legend

Wasn't it also said that CFW 3.55 wasn't be able to be patched by a firmware update, cause we found the "keys", yet Sony patched it with 3.56 . I'm not trying to sound too demanding, but what guarantee do we have this time 'round?

Shut up you ugly noob, no one likes you, cut (:

rrrboy159 - 04-21-2011, 07:50 PM
- Reply
First of all, Math, doesnt have to release anything. If he has the keys or doesnt have the keys. If he has the method or not. UNDER ANY CIRCUMSTANCE HE DOES NOT HAVE TO RELEASE ANYTHING.
Second, there is no real point of 3.60 CFW. The only reason we would need it is psn. ONLY REASON. NOthin more nothing less. There are no more excuses.
When SOny came out with 3.56 or 3.60, no body should have updated in the first place. Even if it was on "accident" or if my "brother" did it or if my "stupid dog got an erection and hit X on the controller" NO MORE EXCUSES
For the people who bought their ps3 on 3.56 or 3.60, can't say anything about that.
The keys would be helpful for Portal 2 and future games, but wats the point. If your not pirating you would buy the game. And when you do youll have the disk. So you could play it. There the end.

richguas1970 - 04-21-2011, 07:51 PM
- Reply
Chop away the impossible, what is left exposed is the probable.. There is nothing that cannot be undone and rewritten.. For anyone to say that its HACKproof, lol, they are truly noobs..

Multi booting the PS3 is the answer in my opinion.. GO on the PSN with PS3OFW, homebrew and Multiman with CFW, and finally LINUX for those who bought it for that particular reason.. This way its all legal..

PHPMyPS3 - 04-21-2011, 08:05 PM
- Reply
Originally Posted by Cagutinho

the scene starts do "die".

I agree not only will the new games use 3.60 but on top of that Sony will start distributing new PS3s with 3.60 preinstalled (and possibly new hardware protection) and the scene will die a slow death. Geohot gave his arse to Sony by accepting to stop hacking the PS3, Mathieulh is all talk, Graf_Chokolo is in legal trouble.

When ofw 3.60 came out, Mathieulh claimed that the new PSN protocol was "easy" to hack. Well we're still waiting for someone to do it.

ki11m3please - 04-21-2011, 08:22 PM
- Reply
Originally Posted by Lestat

This is taking too long. By the time they release this Sony will have 3.61 and we will have to start all over again. With geohot down already, Seems to me that Sony has already won.

no one is winning anything...
oh yay im a hacker i hacked ps3 ofw 3.60.. do i get millions of dollars??.. no not rly.. sry..
and sony.. they are spending a ton on updates.. that ***** not free man.. and court battles tons of cash..
no one is winning a damn thing!! lol

If anything.. everyone is losing..
but if i picked a team to go with it would be the hacker/crackers.. because!
they put hard work in to this.. for thousands of people..
and get yelled at for not getting somthing out on time or not at all...
INFOINFO FOR EVERYONE!!!!!
THEY ARE DOING THIS FOR NOTHING! DONT PUSH! AND DONT B'TCH.. THANK YOU..
AND THANK THESE GUYS EVERYDAY FOR THIS.. BECAUSE WITH OUT THEM WE WOULD NOT
HAVE GOTTEN THIS FAR BY ANY MEANS.. GOOD DAY TO YOU!

as for everything.. im happy with 3.55 i run supernintendo and other emulators..
i also would be happy to see a dual boot happen..
i bought another ps3 just for portal 2 and future games.