PS3 3.60 Keys Leaked

Published on 08-01-2012 05:18 AM

343 Comments

First it seemed as if it was just a rumor or perhaps fake. But euss has confirmed that they are indeed real. The day I'm sure all of you have been waiting for. The release of some PlayStation 3 keys (lv1ldr, lv2ldr, isoldr, appldr) have been leaked to the masses allowing you to patch 65 additional games. You will need a few tools in order to patch the SFO of your games. Or not. Word is Rogero says a new custom firmware will be made available. So those of you who don't want to decrypt and encrypt files should just wait a little longer.

eussNL Comments:

If you post keys in a random topic, you will fast enough be
marked as a troll. When posting keys, please do it in proper
format, so it can be easily debunked/proven

greetz, eussNL

KaKaRoTo Comments:

3.60 keys Update:

Q: recently 3.60 keys surfaced (lv1ldr, lv2ldr, isoldr, appldr), what does this mean for this release and the future?
A: That is actually a multiparted answer:

Now that several binairies (Iso module + CoreOS minus the loaders that are inside lv0) can be decrypted, more investigation can be done in them, which give a new boost in (unrelated to the HeN) other targets, like:

Hardwareless downgrades : Downgrading with PSgrade Dongle (lv1.self)
QA Flagging / systemtokens (spu_token_processor.self) and usertokens (spu_utoken_processor.self)
PS2 compatibility (mc_iso_spu_module.self , me_iso_for_ps2emu.self , sv_iso_for_ps2emu.self)
Getting per_console_root_key_1 / EID_root_key on 3.56+/slim3K (lv1.self , aim_spu_module.self)
Backsigning applications for <=3.55 and patch sys_proc_param_version (appldr.self , lv2_kernel.self)

Q: So does this mean a future release would be sooner?
A: Only God knows

But it can also be that because of the above, it would become meaningless/surpassed by better progress. So lets all hope for the best

I will be adding to this article as I learn more. Just wanted to rush this news to you asap.

UPDATE: Use Deank's EBOOT Fix Tool 0.5 to convert the EBOOTS for you. Just download the keys add them to EBOOT Fix Tool's ps3 folder. (Download below includes the keys, so no need to download them unless using other methods)

Originally Posted by deank

They also posted my ebootFIX/ebootMOD tools prepackaged with the keys in .ps3 folder, so it is ready to be used like in the old 3.41/3.55 days.

Have in mind that some games (like Sniper Ghost Warrior) have additional .self/.sprx files and it is better to use ebootFIX by dragging the PS3_GAME folder to it - it will find and fix all necessary files. If you use ebootMOD you'll have to search for these files yourself and 'fix' them one by one.

UPDATE 2: Another Method

Use SCETool to Decrypt a PS3 3.60 EBOOT.BIN File:
For those of you who want to decrypt a 3.60 EBOOT.BIN use scetool. Download scetool_0.2.7.zip unzip it to C:\scetool. Create a new folder inside scetool and name it data and download these files here:

keys: ps3devwiki.com/files/devtools/scetool/data/keys
ldr_curves: ps3devwiki.com/files/devtools/scetool/data/ldr_curves
vsh_curves: ps3devwiki.com/files/devtools/scetool/data/vsh_curves

Put them inside data folder. Put your EBOOT.BIN file in scetool folder. Go to start - run - cmd and cd to the folder were scetool is. For example "cd C:\scetool". Then type this command to decrypt the EBOOT.BIN: "scetool -d EBOOT.BIN EBOOT.ELF" and use this one to encrypt it to 3.41: C:\scetool>scetool -0=SELF -5=APP -6=0003004100000000 -e EBOOT.elf EBOOT.BIN

Download: Deank's EBOOT Fix Tool 0.5 - UPDATED LINK

Source: elotrolado via ps3crunch via ps3devwiki via ps3news

Thanks to deeptrap for the awesome news tip!

PSX-SCENE: The Pinnacle Scene Xenocracy

● Latest News ● Report News ● Search Forums ● Hall of Fame ●
● Facebook.com/PSXScene ● RSS ● Twitter.com/psx_scene ●

Share
- Share this post on
- Digg
- Del.icio.us
- Technorati
- Twitter

RUT Dark Ronin, SkyNet, bourat and 5 others like this.

Categories:

_{Tags :

euss,

kakaroto,

ps3,

ps3 3.60 keys,

ps3 custom firmware,

ps3 hacks,

ps3 keays,

ps3 keys leaked,

rogero}

343 Comments

JOshISPoser - 08-03-2012, 03:23 PM
- Reply
well, the main reason i want infamous 2 to work updated is because of move support.

i have beaten it before, so the original fix from long ago did work for me. i just really wanna replay it again and have move working, or else i really lack a reason to replay it.

oh, hmmm, actually, come to think of it, i'm still using the original fixed eboot, and not the original eboot. i will try switching that. also, i will try an uncompressed eboot fix if that will maybe change something.

i let the game update itself, then when it tried to boot, it said i needed to update. so, after multiple attempts to fix it, you come along and i installed your package. now, it boots up to the move screen, but after that it boots back to xmb with the error code of 8001003C.

well, this sucks. i can't find a decent working link with original eboot.bin. It might be a while til i can test it...

Three-Socks - 08-03-2012, 03:28 PM
- Reply
Originally Posted by oakhead69

Just seen your post on the other thread, I have not had this issue as my firmware is spoofed. I just checked I did fix the PARAM.SFO in the pkg file to 3.41 so I do not know.

Could you let me know who's spoofer are you using and what version? I have a feeling thats why it isn't working for me. The spoofer could changing the reported sdk version.

oakhead69 - 08-03-2012, 03:31 PM
- Reply
Originally Posted by Nightbird

I've yet to see a working GT5 fix.

@oakhead69. Can you post your working patched 1.12 eboot.
Thanks.

You using the EU version BCES00569? If so I will PM you.

oakhead69 - 08-03-2012, 03:32 PM
- Reply
Originally Posted by Three-Socks

Could you let me know who's spoofer are you using and what version? I have a feeling thats why it isn't working for me. The spoofer could changing the reported sdk version.

I am on the latest True Blue 2.7.

Three-Socks - 08-03-2012, 03:34 PM
- Reply
Originally Posted by oakhead69

I am on the latest True Blue 2.7.

Interesting. I'm just on MFW 3.55. Would you mind checking out my post? http://psx-scene.com/forums/f6/artic...tml#post989271 (Article: PS3 3.60 Keys Leaked)

Nightbird - 08-03-2012, 03:41 PM
- Reply
Originally Posted by oakhead69

You using the EU version BCES00569? If so I will PM you.

Yep, BCES00569.
Cheers.

oakhead69 - 08-03-2012, 03:48 PM
- Reply
Originally Posted by Three-Socks

oakhead69 I followed your instructions to resign the BCES00569 1.12 update eboot. But I'm having no luck.

It boots me back to xmb with error: 0x8001003C

I think I know what this error is. Because I can get past it. Its to do with the SDK version in the EBOOT being too high.

In the decrypted eboot.bin (ELF) You have to replace values: "13 BC C5 F6 00 33 00 00 00 36 00 01" with "13 BC C5 F6 00 33 00 00 00 35 00 01"

I resigned the EBOOT.BIN again. It boots up this time but I only get a endless GT logo loading screen. Just wondering if you missed any steps out? Because I can't seem to get anywhere using the instructions you provided.

I've deleted game data and re installed updates 1.05-1.13 but still no luck. I've created my own 1.13 package with eboot to install it aswell.

Any help with be appreciated.

You make a very good point about the replacing all of the 3.6 to 3.5 in the elf. I guess this is what ebootMOD.exe and ebootFIX.exe do for the normal EBOOT.BINs and also BD to HDD0 remapping as well.

I will look further into it.

Three-Socks - 08-03-2012, 03:56 PM
- Reply
oakhead69 I tried your PKG and it booted me back to xmb with error 8001003C.

I've compared your EBOOT.BIN/EBOOT.ELF with mine and they are the exact same. But yours has the 3.60 sdk version in. So trueblue must be doing some spoofing of this.

But if I replace sdk version 36 with 35 it loops on GT logo.

EDIT: BTW I've come across many others who are trying to sign the 1.12 EBOOT but are failing. I'm guessing its because TB are spoofing more stuff than just the displayed FW and its just normal CFW/MFW users that are having problems.

JOshISPoser - 08-03-2012, 03:59 PM
- Reply
this is all interesting stuff. i hope that is the only problem with the infamous 2 fix.

i do not use tb. i might have to try a spoofer before i can find an original infamous 2 us eboot.

oakhead69 - 08-03-2012, 04:12 PM
- Reply
Originally Posted by JOshISPoser

this is all interesting stuff. i hope that is the only problem with the infamous 2 fix.

i do not use tb. i might have to try a spoofer before i can find an original infamous 2 us eboot.

Original EBOOT will not help you as it is using the EBOOT in the update instead. I am investigating based on the valuable input from Three-Socks. It looks like TB is doing more for me than I thought :-).

Give me a while for some hex editing of the ELF and a bit of googling. We can beat this.

Three-Socks - 08-03-2012, 04:15 PM
- Reply
oakhead69 or anyone on TB cfw for that matter.

Could you go to Settings -> System infomation. Press L1+R1+DPAD LEFT+SQUARE for a few seconds. Then release and immediately press and keep holding start. You should see some text with the sdk version.

Like "sdk_branches/release_355" Mine says 355. Does it say any differently on TB?

JOshISPoser - 08-03-2012, 04:21 PM
- Reply
Originally Posted by oakhead69

Original EBOOT will not help you as it is using the EBOOT in the update instead. I am investigating based on the valuable input from Three-Socks. It looks like TB is doing more for me than I thought :-).

Give me a while for some hex editing of the ELF and a bit of googling. We can beat this.

Great! No pressure but since you seem pretty well educated on this matter, i think i'm just gonna leave it up to you. I have spent a lot of time and have not gotten to where you've brought me. So, i guess i shall wait.

Thanks, man.

dm430 - 08-03-2012, 04:29 PM
- Reply
Originally Posted by ceast21

wow so glad i got my ps3 last week.

so am i right to assume what was said that at first the games that are 3.60 will have to be fixed for 3.55 than later on a 3.60 cfw will be created.

so does that mean that ofw 3.60 will get to have cfw without downgrading?

or just that they can be decrypted? just trying to understand things.

Assuming that there is a error in the key sets algorithm I.E some value not truly being random then with the public keys in theory you would be able to calculate. But as long as the ECDSA is proper we would be looking at over a thousand+ years to CRACK the algo even if we had a super computer.
So its safe to say that this directly wont lead to CFW but since we are able to decrypt Core system files it will be possible for us to study the firmware more, this could possibly lead to a exploit but not necessarily. And since we would not have the private keys you wont see a exploit like and current 3.55 's.

oakhead69 - 08-03-2012, 04:36 PM
- Reply
Originally Posted by Three-Socks

oakhead69 or anyone on TB cfw for that matter.

Could you go to Settings -> System infomation. Press L1+R1+DPAD LEFT+SQUARE for a few seconds. Then release and immediately press and keep holding start. You should see some text with the sdk version.

Like "sdk_branches/release_355" Mine says 355. Does it say any differently on TB?

Yes it says the same "sdk_branches/release_355", it has some junk before it and then something like ",True Blue 2.7" to the right.

JOshISPoser - 08-03-2012, 05:44 PM
- Reply
the great oakhead69 might be getting a nice virtual high five in a few minutes!

an update on his fix: first, he got it where it would at least boot up and show the move screen, then it would kick back to the xmb, now it gets past the move screen and it says install failed. So, i think what i'm gonna do is have the game install from version 1.00 when it worked a while ago, then update, use his fix and see if it works!

I'm getting so happy right now, i'm actually thinking in german, and i'm american and don't even speak german! Idk if that makes sense, it's a joke, i'm just so happy cause i feel like this is gonna work.

oakhead69 - 08-03-2012, 05:52 PM
- Reply
Originally Posted by JOshISPoser

the great oakhead69 might be getting a nice virtual high five in a few minutes!

an update on his fix: first, he got it where it would at least boot up and show the move screen, then it would kick back to the xmb, now it gets past the move screen and it says install failed. So, i think what i'm gonna do is have the game install from version 1.00 when it worked a while ago, then update, use his fix and see if it works!

I'm getting so happy right now, i'm actually thinking in german, and i'm american and don't even speak german! Idk if that makes sense, it's a joke, i'm just so happy cause i feel like this is gonna work.

Delete your game data, not your save data.
Run the original 1.0 patch do not allow the updates and allow it to install.
Close the game.
Install the 4 updates either manually or let the game do it.
Install the fix.
Try it and pray.

Good luck.

JOshISPoser - 08-03-2012, 06:07 PM
- Reply
that's what i said i was doing. i did it but it just goes to a black screen. damn, i was so confident too.

i wonder why this doesn't want to work :/ maybe there's something needed to be patched in the other folder but i don't think so cause i think it's just the original game installed over.

just an update, we're pretty much at an impasse. oaks says he has it working on his european version with TB fw and it still boots to a black screen for me. Hopefully something soon will come up that will help us all with everything.

something i can maybe think of, but i'm not sure if it's possible, maybe the psarc files are patched. in the patch folder, there's a bunch of language ones and then a few that are labeled patch1, patch3 and patch4.psarc_s.

Is it possible or even probable to patch psarc files?

mojamoja - 08-03-2012, 06:52 PM
- Reply
Originally Posted by Three-Socks

oakhead69 I followed your instructions to resign the BCES00569 1.12 update eboot. But I'm having no luck.

It boots me back to xmb with error: 0x8001003C

I think I know what this error is. Because I can get past it. Its to do with the SDK version in the EBOOT being too high.

In the decrypted eboot bin (ELF) You have to replace values: "13 BC C5 F6 00 33 00 00 00 36 00 01" with "13 BC C5 F6 00 33 00 00 00 35 00 01"

I resigned the EBOOT BIN again. It boots up this time but I only get a endless GT logo loading screen. Just wondering if you missed any steps out? Because I can't seem to get anywhere using the instructions you provided.

I've deleted game data and re installed updates 1.05-1.13 but still no luck. I've created my own 1.13 package with eboot to install it aswell.

Any help with be appreciated.

Same as me. I'm at HERMES 3.41
NPDRM signed patched eboot returns to xmb (8001003C)
if using SELF (not NPDRM) from ebootfix/mod, endless GT logo
if using NPDRM from ebootfix/mod output eboot, endless GT logo

livinstyle - 08-03-2012, 06:54 PM
- Reply
So question about the updates...

please correct me if im wrong, but i just want to know how am i suppose to do the update process? i already have all the games in my ps3 working w/ the old multiman eboot fix. so i assume i need to do the following for the 3.60 key updates on the games:

1. download and install the update for the game
2. copy (updated) game to computer
3. run the eboot fix
4. copy the game back to my ps3
5. run game

or, do i just simply re-run the eboot fix on the dump i have now, copy over the eboot fix, then update the game?

please help. i dont want to re-upload all my games again :-P

livinstyle - 08-03-2012, 07:02 PM
- Reply
Sorry, i forgot to ask if i need to run the eboot fix w/ the game's original eboot, or if it doesnt matter?

after i ran the eboot fix (multiman) i copied over the original eboot files for the games. so im not sure if i will need the original eboots when updating w/ the 3.60 version of the eboot fix?