3.60 LV0 Keys from dissasembler, thanks to Warren for decrypting

**keyu** · 04-09-2011,05:19 PM

3.60 LV0 Keys from dissasembler, thanks to..
00000000: 36 2A 61 73 99 41 75 19 CC A7 42 22 FB F4 B5 CC |6*as.Au...B"....|
00000010: 0D A3 AC B9 0C 4A 99 47 F9 15 66 27 E9 03 12 06 |.....J.G..f'....|
00000020: 4E CD DD 67 8D A0 CE B5 0B D6 41 A2 12 E7 EB 92 |N..g......A.....|
00000030: DF 9E BD CF 22 FD 50 AE CA 82 16 E3 95 16 E4 AD |....".P.........|
00000040: A9 FE 2D 94 13 B1 72 B7 3A F1 7D 7D D2 D2 C9 8B |..-...r.:.****....|
00000050: F0 E8 84 27 8A 0F 48 B1 71 9E 42 37 57 FC 53 D5 |...'..H.q.B7W.S.|
00000060: F2 26 AE 08 52 D0 3B AF 95 CE CD 06 6C C8 FB B9 |.&..R.;.....l...|
00000070: 67 15 6E FB 7D B2 D1 B2 16 E7 FE 57 3C 5B 0F 8B |g.n.**......W<[..|
00000010: EA E3 BB C7 59 C0 F9 2F 6A 0A 09 8B 14 F0 C5 49 |....Y../j......I|
00000020: 44 D5 99 31 77 BB A6 67 83 54 AC 14 CF 06 B0 A5 |D..1w..g.T......|
00000030: AA 51 56 C4 9C 6E 34 FE 82 12 A8 85 B3 24 D3 7B |.QV..n4......$.{|
00000040: 41 34 07 9D 37 11 8E F0 94 5C 0F F2 28 53 F7 67 |A4..7....\..(S.g|
00000050: 57 F0 55 13 A6 26 DB F9 C9 AC 5F F4 A7 61 EE 61 |W.U..&...._..a.a|
00000060: A5 4E AE 27 8B F1 99 47 D0 58 2F F7 D0 0D 43 19 |.N.'...G.X/...C.|
00000070: A7 00 4C 41 F8 88 37 71 F5 F4 18 34 7D 13 64 B2 |..LA..7q...4**.d.|

**CrimsonSoul** · 04-09-2011,05:33 PM

...I'm sorry, you're expecting someone to believe this?

**frogfire-PSG** · 04-09-2011,06:15 PM

just decrypt a 3.60 eboot and proof it

**keyu** · 04-09-2011,07:01 PM

And here is the keys from 3.60 LV0.2 - All credit goes to Warren for the files.

00000000: 53 43 45 00 00 00 00 02 00 00 00 01 00 00 01 E0 |SCE.............|
00000010: 00 00 00 00 00 00 05 00 00 00 00 00 00 0B 4F E8 |..............O.|
00000020: 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 70 |...............p|
00000030: 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 D0 |................|
00000040: 00 00 00 00 00 0B 52 68 00 00 00 00 00 00 01 40 |......Rh.......@|
00000050: 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 90 |................|
00000060: 00 00 00 00 00 00 00 70 00 00 00 00 00 00 00 00 |.......p........|
00000070: 1F F0 00 00 01 00 00 01 FF 00 00 00 00 00 00 01 |................|
00000010: 00 03 00 60 00 00 00 00 00 00 00 00 00 00 00 00 |...`............|
00000020: 7F 45 4C 46 02 02 01 66 00 00 00 00 00 00 00 00 |.ELF...f........|
00000030: 00 02 00 15 00 00 00 01 00 00 00 00 00 00 0C 60 |...............`|
00000040: 00 00 00 00 00 00 00 40 00 00 00 00 00 0B 4D 68 |.......@......Mh|
00000050: 00 00 00 00 00 40 00 38 00 02 00 40 00 0A 00 09 |.....@.8...@....|
00000060: 00 00 00 01 00 00 00 07 00 00 00 00 00 01 00 00 |................|
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
__________________

**andfis** · 04-10-2011,01:19 AM

um for one.. post #4 is the hex view of lv0 not lv0.2 and the file is still encrypted,
and fot two...post#1 is still hex view and its for lv0.2 and its still encrypted...

this is fail...

**andfis** · 04-10-2011,01:20 AM

um for one.. post #4 is the hex view of lv0 not lv0.2 and the file is still encrypted,
and for two...post#1 is still hex view and its for lv0.2 and its still encrypted...

this is fail...

**andfis** · 04-10-2011,01:30 AM

you need to find the keys to properly dump these files.. if you notice its an elf file and/or self file that's encrypted

i think You can decrypt everything except lv0 and lv0.2 which has two files in it. I decrypted a few self files above so all of them should be decrypt-able. Anyhow, the lv0.2 are encrypted to a point where they don’t even show a measurable size they show up as 0.00mb in the command prompt. But, windows explorer says they are a compressed file containing 2 more separate files within it. To get the bootldr key you would have to make a program and insert it elsewhere into the pup that can be modified. Then repack the pup and run it on your ps3 and have it dump lv0.2 to a retrievable file so that the keys can be pulled from it. but the way to go about this will brick you ps3. yet the brick is fixable with the right tools. I don’t have those tools or an extra ps3 to attempt this in case the brick is permanent.

**temnasseree** · 04-10-2011,03:48 AM

I need help, I can count on you?

**keyu** · 04-10-2011,12:58 PM

C:\PS3 decrypt>pup_unpack C:\ps3.60\ps3updat.pup C:\ps3.60\unpacked
cygwin warning:
MS-DOS style path detected: C:\ps3.60\ps3updat.pup
Preferred POSIX equivalent is: /ps3.60/ps3updat.pup
CYGWIN environment variable option “nodosfilewarning” turns off this warning.
Consult the user’s guide for more details about POSIX paths:
Chapter*3.*Using Cygwin

[HEADER]
magicNumber = 0×5343455546000000
pupVersion = 0×0000000000000001
imageVersion = 0x000000000000BE2E
fileCount = 9
headerSize = 656 bytes
fileSize = 185548093 bytes

[version.txt]
fileId = 0×0000000000000100
fileOffset = 656 bytes
fileSize = 5 bytes

[license.txt]
fileId = 0×0000000000000101
fileOffset = 661 bytes
fileSize = 272944 bytes

[zeroes.txt]
fileId = 0×0000000000000103
fileOffset = 273605 bytes
fileSize = 5 bytes

[updater.self]
fileId = 0×0000000000000200
fileOffset = 273610 bytes
fileSize = 5659008 bytes

[vsh.tar]
fileId = 0×0000000000000201
fileOffset = 5932618 bytes
fileSize = 10240 bytes

[dots.txt]
fileId = 0×0000000000000202
fileOffset = 5942858 bytes
fileSize = 3 bytes

[update_files.tar]
fileId = 0×0000000000000300
fileOffset = 5942861 bytes
fileSize = 173875200 bytes

[(null)]
fileId = 0×0000000000000501
fileOffset = 179818061 bytes
fileSize = 71680 bytes

[(null)]
fileId = 0×0000000000000601
fileOffset = 179889741 bytes
fileSize = 5659008 bytes

C:\PS3 decrypt>fwpkg
USAGE: fwpkg

>> Mode can be the following values:
– e: Encrypt PKG
– d: Decrypt PKG

C:\PS3 decrypt>fwpkg d: C:\ps3.60\unpacked\update\core_os_package.pkg C:\ps3.60\
unpacked\update\coreos
cygwin warning:
MS-DOS style path detected: C:\ps3.60\unpacked\update\core_os_package.pkg
Preferred POSIX equivalent is: /ps3.60/unpacked/update/core_os_package.pkg
CYGWIN environment variable option “nodosfilewarning” turns off this warning.
Consult the user’s guide for more details about POSIX paths:
Chapter*3.*Using Cygwin
Metadata Key: 0E 60 80 BA A0 80 60 B4 13 65 DB 74 38 94 CA 3F
Metadata IV: D7 D9 4B 2F 42 0F C2 89 32 21 C1 D4 1A E2 9B 70
Metadata Size: 544 bytes

Data Start: 0×00000300
Data Size: 5343414 bytes (5.10 MB)

PKG Key: 94 8A 47 AA BF AE 6D 8D 34 E2 D7 E5 79 32 45 3C
PKG IV: 62 23 71 8C 98 E9 27 1D F9 37 D8 68 D1 A8 33 D1
PKG Size: 7340000 bytes (7.00 MB)

C:\PS3 decrypt>coreos_tool u C:\ps3.60\unpacked\update\coreos.pkg
cygwin warning:
MS-DOS style path detected: C:\ps3.60\unpacked\update\coreos.pkg
Preferred POSIX equivalent is: /ps3.60/unpacked/update/coreos.pkg
CYGWIN environment variable option “nodosfilewarning” turns off this warning.
Consult the user’s guide for more details about POSIX paths:
Chapter*3.*Using Cygwin
File: creserved_0 (offset: 0×00000460, size: 0.25 MB)
File: sdk_version (offset: 0×00040460, size: 0.00 MB)
File: spu_pkg_rvk_verifier.self (offset: 0×00040468, size: 0.06 MB)
File: spu_token_processor.self (offset: 0x0004FFB4, size: 0.05 MB)
File: spu_utoken_processor.self (offset: 0x0005C8E4, size: 0.02 MB)
File: sc_iso.self (offset: 0x00062CB4, size: 0.11 MB)
File: aim_spu_module.self (offset: 0x0007FF8C, size: 0.02 MB)
File: spp_verifier.self (offset: 0×00084224, size: 0.05 MB)
File: mc_iso_spu_module.self (offset: 0x00091A14, size: 0.03 MB)
File: me_iso_spu_module.self (offset: 0x00099AA0, size: 0.03 MB)
File: sv_iso_spu_module.self (offset: 0x000A2358, size: 0.05 MB)
File: sb_iso_spu_module.self (offset: 0x000AE3D0, size: 0.02 MB)
File: default.spp (offset: 0x000B4180, size: 0.01 MB)
File: lv1.self (offset: 0x000B6480, size: 1.15 MB)
File: lv0 (offset: 0x001DC380, size: 0.71 MB)
File: lv0.2 (offset: 0×00291880, size: 0.00 MB)
File: lv2_kernel.self (offset: 0x00291D80, size: 1.47 MB)
File: eurus_fw.bin (offset: 0x0040A6D8, size: 0.44 MB)
File: emer_init.self (offset: 0x0047B66C, size: 0.49 MB)
File: hdd_copy.self (offset: 0x004F98D4, size: 0.38 MB)
File: manu_info_spu_module.self (offset: 0x0055B0EC, size: 0.00 MB)
File: prog.srvk (offset: 0x0055C394, size: 0.00 MB)
File: pkg.srvk (offset: 0x0055C674, size: 0.00 MB)

C:\PS3 decrypt>decrypt-self C:\ps3 decrypt\lv0.2 lv022 xxx.appkey
Incorrect key file.

C:\PS3 decrypt>decrypt-self C:\ps3 decrypt\lv0.2 lv022 C:\ps3 decrypt\xxx.appkey

C:\PS3 decrypt>

I can post a pic if you all want absolute proof…..i think You can decrypt everything lv0 and lv0.2 which has two files in it. I decrypted a few self files above so all of them should be decryptable. Anyhow, the lv0.2 are encrypted to a point where they don’t even show a measurable size they show up as 0.00mb. But, windows explorer says they are a compressed file containing 2 more separate files within it. To get the bootldr key you would have to make a program and insert it else were into the pup that can be modified. Then repack the pup and run it on your ps3 and have it dump lv0.2 to a retrievable file so that the keys can be pulled from it. but the way to go about this will brick you ps3. yet the brick is fixable with the right tools. I don’t have those tools or an extra ps3 to attempt this in case the brick is permanent. This I believe is what Mathieulh hinted about doing ……hope i don’t get in trouble on this though because keys are published in this….
__________________
i know how to copy paste

**frogfire-PSG** · 04-10-2011,01:10 PM

yeah show a video proof (not mok up)....
Look @ my mok up

C:\PS3 decrypt>pup_unpack C:\ps3.80\ps3updat.pup C:\ps3.80\unpacked
cygwin warning:
MS-DOS style path detected: C:\ps3.80\ps3updat.pup
Preferred POSIX equivalent is: /ps3.80/ps3updat.pup
CYGWIN environment variable option “nodosfilewarning” turns off this warning.
Consult the user’s guide for more details about POSIX paths:
Chapter*3.*Using Cygwin

[HEADER]
magicNumber = 0×5343455546000000
pupVersion = 0×0000000000000001
imageVersion = 0x000000000000BE2E
fileCount = 9
headerSize = 656 bytes
fileSize = 185548093 bytes

[version.txt]
fileId = 0×0000000000000100
fileOffset = 656 bytes
fileSize = 5 bytes

[license.txt]
fileId = 0×0000000000000101
fileOffset = 661 bytes
fileSize = 272944 bytes

[zeroes.txt]
fileId = 0×0000000000000103
fileOffset = 273605 bytes
fileSize = 5 bytes

[updater.self]
fileId = 0×0000000000000200
fileOffset = 273610 bytes
fileSize = 5659008 bytes

[vsh.tar]
fileId = 0×0000000000000201
fileOffset = 5932618 bytes
fileSize = 10240 bytes

[dots.txt]
fileId = 0×0000000000000202
fileOffset = 5942858 bytes
fileSize = 3 bytes

[update_files.tar]
fileId = 0×0000000000000300
fileOffset = 5942861 bytes
fileSize = 173875200 bytes

[(null)]
fileId = 0×0000000000000501
fileOffset = 179818061 bytes
fileSize = 71680 bytes

[(null)]
fileId = 0×0000000000000601
fileOffset = 179889741 bytes
fileSize = 5659008 bytes

C:\PS3 decrypt>fwpkg
USAGE: fwpkg

>> Mode can be the following values:
– e: Encrypt PKG
– d: Decrypt PKG

C:\PS3 decrypt>fwpkg d: C:\ps3.60\unpacked\update\core_os_package.pkg C:\ps3.80\
unpacked\update\coreos
cygwin warning:
MS-DOS style path detected: C:\ps3.80\unpacked\update\core_os_package.pkg
Preferred POSIX equivalent is: /ps3.80/unpacked/update/core_os_package.pkg
CYGWIN environment variable option “nodosfilewarning” turns off this warning.
Consult the user’s guide for more details about POSIX paths:
Chapter*3.*Using Cygwin
Metadata Key: 1E 60 84 BA A0 80 60 B4 13 65 DB 74 38 94 CA 3E
Metadata IV: A7 D9 4B 2F 42 0F C2 89 32 21 C1 D4 1A E2 9B 79
Metadata Size: 544 bytes

Data Start: 0×00000300
Data Size: 5343414 bytes (5.10 MB)

PKG Key: 94 8A 47 AA BF AE 6D 8D 32 E2 D7 E5 79 32 45 3C
PKG IV: 62 23 71 8C 98 E9 27 1D F9 37 D8 68 D1 A8 31 D1
PKG Size: 7340000 bytes (7.00 MB)

C:\PS3 decrypt>coreos_tool u C:\ps3.80\unpacked\update\coreos.pkg
cygwin warning:
MS-DOS style path detected: C:\ps3.80\unpacked\update\coreos.pkg
Preferred POSIX equivalent is: /ps3.80/unpacked/update/coreos.pkg
CYGWIN environment variable option “nodosfilewarning” turns off this warning.
Consult the user’s guide for more details about POSIX paths:
Chapter*3.*Using Cygwin
File: creserved_0 (offset: 0×00000460, size: 0.25 MB)
File: sdk_version (offset: 0×00040460, size: 0.00 MB)
File: spu_pkg_rvk_verifier.self (offset: 0×00040468, size: 0.06 MB)
File: spu_token_processor.self (offset: 0x0004FFB4, size: 0.05 MB)
File: spu_utoken_processor.self (offset: 0x0005C8E4, size: 0.02 MB)
File: sc_iso.self (offset: 0x00062CB4, size: 0.11 MB)
File: aim_spu_module.self (offset: 0x0007FF8C, size: 0.02 MB)
File: spp_verifier.self (offset: 0×00084224, size: 0.05 MB)
File: mc_iso_spu_module.self (offset: 0x00091A14, size: 0.03 MB)
File: me_iso_spu_module.self (offset: 0x00099AA0, size: 0.03 MB)
File: sv_iso_spu_module.self (offset: 0x000A2358, size: 0.05 MB)
File: sb_iso_spu_module.self (offset: 0x000AE3D0, size: 0.02 MB)
File: default.spp (offset: 0x000B4180, size: 0.01 MB)
File: lv1.self (offset: 0x000B6480, size: 1.15 MB)
File: lv0 (offset: 0x001DC380, size: 0.71 MB)
File: lv0.2 (offset: 0×00291880, size: 0.00 MB)
File: lv2_kernel.self (offset: 0x00291D80, size: 1.47 MB)
File: eurus_fw.bin (offset: 0x0040A6D8, size: 0.44 MB)
File: emer_init.self (offset: 0x0047B66C, size: 0.49 MB)
File: hdd_copy.self (offset: 0x004F98D4, size: 0.38 MB)
File: manu_info_spu_module.self (offset: 0x0055B0EC, size: 0.00 MB)
File: prog.srvk (offset: 0x0055C394, size: 0.00 MB)
File: pkg.srvk (offset: 0x0055C674, size: 0.00 MB)

C:\PS3 decrypt>decrypt-self C:\ps3 decrypt\lv0.2 lv022 xxx.appkey
Incorrect key file.

C:\PS3 decrypt>decrypt-self C:\ps3 decrypt\lv0.2 lv022 C:\ps3 decrypt\xxx.appkey

C:\PS3 decrypt>

User Tag List

Thread: 3.60 LV0 Keys from dissasembler, thanks to Warren for decrypting

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!