With all these keys being leaked ... why is noone working on OFW PUP Keys ?

[Xplic1T]

So we have 4.31 lv2ldr and isoldr keys and almost every other freaking key ... so why dont we deliver the 1 2 punch to sony and finally get the keys for signing a valid pup update. If the ps3 can validate a key then we should be able to see what schemes its using for that validation and be able to fake sign a pup. I mean comon guys the cats out of the bag but nobody seems to want to make that golden pup which will downgrade us back to 3.55 because progskeet and e3 would lose money ... wtf cares.

[Goku1992]

Without private keys any CFW over 3.56 is impossible


/Thread

[indirect76]

Your making some wrong assumptions about how the encryption schemes used. The Firmwares are signed with private keys that are impossible to guess or calculate. Firmwares are decypted with public keys that are different than the private keys. We have public keys, so we can do things like decrypt firmwares, but we can't sign them for any firmware above 3.55.

[Metion]

You must have a really deep knowledge of tue ps3 sustem
Building a pup that allow to downgrade and another to hack any ps3 using only magic

I wonder Why nobody thinked that before... Its super easy to do ��

[rimi]

spkg module on 3.56+OFW blocked 3.55 HMAC keys so yes, you cant install it unless, you patched manually over flasher (which is what we seeing right now, that's why 3.56based PS3 can install 4.xx CFW now).

patching the spkg over flashers is probably new method to install CFW.

[cyto]

Which set of private keys do the pups need to allow installation, i.e., appldr, btldr, metldr, etc.? I understand the basics of private/public key crypto, but I thought the Sony flaw was fatal because they didn't allow for variance in the ECDSA and used a set point with each of the private keys rather than a variable. I thought that most of the private keys had been calculated with mathematics. This wasn't really explained by Marcan or Wololo who wrote very informative articles and how most of this happened. Are there any crypto experts here to shed some light on the subject?

[indirect76]

Which set of private keys do the pups need to allow installation, i.e., appldr, btldr, metldr, etc.? I understand the basics of private/public key crypto, but I thought the Sony flaw was fatal because they didn't allow for variance in the ECDSA and used a set point with each of the private keys rather than a variable. I thought that most of the private keys had been calculated with mathematics. This wasn't really explained by Marcan or Wololo who wrote very informative articles and how most of this happened. Are there any crypto experts here to shed some light on the subject?

The private keys for 3.55 were calculated due to Sony not using a different random number for each firmware signing. Since then they have changed the private keys and are signing their firmwares properly.

[cyto]

The private keys for 3.55 were calculated due to Sony not using a different random number for each firmware signing. Since then they have changed the private keys and are signing their firmwares properly.

All we have as far as PUP keys is the HMAC key. If we need the private key to the PUP to force an installation of cfw 3.60+, it won't happen without a leak or an exploit that is found. As Geohot and Kakaroto have said, we don't need the private keys but we just need an exploit to trick the system into installing the fw for us. I'm not sure how hard people are working on this for those users who have base fw's above 3.60.
For 3.55 systems, we have all the public keys used for firmware decryption so we can decrypt all future fw's and resign them using the 3.55 keys, but we can't sign new fw's without their private keys. Is this correct?

[Raikalo]

All we have as far as PUP keys is the HMAC key. If we need the private key to the PUP to force an installation of cfw 3.60+, it won't happen without a leak or an exploit that is found. As Geohot and Kakaroto have said, we don't need the private keys but we just need an exploit to trick the system into installing the fw for us. I'm not sure how hard people are working on this for those users who have base fw's above 3.60.
For 3.55 systems, we have all the public keys used for firmware decryption so we can decrypt all future fw's and resign them using the 3.55 keys, but we can't sign new fw's without their private keys. Is this correct?

That's pretty much correct. I don't know what an "HMAC" key is, personally, however it is correct that we do not need the private keys (just an exploit to load the CFW without the security checks). We have the public and private keys for 3.55 ONLY; as all firmwares are backwards compatible from that version previous, we can sign anything at or below 3.55. Since we only have the public keys for 3.56+, though, we can only DECRYPT. Since we can't sign anything, we have to modify the firmware to accept our bogus signatures (which isn't possible unless we're on 3.55) so it creates a vicious cycle.

If someone manages to find an exploit in ANY 4.XX firmware, then all PS3s from that point and back SHOULD be CFW'able (even the new 'super-slims').