Article: PS3 3.60 Keys Leaked

[yoshi314]

hm, i don't think keys were ever leaked from sony. most of the time they were derived or extracted from hardware using various reversing techniques.

i am wondering how exactly did that happen now.

[xfri123]

Yes now i can play like a boss ^_^

[RatAndDragon]

I might be wrong, but i'm under the impression that it is no longer possible to install just a .pup file and you will have CFW. Sony fixed this bug in firmware 3.56. Maybe it is possible if you're already on firmware 3.55 and do some modifications, but i dont think that it is possible to install i.e CFW 3.60 if you're already on OFW 3.60 (without downgrading).

Actually you can install modified PUP files for firmware 3.56+ with one important caveat - you can only do it once.

There is a new checking mechanism present in those firmwares that does some extra validation on the files that are going to be installed, some sort of crypto checksum/hash/HMAC type thing most likely. So you can create a custom 3.60 PUP using the existing tools, and you can install it on top of 3.55, and then you can only install OFW after that because we don't know how to create these signatures, yet. These keys may help the effort to figure out what's going on in more modern OFW, and how to fool the new PUP installer.

(Note that when I say custom 3.60 PUP I don't mean in the sense of a CFW like kmeaw, because I don't think the firmware has been deciphered to that extent to enable the scene devs to run unsigned code, but you can do things like replace the SSL certificates and then get annoyed because you accidentally used a 3.60 based fw to make your mfw and ruined your hacked ps3...)

[Wispa]

so if people start uploading these fixes to places... they would work? or is it per console,

ive had rebug for over a year now and had a trueblue(bricked)... so now i bought an jtag xbox to play some games... but now does this mean i can play?

[yes159]

didn't sony change the keys from 4 (example) to random?

Yes, the private keys were changed in firmware 3.56, and the bug was fixed.

The keys werent 4 by the way, that is just a joke that Fail0verflow used in their presentation. I think that joke is from an old comic strip or something. I dont think that the keys were static either, but there was some bug that didnt make it random all the time, if i'm not mistaken.

Actually you can install modified PUP files for firmware 3.56+ with one important caveat - you can only do it once.

There is a new checking mechanism present in those firmwares that does some extra validation on the files that are going to be installed, some sort of crypto checksum/hash/HMAC type thing most likely. So you can create a custom 3.60 PUP using the existing tools, and you can install it on top of 3.55, and then you can only install OFW after that because we don't know how to create these signatures, yet. These keys may help the effort to figure out what's going on in more modern OFW, and how to fool the new PUP installer.

(Note that when I say custom 3.60 PUP I don't mean in the sense of a CFW like kmeaw, because I don't think the firmware has been deciphered to that extent to enable the scene devs to run unsigned code, but you can do things like replace the SSL certificates and then get annoyed because you accidentally used a 3.60 based fw to make your mfw and ruined your hacked ps3...)

I see. I didnt know that, thanks

so if people start uploading these fixes to places... they would work? or is it per console,

ive had rebug for over a year now and had a trueblue(bricked)... so now i bought an jtag xbox to play some games... but now does this mean i can play?

It works on all consoles, so you can play.

[Wispa]

well i guess ill just wait until someone somewhere uploads the eboots/fixes somewhere orrrrrrrrr

until rogero brings his new FW

[ahou]

I dont think that the keys were static either, but there was some bug that didnt make it random all the time, if i'm not mistaken.

No, that doesn't make any sense. Keys are always static. If a random key could decrypt anything, you would have what is known as a broken lock.

[sketchdesigner]

well i guess ill just wait until someone somewhere uploads the eboots/fixes somewhere

Someone is already one step ahead of you - in the last 2 hours I've seen someone upload fixed files for the following games...

Agarest War Zero (BLUS30686)
Bleach Soul Ignition (BCJS30077)
Call of Duty Modern Warfare 3
Captin America
Fear 3 (BLES00963) (External with BD-Emu option using multiMAN EBOOT fix tool)
Green Lantern
Kung Fu Panda 2
Lego Pirates of The Caribbean
NCAA 12 (Original and Decrypted EBOOT)
No More Heroes (BLES)
PES 12 (BLUS30805)
Shadows Of The Damned


They're already out there if you look about

[gonzule]

from the initial comments, i can assume that these keys will not decrypt a 3.60+ game, so thanks anyways, i´ll stick to my other methods in the meantime.

lets see how this develops and what can be done with it. If not, all we have to do is wait for E3 to release the keys for higher FW and start modifying the eboots (if what they claim is real and there is no catch)

[ahou]

from the initial comments, i can assume that these keys will not decrypt a 3.60+ game, so thanks anyways, i´ll stick to my other methods in the meantime.

You assume wrong. You can indeed decrypt 3.6 games.