The above video goes away if you are a member and logged in, so log in now!
I know donations are not necessary, but where do I donate if I want to?
Originally Posted by Hansi
Honestly, if I was an employee of your I would either be pissed that you're keeping me late for something you want, or be super excited that you're paying me to do some cool hacking shit. Either way, you are a great contributor being willing to put your business upfront to help the scene. I got respect for you and want to contribute something towards your efforts.
just found this accidently on ps3news. is this of use?
it is only for the devs from this thread if so...
someone was very interested in service mode, so i thought maybe...
Good to hear from you mathieulh (I am a big fan of you),
Originally Posted by mathieulh
I know that you need to have access(by patching DM) to SYSCON to decrypt the master key. this is what graf_chokolo is trying to do.
what we are trying to do is getting the unencrypted key from the HV.
how (I will explain in details so everyone understands)?
well based on graf_chokolo findings, the when the ps3 thinks that you connected a jig it does the following:
1-decrypt the master key (64 byte long)(this is the super master key, you can only get it through patching DM)
2- computes usbKey = HMAC(master key, usbID)
3- compares response with HMAC(usbKey, challange) if they are equal then you get service mode.
(HMAC linke: HMAC - Wikipedia, the free encyclopedia)
Once usbKey is computed is stays there unencrypted (even if the check fails), and if you reboot the ps3 through gameOS the HV is not rebooted and the usbKey stays in there.
side note: as you can see usbKey is hard coded into the jig (the real ones), so if it is stolen you can't get the master key (you can get usbKey but not master key) and once it is revoked you can't use it (even if you spoof the usbID since subKey is based on the right usbID)
and about $ony blocking the jig the could:
1- revoke usbID aa aa, once graf_chokolo gets the real master key, we can get usbKey for any usbID
2- change the master key through a firmware update (they will have to replace every jig the have too), graf_chokolo showed us how to decrypt the update packages (they can only hope that we don't find the keys or the new algorithm)
3- replace Lv2diag.self (most likely), if it is leaked (like the first one) then we are back to point zero
about the copy right stuff:
there is nothing about PSGrade that is belongs to $ony, and it doesn't not allow you to play pirated games by it self (I am against that too). in most countries, including where I am at and USA, revers engineering is legal. and yes Lv2diag.self is copy righted and I am against sharing it, and will not provide it. I only want to get in service mode to fix my ps3 without having to send it to $ony.
P.S. yep graf_chokolo is the one who did the real work, and that is why I am giving him the $500 bounty if I ever win it
Oh noes!! The king of spammer with useless posts replied.
Originally Posted by theruler
Thanks, and let me know how it goes, and if you need any help.
Originally Posted by Mojjio
+1 thanks Hansi and Mojjio
Originally Posted by fett1980
Could we not essentially find someone who has/will get a jailbreak with the supposed downgrader, and someone who knows what they are on about (no offence meant mind you) to tell them EXACTLY what to do? IE Someone downgrade from 3.41 to 3.15, talk through how to dump and get the key? I know no one wants to pay for something like that, but maybe it's the easier option? (just my 10pence)
Uhm, let me point out how wrong you were in your post:
Originally Posted by rmpinky
1. We can't downgrade yet as we don't have the master key
2. You have to be on 3.15 in order to run OtherOS which is necessary in finding the master key.
3. You have to perform GeoHotz exploit in order to dump the HV
4. Unless you know a lot about electronics and the way they work, so far, this is the easiest way.
Next time, please read some of the thread before posting nonsense.
Edit: I reread your post, and maybe you were speaking about using the PSJB downgrader. That wouldn't work either (sniffing the traffic) as it's still all encrypted (master key).
Ok, maybe i wasn't clear, for that i'm sorry.
Originally Posted by chesh
I am fully aware we don't have the key, the last 80 pages are talking about different methods on how to get it. What i meant was using the psjailbreak $100 nonsense and going back to 3.15, dumping and such like. I'm no programmer, but am trying to think a little outside the box, specially if it might help since i wouldn't know the first thing about dumping, let alone looking at the code itself....
Yeah, unfortunately everything is encrypted in memory unless you perform the GeoHotz exploit. So, you can already be on 3.15, or downgrade to it, but that's not the traffic we need. We need to fake the use of a service jig which will force the PS3 to send the master key for decryption. Reguardless of us having a key to get decrypted or not, the master key will sit in RAM until we dump the HV (which is why we need to solder the pulser to the mobo and then perform the exploit in OtherOS). Once we have the master key, then we can use it to create a fake service jig that will actually put the PS3 into service mode whenever you want, which in turn should allow us to downgrade if we have the right files.
Originally Posted by rmpinky