the-green

en fait, concernant l’histoire du blocage sur ce CFW 4.30 !! n'importe quel autre CFW va poser le même problème, à moins que qq un trouve le moyen de créer une sorte de downgrader 4.30 to 3.55 comme l'a fait la team blueDisk et comme ça se fait sur DEX. puis, on a toujours le flasher software de Jaicrab (PRE Loader v3.1) il fait son boulot et on a juste besoin de réactiver le mode service sur ce dit-CFW 4.30 et on pourra re-flasher la mémoire NOR/Nand et ré-installer notre CFW via le mode factory

patiente un peu, Rogero va peaufiner son CFW avec le temps.

ahh coool, donc ça ne va pas tarder et on verra des CFW 4.30 de chez Rogero ou d'autres teams !! Sinon, je me demande si qq un peut-il porter le QA Flag et le mode service vers ces nouveaux CFW !! ça va bcp nous aider en cas de problème !! genre ajouter au CFW la compatibilité QA Flag pour faciliter le downgrade en 3.55, pouvoir modifier la mémoire NOR/Nand via le mode service...etc

Non, je viens de tester, le mode QA Flag ne fonctionne pas sur le CFW 4.21 Rogero v1.09 !! par contre le downgrade est lui possible de façon full software en installant le PUP 4.21 to 3.55 via le menu XMb, puis via le menu recoevry le CFW Rogero 3.55 v3.7 A la fin tu sera de nouveau en 3.55

seulement besoin de la clé DVD !!! et un nouveau firmware LT Ultimate !! intéressant ça

salut georges75, bah ça oui ça viendra un jour mais ça nécessitera soit un exploit quelconque ou que qq un trouve les fameuses clés privées de signature des PUP/applications

Vous devez toujours downgrader vers le 3.55 avant de pouvoir installer ce CFW !!

oui fais tous via le menu recovery et installe le CFW 4.21 Rogero v1.09

Ce sont des cas isolés, pas un phénomène comme celui apparu avec la version 1.00 sur les slim ! ça mérite toutefois l'attention

Oui, c'est rebug.me leur page officielle et ils viennent releaser leurs nouveautés toujours sur ps3crunch.net Evilsperm se montrait très confiant de leur solution, j'espère et ça serait "un rêve" que leur CFW 4.2+ soit installable sur les PS3 en OFW 4.++: - Soit qu'ils ont eu les clés privées - Soit un exploit permettant de contourner la vérification de cette clé dans le PUP check system ça, ça serait un énorme exploit

La version 1.09 du CFW CEX 4.21 de Rogero fonctionne à merveille sur les slim d'après tous les retours sur son forum !!! aucun cas de brick, aucun, ça roule, ds qq jours la release du premier CFW 4.21 stable

La PS3 est complètement hackée là si on arrive maintenant à décrypter le bootloader, on pourra meme le modifier carrément pour créer du multi-boot sur PS3, un dual-bot other OS/game OS, OFW/CFW et pourquoi pas virer la vérification des clés privées des PUP de la console !!! comme ça, rien ne pourra bloquer le hack PS3 dans le futur.

ce n'est pas la même chose deaphroat

by marcansoft (727665) on Tuesday October 23, @09:04PM (#41747075) Homepage The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it). This second-stage bootloader verifies lv0. Sony signed lv0 using the same broken process that they used for everything else, which leaks their private key. This means that the lv0 private key was doomed from the start, ever since we demonstrated the screwup at the Chaos Communication Congress two years ago. However, because lv0 is also encrypted, including its signature block, we need that decryption key (which is part of bootldr) before we can decrypt the signature and apply the algorithm to derive the private key. We did this for several later-stage loaders by using an exploit to dump them, and Geohot did it for metldr (the “second root” in the PS3′s bizarre boot process) using a different exploit (we replicated this, although our exploit might be different). At the time, this was enough to break the security of all released firmware to date, since everything that mattered was rooted in metldr (which is bootldr’s brother and is also decrypted by the per-console key). However, Sony took a last ditch effort after that hack and wrapped everything after metldr into lv0, effectively using the only security they had left (bootldr and lv0) to attempt to re-secure their platform. Bootldr suffers from the same exploit as metldr, so it was also doomed. However, because bootldr is designed to run from a cold boot, it cannot be loaded into a “sandboxed” SPU like metldr can from the comfort of OS-mode code execution (which we had via the USB lv2 exploit), so the exploit is harder to pull off because you don’t have control over the rest of the software. For the exploit that we knew about, it would’ve required hardware assistance to repeatedly reboot the PS3 and some kind of flash emulator to set up the exploit with varying parameters each boot, and it probably would’ve taken several hours or days of automated attempts to hit the right combination (basically the exploit would work by executing random garbage as code, and hoping that it jumps to somewhere within a segment that we control – the probabilities are high enough that it would work out within a reasonable timeframe). We never bothered to do this after the whole lawsuit episode. Presumably, 18 months later, some other group has finally figured this out and either used our exploit and the hardware assistance, or some other equivalent trick/exploit, to dump bootldr. Once the lv0 decryption key is known, the signing private key can be computed (thanks to Sony’s epic failure). The effect of this is essentially the same that the metldr key release had: all existing and future firmwares can be decrypted, except Sony no longer has the lv0 trick up their sleeve. What this means is that there is no way for Sony to wrap future firmware to hide it from anyone, because old PS3s must be able to use all future firmware (assuming Sony doesn’t just decide to brick them all…), and those old PS3s now have no remaining seeds of security that aren’t known. This means that all future firmwares and all future games are decryptable, and this time around they really can’t do anything about it. By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s. From the homebrew side, it means that it should be possible to have hombrew/linux and current games at the same time. From the piracy side, it means that all future games can be pirated. Note that this doesn’t mean that these things will be easy (Sony can obfuscate things to annoy people as much as their want), but from the fundamental security standpoint, Sony doesn’t have any security leg to stand on now. It does not mean that current firmwares are exploitable. Firmware upgrades are still signed, so you need an exploit in your current firmware to downgrade. Also, newer PS3s presumably have fixed this (probably by using newer bootldr/metldrs as trust roots, and proper signing all along). …. The keys are used for two purposes: chain of trust and chain of secrecy. The compromise of the keys fully compromises the secrecy of the PS3 platform permanently, as you can just follow the links down the chain (off-line, on a PC) and decrypt any past, current, or future firmware version. Current consoles must be able to use any future firmware update, and we now have access to 100% of the common key material of current PS3s, so it follows that any future firmware decryptable by current PS3s is also decryptable by anyone on a PC. However, the chain of trust can be re-established at any point along the line that can be updated. The chain of trust is safely rooted in hardware that is near impossible to modify (i.e. the CPU’s ROM and eFuse key). The next link down the chain has been compromised (bootldr), and this link cannot be updated as it is specific to each console, so the chain of trust now has a permanent weak second link. However, the third link, lv0, can be updated as it is located in flash memory and signed using public key crypto. This allows Sony to secure the entire chain from there onwards. Unless you find a vulnerability in these updated links, you will not be able to attack them directly (applications, e.g. homebrew software, are verified much further down the chain). The only guaranteed way to break the chain is to attack the weak link directly, which means using a flash writer to overwrite lv0. Once you do so, the entire chain collapses (well, you still need to do some work to modify every subsequent link to turn off security, but that is easy). If you have old firmware, you have at least some other weak links that, when compromised, allow you direct access to break the bootldr link (replacing lv0), but if you run up to date firmware you’re out of luck unless you can find a weakness or you use hardware. Old PS3s are now in the same boat as an old Wii, and in fact we can draw a direct comparison of the boot process. On an old Wii, boot0 (the on-die ROM) securely loads boot1 from flash, which is securely checked against an eFuse hash, and boot1 loads boot2 but insecurely checks its signature. On an old PS3, the Cell boot ROM securely loads bootldr from flash, which is securely decrypted and checked using an eFuse key, and then bootldr loads lv0 but checks its signature against a hardcoded public key whose private counterpart is now known. In both cases, the system can be persistently compromised if you can write to flash, or if you already have code execution in system context (which lets you write to flash). However, in both cases, you need to use some kind of high-level exploit to break into the firmware initially, particularly if you have up-to-date firmware. It just happens that this is trivial on the Wii because there is no game patch system and Nintendo seems to have stopped caring, while this is significantly harder on the PS3 because the system software has more security layers and there is a game patch system. …. The name is presumably wrong – they would be the bootldr keys, as the keyset is considered to “belong” to the entity that uses those keys to check and decrypt the next thing down the chain – just like the metldr keys are the keys metldr uses to decrypt and verify other *ldrs, the bootldr keys are the keys bootldr uses to decrypt and verify lv0. Anyway, you’re confusing secrecy with trust. These keys let you decrypt any future firmware; as you say, if they were to “fix” that, that would mean new updates would not work on older machines. However, decrypting firmware doesn’t imply that you can run homebrew or anything else. It just means you can see the firmware, not actually exploit it if you’re running it. The only trust that is broken by this keyset (assuming they are the bootldr keys) is the trust in lv0, the first upgradable component in the boot process (and both it and bootldr are definitely software, not hardware, but bootldr is not upgradable/replaceable so this cannot be fixed). This means that you can use them to sign lv0. Period. Nothing more, nothing less. The only things that these keys let you modify is lv0. In order to modify anything else, you have to modify everything between it and lv0 first. This means that these keys are only useful if you have write access to lv0, which means a hardware flasher, or an already exploited console, or a system exploit that lets you do so. …. Oh, one more thing. I’m assuming that these keys actually should be called the bootldr keys (as in the keys that bootldr uses to verify lv0), and that the name “lv0″ is just a misnomer (because lv0 is, itself, signed using these keys). If this keyset is just what Sony introduced in lv0 after the original hack, and they are used to sign everything *under* lv0 and that is loaded *by* lv0, then this whole thing is not newsworthy and none of what I said applies. It just means that all firmwares *to date* can be decrypted. Sony will replace this keyset and update lv0 and everything will be back at step 1 again. lv0 is updatable, unlike bootldr, and is most definitely not a fixed root of trust (unlike metldr, which was, until the architecture hack/change wrapped everything in lv0). If this is the case, color me unimpressed. ….. by marcansoft on Wednesday October 24, @01:04AM (#41748707) Attached to: PS3 Encryption Keys Leaked Nevermind, I just checked. They are indeed the bootldr keys (I was able to decrypt an lv0 with them). Consider this confirmation that the story is not fake. Bonne lecteur les gars

Oui, evilsperm avait dit qu'ils ont une solution "sans grands risques" sans trop détailler la dessus !! Je ne sais pas, mais....à moins qu'ils ont trouvé les nouvelles clés privées/une méthode pour les calculer ou un exploit 4.+ capable de laisser s'installer un CFW 4.++ sur une PS3 4.++, je ne vois pas comment vont-ils pouvoir faire ça !!! Donne nous la source stp

Rogero said this: - I didn't receive any Brick report from any FAT PS3 that updated to CFW4.21, so it seems FAT consoles are not being affected by the bug. - Apparently only the last downgradable Slim models are affected (CECH-25xx with Datecode 1A and base FW version = 3.50) - I Also know that there are also few Slims that bricked with model CECH-20xx but 90% of the reports were model (CECH-25xx with Datecode 1A and base FW version = 3.50). - The Brick may be caused by the boot-loaders being not written correctly into the NOR during the Update process. Please note also that all the above info may not be 100% accurate, things are still being worked on so nothing is confirmed at all and I don't promise anything about an updated CFW.

Merci pour ce beau retour, justement, ça va être un beau exemple à suivre les gueux !! allez que chacun de vous qui a a réussi qu'il nous donne le max d'infos sur sa config et sa méthode

s'il pourrait ajouter les patch non check LV1 et Lv2, ça va faciliter les choses et nous orienter un peu plus vers l'étiologie exacte de ces bricks !! facile à dire mais je sais que c'est extrêmement difficile à faire

c'est une question ?

effectivement, bonne remarque, sur le net, j'ai vu 4 gars qui parlent du brick de leur consoles PS3 slim 25++ en utilisant ce CFW

Hello all Bah, juste au passage, la MAJ 16197 est désormais disponible sur le site officiel de Microsoft http://support.xbox.com/fr-FR/xbox-360/sys...134b1c78acbc959

c'est un CFW 3.55 avec un spoof version 4.11 Le dongle Trueblue est mort depuis des mois !! attends un peu la stabilisation du CFW 4.21 de Rogero et migre dessus pa la suite c'est fini pour la version 3.55

Voilà une belle idée !! surtout qu'on a les hardware flasher maintenant, possible qu'en créant un fake Lv0(on a la clé de décryptage et celle de l'encryptage de ce fameux LV0) donc par une certaine magie, créer un LV0 personalisé qui fausse le bootloader, le fait crasher et essaye de dumper son contenu !!

En fait, si ma mémoire est bonne, suite au leak des clés publiques 3.60 kakarotoks avait dit que "ça pourrait" nous mener un jour à une solution de downgrade sans flasher hardware. Maintenant on a mieux que les clés publiques, on a la clé LV0 qui nous permet de décrypter le LV0 de chaque firmware sur les anciennes PS3 (pas les 3K ou les 4K), donc "et si je ne me trompe pas" les hackers seront capables de créer un CFW 4.25. Le gros problème reste la clé privée qu'utilise SONY sur ses firmwares, là on peut probablement s'en passer pour les anciens modèles, tant que le LV0 est hacké. On aura des CFW 4.++ mais installables seulement si on est en 3.55 ou inférieur, possible si on est sur CFW 4.21 avec une sorte de flasher software comme le Pre-Loader 3.1 de jaicrab

ça sent que SONY prépare la MAJ 4.30 si ça te dit SEN en maintenance