Post: Another PS3 linux exploit! leading to the keys..
Options
03-09-2011, 12:08 AM
#1
EnVy_AsTrO
Hurah!
I will now post all my updates with a "update"
Update 1.) Attempt at downgrading.
What happens? It decides to throw an error saying "This data type is not supported" Maybe someone should create a firmware that spoof's 3.56. I don't think this would work though, but we could give it a try. I'll try that in a few hours.
Update 2.) 3.60 has some flaws..
Update 3.) Wan't to find the keys yourself? I might release a tutorial later.
We all know that 3.60 re-secures the console. BUT I'm working on something that might work, will report back later on updates.
Well, I was able to dump both the lv1 and lv2 hypervisor. Next step, attempting a cold-boot attack. If I'm successful, we will MOST likely have the keys real soon. Last time I attempted a cold boot on lv1, my RAM over heated.. So I had to dump it to my PC. But this time I might just use liquid oxygen if I can find some. In the lv1 dump, I found some information that will help us to prevent bans. We might soon be able to spoof our MAC address. IF the MAC is not physical.. If you guys want a full list of the self files in the dump, let me know and I'll add them in here. I might release the HV kernel module if you guys want that too.
We don't have all keys. We fail to have the private keys. And, we do NOT have full access to lv2. How would you figure that? If we did, we would of had the keys a LONG time ago. I'm not going to use liquid oxygen, as that is kind of unpractical. I'll just dump to my PC.
Last edited by
EnVy_AsTrO ; 03-13-2011 at 05:10 AM.
Reason: There must always be flamers.
The following 32 users say thank you to EnVy_AsTrO for this useful post:
ᴬustin_Powers, Midnight.eGo, AlphaPoppy, ashman788, basser1, ChynkBud, david9602, DiJiTaLNiCk, dPaws, effinTyler, emersons35, Goblom, ILovePie24!!, imfamousalr, The Epic, J.V., JonnyH94, jsonnerrr, juliex877, killa skillz, MajorPSP156, NextGenTactics, Press ►, Sambrears, sithxnew, sj_7, Slay No More, StevzZy1, stuartlittle98, theycallmeryan, ThisIsBio, wardoc22
03-11-2011, 02:19 PM
#92
Norman
NORMAN
Originally posted by AsTrO
I THANK the flamers for flaming. You guys just make me stronger, and feed on your failness. If you must attempt to post on some others thread, you must be jealous, or have no idea what your doing. The very few of you that keep flaming, go ahead, you are making me stronger. Alot of people on this forum have no idea what they are talking about. REP means nothing, alot of REP doesn't mean your smart.
We all know that 3.60 re-secures the console. BUT I'm working on something that might work, will report back later on updates.
Well, I was able to dump both the lv1 and lv2 hypervisor. Next step, attempting a cold-boot attack. If I'm successful, we will MOST likely have the keys real soon. Last time I attempted a cold boot on lv1, my RAM over heated.. So I had to dump it to my PC. But this time I might just use liquid oxygen if I can find some. In the lv1 dump, I found some information that will help us to prevent bans. We might soon be able to spoof our MAC address. IF the MAC is not physical.. If you guys want a full list of the self files in the dump, let me know and I'll add them in here. I might release the HV kernel module if you guys want that too.
We don't have all keys. We fail to have the private keys. And, we do NOT have full access to lv2. How would you figure that? If we did, we would of had the keys a LONG time ago. I'm not going to use liquid oxygen, as that is kind of unpractical. I'll just dump to my PC.
We all know that 3.60 re-secures the console. BUT I'm working on something that might work, will report back later on updates.
Well, I was able to dump both the lv1 and lv2 hypervisor. Next step, attempting a cold-boot attack. If I'm successful, we will MOST likely have the keys real soon. Last time I attempted a cold boot on lv1, my RAM over heated.. So I had to dump it to my PC. But this time I might just use liquid oxygen if I can find some. In the lv1 dump, I found some information that will help us to prevent bans. We might soon be able to spoof our MAC address. IF the MAC is not physical.. If you guys want a full list of the self files in the dump, let me know and I'll add them in here. I might release the HV kernel module if you guys want that too.
We don't have all keys. We fail to have the private keys. And, we do NOT have full access to lv2. How would you figure that? If we did, we would of had the keys a LONG time ago. I'm not going to use liquid oxygen, as that is kind of unpractical. I'll just dump to my PC.
Too bad the keys we need are not in the ps3. Their called private keys for a reason and that's because ONLY Sony has them
03-11-2011, 02:36 PM
#95
ddrrmm
Brute
Originally posted by h4x
Great idea and what about exploiting Bootldr 
i heard mathieulh had success on that but won't release. :Y: nice thread
i heard mathieulh had success on that but won't release. :Y: nice thread
every time there is an exploit mathieulh comes popping up , claiming he already did the exploit. Or that he found it or whatever.
Remember his lv0/lv1 dumps, he didn't even do himself... mathieulh wants big e-penis and goes far into doing this. For all we know matthieulh is talking out of his ass again.
For anyone else thinking of hoping mathieulh will be the helpfull to the scene, heres a quote from math;
Originally posted by another user
like I would leak/share/provide/distribute a copyrighted dump with the rest of you. Get a grip !
The following user thanked ddrrmm for this useful post:
03-11-2011, 02:50 PM
#96
Norman
NORMAN
Originally posted by weebobe
Lol too bad 2 u :p Hows FailOverFlow Get's The Private "Key" Then?
Ecdsa exploit. Sony used one number to generate the keys. If you don't know how they found the keys, don't try and use it as a defense. And if you ask, yes the ecdsa code is changed to. A real number. So get outa here noob.:hitman:
Last edited by
Norman ; 03-11-2011 at 02:52 PM.
03-11-2011, 03:21 PM
#98
weebobe
Bounty hunter
Originally posted by norman
Ecdsa exploit. Sony used one number to generate the keys. If you don't know how they found the keys, don't try and use it as a defense. And if you ask, yes the ecdsa code is changed to. A real number. So get outa here noob.:hitman:
Lol i thought they get the Private Key From same this exploit. anyway thanks for the information :embarrassed::p + i'll Stay here For You
03-11-2011, 04:49 PM
#99
TheUnkn0wn
Splicer
Originally posted by ddrrmm
lol at you two being clueless about what a coldboot attack actually is... lmfao
The RAM still contains all of the information the PS3 last wrote to it. In cooling the memory to a very low temperature the RAM sustains the information. This has to be done fast as the information still deteriorates over a short period of time giving you corrupt dumps.
Stupid you doesn't seem to understand that liquid oxygen is paramagnetic meaning that cooling it with that will disrupt with the PS3's electronics 'possibly' causing corrupt dumps or making it multifunctional. This is why overclockers use liquid nitrogen as it does not contain this property.
I also forgot about liquid oxygen being so easily obtainable. (sarcasm)
The overheating RAM thing... since when did flash memory produce a lot of heat...
Also, when were the private keys in the PS3... they were calculated from the public keys (that are in the PS3) from the 'random number fail'.
So who is clueless and gullible for believing a load of bullsh*t.
Last edited by
TheUnkn0wn ; 03-13-2011 at 09:05 PM.
The following 6 users say thank you to TheUnkn0wn for this useful post:
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
