like 7 months ago he gave instructions on how to retrieve some keys in 3.60 and still waiting so this new thing about lv0 decryption i dont think i'll leave to any place
Yeah, with that, you'd need a dual nor console, one with 3.55 and one with whatever firmware's lv0 you wanted.
Edit: I actually want to have some fun with this. Anyone know a .self generating tool for mac?
Last edited by master737373; 11-14-2011 at 03:41 PM.
Don't Feed The Trolls Past Midnight
STOP!!! Before you post that question, 98% of your answers are --->Here<---
[21:00:58] <Mathieulh> selfs are a mess to generate properly because a lot of values need to be calculated from the original elf file
[21:01:11] <Mathieulh> the problem is right now all the public tools use hardcoded values
[21:01:19] <Mathieulh> that are grabbed from various self files
[21:01:21] <Mathieulh> but are not calculated
[21:01:34] <Mathieulh> well that's one of the many problems actually
[21:01:35] <jevin> Mathieulh, things other than elf offsets?
[21:01:40] <Mathieulh> yah
[21:02:03] <Mathieulh> sony also did some fancy things with the compression self format
[21:02:12] <Mathieulh> where values are off by a certain offset etc etc
[21:02:38] <Mathieulh> if you want to make a proper self tool
[21:02:44] <Mathieulh> you first need to reverse make_fself
[21:03:06] <jevin> not too hard with hexrays *cough*
[21:03:09] <Mathieulh> that's the initial step
[21:03:15] <Mathieulh> yeah it's not that hard
[21:03:29] <Mathieulh> then you'll figure what a big fuck up the self format really is xD
[21:05:14] <Mathieulh> but yeah just my self.cpp is 5 times larger than the entire source for ****** make_self/make_self_npdrm
[21:05:27] <Mathieulh> in terms of lines of code
[21:05:48] <Mathieulh> so his is missing shitloads of stuffs and only relies on hardcoded values
[21:06:06] <jevin> entire headers copypasta'ed from existing selfs
[21:06:11] <Mathieulh> pretty much yah xD
[21:06:23] <Mathieulh> the ones on the tool I use are generated
[21:06:32] <Mathieulh> as in calculated and generated
[21:06:36] <Mathieulh> from the original elf
[21:06:52] <Mathieulh> btw unself is buggy too
[21:06:54] <Mathieulh> just so you know
[21:07:16] <jevin> why havent you labeled the control flags?
[21:08:16] <Mathieulh> jevin I didn't feel the need to, I already know what they do anyway
[21:08:37] <Mathieulh> for example 0x40 is root rights, 0x20 is debugger rights and so on
[21:09:07] <jevin> im guessing the self capabilities flags are offset 0x20 in the self header
[21:09:18] <Mathieulh> capabilities aren't in the header
[21:09:23] <Mathieulh> they are part of the metadata
[21:09:28] <Mathieulh> as in, they are encrypted and signed
[21:10:16] <jevin> offset 0x10 in the section header?
[21:10:29] <Mathieulh> it's after the metadata keys
[21:10:33] <jevin> no, they wouldnt be per section
[21:10:50] <Mathieulh> as in, right after them
[21:11:09] <jevin> i see. so unself doesnt have enough fields in the metadata header
[21:11:35] <jevin> i really should color in the hex values that are mapped to structures in unself vs ones that arent
[21:11:42] <jevin> seems like it is missing a lot
[21:11:49] <Mathieulh> everything public is missing tons
[21:12:15] <Mathieulh> capabilities are optional mind you
[21:12:35] <jevin> are they restrictive or permissive?
[21:13:11] <Mathieulh> restrictive
[21:13:16] <Mathieulh> (for most)
[21:42:15] <jevin> Mathieulh, you said that the ****** npdrm keypair is blacklisted in 3.56
[21:42:30] <jevin> i couldnt find the decrypted or encrypted metadata keypair in 3.56 files
[21:42:47] <jevin> where does the blacklisting occur? is it a hash that is blacklisted?
[21:43:08] <jevin> its interesting to me because we can make our own keypairs now with juan nadie's work
[21:48:45] <Mathieulh> <jevin> Mathieulh, you said that the ****** npdrm keypair is blacklisted in 3.56 <== not only that
[21:49:03] <Mathieulh> ****** stuff doesn't generate some of the npdrm specific values
[21:49:08] <Mathieulh> those were not checked in 3.55
[21:49:13] <Mathieulh> but they are checked in 3.56 now
[21:49:55] <jevin> Mathieulh, gotcha
[21:50:09] <jevin> is his keypair actually blacklisted somewhere though?
[21:50:10] <Mathieulh> there is no whitelist for npdrm
[21:50:22] <Mathieulh> so it's actually possible to generate valid npdrm self for 3.56+
[21:50:42] <jevin> is it a check in appldr?
[21:50:43] <Mathieulh> that tool I made a screenshot of actually does that
[21:51:02] <Mathieulh> jevin yeah, it's enforced by lv1 though
[21:51:16] <jevin> a hash comparison?
[21:51:27] <Mathieulh> yeah it's a hash
[21:51:30] <Mathieulh> but I won't say more
[21:51:35] <jevin> ok
[21:51:55] <Mathieulh> everything you need is in the 3.56 fw :P
[21:52:16] <jevin> rgr, i will poke around later
[21:52:34] <jevin> the checks are unmodified in 3.60+?
[21:52:43] <jevin> + new keys of course
[21:52:51] <Mathieulh> same checks
[21:54:53] <Mathieulh> jevin you won't get around crafting valid 3.56+ npdrm selfs without a proper makeself tool though
[21:57:18] <jevin> would SCE make npdrm selfs work if actually signed?
[21:57:25] <jevin> + crypted
Source: http://www.ps3devwiki.com/index.php?...and_Decryption
this was posted by Godfrey from HERE POST 528
((i dont know if you want it here or in technical))
.................................................. .................................................. .......................................
[xx404xx] http://img841.imageshack.us/img841/1...apimage3en.png
[xx404xx] http://img824.imageshack.us/img824/5...mapimage3f.png I highly recommend you all go look at that
[xx404xx] Is anyone taking a look at that paste bin? http://pastebin.com/rFD5ASJa (via http://pastie.org/private/qwndjafrtkvhe9cikbxhg from lunuxx)
[xx404xx] Here's a pic from this leaked doc i found
[xx404xx] http://img684.imageshack.us/img684/7...mapimage6k.png
[xx404xx] http://pastebin.com/rFD5ASJa there's no per console key 0 in the guide
[xx404xx] and you need this leaked doc
[xx404xx] ill go upload it
[xx404xx] the per console key0 is only for my console......
[xx404xx] but you can obtain your own lv0
[xx404xx] im upploading the doc now
[xx404xx] i was hesitant about leaking this
[xx404xx] but here you go, you will need this info
[xx404xx] http://uppit.com/caofvtbovo2y/Cell_Broadband_Engine.doc
[xx404xx] it has doc on the spu's
[stronzolo] what do you think about the picture who math posted on the twitter ?
[xx404xx] real
[xx404xx] he already told us how he does it....
[stronzolo] us = who ?
[branan] everybody. His thing about metldr from a couple days ago applies to bootldr just as well
[xx404xx] it's no secret
[stronzolo] so why math can do it... and others can't ? what's wrong ?
[xx404xx] lol if he didnt want other's knowing about it mabye he shouldnt tweet so many hint's.......
[xx404xx] we can do it
[xx404xx] read the docs
[xx404xx] he talk's about how we dump the local storage from the spu's
[stronzolo] 404 when do we know if your key is key 0 ?
[xx404xx] when someone prep's a step by step guide to dump bootldr
.................................................. .................................................. .......................................
the link for the cell broadband needs password so Jamesoow HERE POST 536
posted an alt link http://www.mediafire.com/?g11o5xkf73jduok
some one any new infos about FailOverFlow? after they have respond to math talkink about warmup twitter for december an the new activation of the git
git.fail0verflow.com befor they have redirect to the frontpage now they will a login for that. so maybe some one have any infos. i hope they will bring a lot new stuff for the scene.
I have used Red Ribbon Linux RC5 and I have couple of questions for persons who already retrieve their eid0. Everyone recommending to Linux distros: RND or RR. Linux from RND doesn't boot on my console (black screen), and Red Ribbon doesn't have... make? WTF? Even gmake? So ok, I got a already compiled version of metldrpwn but kernel module is for 2.6.39-gd49d156. Have someone got compiled one for 2.6.38-powerpc64-otheros? Or maybe someone could recommend me another Linux distribution?
BTW: Why in run.sh some of these lines are uncommented?
You have to install make; use synaptic if your ps3 is online. If it's not connected (mine isn't), you can follow a few steps here to install what you need: http://www.ps3crunch.net/forum/threa...d-Ribbon-Linux
It was written back in March and the directory structure for the repositories may have changed again since then.
Extract the contents manually (with the filemanager, right click file, menu pops up) into a subfolder of the home folder such as /home/username/headers
I gave up. This distro is a junk, not a Linux... Lack of *base* packets, repositories are dead or changed dirs and I cannot figure out new ones. I don't know why RND Linux doesn't boot on my console. I have even problems with petitboot which not mount my pendrive with write privileges (remounting with rw doesn't work...). For God sake, it's nothing strange that so little people was convert their machines. Getting this keys is real pain in ass and I start feeling stupid... ;/
Originally Posted by ironhide
Reply With Quote
