KaKaRoToKS reveal more info for PS3 Dev for rebuilding new CFW 4.21+

[/GriFFin]

More great news about this new 4.21CFW, KaKaRoToKS reveal more info for PS3 Dev for rebuilding new 4.21+ CFW!

Since the LV0 keys have now been leaked, I believe I can now share this info with you, to help out those who are trying to build their own 4.x CFW :
The NPDRM ECDSA signature in the SELF footer is checked by lv2. It first asks appldr to tell it whether or not the signature is to be checked, and appldr will only set the flag if the SELF is a NPDRM with key revision from 3.56+ (the ones without private keys). This means that the SELF files signed with the new 3.56+ keys still don't have their ecdsa checked (probably to speed up file loading).
If appldr says the ecdsa signature must be checked, then lv2 will verify it itself, and return an error if it's not correct. There are many ways to patch this check out.
1 - Patch out the check for the key revision in appldr
2 - Patch out the "set flag to 1" in appldr if the key revision is < 0xB
3 - Patch out the code in lv2 that stores the result from appldr
4 - Patch out the actual sigcheck function from lv2.
5 - Ignore the result of the ecdsa from lv2.

Here is one of the patches (the 4th one, patching out the check function from lv2) :
In memory 0x800000000005A2A8, which corresponds to offset 0x6a2a8 in lv2_kernel.elf, replace :
e9 22 99 90 7c 08 02 a6
With :
38 60 00 00 4e 80 00 20

This is for the 4.21 kernel (that was the latest one when I investigated this), I will leave it as an exercise to the reader to find the right offsets for the 4.25 and upcoming 4.30 kernel files.
And here's another bit of info... in 4.21 lv2, at memory address 0x800000000005AA98 (you figure out the file offset yourself), that's where lv2 loads the 'check_signature_flag' result from appldr, so if you prefer implementing method 3 above, just replace the 'ld %r0, flag_result_from_appldr' by 'ld %r0, 0' and you got another method of patching it out. Either solutions should work just the same though.
Enjoy homebrew back on 4.x CFW....

p.s: Thanks to flatz and glu0n who helped reversed this bit of info.

Original Pastie: Link

NEWS SOURCE: KaKaRoToKS's Twitter

Forgot to thank 'Xtreamst' for submitting the news tip, Sorry!

[the-green]

Thanks for the news, thank you KaKaRoToKS, hope this wil help the scene

[2die4]

nice good thing i have come back to cex even with the heart in the mouth brick problem

[Raklodder]

Indeed, thank you! Keep it up Matrix makers!!

[goldeneagle999]

Thank Allah I held my horses and didn't update. Now, a new and an anticipated 4.21 / 4.25 CFW is around the corner! That's HUUUUUUUUUUUUUGE NEWS! XD Thank you very much, KaKaRoToKS. An Arab exploded the PS3 scene xD

[TheWhiteTyger]

Fortunatly, I installed on a freshly installed kmeaw 3.55 with regular in xmb system update to rogero cfw 4.21 and no problems so far. Was QA flagged but not sure (it never bepped before I installed the new CFW.

[Morphosis]

This is a great news so far. It is so sad to see KaKaRoToKS lost his interest in the ps3 scene. kudos to KaKaRoToKS.

[gDrive]

Thank Allah I held my horses and didn't update. Now, a new and an anticipated 4.21 / 4.25 CFW is around the corner! That's HUUUUUUUUUUUUUGE NEWS! XD Thank you very much, KaKaRoToKS. An Arab exploded the PS3 scene xD

Hehe I second this.

[CookieMonster]

Hehe I second this.

Gdrive (aka aha, aka Gstring, aka... ufff! )!! Glad to see that you are "back"!

On a side note, as long you are seeing the "army" of 3.55 ps3´s keep falling your ps3 3.55 keeps getting a higher and higher value...

it´s your... preciousssss!!

slide_2.jpg

[themuse]

gdrive picked a hell of a time to announce his departure from the scene,i think he reverse jinxed the scene