|
|
| Page 260 of 363 |
Jonhy
Posts: 667
Location: The Netherlands
|
 Posted: Thu, 7th Jun 2012 15:26 Post subject: |
|
 |
Hmm another thing i was thinking of: if they want to replace the current keys with a new set of keys, they will need to release an update (this can only be done by software since they obviously can't change anything of your ps3 hardware). So when this happens wouldnt it be simply a case of analysing the update and retreiving the keys from it?
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 7th Jun 2012 15:26 Post subject: |
|
|
Sony already changed the public keys multiple times since 3.60.
In fact, they changed them 4 times : rev10 (3.60-3.61), rev13 (3.65-3.66), rev16 (3.70,71,72), rev19 (4.00, 4.01, 4.10, 4.11), but obviously every time they did, they got owned by TB.
So they added that SDAT 4 layer now, but seems they got owned also. What next ? No clue.
rev22 ? Sure, but will that help them ?
Edit : @johny : yep, they need to release a firmware update to add a new key set, which is actually what they are doing for every rev. "Analyzing" the update is how you get the keys (that how we got them till 3.56 so far), but the problem is since 3.60, they are encrypted in a file named "lv0", which is the only file of the update we can't decrypt since it's decrypted by bootldr public keys, which we don't have (yet).
So for sure, no rev22 for a while since so far 4.11 is the latest firmware and is rev19. A new update is coming soon though, 4.20 I think, so we will see if it still uses rev19 or not.
Last edited by cyclonefr on Thu, 7th Jun 2012 15:34; edited 2 times in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
Jonhy
Posts: 667
Location: The Netherlands
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 7th Jun 2012 16:09 Post subject: |
|
|
Sony already released new keys and encrypted them into lv0 since 3.60 as I stated in my previous post. This is their last resort of security since the only keys we miss are lv0 public keys.
It's possible they have bootldr keys, but we can't be sure, there are other ways to dump lv0 (hardware tricks) that they could have used for every new key set (rev).
What can Sony do ? Well, make it harder for them to find the keys in lv0 (obfuscating them), but this isn't good in the long term run... If i were Sony, I'd put efficient protections into their games, like PC games, which is even easier for them to put since they could easily put some anti 3.55 checks.
So as you can understand, what can Sony do is simply barriers, nothing that can stop hacking their console. The last good solution Sony had was done in 3.60, obfuscating keys in lv0, which is earning time till PS4, and which is exactly what they are doing since 3.60 and they know it. I'd say Sony kinda succeeded for now, it took a while for the TB dongle to be out, and even though, TB dongle isn't a solution everybody appreciates.
Last edited by cyclonefr on Thu, 7th Jun 2012 16:11; edited 1 time in total
|
|
| Back to top |
|
|
NFOAC
Posts: 6015
Location: India
|
| Posted: Thu, 7th Jun 2012 16:10 Post subject: |
|
|
| cyclonefr wrote: | Sony already changed the public keys multiple times since 3.60.
In fact, they changed them 4 times : rev10 (3.60-3.61), rev13 (3.65-3.66), rev16 (3.70,71,72), rev19 (4.00, 4.01, 4.10, 4.11), but obviously every time they did, they got owned by TB.
So they added that SDAT 4 layer now, but seems they got owned also. What next ? No clue.
rev22 ? Sure, but will that help them ?
|
How are the revisions calculated ? Are they fix with patch ?
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 7th Jun 2012 16:12 Post subject: |
|
|
Not sure what you mean, but the key revisions are set into the SELF header. The PS3 reads the EBOOT header, see it needs a rev13 key set for example, then (to make it easier, because it s much more complicated since 3.60) do a bunch of stuff to decrypt lv0 to read the key set in here (looks for the rev13 offset, read them, and use them for decryption and finally decrypt the self into the ram).
No calculation is done here, when decrypting a EBOOT, you can reencrypt it to 3.55+ max (so rev07) since we don't have 3.56+ private keys. TB does it differently, reencrypting them with their own key set, using rev80 (debug revision, aka no revision).
|
|
| Back to top |
|
|
NFOAC
Posts: 6015
Location: India
|
| Posted: Thu, 7th Jun 2012 16:20 Post subject: |
|
|
So the class object is dumped to RAM ?
You mean TB has a parent class which is not held by the revision hence they can continue decryption with tweaks here and there ?
|
|
| Back to top |
|
|
Jonhy
Posts: 667
Location: The Netherlands
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 7th Jun 2012 16:48 Post subject: |
|
|
@NFOAC : not sure what you are wondering, I think what I explained earlier is clear already. Dumping the RAM is one way of dumping decrypted EBOOT, if that's what you are asking. That could be what TB does, I have no idea.
Having the rev10,13,16,19 keys though would make it much more easier since you could simply decrypt the SELF (EBOOT.BIN) from a PC.
@Jonhy : I haven't heard about new binaries/sprx in 3.60+, but I didn't really check. Since most TB games work on 3.55, including ones compiled with the latest SDK up to date (Dirt Showdown, Max Payne 3), I think it's safe there wasn't anything special or mandatory really added.
Although some 3.55 games have problems in 3.41 (mostly related to PS Move support only) so you never know. Maybe there are indeed new bins but dev didn't use them (yet ?).
Is it easy to import newer libs to 3.55 ? No idea, but is it possible ? Definitely.
|
|
| Back to top |
|
|
JackQ
Non-expret in Derps lagunge
Posts: 14179
Location: Kibbutznik, Israel
|
| Posted: Thu, 7th Jun 2012 17:31 Post subject: |
|
|
| cyclonefr wrote: | If i were Sony, I'd put efficient protections into their games, like PC games, which is even easier for them to put since they could easily put some anti 3.55 checks.
|
I really think they have limits in that area,sure,Microsoft did it with AP and etc... but it was mostly on the discs,and mostly for detection to track pirates for Live ban. ,they knew the protection it self will be cracked fast. what Sony actually did is the PSN pass for multiplayer.
"Fuck Denuvo"
Your personal opinions != the rest of the forum
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 7th Jun 2012 17:56 Post subject: |
|
|
the PSN pass wasn't really done against piracy, since the first Sony game to use it was Infamous 2 and PSN was already blocked back then.
The online pass is mostly to prevent 2nd hand, not piracy. Protections can be done on the PS3, it takes 1 min for a coder to check a MD5 of a firmware file (3.55 file for example) and make the game refuse to run. Even if it can be cracked in 5min, it's barriers Sony would likely use. If protections were that useless, PC publishers would stop putting them.
|
|
| Back to top |
|
|
JackQ
Non-expret in Derps lagunge
Posts: 14179
Location: Kibbutznik, Israel
|
| Posted: Thu, 7th Jun 2012 18:00 Post subject: |
|
|
| Quote: | | If protections were that useless, PC publishers would stop putting them. |
they are,most of them,most games now days cracked in hours,even developers starting to admit about this,noticed the rise of "DRM Free" games  ,sure,there are games like Diablo 3,which the "always on",that hard to crack,but also very annoying for legel guys as well.
related:
http://beefjack.com/news/cd-projekt-red-drm-excuses-are-pretty-much-bullshit/
"Fuck Denuvo"
Your personal opinions != the rest of the forum
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 7th Jun 2012 19:25 Post subject: |
|
|
I'm not speaking about having the best protection ever, I'm just telling about earning time, that's all Sony is looking for. What do you think they created SDAT 4 for when SDAT 3 was perfectly fine ? It made them earn a few weeks / months, better than nothing huh ?
|
|
| Back to top |
|
|
JackQ
Non-expret in Derps lagunge
Posts: 14179
Location: Kibbutznik, Israel
|
| Posted: Thu, 7th Jun 2012 20:02 Post subject: |
|
|
yea,consoles are easier to protect when it comes to offline,but that because they are closed system from the first place
"Fuck Denuvo"
Your personal opinions != the rest of the forum
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 8th Jun 2012 02:31 Post subject: |
|
|
Hey, cyclonefr, something I always wondered but never found the answer to, and I figured you might know why. How come no one made a pkg for 3.55 that made the PS3's DVD player region free? It would seem to me like something not that hard to do, given someone was able to disable cinavia.
I'd certainly appreciate one less box on top of my TV....
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 8th Jun 2012 12:20 Post subject: |
|
|
@rayida : can't help you about this, I really have no clue.. About cinavia, nobody did anything special except replacing a file (SPRX) from a DEX (debug) firmware into the CEX (retail) firmware.
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 8th Jun 2012 14:24 Post subject: |
|
|
Thanks for the reply. Apparently it's possible doing a registry hack:
| Quote: |
Step by Step:
- activate FTPServer on PS3
- Start FTP Client on
- in FTP Client browse to PS3 nach /dev_flash2/etc/xRegistry.sys
- copy the xRegistry.sys to PC (make a Backup !!!)
- start xRegistry Editor & open xRegistry.sys File
- search for Entry /setting/bddvd/dvdRegionCode
- change Value 00000000 to 00000002 (asian to european)
(last Digits: 0=asian, 1=americian, 2=european)
- search for Entry /setting/bddvd/bdRegionCode
- change Value 00000000 to 00000002 (asian to european)
(last Digits: 0=asian, 1=americian, 2=european)
- push Save Button to save
- copy or overwrite xRegistry.sys with FTP Client back to /dev_flash2/etc/xRegistry.sys
- reboot PS3
Now, you should be able to start a DVD/BR Disc of the Region you change, have Fun !!!
|
Now, would making a pkg that semi automates that be possible? I realise that it seems there's not a "region 0" option which would be the ideal scenario, but even if you could just run a program each time you wanted to change regions rather than have to ftp in to the console each time, it would be nice.
(Sorry if I'm assuming concerning your knowledge of writing such things).
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 8th Jun 2012 15:24 Post subject: |
|
|
Nope a pkg can only allow write to hdd0, not dev_flash2.
I think you can change this directly with a REBUG FW, since you can change the region in debug settings. Not sure it's the bdRegionCode though, I'd say google to be sure 
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 8th Jun 2012 17:26 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 10th Jun 2012 10:15 Post subject: |
|
|
Finally some real progress (I think):
| Quote: | Official Statement from E3 TEAM
Few days ago, there was news posted on various websites that we had cloned JB2 (aka) 'True Blue' successfully.
We clarify we did not clone any other product, but we did find the ways on how to allow the newer games to work on CFW v3.55.
Our research has found 3 different ways to allow newer games to work on older firmwares!
A way:
No need of any new keys, but allows SOME new games to work on CFW v3.55 with a special bypass.
We think the USB device on market uses this system. (Maybe)
With this method, most games even v4.11 games can run on CFW v3.55 very easily.
But there has some games that can't work with this A way.
E3 TEAM knows this A way very well and can modify a newer v3.6+ game in 10 min.
B way:
Decrypt games with it's private key and encrypt with v3.55 key, so game can run on CFW v3.55 successfully.
For example, you need v3.65 key to decrypt v3.65 game. Need v4.11 key to decrypt v4.11 game.
E3 Team can successfully get all newer keys up to v4.11.
We are 100% sure we can get all keys to v4.20 or higher FW with same way, only it takes some more time.
This means, E3 TEAM can decrypt all newer games with this B way.
As a matter of a fact, we are planning a newer CFW (no more need to be stuck on v3.55) when we have completed our research.
C way:
Modify Blu-Ray firmware to allow newer games to run on older firmware.
But only a few of the newer games can work with this C way, so we stopped researching this method.
We are in the progress of developing a new USB device, to allow users to enjoy our work with economical cost.
We will release further news and list of its features regarding this new product at a later date.
Finally, to thank all of users whom have supported us in the past with our previous products, like the E3 Card Reader and E3 Flasher, we have decided to release 2 game eboots for free for everyone to enjoy that work directly on any console running CFW v3.55 directly.
PS: Unfortunately the latest Slim 3000x consoles can't work currently with methods mentioned above, as it is fully difference design compared to the older PS3 consoles, but have no fear we are still working hard on solving this Jailbreak puzzle.
Remember our current product, The E3 Flasher is also very useful for Dual-Boot and to downgrade on older consoles, as for now we need to still stay on CFW v3.55.
Below is links to our proof videos to show our work. First we run Ninja Gaiden 3 using the A way and then second we run Splinter Cell Trilogy HD with B way, which no matter how hard you have tried the A way it will never run. |
Source: PS3Crunch
They have released Ninja Gaiden 3 & Fifa Street 2012 EURO Eboots, confirmed to be working. 
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 10th Jun 2012 12:13 Post subject: |
|
|
Yup.. street working here!
|
|
| Back to top |
|
|
JackQ
Non-expret in Derps lagunge
Posts: 14179
Location: Kibbutznik, Israel
|
| Posted: Sun, 10th Jun 2012 12:31 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 10th Jun 2012 12:38 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 10th Jun 2012 12:40 Post subject: |
|
|
Sadly, only these 2 EBOOT will be free.
|
|
| Back to top |
|
|
NFOAC
Posts: 6015
Location: India
|
| Posted: Sun, 10th Jun 2012 12:44 Post subject: |
|
|
Are they have any plans for psn games wanted to play journey
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 10th Jun 2012 12:44 Post subject: |
|
|
Well, if the "We are in the progress of developing a new USB device, to allow users to enjoy our work with economical cost" line translates to a dongle purchase, then NO THANK YOU!
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 10th Jun 2012 13:22 Post subject: |
|
|
Well this is certainly a surprising turn of events. IF they really can decrypt their own EBOOTs then the scene won't be in a stranglehold by TB any longer, which is exactly what will happen if someone clones their dongle .. or continues to do nothing.
|
|
| Back to top |
|
|
| Page 260 of 363 |
All times are GMT + 1 Hour |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group
|
|
 |
|
,guess time to upgrade HD
