PS3 SYSCON Firmware key is now public (release by zecoxao) - What does it mean?

Discussion in 'THE FEED (Submit/View News)' started by STLcardsWS, Sep 2, 2019.

By STLcardsWS on Sep 2, 2019 at 5:37 PM
  1. 9,431
    9,907
    1,172
    STLcardsWS

    STLcardsWS Administrator

    Joined:
    Sep 18, 2014
    Messages:
    9,431
    Likes Received:
    9,907
    Trophy Points:
    1,172
    Developer @zecoxao has recently released something that the dev has been working on obtaining for 10 years now and that obstacle that has now been cleared is the SYSCON Firmware Key and zecoxao has now released it to the public. First off we must erase some misconceptions as this is not going to directly lead us to a CFW on nonCFW PS3's anytime soon. As the dev stated on twitter "needless and pointless to say that the confusion being created around these keys that they will be useful for cfw on ps3 3k and superslim is a very farfetched idea. unless we have access to the TSOP 78K0R models, we will not be able to obtain anything else" and then when @kozarovv provided a follow-up question about 3k models here the developer responded with "don't expect miracles, is all i'm saying ". Now the question (which was asked by @DeViL303) "So what can we do with this as of now, what is possible with just this key alone and current knowledge? Then @zecoxao provides an explanation seen in this post (and also seen below). So this is a great feat that has been made, but its still being investigated and something that will need to be explored in the weeks to come to fully understand what we can be uncovered,. .

    1200px-SYSCON_GEN1.JPG

    • i got the syscon firmware key, a dream i've been pursuing for the past 10 years. now that i have it i feel like i've acomplished my goal. the rest will follow naturally.
      - https://twitter.com/notzecoxao/status/1168954036541935616

      What can developer's do with this key?

      via @zecoxao : With this key the following has happened:


      14 syscon firmwares for the BGA models (CXR) were decrypted.
      from them, keys for PATCHES and FULL FW signing and encryption, as well as decryption and validation were found. we can now sign our own patches and fws for the following models:

      • TMU-510
      • COK-001
      • COK-002
      • SEM-001
      • DIA-001
      • DIA-002 or DEB-001 (same soft id)

      Additionally we found the initialization key for eid1 as well as the process of initializing it from factory
      We also found 7 extra keys (we still don't know what they do)
      Finally, we found out there is a secret keyslot function that generates keys for
      • SNVS
      • AUTH1/AUTH2
      • Regions of EEPROM
      • PATCH keys xoring (to generate the final keys)
      • Relationship with the other 7 Keys

      What still has to be done:
      • Hack the 78K0R chips (the TSOP ones found in later models)
      • Dump the firmware of those chips
      • Get the DYN-001 patch keys
      • Find an exploit on arm firmware that works in 78k0r firmware

      Edit: and yes, you can do all that fun kinky shit of fan boosting at max speeds, led disco panic attack, and star wars theme ON A DECR-1000! THIS is a devkit, so THIS is the ONLY device that supports FULL FUCKING FIRMWARES! DO NOT CONFUSE IT with a DECR-1400, that is a HALF devkit!


    Release Source: twitter.com/notzecoxao
    Discussion: psx-place.com

    Thanks to @NathanHale for the news alert
     
    Last edited: Sep 10, 2019
    ntodek, smikk, Louis Garry and 16 others like this.

Comments

Discussion in 'THE FEED (Submit/View News)' started by STLcardsWS, Sep 2, 2019.

    1. Zeloko
      Zeloko
      i think the cfw for ps3 super slim 4k will come out before christmas, apparently won't come out cfw yet in 2019?
    2. sandungas
      sandungas
      By now all the progress made in syscon security only applyes to some of the PS3 fat models, there is nothing for the PS3 slims and superslims
      Just to get an idea... the AUTH keys has been found a couple of days ago, before that they was not able to use the complete syscon commands, and there is a lot of unknown stuff inside syscon

      The priority is to understand how it works in the first PS3 fat models, and eventually at some point to try to see if something of that could be used in PS3 slims and superslims, but we dont know

      My bet is is going to be reverse engineered almost entirelly for PS3 fats, but will happen around first quarter (or first half) of 2020
    3. LuanTeles
      LuanTeles
      @zecoxao when we have control of the RSX/CELL can we be able to overlock it? to get stable framerates?
    4. zecoxao
      zecoxao
      i'm almost sure you can already overclock it using internal commands, but you'd have to ask @M4j0r about that. he's more knowledgeable than I in the subject
      Louis Garry and LuanTeles like this.
    5. zecoxao
      zecoxao
      i also forgot to say auth1/2 keys are not perconsole. at least not in the CXR models
      unseen and DeViL303 like this.
    6. darknesmonk
      darknesmonk
      @M4j0r thanks! it's just incredible!
      using gen_auth2.py I got an AUTH2 key!
      I'm testing external commands VIA Hardware UART!
      SEM 001 motherboard!
      1 - HyperTerminal 30.12.2019 214446.bmp.jpg
      DeViL303 likes this.
    7. darknesmonk
      darknesmonk
      How to use ERRLOG GET ?
    8. M4j0r
      M4j0r
      Yes, you can overclock it using syscon/lv1, it's somewhere hidden in the XCG settings.

      You have to use ERRLOG GET <index>, for example ERRLOG GET 00, ERRLOG GET 01. The value is hexadecimal.
      Louis Garry, DeViL303 and darknesmonk like this.
    9. darknesmonk
      darknesmonk
      I'm use commands:
      C:52:ERRLOG CLEAR
      C:79:ERRLOG START
      starting my SEM-001 - YLOD
      C:4B:ERRLOG GET 00
      R:49:OK 00000000 A0403034 FFFFFFFF


      command: C:59:PDAREA GET FF
      Безымянный.jpg


      EEP SET 3961 01 00 not working in SEM-001, I returned the value FF

      upd.
      i'm changed baudrate to 115200, for use internal commands.
      "Diag pin low" AND "EEP SET 3961 01 00"
      1.jpg
      How to AUTH for use internal commands?

      upd.
      I have collected some errors (shorting DIO ports SYSCON)
      POWER ERRORS:
      0003001 POW_FAIL
      A0093004 RSX_POW_FAIL
      A0093003 CELL_POW_FAIL

      BE ERRORS:
      A0213013 BE_SPI DI/DO ERROR
      A0213011 BE_SPI CS ERROR
      A0203010 BE_INIT OR BE_POWGOOD OR CLOCK ERRORS

      RSX ERRORS:
      A0404002 RSX_SPI DI/DO ERROR
      A0404411 - ERROR ON RSX SPI? (My problem)

      SB ERRORS:
      A0302203 SB_SPI DI/DO ERROR
      A0313032 SB_CLOCK OR INIT ERROR

      OTHERS:
      A0022110 MK I2C ERROR (OR OTHER CLOCK's ERRORS)

      upd.
      A0403034 and A0404411 - RSX PROBLEMS ( I replaced the RSX)
      new my problem: A0603040 - maybe SS2 Bady or NAND error.
      Last edited: Jan 1, 2020
      DeViL303 and M4j0r like this.
    10. M4j0r
      M4j0r
      You need to use scopen. Just execute scopen, then send the Auth1 (1000..) then you get the response and can send the Auth2 value.
      DeViL303 and darknesmonk like this.
    11. LuanTeles
      LuanTeles
      Hope someone will be interrested in it =)

      at least to restore the Original Clock of it, since the RSX is underclocked
      gmipf and Louis Garry like this.
    12. Anthonyy817
      Anthonyy817
      Oh wow they underclocked it at the factory? By how much?
    13. darknesmonk
      darknesmonk
      returns ERROR 1

      [mullion]$ scopen
      SC_READY
      C:84:AUTH1 100000000000000000000000000000000000000000000000000000000000000000000
      00000000000000000000000000000000000000000000000000000000000
      ERROR 1
      *** Invalid Argument ***

      [mullion]$ scopen
      SC_READY
      AUTH1 10000000000000000000000000000000000000000000000000000000000000000000000000
      000000000000000000000000000000000000000000000000000000
      ERROR 1
      *** Invalid Argument ***
    14. M4j0r
      M4j0r
      You just need to send the raw values, like a command without Auth1/Auth2 or the checksum:

      Code:
      > scopen
      SC_READY
      > 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
      
      darknesmonk and DeViL303 like this.
    15. zecoxao
      zecoxao
      we're now working on 78K0R model (VER motherboards and later)
      we've sniffed SPI pins (check wiki for the 128pin model locations and spi samples with root key) and, when working on figuring out the DPA location, we figured out two things:

      The patch is not checked on reset ever! Only on pup install
      When installing the pup, the package that contains the patch is then checked for validation and, EVEN if the validation fails, the body is then decrypted and sent to syscon bank. if the patch is valid, we cannot read special area 0x82. if not, we can and we'll read whatever was written.

      We also found the location where the cbc is being done (immediately after flashing the patch) which would correspond to wild's 504 signals (252 per 0x10 bytes in one unique body totaling 0xFC0 size)
      sandungas, Louis Garry, Drkpt and 6 others like this.
    16. Md Hesam
      Md Hesam
      I'm just only hope cfw for late super & slim ps3
    17. MegaManX970
      MegaManX970
      this will not lead to cfw in any way as stated many times by devs & @zecoxao, not even syscon in phats with CXR chip has been fully cracked because of the lack of tools
    18. M4j0r
      M4j0r
      The CXR Syscon is fully exploited - all keys are known. You can do various things now which couldn't be done before (especially regarding diagnosing faults/"unbricking").
      The problem with "CFW" on newer consoles is the new lv0ldr. That's the earliest patchable part of the boot chain. The CELL secure boot, lv0ldr and lv0 don't trust syscon.
      The CELL boot process communication with syscon is openely documented by IBM and the lv0ldr/lv0 communication can be found on the devwiki.
      So even if the newer syscon gets exploited this won't change much regarding the "CFW problem".
      Here're some documents regarding the CELL security and other things: https://pastebin.com/X35tZdZY .


      Fan control
      So I reversed how the fan table and the other temperature control stuff works (on retail units).
      The fan table and other information are stored in a special region of the syscon EEPROM: https://pbs.twimg.com/media/ENs1zGGXUAIwnZl.png:large .
      I documented the area in the tmp_ctrl struct: https://pastebin.com/Wtc7NcJ4 .
      You can change these either using the dedicated ("internal") UART commands (https://pastebin.com/zEznkQiq) or by using the external read/write UART commands (https://pastebin.com/5sTdsVMZ).
      This Python 2 script can be used for easy access: https://pastebin.com/4ymiFQbi .
      To be able to change these regions from the CELL via the Device Access Service (0x03), the Syscon firmware needs to be patched: https://pastebin.com/6C1SJ8pM .
    19. gmipf
      gmipf
      Can we write a different Firmware version to the syscon now? I have a syscon bricked 3K console. Syscon and NOR firmware are different. I need to change the syscon firmware equal to NOR firmware.
      DeViL303 likes this.
    20. darknesmonk
      darknesmonk
      thanks!
      I can't start the console (SEM-001) in "internal" mode. error:

      [SSM] cannot clear fatal error state because of unrecoverable error.

      can help
      >trace print
      .........
      SSM 02 4000 0000
      SSM 00
      SSM 02 4000 0000
      SSM 00
      SSM 02 1100 0000

      "external" mode works well.
      What should I do?
      Last edited: Jan 26, 2020

Share This Page