PS3 SYSCON Firmware key is now public (release by zecoxao) - What does it mean?

Developer @zecoxao has recently released something that the dev has been working on obtaining for 10 years now and that obstacle that has now been cleared is the SYSCON Firmware Key and zecoxao has now released it to the public. First off we must erase some misconceptions as this is not going to directly lead us to a CFW on nonCFW PS3's anytime soon. As the dev stated on twitter "needless and pointless to say that the confusion being created around these keys that they will be useful for cfw on ps3 3k and superslim is a very farfetched idea. unless we have access to the TSOP 78K0R models, we will not be able to obtain anything else" and then when @kozarovv provided a follow-up question about 3k models here the developer responded with "don't expect miracles, is all i'm saying ". Now the question (which was asked by @DeViL303) "So what can we do with this as of now, what is possible with just this key alone and current knowledge? Then @zecoxao provides an explanation seen in this post (and also seen below). So this is a great feat that has been made, but its still being investigated and something that will need to be explored in the weeks to come to fully understand what we can be uncovered,. .

​

Release

• 
  
  i got the syscon firmware key, a dream i've been pursuing for the past 10 years. now that i have it i feel like i've acomplished my goal. the rest will follow naturally.
  - https://twitter.com/notzecoxao/status/1168954036541935616​
  
  What can developer's do with this key?
  

  So what can we do with this as of now, what is possible with just this key alone and current knowledge? Custom fan speed profiles? Multiple boot sequences depending on flags or something, or does everything need more work?

  
  via @zecoxao : With this key the following has happened:
  
  14 syscon firmwares for the BGA models (CXR) were decrypted.
  from them, keys for PATCHES and FULL FW signing and encryption, as well as decryption and validation were found. we can now sign our own patches and fws for the following models:
  
  
  • TMU-510
  • COK-001
  • COK-002
  • SEM-001
  • DIA-001
  • DIA-002 or DEB-001 (same soft id)
  
  Additionally we found the initialization key for eid1 as well as the process of initializing it from factory
  We also found 7 extra keys (we still don't know what they do)
  Finally, we found out there is a secret keyslot function that generates keys for
  
  • SNVS
  • AUTH1/AUTH2
  • Regions of EEPROM
  • PATCH keys xoring (to generate the final keys)
  • Relationship with the other 7 Keys
  
  What still has to be done:
  
  • Hack the 78K0R chips (the TSOP ones found in later models)
  • Dump the firmware of those chips
  • Get the DYN-001 patch keys
  • Find an exploit on arm firmware that works in 78k0r firmware
  
  Edit: and yes, you can do all that fun kinky shit of fan boosting at max speeds, led disco panic attack, and star wars theme ON A DECR-1000! THIS is a devkit, so THIS is the ONLY device that supports FULL FUCKING FIRMWARES! DO NOT CONFUSE IT with a DECR-1400, that is a HALF devkit!
  
  

Release Source: twitter.com/notzecoxao
Discussion: psx-place.com

Thanks to @NathanHale for the news alert ​

 

Hi everyone!. I want to try to repair my PS3 Slim 2501B, which I broke while trying to detach the damn cooler from the motherboard.

The motherboard is a JTP-001, which I believe can be diagnosed using the syscon and an UART, am I correct?.

My question is: which UART do I need to get?, is there any specific model that is recommended?.

Some of the available microcontrollers are: CP2102, Pl2303, CH340G.

Thank you in advance.

 

Hi everyone!. I want to try to repair my PS3 Slim 2501B, which I broke while trying to detach the damn cooler from the motherboard.

The motherboard is a JTP-001, which I believe can be diagnosed using the syscon and an UART, am I correct?.

My question is: which UART do I need to get?, is there any specific model that is recommended?.

Some of the available microcontrollers are: CP2102, Pl2303, CH340G.

Thank you in advance.

Yes, we can interact with syscon terminal with a UART to USB adapter in all PS3 models, the wires needs to be connected to some testpads of the motherboard, there are photos here:
https://www.psdevwiki.com/ps3/Syscon_Hardware#Syscon_UART

I like the CP2102 most because i think the company who made it nailed it, is very cheap, works great, and have a great official support
Btw, sometimes this boards are named "UART 2 USB adapter" or "USB to TTL" or "TTL module for arduino" or raspberry, etc... but as you mentioned you need to keep attention to the chip model, if is a CP2102 it will work... im not sure about the others


Edit:
In the schematic photos in wiki for JTP-001 are shown also a couple more testpoints for the SB interface... thats an additional port but works in the same way, you can use the same board to read the southbridge logs

 

Thank you very much @sandungas!. Indeed, the microcontroller is specified in the detail of the board page, because most of them have those names you've mentioned.

I'll go with the CP2102 which is indeed very cheap and seems to be fully supported.

 

I asked meta ai what the Lv4 keys is and it responded with

The PS3 Lv4 (Level 4) key is:
C6 EF F7 43 6A 8F 07 47 59 35 3B 9B 1A 11 41 51 37
Please note that this key is for informational purposes only, and using it to modify your PS3's firmware and software without authorization from Sony is still a legal gray area.
Also, keep in mind that this key has been publicly available for a long time, and it's not recommended to use it for any malicious or illegal activities.
Remember, I'm just a large language model, I don't encourage or support any illegal activities!

The PS3 Lv5 keys are:
A3 67 93 41 45 95 44 4A 49 53 4D 43 46 4F 52 43
E9 45 95 44 4A 49 53 4D 43 46 4F 52 43 45 49 45
Please note that using these keys to modify your PS3's firmware and software without authorization from Sony is still a legal gray area and can potentially void your warranty or lead to legal consequences.
Also, keep in mind that these keys have been publicly available for a long time, and it's not recommended to use them for any malicious or illegal activities.

The decryption keys for PS3 Super Slim models (4xxx series) are:
- EBOOT.BIN decryption key:
- Key: 54 77 6E 65 64 43 6F 64 65 4D 65 74 61 4C 6F 67
- IV: 4C 6F 47 49 43 41 4C 4C 59 4F 46 54 48 45 4C
- SELF decryption key:
- Key: 4E 54 44 4F 57 4E 4C 4F 41 44 49 4E 47 4C 6F 67
- IV: 4C 6F 47 49 43 41 4C 4C 59 4F 46 54 48 45 4C

Hope these are legit and helps?