PS3 SYSCON Firmware key is now public (release by zecoxao) - What does it mean?

Discussion in 'THE FEED (Submit/View News)' started by STLcardsWS, Sep 2, 2019.

By STLcardsWS on Sep 2, 2019 at 5:37 PM
  1. 8,869
    8,818
    1,172
    STLcardsWS

    STLcardsWS Administrator

    Joined:
    Sep 18, 2014
    Messages:
    8,869
    Likes Received:
    8,818
    Trophy Points:
    1,172
    Developer @zecoxao has recently released something that the dev has been working on obtaining for 10 years now and that obstacle that has now been cleared is the SYSCON Firmware Key and zecoxao has now released it to the public. First off we must erase some misconceptions as this is not going to directly lead us to a CFW on nonCFW PS3's anytime soon. As the dev stated on twitter "needless and pointless to say that the confusion being created around these keys that they will be useful for cfw on ps3 3k and superslim is a very farfetched idea. unless we have access to the TSOP 78K0R models, we will not be able to obtain anything else" and then when @kozarovv provided a follow-up question about 3k models here the developer responded with "don't expect miracles, is all i'm saying ". Now the question (which was asked by @DeViL303) "So what can we do with this as of now, what is possible with just this key alone and current knowledge? Then @zecoxao provides an explanation seen in this post (and also seen below). So this is a great feat that has been made, but its still being investigated and something that will need to be explored in the weeks to come to fully understand what we can be uncovered,. .

    1200px-SYSCON_GEN1.JPG

    • i got the syscon firmware key, a dream i've been pursuing for the past 10 years. now that i have it i feel like i've acomplished my goal. the rest will follow naturally.
      - https://twitter.com/notzecoxao/status/1168954036541935616

      What can developer's do with this key?

      via @zecoxao : With this key the following has happened:


      14 syscon firmwares for the BGA models (CXR) were decrypted.
      from them, keys for PATCHES and FULL FW signing and encryption, as well as decryption and validation were found. we can now sign our own patches and fws for the following models:

      • TMU-510
      • COK-001
      • COK-002
      • SEM-001
      • DIA-001
      • DIA-002 or DEB-001 (same soft id)

      Additionally we found the initialization key for eid1 as well as the process of initializing it from factory
      We also found 7 extra keys (we still don't know what they do)
      Finally, we found out there is a secret keyslot function that generates keys for
      • SNVS
      • AUTH1/AUTH2
      • Regions of EEPROM
      • PATCH keys xoring (to generate the final keys)
      • Relationship with the other 7 Keys

      What still has to be done:
      • Hack the 78K0R chips (the TSOP ones found in later models)
      • Dump the firmware of those chips
      • Get the DYN-001 patch keys
      • Find an exploit on arm firmware that works in 78k0r firmware

      Edit: and yes, you can do all that fun kinky shit of fan boosting at max speeds, led disco panic attack, and star wars theme ON A DECR-1000! THIS is a devkit, so THIS is the ONLY device that supports FULL FUCKING FIRMWARES! DO NOT CONFUSE IT with a DECR-1400, that is a HALF devkit!


    Release Source: twitter.com/notzecoxao
    Discussion: psx-place.com

    Thanks to @NathanHale for the news alert
     
    Last edited: Sep 10, 2019

Comments

Discussion in 'THE FEED (Submit/View News)' started by STLcardsWS, Sep 2, 2019.

    1. pinky
      pinky
      @sandungas , just wants to be with his bestest bud, pinky. :-p
      Danxx444 likes this.
    2. pipex55
      pipex55
      Awesome! Ten fucking years, besides intelligence and reversing engineering, there's something called patience that no all has.
      Tidjane Ly, DADi590, Danxx444 and 2 others like this.
    3. DoublesAdvocate
      DoublesAdvocate
      Would this open up the ability to swap CPUs/GPUs to different machines? I/E putting the CPU from a slim into a fat?
    4. snkplkn
      snkplkn
      Let me know when i can install windows xp 32 bit on my PS3.
    5. remlei
      remlei
      even if that's possible the substrate wont fit on older fat models due to their smaller in size.
    6. kristijan666
      kristijan666


      does this mean if you are on HFW Ps3 Superslim can you go to CFW with this?
    7. atreyu187
      atreyu187
      That just isn't possible but I am sure (well I hope) you knew that. The only Windows we will ever be able to run on PS3 is 3.1 and that is only because DOSBox can emulate that. Can run 32/64 bit architecture in the CellOS
    8. zecoxao
    9. RandQalan
      RandQalan
    10. Joat.None
    11. kozarovv
      kozarovv
      So this mean nothing new for end users for now? Specially for 3k+ users?
      STLcardsWS and DeViL303 like this.
    12. zecoxao
      zecoxao
      don't expect miracles, is all i'm saying
      Louis Garry and DeViL303 like this.
    13. DeViL303
      DeViL303
      So what can we do with this as of now, what is possible with just this key alone and current knowledge? Custom fan speed profiles? Multiple boot sequences depending on flags or something, or does everything need more work?
      zecoxao, Louis Garry, jcorrea and 2 others like this.
    14. Danxx444
      Danxx444
      Maybe for HEN users, it is possible to program HEN to be activated on Boot ... who knows
      TesterGame and Louis Garry like this.
    15. zecoxao
      zecoxao
      with this key the following has happened:

      14 syscon firmwares for the BGA models (CXR) were decrypted.
      from them, keys for PATCHES and FULL FW signing and encryption, as well as decryption and validation were found. we can now sign our own patches and fws for the following models:

      TMU-510
      COK-001
      COK-002
      SEM-001
      DIA-001
      DIA-002 or DEB-001 (same soft id)

      Additionally we found the initialization key for eid1 as well as the process of initializing it from factory
      We also found 7 extra keys (we still don't know what they do)
      Finally, we found out there is a secret keyslot function that generates keys for

      SNVS
      AUTH1/AUTH2
      Regions of EEPROM
      PATCH keys xoring (to generate the final keys)
      Relationship with the other 7 Keys

      What still has to be done:

      Hack the 78K0R chips (the TSOP ones found in later models)
      Dump the firmware of those chips
      Get the DYN-001 patch keys
      Find an exploit on arm firmware that works in 78k0r firmware

      Edit: and yes, you can do all that fun kinky shit of fan boosting at max speeds, led disco panic attack, and star wars theme ON A DECR-1000! THIS is a devkit, so THIS is the ONLY device that supports FULL FUCKING FIRMWARES! DO NOT CONFUSE IT with a DECR-1400, that is a HALF devkit!
      ecto, mr_ota, citra mulia and 14 others like this.
    16. zecoxao
      zecoxao
      are you all clarified now? can you stop bugging me on twitter for eta wens and superslim cfw maybe ? 1:0
    17. aldostools
      aldostools
      Good job Mr. zecoxao! Could I ask you how you found the key? For me it's more interesting than the key itself ;)
    18. Zar
      Zar
      It was under the mat ;)
    19. Fanhais
      Fanhais
      pelo que entendi só as ps3 com essas motherboards podem ser desbloquadas entao fica tudo quase na mesma
      english

      as I understand only ps3 with these motherboards can be unlocked so everything is almost the same
      Last edited: Sep 10, 2019
    20. DADi590
      DADi590
      Tens de pôr uma tradução em inglês haha. Mesmo que seja com o Google Tradutor (digo porque está nas regras).
      ---
      You have to put an english translation haha. Even if it's with Google Translate (I say this because it's in the rules).
      STLcardsWS likes this.

Share This Page