PS3 SYSCON Firmware key is now public (release by zecoxao) - What does it mean?

Discussion in 'THE FEED (Submit/View News)' started by STLcardsWS, Sep 2, 2019.

By STLcardsWS on Sep 2, 2019 at 5:37 PM
  1. 9,043
    9,256
    1,172
    STLcardsWS

    STLcardsWS Administrator

    Joined:
    Sep 18, 2014
    Messages:
    9,043
    Likes Received:
    9,256
    Trophy Points:
    1,172
    Developer @zecoxao has recently released something that the dev has been working on obtaining for 10 years now and that obstacle that has now been cleared is the SYSCON Firmware Key and zecoxao has now released it to the public. First off we must erase some misconceptions as this is not going to directly lead us to a CFW on nonCFW PS3's anytime soon. As the dev stated on twitter "needless and pointless to say that the confusion being created around these keys that they will be useful for cfw on ps3 3k and superslim is a very farfetched idea. unless we have access to the TSOP 78K0R models, we will not be able to obtain anything else" and then when @kozarovv provided a follow-up question about 3k models here the developer responded with "don't expect miracles, is all i'm saying ". Now the question (which was asked by @DeViL303) "So what can we do with this as of now, what is possible with just this key alone and current knowledge? Then @zecoxao provides an explanation seen in this post (and also seen below). So this is a great feat that has been made, but its still being investigated and something that will need to be explored in the weeks to come to fully understand what we can be uncovered,. .

    1200px-SYSCON_GEN1.JPG

    • i got the syscon firmware key, a dream i've been pursuing for the past 10 years. now that i have it i feel like i've acomplished my goal. the rest will follow naturally.
      - https://twitter.com/notzecoxao/status/1168954036541935616

      What can developer's do with this key?

      via @zecoxao : With this key the following has happened:


      14 syscon firmwares for the BGA models (CXR) were decrypted.
      from them, keys for PATCHES and FULL FW signing and encryption, as well as decryption and validation were found. we can now sign our own patches and fws for the following models:

      • TMU-510
      • COK-001
      • COK-002
      • SEM-001
      • DIA-001
      • DIA-002 or DEB-001 (same soft id)

      Additionally we found the initialization key for eid1 as well as the process of initializing it from factory
      We also found 7 extra keys (we still don't know what they do)
      Finally, we found out there is a secret keyslot function that generates keys for
      • SNVS
      • AUTH1/AUTH2
      • Regions of EEPROM
      • PATCH keys xoring (to generate the final keys)
      • Relationship with the other 7 Keys

      What still has to be done:
      • Hack the 78K0R chips (the TSOP ones found in later models)
      • Dump the firmware of those chips
      • Get the DYN-001 patch keys
      • Find an exploit on arm firmware that works in 78k0r firmware

      Edit: and yes, you can do all that fun kinky shit of fan boosting at max speeds, led disco panic attack, and star wars theme ON A DECR-1000! THIS is a devkit, so THIS is the ONLY device that supports FULL FUCKING FIRMWARES! DO NOT CONFUSE IT with a DECR-1400, that is a HALF devkit!


    Release Source: twitter.com/notzecoxao
    Discussion: psx-place.com

    Thanks to @NathanHale for the news alert
     
    Last edited: Sep 10, 2019
    ntodek, smikk, Louis Garry and 16 others like this.

Comments

Discussion in 'THE FEED (Submit/View News)' started by STLcardsWS, Sep 2, 2019.

    1. Fanhais
      Fanhais
      I stay happy with hen on 3000 and super slim is an unbelievable achievement have webman and multiman on these systems so cfw maybe will come but like now is hard to tell
      Yordi and Tidjane Ly like this.
    2. nCadeRegal
      nCadeRegal
      Stop begging for slim 3k and super slim 4K cfw when the dev himself has explicitly stated this is not for that. This is the last warning all off topic posts will be removed and consequences will be dealt! @Md Hesam @Zeloko
    3. MegaManX970
      MegaManX970
      Too bad slims and super slims' syscon chips can't be patched due to the lack of external EEPROMs. I wonder what's going to be the first feature fat consoles will try with patched syscon
      Mello_1993 likes this.
    4. neo88
      neo88
      Maybe you integrate new fan scales natively into the firmware without using any intermediary homebrew.
      sandungas, mr_ota and MegaManX970 like this.
    5. Luisile
      Luisile
      This would be perfect for any CECHC users including me.
    6. Yordi
      Yordi
      Gods writing here...
    7. BeaterEngineering
      BeaterEngineering
      Ohh.. This is a good news. Now I can install CFW for me CECH-3012B PS3 in the near future. :)
    8. n00b
      n00b
      Might be in the future not sure.
      :)
    9. MegaManX970
      MegaManX970
      Not a chance, unless syscon chips of later models can be patched. Meanwhile, let's see how deep can we get through syscon via fat models first
      Danxx444 likes this.
    10. BeaterEngineering
      BeaterEngineering
      Well, I can't do anything but to wish you good luck.
    11. Yordi
      Yordi
      This words its a kind of magic.tanks gods for write for us.
      10 tnks
      20 tnks
      50 tnk
      60 return to 10
    12. Fin9ersMcGee
      Fin9ersMcGee
      Sorry guys...
      I think I may have started the whole "CFW on 3k 4k" thing way back at the beginning of the thread...

      My bad, I didn't realise this was syscon for phats...
    13. MegaManX970
      MegaManX970
      No problem man, but I think it was habib's speculation that got the whole community very hyped xD
      Danxx444 likes this.
    14. sandungas
      sandungas
      Not sure if you mean thanks or tanks, i agreee on both though :D

      A million of thanks to the people involved in this research
      https://www.albinoblacksheep.com/flash/thankyou

      And a million of tanks we need to send to syscon now
      [​IMG]
    15. sandungas
      sandungas
      I like to use funny examples to simplify things, this one is like is we are aliens and we find a australophitecus for first time
      We study it, and since that point we can get a very good idea about how the humans works
      After that the next step to understand "how the humans works" is to find a neandhertal (another hominid more evolved)
      There are going to be differences, but most of the things are common :)

      At this point the experiments are made with monkeys by using the "reference tool" PS3 model DECR-1000 or older prototypes/variants of it

      Theoretically it can be applyed to the first humans (the CECHA and his brothers) but i doubt they have started this kind of experiments yet, is a bit soon... but is tempting XD
      Tidjane Ly, neo88, Yordi and 2 others like this.
    16. neo88
      neo88
      In this way, the reissues, being more compact logically, have different pieces and other parts with a new structure on the motherboard, but in essence they should have similarities in their operation, I even remember that at different times I had 2 psx fat with different motherboards in the design also the playstation one, was a curious caveman of 12 years with a screwdriver in hand when I tried to repair my playstation although it damaged the first one I could learn to replace and calibrate the lazer of the CD player and solder and desolder capacitors there I met the differences, in an era where I didn't have access to the internet or electronic books, I was just a caveman with a few tools.
      Yordi likes this.
    17. nCadeRegal
      nCadeRegal
      That speculation was fine man. We were all excited in the beginning bc we all wanted to see what this could do. It’s the fact that after zeco said this is a far fetched idea people kept off topic posting about I want cfw for ss and when. That’s when I got hostile about it. Your good man
      Kier_1234657 and Fin9ersMcGee like this.
    18. sandungas
      sandungas
      Is fine to speculate, to chill a bit, and even a bit of offtopic (eventually we will return to it), but after zecoxao explained it is clear at wich point they are, and which PS3 models could potentially take advantage of it first

      Im going to try to explain it better to clarify it, at some point in psdevwiki we had to made a classification of PS3 syscon chip models in groups "by series", and we used 5 series, take a look at top in this template
      https://www.psdevwiki.com/ps3/Motherboard_Components
      CXR713 Series = CXR713120-201GB · CXR713120-202GB · CXR713120-203GB
      CXR714 Series = CXR714120-301GB · CXR714120-302GB
      SW Series = SW-301 · SW-302
      SW2 Series = SW2-301 · SW2-302 · SW2-303
      SW3 Series = SW3-301 · SW3-302 · SW3-304

      Zecoxao made a classification of them in 2 groups though... the ones soldered by "BGA" (solder balls under them and no visible connections externally)... and the others (soldered with pins all around)
      The BGA syscons are the ones that starts with CXR713 & CXR714. Used by PS3 retail models:
      CECHAxx
      CECHBxx
      CECHCxx
      CECHExx
      CECHGxx
      CECHHxx
      CECHJxx
      CECHKxx

      In other words... all PS3 fat models except the CECHLxx, CECHMxx, CECHPxx, CECHQxx (this PS3 models have the same motherboard VER_001)
      In VER_001 motherboard sony started using a new syscon... lets say is a PS3 fat with components of the PS3 slim
      In this table at top of the page can be seen better
      https://www.psdevwiki.com/ps3/Talk:SKU_Models
      smikk, esc0rtd3w, Yordi and 2 others like this.
    19. Louis Garry
      Louis Garry
      TSOP78
    20. sandungas
      sandungas
      I prefered to simplify it, one have pins all around and the other doesnt :)

      So for the people that have pins around his/her syscon (like me) you are out of the party by now
      Unknown eta wen for SW fam :crybaby:
      Yordi, zecoxao and Louis Garry like this.

Share This Page