PS3 wait why can't we jailbreak 3000+ systems?

[Berion]

TBH we don't know how exactly this works. It is still possible that all Cell CPUs using the same key encrypting metldr/bootldr. Or maybe it is not that Cell securing boot process at all. No one ripped apart the Cell yet. This needs very expensive stuff for analysis and physically "disassembling", and high knowledge, not to mention time and will. Making this task beyond scene reach.

If one of those assumptions are valid, then it would be strange why Sony never update them. So from exactly this such conclusion came about mysterious Cell Key because this is only reasonable. Yet, it is still possible that Sony never update boot loader because "if something goes wrong" during the process, it turns console to perm brick beyond cheap repair. My point is that we just really don't know, only guessing based on logic.

 

[_XBrD4shDOE_808_]

@bguerville
sorry to bother you with this, but on CFW compatible PS3, if you have damaged bluetooth, we can install a CFW NoBT and bypass BT system check during update and continue using the device.
The problem will not be solved, of course, but we can get around it with this method, moreover, using wired controllers doesn't kill anyone and there are almost no servers open today on PS3 LOL.

But what about an HFW NoBT or even an OFW NoBT, to create one you need to have access to metldr2 and the device's security methods so that they bypass this modification to the HFW/OFW?

Or what would we need to access to make an 'HFW NoBT' possible?


I read in a thread somewhere on PSX Place that this check is, roughly speaking, 'done' by files inside the .PUP update, and that in NoBT or NoBD from .PUP they are removed, this would not be possible to do on HFW and 'force' the system to ignore the error or skip the checkup?

 

[Coro]

this would not be possible to do on HFW and 'force' the system to ignore the error or skip the checkup?

noBT/noBD versions of OFW/HFW can not be made. the changes made to the pup file can only be used with CFW-comptable models. other models will refuse to install the pup file.

 

[NiQ]

noBT/noBD versions of OFW/HFW can not be made. the changes made to the pup file can only be used with CFW-comptable models. other models will refuse to install the pup file.

Well, you could take an OFW/CFW and only apply NoBT patches and nothing else, but the result would still be a CFW.

 

[Berion]

Maybe PS3PATCH.PUP could allow fw without BT/WiFi and BD firmware (which is maybe potential hardware check doing update process). Yet, again, it is not really known field, and in history was used only once and only for CFW (GeoHot CFW was in patch form, no one ever in future use this method).

 

[_XBrD4shDOE_808_]

Maybe PS3PATCH.PUP could allow fw without BT/WiFi and BD firmware (which is maybe potential hardware check doing update process). Yet, again, it is not really known field, and in history was used only once and only for CFW (GeoHot CFW was in patch form, no one ever in future use this method).

one day I intend to buy an SS and an E3 Flasher and use it for tests like this, I'm curious in this area and in my free time I'm studying C language, at the moment I only know how to make 'Hello World' appear on the screen, but I believe that I will evolve in few months i feel like a genius doing it

 

[NiQ]

Maybe PS3PATCH.PUP could allow fw without BT/WiFi and BD firmware (which is maybe potential hardware check doing update process). Yet, again, it is not really known field, and in history was used only once and only for CFW (GeoHot CFW was in patch form, no one ever in future use this method).

But I assume PS3PATCH.PUP also needs to be signed right? Means that you still won't be able to install it on models that don't support CFW.

 

[Berion]

The same way as any OFW, HFW or CFW. ;] The encrypted tars inside cannot be messed. At least this is how I understand the problem with fw.

 

[NiQ]

The same way as any OFW, HFW or CFW. ;] The encrypted tars inside cannot be messed. At least this is how I understand the problem with fw.

Well I guess the real question is whether the code that checks the BD drive and BT is part of the fw that gets validated at boot or not.

 

[_XBrD4shDOE_808_]

But I assume PS3PATCH.PUP also needs to be signed right? Means that you still won't be able to install it on models that don't support CFW.

What is this update 'signature'?
I've seen several quotes to her in other posts and that some things were limited in working or even had no way to do it because of this signature.

 

[NiQ]

What is this update 'signature'?
I've seen several quotes to her in other posts and that some things were limited in working or even had no way to do it because of this signature.

Better read the Wikipedia article on Digital Signatures then, but basically a digital signature is a way to verify that digital software or data, the firmware in our case, came from an authentic source and has not been modified. To sign the firmware you need a private signing key that (supposedly) only Sony has, but you don't need it to verify the signature.
On the PS3 Sony made a huge blunder and those signing keys were very weak, i.e. it was possible to calculate them from publicly known data, and once the keys were known it was possible to sign your own custom firmware and the PS3 would accept it as genuine. The last official firmware to use those weak keys was 3.55, which is why any PS3 running that version or lower can have CFW installed on it without using any exploits. On 3.56 Sony revoked those keys and began using new, properly generated keys, which we don't have and probably never will.
What's important to note is that actually the PS3 checks the firmware signature both on installation and on every boot so even if you use a hardware flasher to write a firmware image directly to the PS3's flash chip, if it's not properly signed the console will refuse to run it. The part of the bootloader that verifies the signature on every boot cannot be modified, not even by Sony, but the code that verifies the signature on firmware update installation can be updated. That meant that for a long period of time, if your console had 3.56+ firmware you couldn't install CFW directly because the new firmware wouldn't allow you to install an update which is not signed by the new keys, however if you used a hardware flasher to write a CFW to the flash chip directly and you signed it with the old keys, that would work because the unmodifiable bootloader still has the old keys intact.
The last important thing to note is that while the bootloader of existing consoles cannot be modified, that's not true for new units being manufactured, and new PS3s, manufactured after that point in time, had a new bootloader using the new keys as well, which is why you can't install CFW on Slim 3000+ and Super-Slim.

 

[Naxil]

where is stored key of metldr2? sure not on ofw.
... we can make a super ps3 botnet with cfw for bruteforce that key?

 

[NiQ]

where is stored key of metldr2? sure not on ofw.
... we can make a super ps3 botnet with cfw for bruteforce that key?

As I said, it's stored on a memory chip that even Sony can't modify, that's why they can't completely block CFW on older models.
And I doubt you'll be able to brute force the metldr2 key for at least a decade. AFAIK the signature is ECDSA160, roughly equivalent to RSA1024, maybe doable by NSA standards, not so much for the common folks. Assuming Moore's law doesn't change, I believe we may be able to mount a successful distributed brute-force attack on metldr2 at some point during the 2030's.

 

[aldostools]

And I doubt you'll be able to brute force the metldr2 key for at least a decade.

It is like lottery. If you don't play, your chances to win are 0%. If you play, the probability to win is almost 0% but not 0. If you're *very very lucky* you could win even twice in a row

My point is that it is true that it is incredibly hard to bruteforce metldr.2 keys... near to impossible.

 

[bguerville]

The per console key stored in the CellBE processor at factory is not accessible to anyone, the mechanisms which the pervasive logic uses and the means by which that key gets provided to the isolated SPU where it's used is still largely unknown at this stage. There may or may not be a way to MITM attack that communication route, I cannot say.

As to attempting to brute force ecdsa, good luck with that.. s#ny made a mistake once, they're not likely to have made the same kind of mistake again, therefore the keys will probably be fully secure.
You can forget about winning that lottery, with current brute force algos and hardware, the number of possible combinations is so high that statistically your super computer would most likely be dead by the time it could hit the right one, and if the hardware didn't die before that, you most likely would, possibly your children too, and theirs etc.. Even distributed computing over say a few thousand PCs dedicated to this would still require a long time.
In theory a quantum computer with enough Qbits might do it but I don't imagine you have one of them laying about in your attic or even would know how to program it.. lol

Anyway, I think you might be focusing on the wrong thing, that key is not the only way in to get CFW capabilities, there are "potentially easier" targets in the boot chain like lv0ldr and lv0.
MikeM64 has recently released a hardware based lv0ldr MITMA project, based on a vulnerability found long ago, we know it works on 25xx, someone would need to try it on a 3xxx or 4xxx model to confirm whether lv0ldr is still hackable on those models, if so here's a definite way in, and we can maybe start thinking about how we take that exploit forward.

 

[NiQ]

The per console key stored in the CellBE processor at factory is not accessible to anyone, the mechanisms which the pervasive logic uses and the means by which that key gets provided to the isolated SPU where it's used is still largely unknown at this stage. There may or may not be a way to MITM attack that communication route, I cannot say.

As to attempting to brute force ecdsa, good luck with that.. s#ny made a mistake once, they're not likely to have made the same kind of mistake again, therefore the keys will probably be fully secure.
You can forget about winning that lottery, with current brute force algos and hardware, the number of possible combinations is so high that statistically your super computer would most likely be dead by the time it could hit the right one, and if the hardware didn't die before that, you most likely would, possibly your children too, and theirs etc.. Even distributed computing over say a few thousand PCs dedicated to this would still require a long time.
In theory a quantum computer with enough Qbits might do it but I don't imagine you have one of them laying about in your attic or even would know how to program it.. lol

Anyway, I think you might be focusing on the wrong thing, that key is not the only way in to get CFW capabilities, there are "potentially easier" targets in the boot chain like lv0ldr and lv0.
MikeM64 has recently released a hardware based lv0ldr MITMA project, based on a vulnerability found long ago, we know it works on 25xx, someone would need to try it on a 3xxx or 4xxx model to confirm whether lv0ldr is still hackable on those models, if so here's a definite way in, and we can maybe start thinking about how we take that exploit forward.

20 years ago you needed a supercomputer to crack RSA-512; today you can do it on a single PC. ECDSA160 is about as strong as RSA-1024. I think we should have fast enough hardware for that in about 15-20 years - that's of course assuming someone still bothers with the PS3 by then and that no other methods have already been found.

 

[Berion]

Maybe... In assumption that Moore's law still be valid.

ECDSA is beyond my mind but as I understood from documents curves calculations aren't broke yet. So more probability is bf on quantum computer.

 

[NiQ]

Maybe... In assumption that Moore's law still be valid.

ECDSA is beyond my mind but as I understood from documents curves calculations aren't broke yet. So more probability is bf on quantum computer.

Given infinite time and computing power the only algorithm that cannot be brute-forced is the one time pad (which cannot be used for signatures anyway). ECDSA is not theoretically unbreakable. At the moment 128-bit ECDSA can be brute-forced using a large distributed cluster (effectively creating a huge supercomputer). PS3 uses 160-bit ECDSA, which is not yet breakable, but as you said if Moore's law's validity stays for the next decade or so we will see it broken in our lifetimes.
Having said that, even if it were to be broken today it wouldn't matter much to Sony, since PS3 as much as game sales are concerned is pretty much dead. If the PS4 or PS5 signing keys were to be broken it would be a huge concern.. but oh wait that already happened 10 years ago with the PS3 lol

 

[Berion]

That's true but we have limited time by hardware longevity, human life and even protons have some date of decay, not to mention solar system have also best-before date.

 

[NiQ]

The per console key stored in the CellBE processor at factory is not accessible to anyone, the mechanisms which the pervasive logic uses and the means by which that key gets provided to the isolated SPU where it's used is still largely unknown at this stage. There may or may not be a way to MITM attack that communication route, I cannot say.

The fact that Sony didn't (and supposedly couldn't) patch metldr on already-sold console using firmware updates means that even with full knowledge of the internals it's not that easy.

By the way - I thought with CFW we have access to all 8 SPUs, am I missing something?