~Prøƒet |
|
| Dopo alcune dichiarazioni scoppiettanti fatte a pochi giorni dal rilascio del nuovo firmware 3.60 il nostro amato developer Mathieulh torna a far parlare di se con scoppiettanti rivelazioni. Stando a quando dichiarato il coder spiega in poche parole come poter ottenere le chiavi per il nuovo firmware, in questo modo ben presto potremo avere un nuovo Custom Firmware. Nella news completa le rivelazioni del developer.
QUOTE X nah, not a single line of code, at least not for the implementation but finding the exploit itself is EASY except no one has gone looking I’ve seen lots of askings and whining, very little looking xD if someone who remotely knows spu reversing starts looking he’ll find it at the very worse in a matter of hours the bug is ******ly stupid to begin with LV0, EID0, anything with coreOS imo should not be done without a hardwareflasher. Atleast with that you can undo the mess. yeah I am a bit of a red head here xD you keep saying that, but I suck at SPU assembly you’d find it even if you fail at it you just need to know where to look just look at how selfs are processed by ldrs and you’ll find it hell, I’ll help you, it’s about overflowing a certain buffer yes, that is what defyboy and I tried to document in the ps3devwiki : bootprocess and loader locations etc. well if you know how selfs are processed by loaders, it’s easy another hint it happens before the ecdsa check my earlier guess btw was that it was a header overflow, which gave access to the local storage It’s a ******ed exploit if you want to know what it is, I’ll tell you the function that copies the SCE header from the shared LS to the isolated Local Store doesn’t check the header’s size \o/ it’s just THAT ******ed implementing it isn’t easy though cause loaders have failsafes and **** header size fail lol ? but now that you know, you can try it on your own X1 yes you craft a self with a HUGE header so it overwrites ldr code as it gets copied to the isolated LS and you wait the loader to jump to it lolol must try heh X1 it’s a total ***** to implement but feel free xD if someone pwns the bl with this and gets the keys, he’ll have my kudos cause finding the exploit is the easy part Sony’ll fix it now, but it’s not like I care much their “unhackable” ps3s are probably already on the way ECCO ALCUNI COMMENTI DELL'HAKER QUOTE why would they care about bootldr keys? ps3devnews etc. host metldr keys, appldr keys etc. X1 cause you can get lv0 decrypted once you get lv0 decrypted you get appldr once you get appldr you get 3.60 application keys once you get that you warez also, with those keys you can sign your own lv0, no ps3 fw update can beat you then yah you can have your 3.60+ custom firmware then and warez even more and mess with the psn again and so on
|
| |