- 精华
- 0
- 帖子
- 492
- 威望
- 0 点
- 积分
- 518 点
- 种子
- 0 点
- 注册时间
- 2011-4-20
- 最后登录
- 2012-2-8
|
Just good news after good news for the PS3 scene recently, as the folks over at PS3DevWiki have documented and released on how to dump the PS3 per console keys! For the newb what this does is basically replace the current function JB2 aka TrueBlue! In short once the keys for per_console_key_0 are found, it will basically fully unlocks the PS3 and grant as CFW access on basically ALL firmwares! This is great news for everyone in the PS3 scene and is only a matter of time before we have the keys!
Update: Please understand that this method is for dumping per_console_key_1, and per_console_key_n. In order to get CFW we need to dump per_console_key_0.
For those wondering or not sure if you should buy the JB2/TrueBlue – THIS news story is worth the wait before investing in the device/bluray burner.
Explanation of the root key:
EID crypto is very complicated, it is done so on purpose first of all EID0 isn’t decrypted with one key and one
algorithm alone it is decrypted in several parts which use different algos and keys the keys are all derivations
of a per console key (per_console_key_1)which is stored inside metldr and copied by it to sector 0 and never
leaves isolation that same key is a derivation of the per console key (per_console_key_0) used to encrypt metldr
and the bl in the first place as well
isoldr clears that key from sector 0 before jumping to the isolated module but before doing so it encrypts it
with another keyset and stores it in a buffer so that the isolated module can use the new crafted key since the
operation is AES if you know that keyset you can decrypt the crafted key and get the eid root key without pwning
a loader or metldr through an isolated module that is not like you really need it because you can already use the
crafted key to decrypt some of eid0 but not all of it and the crafted key also uses the first elf section to be
built as in your isolated module will have a small section which only contains a key and that key is used as another
layer by isoldr to encrypt the buffer with it so basically you have 2 encryption layer over the root key the final
key then decrypts a specific part of the EID
eid crypto is actually done smart that is because most of it originally comes from the cell bootrom as in they
reuse the same algo used for metldr binaries and bl in the eid crypto including some of the keys and the steps
and you cannot decrypt all of the eid sections unless you gathered every single keys and steps and there are a
lot then you still have to figure out wtf it is you decrypted because eid is actually full of keys.
Read more: http://www.ps3hax.net/2011/10/ho ... ased/#ixzz1bxPurgQp |
|
川公网安备 51019002005286号
楼主
发表于 2011-10-27 13:34 · 浙江
