via http://wololo.net/2012/10/24/ps3-blo...d-and-working/

Leaks, chaos and drama have been something common, and on the heels of the PsVita chaos comes the PS3s turn with both good and bad news. This event is so huge that it will completely change the PS3 hacking scene and leave Sony in the wake.





Sony will be turning in their graves today as the PS3 has been basically blown wide open thanks to other events leading up to that. In the wake of this leaves Sony in huge trouble and mostly exhausted due to the amount of progress the hacking scene has made on their devices especially with the recent Psvita PSP EMU kernel exploit. It’s been absolute chaos in the PS3 scene for the last few days and fair enough to say has been chaotic over the last few years. Ill break down what happened and what this means for the developers and users, keep reading….

Background Information

The similarity in events is extremely blatant but its started a little over two years ago when the first piracy-enabled firmware and USB dongle combo named the “PS3Jailbreak” was released. The release nuked a weakness in the PS3′s simple USB protocols. This in return created a hole allowing the OS to be patched that furthermore allowed content to run from the HDD. In the aftermath the group fail0verflow allowed people to encrypt files in a mirror system that replicated Sony s methods. Of course this lead to tons of piracy and eventually Geohot’s public release of the “metldr” root key. Sony got really mad in short and decided to bring the ban hammer down on Geohot who has yet to be heard from recently. Sony found a way to protect their system by fixing everything in the system with the 3.60 firmware update. The jailbreak was patched, the USB exploit patched and left the system somewhat secure, until now in association with the new PS3 4.30 firmware update.

So what happened?

The jerks, which is an understatement, that have been behind the PS3 dongle business will always be hated and trashed constantly and the recent stunt from the people behind the BlueDiscCFW team just put a nail in the coffin. A hacking group called “The Three Musketeers,”, in short, had the Lvl0 keys which were leaked. The Three Musketeers were not going to release the keys because of the known outcome of doing so. The Chinese hacking team “BlueDiscCFW,” somehow got a hold of the keys and planned to charge money for users who wanted the exploit. Its disgusting they would do that and The Musketeers realized this. With that in mind, The Three Musketeers tried to immediately stop BlueDiscCFW’s profiting from the LV0 exploit, The Three Musketeers released the LV0 custom firmware free to the public. The funny part is the BDCFW was taken down immedietly. The Three Musketeers released a statement on it saying


“You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now.”

It was a two faced leak and is oddly similar to that Sam Jordam incident or Linux hack. They then released a full announcement and statement on the matter:


As this was a group effort, we wouldn’t normally have lost a word about it
ever, but as we’re done with PS3 now anyways, we think it doesn’t matter
anymore [http://pastie.org/4462324]. Congratulations to the guy that leaked
stuff, you, sir, are a 1337 haxx0r, jk, you’re an asshole.

Try this bytes…
– [erk=CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E063 0CB9AB2D215865878A]
– [riv=F9205F46F6021697E670F13DFA726212]
– [pub=A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42B E4AB925AAF4AFFF34D
41EEB54DD128700D]
– [priv=001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3]
– [ctype=33]
…and be amazed.

People should know that crooked personalities are widespread in this so
called ‘scene’. Some people try to achieve something for fun together and make
the wrong decision to trust others and share their results with them, but ofc
there got to be the attention seeking fame wh*** that has to leak stuff to
feel a little bit better about him-/herself.
Now the catch is that it works like this in every ‘scene’, just that in
|others it usually doesn’t come to light.
The only sad thing is, that the others who worked on this won’t get the
attention they deserve because they probably want to remain anonymous (also
they don’t care about E-fame <3).
PS: This is neither about drama nor E-fame nor ‘OMG WE HAZ BEEN FIRST’, we
just thought you should know that we’re disappointed in certain people. You
can be sure that if it wouldn’t have been for this leak, this key would never
have seen the light of day, only the fear of our work being used by others to
make money out of it has forced us to release this now.
[-The Three Musketeers]

What does this mean?

With the release of the LV0 keys mean, eventually, having all the keys available. The LV0 is not patchable, which is to say there is nothing at all Sony can do to fix this. The final bullet in the chamber as hit Sony hard. What actions they will take are not known, but if things continue in the scene I can garuntee they will be pushing the date of the PS4 closer as new hardware is really all they can do. Sony already moved all the loaders. The only other option would be to put the loaders in bootldr, but that isn’t possible since bootldr is locked to being console specific and is impossible to update. Behind LV0 is just bootldr, which is encrypted with specific console keys. This leak will in time lead to a 4.25 CFW which can be installed on mostly any PS3 even on Slims and the recent new slim models. Keep in mind that fail0verflow released metldr private keys like I said above. Well, surprise, metldr is loaded by lv0ldr, even on 3.60+. The leak contains a private key, it’s the string after PRIV=. The greatest part is that the key isn’t tied up to a specific firmware. The problem with 3k model Playstation3 consoles is that they have a new LV0 version named lv0.2, which means new keys for the loader. What this means is that consoles which are able to downgrade to 3.55 can install 4.25 CFW even if they’re on 4.25 OFW. The bad news incorporated with this is that 3K and higher consoles’ LV0 keys are static, they are not console specific. Sony can change LV0 with a new firmware update. But, bootldr is per console and is the way of decryption for LV0. If we have bootldr then the console is wide open and a CFW could be made to work on any console. Bootldr cannot be changed or denied unless there is a hardware change. Even if we had bootldr then anyone with a downgradable console could have a CFW firmware. Whoever has bootldr and wanted to leak it would bring the greatest massacre and ban-hammer of all time by any company ever, I can garuntee whoever releases it will have no where to run or hide so it would of course need to be anonymous to highest level with no traces to be found. Bootldr is something that’s way more protected and valuable than metldr.

Closing Statement

This is the beginning of a very long and heavily scheduled future of the PS3 hacking scene. The release of the LV0 key means that any system update released by Sony going forward can be decrypted fully with no effort. Sony has no cards in this game. As of today LV0 is now decrypted for ever until the end of time. There is alot of reverse engineering to get the decrypted loaders from it since Sony had changed a lot of security algorithms to protect these loaders inside LV0 however, rest assure every PS3 developer is hot on the news of everything going on. No one will be able to find 4.XX LV1, LV2_kernel, AppLDR keys inside the decrypted LV0 so there would need to be an investigation regarding how Sony store these keys right now. Already hard at work Multiman and Rogero have released new CFW along with other developers working hard. Rogeros new CEX 4.21 CFW FFA was pulled however due to bricking issues, so be alert to that. With this we may in some vary valuable information, in a way, that’ll help get some much needed help in also hacking the Vita but that’s not something to be confirmed. Although in given time more information and understanding on this will come, so stay tuned.