Louay
Senior Member
@sandungas said its paired to cell processor so you need to desoler the cell you need to have the key link of cell-metldr and as i think no one have those only $ONY
PS3 [research] SuperSlim 4000 series - hardware flash
- Thread starter littlebalup
- Start date
What causes a Glod in superslim
Louay
Senior Member
Various causes can be HDD,CELL or RSX,Output Settings,No Byte-Swapped Dump flash...etc
what about a single flat solder under cell
would a reflow of whole motherborad fix it
Last edited by a moderator:
Louay
Senior Member
i think reball is better then do reflow
sandungas
Developer
Is not posible to dump the keys used to decrypt and encrypt metldr... in any PS3 model, not even in the PS3 models compatibles with CFW
The fact is the metldr (and bootldr) are secured since the launch of the PS3, and still are
The metldr is software btw... you can make a copy of it (with a hardwre flasher or by software with the ps3exploit) and try to "crack" in in PC
But is pretty much the same than trying to "crack" the password of a .zip file by bruteforce, you could prepare a program that generates random password and try luck, but you could spend a life in it and dont achieve anything
And incaser you are successfull the key would be valid only for your PS3
Shoundt lose remeber the ps3 and xbox were lanuached they said if anyone tries to run unsign code on ps3 and xbox hypervisor would blow off and cause irrepairable damage after all these years statement looks like joke
i dont think keys need to be only compadible with certain ps3 infact might be a chance to loop metldr just like an rgh or jtag
Last edited by a moderator:
sandungas
Developer
All this stuff is "paired" with each other by using keys:
CELL (hardware)
SYSCON (hardware)
bootldr and metldr (software), Located inside flash (hardware)
You cant take CELL from a PS3 and make it run in a different PS3... because it needs his other "paired" brothers
And you cant take a metldr and run it in a different PS3... because is encrypted with a key unique for your PS3 (derived from the CELL key that is also unique)
This security has not been breached yet, is the lowest level of the bootchain and in CFW we are bypassing it with a dirty/smart trick, but the fact is at that level the PS3 is still secure
*Nowadays the weakest point of it is syscon
CELL (hardware)
SYSCON (hardware)
bootldr and metldr (software), Located inside flash (hardware)
You cant take CELL from a PS3 and make it run in a different PS3... because it needs his other "paired" brothers
And you cant take a metldr and run it in a different PS3... because is encrypted with a key unique for your PS3 (derived from the CELL key that is also unique)
This security has not been breached yet, is the lowest level of the bootchain and in CFW we are bypassing it with a dirty/smart trick, but the fact is at that level the PS3 is still secure
*Nowadays the weakest point of it is syscon
still one of these paired brothers holds everyones secerets only if there is a way to identify it and make it talkAll this stuff is "paired" with each other by using keys:
CELL (hardware)
SYSCON (hardware)
bootldr and metldr (software), Located inside flash (hardware)
You cant take CELL from a PS3 and make it run in a different PS3... because it needs his other "paired" brothers
And you cant take a metldr and run it in a different PS3... because is encrypted with a key unique for your PS3 (derived from the CELL key that is also unique)
This security has not been breached yet, is the lowest level of the bootchain and in CFW we are bypassing it with a dirty/smart trick, but the fact is at that level the PS3 is still secure
*Nowadays the weakest point of it is syscon
but still its only guess syscons the weakest at the time maybe someother component can fulfill our desire
as they say that sometimes strongest is one that can be easy provoked and brought down
if this paired thing is so important than it should be possible to port cell syscon and flash chips all together from one broken console to another working borad
Last edited by a moderator:
sandungas
Developer
The CELL key is stored using a "line" of fuses that works as binary... a fuse only allows 2 states ON or OFF... and by burning some fuses you can have a number in binary like 001011101011010110101
Is the same concept used in the XBOX360
But the difficulty of hacking IBM (the designers of CELL) is pretty much like hacking INTEL or AMD... are huge companies and the probability to find an exploit in his processors are minimal
Sure, sometimes happens, like the latest vulnerabilities published for intel processors in the past 2 years, spectre, meltdown, zombieland, etc...
Eventually could be published some vulnerability for the CELL processor, but by now there is nothing as far i know, and even if it happens is doubtful if it will allow to dump that key
So... long story short... it looks we will never get that key from CELL
Yes it works like that, the only requirement is the "donor" motherboard needs to be of the same model
What im going to say is a bit unknown, but we should consider the bootloader as the BIOS of a PC
In it there should be data used to initialize all the important hardware components that exists in the motherboard... things like frequency, bus widths, model numers, etc...
I mean, things like CELL, RSX southbridge, lan, wifi, bt, voltage regulators, and many other "chips" soldered in the motherboard... the bootloader "should" contain "settings" related to them
As far i know the bootloaders of the PS3 keeps backward compatibility (so they can identify components from all the PS3 family) but i doubt how much compatible is going to be that
Initially it makes more sense to think every bootloader revision is intended to be used in a specific motherboard
In the same way a BIOS from a PC is intended to be used in a specific PC motherboard
won't it help if u take out the CMOS Clock cell . that might put the whole mechanism to sleep
that might need a software pkg written just like miniver.pkg to perform multiple Unit vulnerablility tests
ins
instead of cracking metldr it might be possible to make cfw smart enough to become paired with metldr
Last edited by a moderator:
aye aye captain
6garik6
Member
Hello, thanks for this work. do not tell me more from the resulting dump of 16 gigabytes, you need to cut off the first 10000000 hex in HxD and you get 256mb, but PS3DumpChecker swears at this firmware. Can you please tell me how to extract a working dump?4k EMMC успешно сброшен с голого моба PPX-001
Использование внешнего источника питания +3 В для VDDF (VCC).
VDD, предоставленный моим кард-ридером.
Необходимо убрать резистор 47Ом на линии CLK (иначе контроллер Panasonic размывает линию и соединение зависает...).
4-битное соединение данных (от dat0 до dat3):
View attachment 18342
демпинг:
View attachment 18340
Дамп размером 256 МБ, показывающий bootldr (перевернутый байт):
View attachment 18341
Скоро напишу тесты.
I thought CFW is only possible cause of that blunder that resulted in some of Sony's private keys being exposed and that CFW is signed using those keys, isn't that the case? Cause if it is then there's no exploit at all (maybe except whatever bgtoolset is using to write to flash), it's just that metldr can't tell the CFW apart from OFW.All this stuff is "paired" with each other by using keys:
CELL (hardware)
SYSCON (hardware)
bootldr and metldr (software), Located inside flash (hardware)
You cant take CELL from a PS3 and make it run in a different PS3... because it needs his other "paired" brothers
And you cant take a metldr and run it in a different PS3... because is encrypted with a key unique for your PS3 (derived from the CELL key that is also unique)
This security has not been breached yet, is the lowest level of the bootchain and in CFW we are bypassing it with a dirty/smart trick, but the fact is at that level the PS3 is still secure
*Nowadays the weakest point of it is syscon
basically, metldr and other files are patched to remove checks and blocks for cfw. when we write to flash, we are writing these patches to the already installed files. these files then let us install cfw (which also has the patches in its files).
before 3.56, cfw either was not blocked (because it did not exist yet) or a bug allowed installation anyway.
Maybe I didn't understand correctly. This is what I understand about CFW, please correct me if I'm wrong -
Sony uses ECDSA to sign their firmware. When they first generated the PS3 firmware signing keys they made a huge mistake of using a non cryptographically-secure PRNG, leading to weak keys, which allowed a researcher (geohot if I remember correctly) to calculate Sony's private keys and post them on the Internet.
From what I understand CFW is signed using those discovered keys, which means that to the console it looks like an official Sony firmware and it boots up without any further exploit. That is also the reason why up to 3.55 it can be installed on top of the OFW as a regular firmware update without having to use any exploit.
Regarding metldr, afaik the signature is checked once when an update is installed, then again every time the console boots up and the latter is done by metldr. We know that metldr is "untouchable" since it resides in an area of the flash which we believe is encrypted using a per-processor unique key which is impractical to extract, making that part of the flash effectively behave like a hardware ROM. I would guess this extra security wa intended to prevent people from flashing CFW using a hardware flasher and successfully booting it up. We know almost for certain that not even Sony can touch metldr once the console leaves the factory, since they probably would've done so, and ironically it's that extra security that came to haunt them.
Since not even Sony can change metldr it means that they can't revoke the discovered weak keys and as long as you can get your CFW written to flash the console will load it. Sony was only able to revoke them in the software which installs firmware updates and since firmware cannot be usually downgraded anyone who installed version 3.56 or greater can't install CFW like a normal update. Then we have tools like bgtoolset, which patch the firmware and reinstate those old keys, allowing CFW installation even if OFW 3.56+ is installed (one thing I have no idea about is how bgtoolset is able to write to the flash from OFW in the first place).
While it wasn't possible for Sony to update metldr of existing consoles, they could fix that in newer models, which were manufactured after this whole thing happened. I don't know all the differences between metldr and metldr2 but one difference that is known to exist is that metldr2 revokes the old keys, instead using new keys, which have not been broken, and probably will never be, or at least won't be for a few good decades, and that's the reason why we can't install CFW on newer models such as super-slims.
Did I get it correctly or are there any mistakes?
sandungas
Developer
For a more accurate description you should ask to somoeone used to cryptography, but the long story short in simple words is...
Every stage of the boot chain contains a key used to decrypt the next stage of the bootchain
It starts with a key inside CELL, that seems to be setup with fuses (hardware). Metldr/botldr are encrypted with that key but also contains another key (to decrypt the next stage)
The key used to encrypt/decrypt metl/botldr is unique "per console"... but the key inside metldr is generic (common for all PS3 models manufactured before xmas 2010 or so as far i remember)
In my oppinion, one of the ironical details of the metldr exploit is we are not really decrypting metldr, the exploit just "leaks" some data outside of the isolated SPU after metldr is decrypted
I mean... we dont really know the key used to decrypt it, this is something made by CELL internally before we get our dirty hands on it
Every stage of the boot chain contains a key used to decrypt the next stage of the bootchain
It starts with a key inside CELL, that seems to be setup with fuses (hardware). Metldr/botldr are encrypted with that key but also contains another key (to decrypt the next stage)
The key used to encrypt/decrypt metl/botldr is unique "per console"... but the key inside metldr is generic (common for all PS3 models manufactured before xmas 2010 or so as far i remember)
In my oppinion, one of the ironical details of the metldr exploit is we are not really decrypting metldr, the exploit just "leaks" some data outside of the isolated SPU after metldr is decrypted
I mean... we dont really know the key used to decrypt it, this is something made by CELL internally before we get our dirty hands on it
If I understand correctly the so-called "exploit" that allows CFW to run is in the 2nd stage of the boot process, i.e. when metldr verifies the actual firmware. Those keys, again if I understand correctly, were weak and their associated private keys were cracked and posted online. Using those keys everyone can sign whatever they want and metldr will accept it as though it is valid firmware from Sony, and since not even Sony can patch metldr itself after a unit leaves the factory it means that it has no way of revoking those cracked keys.
Similar threads
-
-
PS3 qCFW - Arrives to Slim (2500-3000) & SuperSlim (4000-NOR) PlayStation 3 Models- Started by STLcardsWS
- Replies: 265
-
PS3 Problem with teensy perma installation on NOR flash- Started by haxxxen
- Replies: 5
-
PS3 BadWDSD HW Exploit - With new powerful qCFW for PS3 Slim & SuperSlim NOR models on the horizon
- Started by STLcardsWS
- Replies: 141