PS3 SYSCON Firmware key is now public (release by zecoxao) - What does it mean?

Developer @zecoxao has recently released something that the dev has been working on obtaining for 10 years now and that obstacle that has now been cleared is the SYSCON Firmware Key and zecoxao has now released it to the public. First off we must erase some misconceptions as this is not going to directly lead us to a CFW on nonCFW PS3's anytime soon. As the dev stated on twitter "needless and pointless to say that the confusion being created around these keys that they will be useful for cfw on ps3 3k and superslim is a very farfetched idea. unless we have access to the TSOP 78K0R models, we will not be able to obtain anything else" and then when @kozarovv provided a follow-up question about 3k models here the developer responded with "don't expect miracles, is all i'm saying ". Now the question (which was asked by @DeViL303) "So what can we do with this as of now, what is possible with just this key alone and current knowledge? Then @zecoxao provides an explanation seen in this post (and also seen below). So this is a great feat that has been made, but its still being investigated and something that will need to be explored in the weeks to come to fully understand what we can be uncovered,. .

1200px-SYSCON_GEN1.JPG
Release

  • i got the syscon firmware key, a dream i've been pursuing for the past 10 years. now that i have it i feel like i've acomplished my goal. the rest will follow naturally.
    - https://twitter.com/notzecoxao/status/1168954036541935616

    What can developer's do with this key?
    DeViL303 said:
    So what can we do with this as of now, what is possible with just this key alone and current knowledge? Custom fan speed profiles? Multiple boot sequences depending on flags or something, or does everything need more work?
    Click to expand...

    via @zecoxao : With this key the following has happened:

    14 syscon firmwares for the BGA models (CXR) were decrypted.
    from them, keys for PATCHES and FULL FW signing and encryption, as well as decryption and validation were found. we can now sign our own patches and fws for the following models:

    • TMU-510
    • COK-001
    • COK-002
    • SEM-001
    • DIA-001
    • DIA-002 or DEB-001 (same soft id)

    Additionally we found the initialization key for eid1 as well as the process of initializing it from factory
    We also found 7 extra keys (we still don't know what they do)
    Finally, we found out there is a secret keyslot function that generates keys for
    • SNVS
    • AUTH1/AUTH2
    • Regions of EEPROM
    • PATCH keys xoring (to generate the final keys)
    • Relationship with the other 7 Keys

    What still has to be done:
    • Hack the 78K0R chips (the TSOP ones found in later models)
    • Dump the firmware of those chips
    • Get the DYN-001 patch keys
    • Find an exploit on arm firmware that works in 78k0r firmware

    Edit: and yes, you can do all that fun kinky shit of fan boosting at max speeds, led disco panic attack, and star wars theme ON A DECR-1000! THIS is a devkit, so THIS is the ONLY device that supports FULL FUCKING FIRMWARES! DO NOT CONFUSE IT with a DECR-1400, that is a HALF devkit!


Release Source: twitter.com/notzecoxao
Discussion: psx-place.com

Thanks to @NathanHale for the news alert
 
Last edited:
Click to expand...
Naked_Snake1995
afrv said:
CECH-Pxx support? Does this simply support all models?
Click to expand...
CEHC-P already has the Syscon decrypted, this its for the newer models that are implemented with MetLdr2, or in other words Firmware 3.60 or higher, also known as Non-CFW Models.

The Firmware 3.56 isn't a actual Exploit Entry-Point, but actually a reference to distinguish the consoles that are Exploitable with Custom Firmware and the don't have the newer Syscon with MetLdr2 implemented, and the ones that do,so when you hear next time Factory Firmware 3.56 or below it means that MetLdr2 isn't implemented and its an older Syscon Chip, meaning Custom Code can be flashed to the Syscon without any risks of bricking, at the moment if you try to install any CFW on a newer Syscon/Model after 3.56, there will be a brick, this is because the Syscon has not been decrypted yet, so the operation procedure is unknown, so with the newer keys you can understand how the newer Syscon works, and how to work with the MetLdr2 so you can flash any custom code, so the Syscon can recognise it as an OFW Code, without entering into Panic-Mode.

Sent from my G8141 using Tapatalk
 
Last edited:
afrv
NathanHale said:
He also decided to quit console scene (dunno why, but is becoming popular to quit your hobbies when you make some significant progress or get some nice results).
Click to expand...
Likely zecoxao quit because he wanted to quit a long time ago, but now finally finished what he started - it was probably more of a burden than anything for him to follow the scene for this long
 
nCadeRegal
How are you dumping and writing to the chip itself? I am interested in your method just for documentation purposes. Have you posted any pics or details on how to go about it yet? Just curious, again thank you for all your contributions to the scene @zecoxao
 
zecoxao
nCadeRegal said:
How are you dumping and writing to the chip itself? I am interested in your method just for documentation purposes. Have you posted any pics or details on how to go about it yet? Just curious, again thank you for all your contributions to the scene @zecoxao
Click to expand...
My friend did DPA on a DECR-1000. Then we found the firmware key and cmac key was found after analyzing the firmware, and after, we used crafted firmwares to dump the rest of the keys.

EDIT: You can see how DPA works in several papers documented online. Luckily in the ps3 there's no protection against these sort of attacks. Our biggest concern was gathering enough samples, since the update took an entire minute to flash to the console. However, we found out that the update was done in 0x80 byte blocks so it became substantially easier, and instead of taking us one week to grab the keys, it took us 2-3 days
 
zecoxao
zecoxao said:
Full RAM SYSCON Dump from a DECR with Dead RSX
Standby and "On" (until it reaches LV2):
https://www.sendspace.com/file/1yt1v5
CC @3141card and @kozarovv
Click to expand...

I forgot to say that the ram dump is only for the 0x200XXXX offset
other offsets, such as:
0-0x5FFFF (ROM)
0x1000000-0x107FFFF (FULL FW)
0x3000000- 0x3FFFFFF (PORTS)
0xA66D0000-0xA66D0FFF (KEYZ)
0xFEDF0000-0xFEDF0FFF (KEYZ)
Will be done tomorrow, because the patch dude is tired right now and needs the beauty sleep :P
 
Last edited:
M4j0r
zecoxao said:
https://www.sendspace.com/file/5d5mq4
DECR Backup ROM, used for emergency syscon rom updates. Dumped by M4j0r

Edit: CC @sandungas @3141card @kozarovv
Click to expand...

The firmware starts at 0x1000 in this file.

In normal operation the firmware gets mapped to 0x0. While updating the firmware you can map it to 0x1000000-0x107FFFF; 0x1000000-0x101FFFF is the backup bank (128 KB ROM) and 0x1020000-0x107FFFF the main bank (384KB Flash EEPROM). Non flash variants of the syscon (retail CXR) do only have the main bank (ROM). There's still the data EEPROM though (32KB).
 
Last edited:
You must log in or register to reply here.

Similar threads

Featured content

Trending content

Latest posts

Back
Top