Support NeoGAF

[LordCanti]

Thats one of the advantages of 4.21 DEX

Doesn't the CEX version have the same capability? It seems like there is no more point in converting to DEX, unless I'm horribly mistaken.

I found the 3.55 fix for Journey, and applying it is super simple. After almost a year, I'll finally get to play it tonight

 

[CrashPrime]

To be honest it doesn't make sense updating for me until the majority of homebrew is updated anyway. I stopped buying games for my ps3 ages ago and most titles I've wanted to play have been available on 360.

Have any of the major emu devs said anything in regard to updating?

It was my understanding that most of the major emu's worth using were included under the "RetroArch" banner which is included in the complete multiMAN installation. Deank, the main developer behind multiMAN has updated his software to offer compatibility for the 4.21 Rogero firmware.

multiMAN changelog

4.08.00

* [B]Added proper support for [Hermes] for 4.21CEX ROGERO (SC-8)[/B]
* Fixed issue with loading split games from external USB HDD
* Improved support in lastGAME, gameDATA and bdRESET applications

 

[test_account]

Marcan (one of the guys from Fail0verflow) have commented on the latest hack. I wont do any bolding in the quotes, sorry, i think most of it is interesting read. I also think this answers my question about if CFW will be installable on OFW 3.60+. The answers seems to be no unless you have a flasher or a new exploits is being found.

The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it). This second-stage bootloader verifies lv0. Sony signed lv0 using the same broken process that they used for everything else, which leaks their private key. This means that the lv0 private key was doomed from the start, ever since we demonstrated the screwup at the Chaos Communication Congress two years ago.

However, because lv0 is also encrypted, including its signature block, we need that decryption key (which is part of bootldr) before we can decrypt the signature and apply the algorithm to derive the private key. We did this for several later-stage loaders by using an exploit to dump them, and Geohot did it for metldr (the "second root" in the PS3's bizarre boot process) using a different exploit (we replicated this, although our exploit might be different). At the time, this was enough to break the security of all released firmware to date, since everything that mattered was rooted in metldr (which is bootldr's brother and is also decrypted by the per-console key). However, Sony took a last ditch effort after that hack and wrapped everything after metldr into lv0, effectively using the only security they had left (bootldr and lv0) to attempt to re-secure their platform.

Bootldr suffers from the same exploit as metldr, so it was also doomed. However, because bootldr is designed to run from a cold boot, it cannot be loaded into a "sandboxed" SPU like metldr can from the comfort of OS-mode code execution (which we had via the USB lv2 exploit), so the exploit is harder to pull off because you don't have control over the rest of the software. For the exploit that we knew about, it would've required hardware assistance to repeatedly reboot the PS3 and some kind of flash emulator to set up the exploit with varying parameters each boot, and it probably would've taken several hours or days of automated attempts to hit the right combination (basically the exploit would work by executing random garbage as code, and hoping that it jumps to somewhere within a segment that we control - the probabilities are high enough that it would work out within a reasonable timeframe). We never bothered to do this after the whole lawsuit episode.

Presumably, 18 months later, some other group has finally figured this out and either used our exploit and the hardware assistance, or some other equivalent trick/exploit, to dump bootldr. Once the lv0 decryption key is known, the signing private key can be computed (thanks to Sony's epic failure).

The effect of this is essentially the same that the metldr key release had: all existing and future firmwares can be decrypted, except Sony no longer has the lv0 trick up their sleeve. What this means is that there is no way for Sony to wrap future firmware to hide it from anyone, because old PS3s must be able to use all future firmware (assuming Sony doesn't just decide to brick them all...), and those old PS3s now have no remaining seeds of security that aren't known. This means that all future firmwares and all future games are decryptable, and this time around they really can't do anything about it. By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s. From the homebrew side, it means that it should be possible to have hombrew/linux and current games at the same time. From the piracy side, it means that all future games can be pirated. Note that this doesn't mean that these things will be easy (Sony can obfuscate things to annoy people as much as their want), but from the fundamental security standpoint, Sony doesn't have any security leg to stand on now.

It does not mean that current firmwares are exploitable. Firmware upgrades are still signed, so you need an exploit in your current firmware to downgrade. Also, newer PS3s presumably have fixed this (probably by using newer bootldr/metldrs as trust roots, and proper signing all along).

The keys are used for two purposes: chain of trust and chain of secrecy. The compromise of the keys fully compromises the secrecy of the PS3 platform permanently, as you can just follow the links down the chain (off-line, on a PC) and decrypt any past, current, or future firmware version. Current consoles must be able to use any future firmware update, and we now have access to 100% of the common key material of current PS3s, so it follows that any future firmware decryptable by current PS3s is also decryptable by anyone on a PC.

However, the chain of trust can be re-established at any point along the line that can be updated. The chain of trust is safely rooted in hardware that is near impossible to modify (i.e. the CPU's ROM and eFuse key). The next link down the chain has been compromised (bootldr), and this link cannot be updated as it is specific to each console, so the chain of trust now has a permanent weak second link. However, the third link, lv0, can be updated as it is located in flash memory and signed using public key crypto. This allows Sony to secure the entire chain from there onwards. Unless you find a vulnerability in these updated links, you will not be able to attack them directly (applications, e.g. homebrew software, are verified much further down the chain). The only guaranteed way to break the chain is to attack the weak link directly, which means using a flash writer to overwrite lv0. Once you do so, the entire chain collapses (well, you still need to do some work to modify every subsequent link to turn off security, but that is easy). If you have old firmware, you have at least some other weak links that, when compromised, allow you direct access to break the bootldr link (replacing lv0), but if you run up to date firmware you're out of luck unless you can find a weakness or you use hardware.

Old PS3s are now in the same boat as an old Wii, and in fact we can draw a direct comparison of the boot process. On an old Wii, boot0 (the on-die ROM) securely loads boot1 from flash, which is securely checked against an eFuse hash, and boot1 loads boot2 but insecurely checks its signature. On an old PS3, the Cell boot ROM securely loads bootldr from flash, which is securely decrypted and checked using an eFuse key, and then bootldr loads lv0 but checks its signature against a hardcoded public key whose private counterpart is now known. In both cases, the system can be persistently compromised if you can write to flash, or if you already have code execution in system context (which lets you write to flash). However, in both cases, you need to use some kind of high-level exploit to break into the firmware initially, particularly if you have up-to-date firmware. It just happens that this is trivial on the Wii because there is no game patch system and Nintendo seems to have stopped caring, while this is significantly harder on the PS3 because the system software has more security layers and there is a game patch system.

http://www.ps3hax.net/showthread.php?p=457761#post457761

 

[Tess3ract]

It still sounds like to me there's nothing to worry about at all.

 

[HDgaming42]

I tried using this package, but always got this error. I guess it has to do with me being on 3.55 Kmeaw instead of "OtherOS++"?

I extracted the keys successfully, but when I go to rip a disc it claims it isn't a recognizable SACD. I wish this functionality would be rolled into multiMAN or a CFW. Not sure why it doesn't work.

The idea of mixing children with my SACD collection doesn't sit well with me...would love to have them backed up. Exciting times in the PS3 scene again! Glad I kept my phat around!

 

[3rdman]

So does this mean that my PS3 will soon be running XBMC as a front end? I haven't really been paying attention to the scene...is anyone even working on it?

 

[Conflict NZ]

So does this mean that my PS3 will soon be running XBMC as a front end? I haven't really been paying attention to the scene...is anyone even working on it?

XBMC Team ditched console development. Even though the 360 has been able to run homebrew for years noone has ported it yet so I wouldn't get your hopes up. The best we'll probably get is showtime.

 

[jcm]

It still sounds like to me there's nothing to worry about at all.

It's a big deal for the small number of people who have CFW PS3s. It's non-event for the rest of the PS3 install base. It's not a very big deal for Sony, though they'll probably still try to prevent CFW users from using PSN.

 

[Exentryk]

PS3 Level 0 Key obtained.

This week, hackers published one of the cryptographic keys at the core of the security scheme locking down the game console. The bad news for Sony is mainly about the LV0 key. Game experts say publishing of the console's LV0 decryption keys amounts to blowing the system open. According to reports, compromised consoles can log in with LV0 decryption keys to bypass future security updates.

According to Eurogamer, the disclosure of the LV0 key means that any system update released by Sony from here on can be decrypted with little effort. The team behind the publication of the LVO decryption keys is "The Three Musketeers."

They never intended to release the information, which they had discovered some time ago, but the information seeped out of their hands. The Three Musketeers said the information was in the hands of Chinese hackers intending to charge for the code. The Three Musketeers took offense that the latter would seek to monetize the hack, using the code to build and sell custom firmware, BlueDiskCFW.

In the Three Musketeers statement, they clarified that this is "neither about drama nor E-fame nor 'OMG WE HAZ BEEN FIRST', we just thought you should know that we're disappointed in certain people. You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now."

Reactions from security experts, however, said this may not be such a catastrophe for Sony. Its fight against hackers all along has been a cat and mouse game, they say. Past efforts to jailbreak the PS3 have been countered with the release of firmware that has been successful in making the console secure. At the time of this writing, and according to the BBC, sources close to the firm said they were not yet convinced that the latest hack was more serious than past ones.

Source

PS3 could become a super emulator if this hack is true, and if developers give us some neat emulators. Make it happen.

 

[KojiKnight]

PS3 Level 0 Key obtained.



Source

PS3 could become a super emulator if this hack is true, and if developers give us some neat emulators. Make it happen.

This doesn't change things for emulators, hacked PS3's can already fully emulate a range of systems, and this adds nothing new to that.

 

[CrashPrime]

PS3 Level 0 Key obtained.



Source

PS3 could become a super emulator if this hack is true, and if developers give us some neat emulators. Make it happen.

It's already a super emulator.

RetroArch = includes pretty much everything that'll run stable.

 

[I NEED SCISSORS]

It's a big deal for the small number of people who have CFW PS3s. It's non-event for the rest of the PS3 install base. It's not a very big deal for Sony, though they'll probably still try to prevent CFW users from using PSN.

If they have gotten 4.30 CFW working, it seems like a big deal to me. I imagine lots of people who don't use their PS3 much and who haven't installed the latest official firmware will be able to go the custom route easier now.

 

[Tess3ract]

If they have gotten 4.30 CFW working, it seems like a big deal to me. I imagine lots of people who don't use their PS3 much and who haven't installed the latest official firmware will be able to go the custom route easier now.

No they still wont. Not until they can ignore or phase out needing the other checks on new ps3s, additionally those people would never be able to downgrade very far, but would be able to "overwrite" potentially.

 

[Exentryk]

This doesn't change things for emulators, hacked PS3's can already fully emulate a range of systems, and this adds nothing new to that.

I don't have a hacked PS3 (latest firmware) and that lv0 hack might let all of the PS3s hackable.

It's already a super emulator.

RetroArch = includes pretty much everything that'll run stable.

So, we already have emulators for NES, SNES, Gamecube, PS1, PS2, Xbox, Xbox360 games?

 

[djblue89]

Not all PS3's are hackable the newer slim ones and now that ultra slim models have a LVL 0.2 key which is needed to be able to make CFW

 

[Exentryk]

Not all PS3's are hackable the newer slim ones and now that ultra slim models have a LVL 0.2 key which is needed to be able to make CFW

Ah okay! Still, mine is 3 years old so it should be fine.

 

[CrashPrime]

I don't have a hacked PS3 (latest firmware) and that lv0 hack might let all of the PS3s hackable.




So, we already have emulators for NES, SNES, Gamecube, PS1, PS2, Xbox, Xbox360 games?

NES ✔
NeoGeo ✔
SNES ✔
Genesis ✔
MAME ✔ (obviously not as compatible as the PC version, but still very far reaching)
PS1 ✔ (via on-disc games only atm)
PS2 ✔ (via on-disc games only on systems that support backwards compatibility)

Gamecube -- Dolphin has not been ported. It likely needs more horsepower than the PS3 would be able to provide.

Xbox -- Not even a stable PC emulator exists

Xbox 360 -- LOL

 

[Tess3ract]

PS4 might be able to emulate dolphin, poorly at best

xbox and 360 it would take simply too much resources right now. have your pc, emulate a mini pc? See me in 10 years and maybe then.

 

[Conflict NZ]

So, we already have emulators for NES, SNES, Gamecube, PS1, PS2, Xbox, Xbox360 games?

You should probably do a little research before asking questions like that. Current consoles will never be able to emulate other current consoles and will struggle heavily trying to use software methods to emulate last generation consoles. PS3 has a built in PS1 emulator.

 

[Exentryk]

Well if the Wii can run Gamecube games via homebrew, then it should be a piece of cake for the PS3, right? Mario Party 4 on the PS3 would be awesome using the dualshock 3s

You should probably do a little research before asking questions like that. Current consoles will never be able to emulate other current consoles and will struggle heavily trying to use software methods to emulate last generation consoles. PS3 has a built in PS1 emulator.

Research? No thanks. Not when I can get you to do it for me.

 

[GoofsterStud]

NES ✔
NeoGeo ✔
SNES ✔
Genesis ✔
MAME ✔ (obviously not as compatible as the PC version, but still very far reaching)
PS1 ✔ (via on-disc games only atm)
PS2 ✔ (via on-disc games only on systems that support backwards compatibility)

Gamecube -- Dolphin has not been ported. It likely needs more horsepower than the PS3 would be able to provide.

Xbox -- Not even a stable PC emulator exists

Xbox 360 -- LOL

You forgot PS2 emulation (requires disc) from software emulation. Granted compatibility is low, it's still something.

You also forgot PSP titles.

 

[I NEED SCISSORS]

No they still wont. Not until they can ignore or phase out needing the other checks on new ps3s, additionally those people would never be able to downgrade very far, but would be able to "overwrite" potentially.

I'm not fully in the know, but i'm assuming what you are suggesting is that you need to go from 3.55 -> this new firmware?

 

[linkboy]

Well if the Wii can run Gamecube games via homebrew, then it should be a piece of cake for the PS3, right? Mario Party 4 on the PS3 would be awesome using the dualshock 3s

The Wii runs Gamecube game by physically turning into a GC (and you don't need homebrew to do it, it does it out of the box). Try using your Wiimote when running a GC game.

 

[itxaka]

You forgot PS2 emulation (requires disc) from software emulation. Granted compatibility is low, it's still something.

You also forgot PSP titles.

Umm. That means that if instead of buying god hand on psn I insert the disc it will run?

I thougth they wrapped the ps2 games in some special way to make them playable, not that you could use your own disc. Awesome if so, ps2 games are cheap as hell.

 

[androvsky]

Umm. That means that if instead of buying god hand on psn I insert the disc it will run?

I thougth they wrapped the ps2 games in some special way to make them playable, not that you could use your own disc. Awesome if so, ps2 games are cheap as hell.

That's the thing, we don't know for sure. Sony describes them in such a way as to suggest they've changed the actual games to run better on the PS3. But the phenomenally low amount of effort that's gone into putting PS2 games on PSN, the fact they already had a software emulator running two years before they started selling them on PSN, and the way the PS3's OS essentially shuts down when playing them all makes it seem like they're really being emulated. That, and Sony told Sega they were doing software emulation of all PS2 games back in 2009.

Seeing how exactly PS2 games on PSN run is one of the things I'm looking forward to the most, honestly.

 

[N.A]

Hopefully the new keys will allow someone to decrypt the PS2 classics on PSN and allow them to inject any game into it (similar to the PSP PSX emulator).

 

[Whitebison]

C'mon, there has to be a way to downgrade from 4.25 OFW to 3.55 or something by software, my ps3 i't s was 3.40 when i bought it but I don't want to use a e3 flasher etc...

I just feel uncomfortable opening the console...

 

[N.A]

C'mon, there has to be a way to downgrade from 4.25 OFW to 3.55 or something by software, my ps3 i't s was 3.40 when i bought it but I don't want to use a e3 flasher etc...

I just feel uncomfortable opening the console...

Unlikely to happen. Sony blacklisted the keys used to sign CFW in 3.56 and fixed the private key random number bug so no more will be found.

The only hope is a new exploit.

 

[Tess3ract]

I'm not fully in the know, but i'm assuming what you are suggesting is that you need to go from 3.55 -> this new firmware?

That's exactly what I'm saying.

 

[djblue89]

For those on 3.55, you might want to stay on it, with the release of Resident Evil 6 eboot and Lollipop chainsaw eboot.

 

[AdawgDaFAB]

Is there any way to emulate disc swapping? I'd like to be able to play Dynasty Warriors 7 XL completely, but in order to do so I'd need to be able to swap in the DW7 disc to unlock the DW7 game modes.

I don't know of any other PS3 games that use this however, so I'm unsure if anyone will bother finding a way to make it work.

 

[Triple Da G.O.D!]

Have we gotten to Region-Free PS2 on Phats yet?

Kind of tired of still having to pull out the PS2 for that.

 

[MMaRsu]

For those on 3.55, you might want to stay on it, with the release of Resident Evil 6 eboot and Lollipop chainsaw eboot.

Yeah but nobody cares about those games.. i want info on rebug: p

 

[ThoughtsOfSpeaking]

It was my understanding that most of the major emu's worth using were included under the "RetroArch" banner which is included in the complete multiMAN installation. Deank, the main developer behind multiMAN has updated his software to offer compatibility for the 4.21 Rogero firmware.

multiMAN changelog

4.08.00

* [B]Added proper support for [Hermes] for 4.21CEX ROGERO (SC-8)[/B]
* Fixed issue with loading split games from external USB HDD
* Improved support in lastGAME, gameDATA and bdRESET applications

oh wow. I dont think I've updated multiman in months.


I still launch my emus seperately

 

[TheChewyWaffles]

So I'm in denial that I can't partake in this goodness...if I'm on 4.25 I can't downgrade, right?

 

[MMaRsu]

So I'm in denial that I can't partake in this goodness...if I'm on 4.25 I can't downgrade, right?

Correct.

 

[Naked Snake]

I'm getting impatient about a stable CFW 4.21...

 

[Tess3ract]

To clarify:

This means that these keys are only useful if you have write access to lv0, which means a hardware flasher, or an already exploited console, or a system exploit that lets you do so.

Basically unless something happens, if you have a new console and don't want to get a hw flasher to downgrade (messy/complicated) you're SOL.

Until an exploit is found, people 3.56+ are on the sidelines.

I'm getting impatient about a stable CFW 4.21...

Other than the XMB issues some complain about, the bricking concerns only happen during the update. If you didn't brick it, you're golden.

 

[Slightly Live]

Apparently fat PS3's are "safe" to upgrade to CFW 4.21.

(There's always a risk in installing any FW, CFR or otherwise)

 

[KojiKnight]

The Wii runs Gamecube game by physically turning into a GC (and you don't need homebrew to do it, it does it out of the box). Try using your Wiimote when running a GC game.

Look up something called "Devolution". It's software that allows you to run GCN games in Wii mode on a hacked Wii...

Not to be confused with Dios Mios which runs in GCN mode with USB drivers, it actually runs GCN games while in Wii mode and thus has access to all of the Wii hardware, though proper support for the hardware isn't there yet. That is, they still need to write code to allow use of classic controllers as gamecube controllers, but Wiimotes and everything do sync.

(edit) I covered the lv0 things a bit in the other thread, but basically yes if you are currently above 3.55 and not on a custom firmware, lv0 keys don't magically give you access to CFW. What it DOES do is gives developers free reign to dump/explore all versions of the PS3 firmware to look for more exploits. It also means that once an exploit with a sufficient enough access level is discovered, they'll be able to quickly turn that into a custom firmware everyone can use.

 

[drkOne]

What's the hardware process of downgrading a 4.25 60GB Europe Launch console?

Buy a USB stick and plug it in? Soldering?

I miss my multiman, but at the time I really wanted to play UMvC3 online.

 

[Tess3ract]

What's the hardware process of downgrading a 4.25 60GB Europe Launch console?

Buy a USB stick and plug it in? Soldering?

I miss my multiman, but at the time I really wanted to play UMvC3 online.

Soldering and disassembling the entire ps3 and shit. Have fun.

 

[criesofthepast]

Soldering and disassembling the entire ps3 and shit. Have fun.

You don't have to solder anything. There is a solderless e3 flasher.

But yeah downgrading isn't exactly cheap or easy for someone who isn't very experienced with opening things up. The PS3 (slim at least) isn't too daunting on the inside though. Everything is fairly neat in there.

 

[beanman25]

I'm on 4.25, can someone PM me where to keep an eye out for CFW? Or will someone likely post it here?


Thanks!

 

[freshair]

I'm on 4.25, can someone PM me where to keep an eye out for CFW? Or will someone likely post it here?


Thanks!

Psx-Scene.com is legit (no warez or piracy) and http://www.ps3hax.net/ (linked in the OP).

 

[Tess3ract]

Just auto subscribe to threads you post in goofballs.

 

[intheinbetween]

I'm on 4.25, can someone PM me where to keep an eye out for CFW? Or will someone likely post it here?


Thanks!

www.ps3hax.net
www.ps3crunch.net

 

[beanman25]

Thank you guys! I'll keep an eye out.


I will start subscribing, never tried it out before haha.

 

[ohlawd]

Basically unless something happens, if you have a new console and don't want to get a hw flasher to downgrade (messy/complicated) you're SOL.

Until an exploit is found, people 3.56+ are on the sidelines.

Ahh man. This sucks.

 

[cacildo]

- What´s the name of what we are looking for? (like, 4.21, rogero, what?)

- is it safe? when will it be safe?

- Im on 3.55 kmeaw. However i installed that "spoofer" (i think) so the system thinks you´re in current FW and can access PSN (but i was never able to). Should i be worried?