If there’s one thing I’m good at, it’s rehashing other people statement and that’s what I’m gonna do today. As you can see, the scene is obsessed with the exploit that Mathieulh has found in the 3.56 firmware which eventually could take full control of the PS3 and hack future firmware releases from Sony.
Whether or not it can be compared with the exploit that geohot used to obtain metldr keys is still not clear, even from Mathieulh himself since geohot has been keeping his mouth shut about it although he did told everyone on IRC, the metldr exploit was done (or use) on a OtherOS enabled 3.15 console.
Enough with that, let’s get down to Mathieulh’s posts.
Actually the revocation list exploit doesn’t allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.
@jarmster
Ya well without a disassembly i guess its all speculation isn’t it math
This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)
You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)
Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions
For exemple the following instructions will dump the isolated LS to the SPU mailbox:
[code]loop:
rdch $3, ch29
lqd $3, 0($3)
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
rotqbyi $3, $3, 4
wrch ch28, $3
up_one:
br loop
br up_one[/code]Of course you’ll need a ppu payload to fetch the mailbox data.
Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.Finally the problem with isoldr and the revoke list exploit isn’t so much that the exploit doesn’t work (it actually does) It’s that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of)
Again, good luck in your endeavor.
When asked about NPDRM key in the equation. Here’s what he had to say.
There is more than one npdrm key. It’s not been released because the ones who have the skills to do it do not remotely care about pirating playstation store games (obviously).
Talk about NPDRM keys, as much as everyone wants it for mass piracy, it is really a stumbling block for our project in utilizing the built-in PS1 emulator on PS3 for good cause 
Proudly powered by
It will all come out soon enough.
true with that
Let him release the other npdrm keys so we can pirate dlc’s and psn games.
yeh let this son of a bitch release that shit!
Also need a new NPDRM key for signing selfs to use on 3.56+ since Sony revoked the one geohot was using. Then you’ll be able to downgrade 3.56+ and maybe other things by running selfs in service mode.
Sigh – I’d still like to read “PS3 hacking for dummies” to get my head around all these *ldr:s, keys and stuff – what we have, what we have not. Who released what, when. And why don’t ps3load work on 3.55.
http://www.edepot.com/playstation3.html#PS3_Security
[...] [VIA PS3Crunch] if(document.location.protocol=='http:'){ var Tynt=Tynt||[];Tynt.push('b7hmMIbwar4lNhadbi-bpO');Tynt.i={"b":true,"ba":true}; (function(){var s=document.createElement('script');s.async="async";s.type="text/javascript";s.src='http://tcr.tynt.com/ti.js';var h=document.getElementsByTagName('script')[0];h.parentNode.insertBefore(s,h);})(); } var AdBrite_Title_Color = 'e58138'; var AdBrite_Text_Color = '64647e'; var AdBrite_Background_Color = 'f0f0f0'; var AdBrite_Border_Color = 'f0f0f0'; var AdBrite_URL_Color = 'e58138'; try{var AdBrite_Iframe=window.top!=window.self?2:1;var AdBrite_Referrer=document.referrer==''?document.location:document.referrer;AdBrite_Referrer=encodeURIComponent(AdBrite_Referrer);}catch(e){var AdBrite_Iframe='';var AdBrite_Referrer='';} document.write(String.fromCharCode(60,83,67,82,73,80,84));document.write(' src="http://ads.adbrite.com/mb/text_group.php?sid=1429547&zs=3330305f323530&ifr='+AdBrite_Iframe+'&ref='+AdBrite_Referrer+'" type="text/javascript">');document.write(String.fromCharCode(60,47,83,67,82,73,80,84,62)); Your Ad Here [...]
[...] source: psx-scene via ps3crunch Share This [...]
[...] [...]
fUCK Theses guys and these flame wars. PS3 scene is in best moment since all
[...] – source: psx-scene via ps3crunch [...]
[...] ps3crunch.net Blog this! Bookmark on Delicious Digg this post Recommend on Facebook Buzz it up Share via MySpace [...]
[...] hay una cosa que yo soy bueno, es refrito declaración de otras personas y eso es lo que voy a hacer hoy. Como [...]
“he did told everyone” he did tell everyone. sorry but I notice that stuff
come on Mathieulh!! grow some balls and release it already!!
Little boy installed 3.56 today to play lego star wars 3… damnit… hope I’m back in the game soon.
This was more of an explanation on the revocation list exploit (and exploiting loaders in general) than on the 3.56+ exploit.
He`d better work on a 3.60 exploit,because it is useless to work on 3.56 now.
[...] 來源: psx-scene於ps3crunch 回應 (0) Tweet 3.56 :: 3.60 :: Mathieulh :: PS3 破解 :: PS3 軟件 :: 系統軟件 [...]
[...] man who is also currently in court battle with $ ONY, geohot, is allegedly using OtherOS in some way to help him obtain the metldr. The exploit has been widely compared with the one that [...]