Just good news after good news for the PS3 scene recently, as the folks over at PS3DevWiki have documented and released on how to dump the PS3 per console keys! For the newb what this does is basically replace the current function JB2 aka TrueBlue! In short once the keys for per_console_key_0 are found, it will basically fully unlocks the PS3 and grant as CFW access on basically ALL firmwares! This is great news for everyone in the PS3 scene and is only a matter of time before we have the keys!
Sólo una buena noticia después de una buena noticia para la escena PS3 recientemente, como la gente encima en PS3DevWiki han documentado y puesto en libertad sobre la forma de volcar las llaves PS3! Para el Novato lo que hace es, básicamente, reemplazará a la actual función JB2 aka TrueBlue! En pocas palabras, una vez las llaves de per_console_key_0 se encuentran, básicamente se abre completamente la PS3 y la subvención como el acceso CFW en básicamente todos los firmwares! Esta es una gran noticia para todos en la escena PS3 y es sólo cuestión de tiempo antes de que tengamos las llaves!
per_console_root_key_0
metldr is decrypted with this key
bootldr is decrypted with this key
might be obtained with per_console_root_key_1? (largely speculative, not nec. true – need more looked into, only based on the behavior of the other derivatives known to be obtained through AES)
per_console_root_key_1 / EID_root_key
derived from per_console_key_0
stored inside metldr
copied to sector 0 by metldr
cleared by isoldr
Used to decrypt part of the EID
Used to derive further keys
can be obtained with a modified isoldr that dumps it
can be obtained with a derivation of this key going backwards
derived from per_console_key_0stored inside metldrcopied to sector 0 by metldrcleared by isoldrUsed to decrypt part of the EIDUsed to derive further keyscan be obtained with a modified isoldr that dumps it can be obtained with a derivation of this key going backwards
obtaining it
launch the patched isoldr with your prefered method
Option 1 – dumper kernel module
modify glevands spp_verifier_direct to dump the mbox to wherever_you_want and then (use the payload below as an example)
the example code on how to dump the mbox can be found on the Option 2 – dumper payload below
insmod ./spp_verifier_direct.ko
cat metldr > /proc/spp_verifier_direct/metldr
cat isoldr_PATCHED > /proc/spp_verifier_direct/isoldr
echo 1 > /proc/spp_verifier_direct/run
cat /proc/spp_verifier_direct/debug
cat /proc/spp_verifier_direct/wherever_you_want
Option 2 – dumper payload
http://pastie.org/pastes/2101977
patched isoldr to dump it
DO NOT CREATE AN MFW USING THIS IT WOULD BRICK
patched isoldr: http://www.multiupload.com/2MP5KY28EZ
this can be loaded as the payload stage2 in the payload marcan used to load linux
http://marcansoft.com/blog/2010/10/asbe ... as-gameos/
http://git.marcansoft.com/?p=asbestos.git
this can also be loaded as with lv2patcher and payloader3
https://github.com/euss/payloader3.git
Comments
What this selfs do is dump your ISOLATED SPU LS through your mbox, so you only need a way to cach this info with PPU code in lv2 enviroment aka a dongle payload or linux kernel
This has been tested and proven to work on 3.55 MFW
In the dump the remaining dump is the metldr clear code. metldr clears itself and all the registers an jumps to isoldr.
Overwritting that code lets you dump your key + metldr
per_console_root_key_2 / EID0_key
this key can be obtained through AES from EID_root_key
EID can be partially decrypted by setting this key in anergistics and fireing aim_spu_module.self
Load aim_spu_module.self + EID0 + EID0_key in anegistics = decrypted EID0
This code is to decrypt your EID0 on your PC http://pastie.org/2000330
The prerequisites are:
dump your EID0 from your ps3 and save it in the same folder as EID0
dump your EID0_key from your ps3 and put it on the code above where the key is needed
load all of them in anergistic
EID0_key could also be obtained with EID_root_key directly in the following manners:
knowing the algorithm (located in isoldr)and applying it to the EID_root_key
leting isoldr apply that algorithm directly in anergistic
the process is exactly as the one above (modifing anergistic to feed isoldr with EID_root_key
[edit]obtaining it
patched aim_spu_module to dump it
DO NOT CREATE AN MFW USING THIS IT WOULD BRICK
http://www.multiupload.com/1XUOOYS9I0
Fuente: Ps3hax.net
.
![[oki]](./images/smilies/net_thumbsup.gif "Ok!")
:3 
