Glitches, Cheats, Reviews, Discussions for the Latest and Hottest Video Games

Welcome to our forums Guest. We hope you have a nice stay Smile || New Better

    BluePrints For 3.60 Exploit or 3.56 All series for the PS3 (including BD-Drive+ PSP)


    Posts : 309
    Points : 21267
    Reputation : 53
    Join date : 2011-03-22
    Location : iPROFamily World

    BluePrints For 3.60 Exploit or 3.56 All series for the PS3 (including BD-Drive+ PSP)

    Post by iPROFamily on Mon Apr 11, 2011 3:24 pm

    Here it is. I am hoping by now the mods have closed my other thread.
    I have added more to the blue prints.
    1. BD-Drive BluePrint
    2. PS3 Model BluePrints: CECHA00, A01, CECHG, CECHC02, C03, C04, C08, CECHE01, E05, E11
    3. Also included the PSP-2000 TA-085

    Download for BluePrints: [You must be registered and logged in to see this link.]
    File Size is 108MB

    Your welcome I hope you guys are happy that I released this but I am sure a few of you have it[You must be registered and logged in to see this image.] Also IF YOU ARE WANTING TO TRY EXPLOITING 3.60 YOURSELF THIS IS REQUIRING 2 PS3's AN KNOWLEDGE OF SOLDERING.

    @xShadow125 You can update from your pwn pup only from 3.55 or lower, unless you have an exploit.

    @xShadow125 Of course that should be fixed in upcoming lv0 revisions anyway (By moving the ldrs to the top of lv0)

    @xShadow125 You run the 3.60 lv0, then you switch the nor, and pull the
    cell reset line, and you dump the extra KBs where the loaders are.

    @xShadow125 Basically you have a nor with 3.55 (or lower) lv0 and your
    own small lv1 code that does the dump, and 3.60 lv0 on the other.

    @xShadow125 You wont get all of lv0 but the part with the loaders shouldn’t be overwritten.

    @xShadow125 You can actually get all the 3.60 keys/loaders without
    knowing lv0 keys by dumping lv0 from ram with dual nor and signed lv1.

    To those planning on building a 3.56+ pup for whatever reason, the files
    attributes changed, the group and user ids for the files as well.

    The new 3.56+ values for tarballs are the following: owner_id, “0000764″
    group_id, “0000764″ owner, “tetsu” group, “tetsu” ustar, “ustar “

    You can use fix_tar to use those new values. Use with caution.

    By comparison, those are the pre-3.56 values. owner_id, “0001752″
    group_id, “0001274″ owner, “pup_tool” group, “psnes” ustar, “ustar “

    @Ps3WeOwnYoU You need to either decrypt or dump lv0, then you can get
    the encrypted loaders and decrypt them with the metldr key. Good luck.

    LV0 Console security by RMS

    Anyway, let’s really discuss something PS3 instead of my PC , let’s
    start with Lv0, the most unknown level of the PS3. Lv0 initializes PS3
    base hardware such as PowerPC/PPU portion of Cell/BE, SPU isolation for
    asecure_loader, and gelic ethernet/WLAN device. Lv0 also proudly
    proclaims itself as the “Cell OS Bootloader”. In older firmwares,
    0.80-ish to 3.56, Lv0 initialized SPU isolation on one of the SPUs, then
    it loaded and decrypted asecure_loader. Asecure_loader or metldr then
    decrypts the isolated loader, in this case, lv1ldr, then lv1ldr decrypts
    lv1.self. In 3.60 this changed. Lv0 now has all of the loaders
    integrated into it as one large fat binary. All the keys one needs such
    as Public ECDSA key/AES CBC key and Initialization Vector and ECDSA
    curve type are in there. Just go ahead and grab them if you can get the
    ldrs out of the binary.

    So, unless you can decrypt Lv0, no 3.60 “CFW” for you . Is there any need for it anyway?

    Mathieulh's facts about LV0

    1. lv0 isn’t a loader it’s a ppu binary

    2. Lv0 isn’t encrypted per console and can be updated with the rest of the coreos

    3. Lv0 is decrypted by the bootloader, there is no such thing as a lv0ldr.

    4. The bootloader keys cannot be updated/modified on EXISTING hardware

    5. lv0.2 is NOT a binary, it’s a new metadata for lv0 which is to be
    decrypted and verified by a new bootloader (which is to be available on
    future ps3s), it is NOT used by the current bootloader (and thus in
    current playstation 3 consoles)
    But wait, messing with this thing could lead to the YLOD tragedy, unless
    you have those expensive NOR flasher you might want to proceed, and
    that’s according to rms again.

    Lv0 also does some more interesting stuff such as SPU mailbox
    handling, and eEID integrity checks. Lv0 also used to check for QA flag
    and proper token, that is now in a spu isolated self in Core OS. Now, if
    you did tamper with eEID, lv0 will panic out, and your console will
    then “YLOD”, and you’d need a flasher for your PS3 to recover
    There you go, with all the information available out there i just wonder
    why didn’t anyone found the solution to the exploit that Mathieulh (and
    maybe some people we didn’t know) discovered weeks ago. Maybe instead
    of *****ing why the guy did not release anything, try listening to what
    he said this time.

      Current date/time is Tue Jan 22, 2019 1:37 pm