Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS3 Jailbreaking       Thread starter Blade       4      
Status
Not open for further replies.

Blade

Member
Contributor
First of all, sorry for my noob-english.

True or false?
1) If we got the 4.81 Private key, would we be able to install CFW4.81 over OFW4.81?
2) Bruteforcing that Private Key would take ages?
3) What about crowd bruteforcing?

If everybody, bruteforce one part of the list, AND if we would have a good system, to assign the proper parts to the user (so nothing gets calculated twice), a good community (like ours) could get it done in a reasonable time.

It would be perfect, if not only PCs would be calculating nodes, but also CFW-PS3s. So everybody could install a pkg and start calculating.

4) Is this a bullsh*t-idea or a base worth it to think further?

Cheers
Blade
 
There is a decent post by svenmullet I'll quote to answer this:

Since I see this question all the time, I thought I'd do the forum a favor and explain why 4.X CFW can't be installed on OFW higher than 3.55. (at the moment)

The PS3 uses a sophisticated security measure called ECDSA (Elliptic Curve Digital Signature Algorithm), I won't go into that here, but suffice it to say, there are certain things the PS3 will not do unless the Private key is used to sign with. Installing system software is one of those things.

Thanks to the Lv0 key leak, we can decrypt Lv0 and reverse it in IDA to derive the loader keys, etc, and in turn decrypt the loaders and derive other keys further down the line, allowing us to completely decrypt any firmware and modify it.

However, when re-signing/repacking the files, the highest FW version for which we have Private keys is 3.55, so we must use those to encrypt/sign/package the PUP for installation. OFW higher than 3.55 looks at the PUP and says "Nope, signed with 3.55 private keys, which are revoked. Error and quit".

The reason we have <=3.55 private keys is because of an incorrect implementation of ECDSA; Sony used a static value in the algorithm instead of random, which makes it trivial to derive the private key from the public key. They fixed the error and secured the console properly in 3.56+.

The public keys we can get from 3.56+ work to decrypt files, but we cannot re-sign files with public keys, therefore, we can't (currently) make a PUP that will install on OFW 3.56+.

To give you an idea of what the difference is between Private and Public keys: Suppose you have a Private key 0x12345678, you can derive a Public key from that by performing an algorithm on it, for instance:
  • Reverse bytes to 0x21436587
  • Rotate left: 0x14365872
  • XOR with an arbitrary value, (eg. 0x11111111) =0x5274963
0x5274963 is the Public key. This is what you give to people so they can decrypt your files. After all, they don't know the super-secret algorithm, so they can't easily derive the Private key. When checking the signature, you do the above steps in reverse:
  • 0x5274963 XOR 0x11111111 = 0x14365872
  • Rotate right: 0x21436587
  • Reverse bytes to 0x12345678 and voila! The Public key is valid!
That was a very basic, simple implementation of how a Private/Public key works- ECDSA is uncrackable because it is impossible to derive the Private key from the Public key using math, the only known way to break the security on it is brute force, which when dealing with 160 bit keys involves a very, very huge amount of possible keys. It would take much, much longer than the estimated age of the universe to crack it, in fact. Kinda pointless considering it's a video game console ;)

And finally some ECDSA-related updates for those interested:
Overview of the PS3 Keys
 
about the crowd bruteforcing, i dont know how that would work, but it would still take a lot of time and we would have to be very lucky (we could get it at the first try, just not likely) also at this point it is just not worth it for ps3, if you want a jailbroken one you just have to buy a 2nd hand ps3.

for ps4 it would be another story, but then again it could end up being simply a waste of time and resources.
 
Thank you so much everyone and sorry for the noobness <3

Thread can be closed.

Something to make you laugh about me: (or at least put a smile on your face)

So if anyone has nothing better to do, he would rather crack the algorithm, by feeding a DEX-CFW with dummy PUPs and track the process of the signature check in mermory in realtime. xaxaxa
 
Status
Not open for further replies.
Back
Top