PS3 Jailbreaking       Thread starter Blade       2294       4
Status
Not open for further replies.

Blade

Member
Contributor
First of all, sorry for my noob-english.

True or false?
1) If we got the 4.81 Private key, would we be able to install CFW4.81 over OFW4.81?
2) Bruteforcing that Private Key would take ages?
3) What about crowd bruteforcing?

If everybody, bruteforce one part of the list, AND if we would have a good system, to assign the proper parts to the user (so nothing gets calculated twice), a good community (like ours) could get it done in a reasonable time.

It would be perfect, if not only PCs would be calculating nodes, but also CFW-PS3s. So everybody could install a pkg and start calculating.

4) Is this a bullsh*t-idea or a base worth it to think further?

Cheers
Blade
 

PSXHAX

Staff Member
Moderator
Contributor
Verified
There is a decent post by svenmullet I'll quote to answer this:

Since I see this question all the time, I thought I'd do the forum a favor and explain why 4.X CFW can't be installed on OFW higher than 3.55. (at the moment)

The PS3 uses a sophisticated security measure called ECDSA (Elliptic Curve Digital Signature Algorithm), I won't go into that here, but suffice it to say, there are certain things the PS3 will not do unless the Private key is used to sign with. Installing system software is one of those things.

Thanks to the Lv0 key leak, we can decrypt Lv0 and reverse it in IDA to derive the loader keys, etc, and in turn decrypt the loaders and derive other keys further down the line, allowing us to completely decrypt any firmware and modify it.

However, when re-signing/repacking the files, the highest FW version for which we have Private keys is 3.55, so we must use those to encrypt/sign/package the PUP for installation. OFW higher than 3.55 looks at the PUP and says "Nope, signed with 3.55 private keys, which are revoked. Error and quit".

The reason we have <=3.55 private keys is because of an incorrect implementation of ECDSA; Sony used a static value in the algorithm instead of random, which makes it trivial to derive the private key from the public key. They fixed the error and secured the console properly in 3.56+.

The public keys we can get from 3.56+ work to decrypt files, but we cannot re-sign files with public keys, therefore, we can't (currently) make a PUP that will install on OFW 3.56+.

To give you an idea of what the difference is between Private and Public keys: Suppose you have a Private key 0x12345678, you can derive a Public key from that by performing an algorithm on it, for instance:
  • Reverse bytes to 0x21436587
  • Rotate left: 0x14365872
  • XOR with an arbitrary value, (eg. 0x11111111) =0x5274963
0x5274963 is the Public key. This is what you give to people so they can decrypt your files. After all, they don't know the super-secret algorithm, so they can't easily derive the Private key. When checking the signature, you do the above steps in reverse:
  • 0x5274963 XOR 0x11111111 = 0x14365872
  • Rotate right: 0x21436587
  • Reverse bytes to 0x12345678 and voila! The Public key is valid!
That was a very basic, simple implementation of how a Private/Public key works- ECDSA is uncrackable because it is impossible to derive the Private key from the Public key using math, the only known way to break the security on it is brute force, which when dealing with 160 bit keys involves a very, very huge amount of possible keys. It would take much, much longer than the estimated age of the universe to crack it, in fact. Kinda pointless considering it's a video game console ;)
 

bajolzas

Senior Member
Contributor
Verified
about the crowd bruteforcing, i dont know how that would work, but it would still take a lot of time and we would have to be very lucky (we could get it at the first try, just not likely) also at this point it is just not worth it for ps3, if you want a jailbroken one you just have to buy a 2nd hand ps3.

for ps4 it would be another story, but then again it could end up being simply a waste of time and resources.
 

Blade

Member
Contributor
Thank you so much everyone and sorry for the noobness <3

Thread can be closed.

Something to make you laugh about me: (or at least put a smile on your face)

So if anyone has nothing better to do, he would rather crack the algorithm, by feeding a DEX-CFW with dummy PUPs and track the process of the signature check in mermory in realtime. xaxaxa
 
Status
Not open for further replies.
Recent Articles
Some of the PlayStation 4 E3 2019 PS4 Trailer Videos!
We've seen a Watch Dogs: Legion PS4, Marvel Avengers: A-Day PS4 and some Final Fantasy VIII Remastered & Final Fantasy VII Remake PS4 videos from E3 2019, and below are several more PlayStation 4...
Crash Team Racing: Nitro-Fueled Races to PS4 Next Week
CTR racers on your mark, get set, go... as Crash Team Racing: Nitro-Fueled speeds onto PlayStation 4 next week. šŸŽ šŸ Get ready to go fur-throttle in the fully-remastered and revved up to the max...
TurboGrafx-16 Mini, PC Engine Mini & PC Engine CoreGrafx Mini by Konami
A few months back we covered the Sega Genesis Mini reveal, and during E3 2019 Konami announced a TurboGrafx-16 Mini, PC Engine Mini and PC Engine CoreGrafx Mini on their official site for...
PS4 Firmware / System Software 6.80 Preview Program PUP and Features
As reported earlier this month, since their recent 6.71 PS4 OFW Update those enrolled in Sony's PlayStation Preview Program can now download and install the PS4 Firmware / System Software 6.80...
Top