PS3 Jailbreaking       Thread starter Blade       2400       4
Not open for further replies.


First of all, sorry for my noob-english.

True or false?
1) If we got the 4.81 Private key, would we be able to install CFW4.81 over OFW4.81?
2) Bruteforcing that Private Key would take ages?
3) What about crowd bruteforcing?

If everybody, bruteforce one part of the list, AND if we would have a good system, to assign the proper parts to the user (so nothing gets calculated twice), a good community (like ours) could get it done in a reasonable time.

It would be perfect, if not only PCs would be calculating nodes, but also CFW-PS3s. So everybody could install a pkg and start calculating.

4) Is this a bullsh*t-idea or a base worth it to think further?



Staff Member
There is a decent post by svenmullet I'll quote to answer this:

Since I see this question all the time, I thought I'd do the forum a favor and explain why 4.X CFW can't be installed on OFW higher than 3.55. (at the moment)

The PS3 uses a sophisticated security measure called ECDSA (Elliptic Curve Digital Signature Algorithm), I won't go into that here, but suffice it to say, there are certain things the PS3 will not do unless the Private key is used to sign with. Installing system software is one of those things.

Thanks to the Lv0 key leak, we can decrypt Lv0 and reverse it in IDA to derive the loader keys, etc, and in turn decrypt the loaders and derive other keys further down the line, allowing us to completely decrypt any firmware and modify it.

However, when re-signing/repacking the files, the highest FW version for which we have Private keys is 3.55, so we must use those to encrypt/sign/package the PUP for installation. OFW higher than 3.55 looks at the PUP and says "Nope, signed with 3.55 private keys, which are revoked. Error and quit".

The reason we have <=3.55 private keys is because of an incorrect implementation of ECDSA; Sony used a static value in the algorithm instead of random, which makes it trivial to derive the private key from the public key. They fixed the error and secured the console properly in 3.56+.

The public keys we can get from 3.56+ work to decrypt files, but we cannot re-sign files with public keys, therefore, we can't (currently) make a PUP that will install on OFW 3.56+.

To give you an idea of what the difference is between Private and Public keys: Suppose you have a Private key 0x12345678, you can derive a Public key from that by performing an algorithm on it, for instance:
  • Reverse bytes to 0x21436587
  • Rotate left: 0x14365872
  • XOR with an arbitrary value, (eg. 0x11111111) =0x5274963
0x5274963 is the Public key. This is what you give to people so they can decrypt your files. After all, they don't know the super-secret algorithm, so they can't easily derive the Private key. When checking the signature, you do the above steps in reverse:
  • 0x5274963 XOR 0x11111111 = 0x14365872
  • Rotate right: 0x21436587
  • Reverse bytes to 0x12345678 and voila! The Public key is valid!
That was a very basic, simple implementation of how a Private/Public key works- ECDSA is uncrackable because it is impossible to derive the Private key from the Public key using math, the only known way to break the security on it is brute force, which when dealing with 160 bit keys involves a very, very huge amount of possible keys. It would take much, much longer than the estimated age of the universe to crack it, in fact. Kinda pointless considering it's a video game console ;)


Senior Member
about the crowd bruteforcing, i dont know how that would work, but it would still take a lot of time and we would have to be very lucky (we could get it at the first try, just not likely) also at this point it is just not worth it for ps3, if you want a jailbroken one you just have to buy a 2nd hand ps3.

for ps4 it would be another story, but then again it could end up being simply a waste of time and resources.


Thank you so much everyone and sorry for the noobness <3

Thread can be closed.

Something to make you laugh about me: (or at least put a smile on your face)

So if anyone has nothing better to do, he would rather crack the algorithm, by feeding a DEX-CFW with dummy PUPs and track the process of the signature check in mermory in realtime. xaxaxa
Not open for further replies.
Recent Articles
Action-RPG Oninaki Joins New PlayStation 4 Games Next Week
Next week Tokyo RPG Factory's latest action-RPG Oninaki hits PlayStation 4 on August 22nd casting you as a Watcher, tasked with helping usher the souls of the departed into their next life. šŸ—¼...
Electric Purple, Red Camouflage, Titanium Blue & Rose Gold DS4 Controllers!
Earlier this year we saw an Alpine Green DualShock 4 PS4 Controller, and now Sony announced their latest batch of DualShock 4 PS4 Controllers will include Electric Purple, Red Camouflage, Titanium...
Iconit: PS4 Tool to Change PlayStation 4 Game Icons by OfficialAhmed
Following his PS4HEN Trophy Calculator release, developer OfficialAhmed shared Iconit v1.00 on Twitter today, which allows jailbroken console owners with PS4 HEN to change PlayStation 4 game icons...
PC Building Simulator for PlayStation 4 Arrives, PS4 Launch Trailer
While it can't compare to Origin PC's Big O, today The Irregular Corporation officially launched their PC Building Simulator for PS4 consoles providing users an inexpensive way to repair, test and...