PS3 S0ul From DemonHades Explains How to Obtain 3.6x Keys

Quote (DemonHades):
Hi demons,

this is a tutorial on how to obtain the 3.6+ keys, and it’s been made by S0ul and DemonHades (thanks to Demon for the info and for revising it). This is for all those people out there that think that finding the keys is easy.

Requirements:
– a brain
– expensive hardware
– Knowledge of motherboard designs (this is if you wanna obtain data from sockets)
– SMD and BGA knowledge (to desolder and solder smd and bga components)
– High Frequency Oscilloscopes (to log frequencies)
– PPC ASM knowledge (to modify lvs to be able to implement new functions)
– Knowledge of the PS3′s architecture (to know what’s an lv)
– a lot of patience

Let’s see how this rolls out:
To obtain the keys, we’ll need lv0 decrypted. Lv0 will unpack itself unto the RAM, and is decrypted with the bld key. There, the keys will already be in the SPU, which is like a safe, an impossible area to enter (isolated from the exterior).

When the loaders and the lvs are loaded unto the SPU, lv1 will clean any traces of the decrypted lvs and loaders from the memory. But who’s the one giving orders to clean? Lv1, therefore, it can be accessed with an exploited version.

To solve this problem, we’d need to make a modified lv1 that’ll copy the data we wanna get, the decrypted lv0 in memory, and then make it put that info aside, so we can then extract it, and after that, leave it continue its normal cleaning and mapping routines.
This way, we’ll have the part of the memory with lv0 safe for us to get, exposing lv0 to all its content.
From there, we’ll have appldr, that’ll be decrypted with lv0, and with it, we’ll have our “keys warehouse” available to us.

Do you still think it’s easy to obtain the keys? I don’t think so…

Greetings to everyone,
S0ul.

Subscribe for Latest News