However, because bootldr is designed to run from a cold boot, it cannot be loaded into a “sandboxed” SPU like metldr can from the comfort of OS-mode code execution (which we had via the USB lv2 exploit), so the exploit is harder to pull off because you don’t have control over the rest of the software. However, Sony took a last ditch effort after that hack and wrapped everything after metldr into lv0, effectively using the only security they had left (bootldr and lv0) to attempt to re-secure their platform.īootldr suffers from the same exploit as metldr, so it was also doomed. At the time, this was enough to break the security of all released firmware to date, since everything that mattered was rooted in metldr (which is bootldr’s brother and is also decrypted by the per-console key). We did this for several later-stage loaders by using an exploit to dump them, and Geohot did it for metldr (the “second root” in the PS3’s bizarre boot process) using a different exploit (we replicated this, although our exploit might be different). However, because lv0 is also encrypted, including its signature block, we need that decryption key (which is part of bootldr) before we can decrypt the signature and apply the algorithm to derive the private key. This means that the lv0 private key was doomed from the start, ever since we demonstrated the screwup at the Chaos Communication Congress two years ago. Sony signed lv0 using the same broken process that they used for everything else, which leaks their private key. This second-stage bootloader verifies lv0. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it). “The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. Marcan, who is a valuable asset of the Wii and PS3 hacking scene has made some posts that will help clear the air on things, it helps clarify and break things down even more than what I had previously said in the original article both in technicality and in simplicity. I’ve bolded the important parts that you should pay attention to in his answers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |