Συνέντευξη με τον Mathieulh

Μία ακόμα συνέντευξη με τον Mathieulh που δίνει νέα tips στο πώς να σπάσει κάποιος τα κλειδιά του 3.60 OFW.Παράλληλα ο πιο εκνευριστικός...χάκερ της PS3 σκηνής σχολιάζει τον Graf Chokolo και το Rebug CFW.Διαβάστε την παρακάτω και εκνευριστείτε κι εσείς...

[X] what is pissing me off is that honest developers like graf_chokolo are getting sued. I dont care about saving pirates, let them have it

[Mathieulh] yeah, graf didn’t deserve this

[Mathieulh] then people wonder why I am not sharing keys… xD

[X] his goal ultimately afaik was to even /remove/ GameOS, get Linux/BSD on it and make it a devbox without even possible piracy

[X] if graf gets sued for upping ‘coolstuff.rar’, I can only imaging what they like to do with a Sony PUP thatenables piracy/PSN contentrobbing/debug-PSN

[Mathieulh] X graf really got sued because he started sharing npdrm eboots

[Mathieulh] so Sony’s lawyers thought “hey! There’s something we can pwn this guy with !”

[Mathieulh] of course Sony are really pissed cause graf reverses their stupid hypervisor

[Mathieulh] but that’s not what they’d nail him with in court

[X1] i never saw graf sharing npdrm eboots

[X] in the PDFs they also mention his memorydumps etc. as illegal

[Mathieulh] X1 he did, back in loser’s blog

[X1] only pasting about decrypted text from sonic4

[X1] nothing more.

[X1] also his payload

[Mathieulh] he asked for npdrm eboots to decrypt and sh*t

[Mathieulh] so he could test his decryption payload

[X1] ye i saw his request…

[Mathieulh] of course he didn’t have piracy in mind

[Mathieulh] yah, that’s enough for SCE’s lawyers

[X1] ok butbut

[X1] SCE now go against him because of hv + linux

[Mathieulh] X yah it’s not, it can contain copyrighted binary code

[X1] *goes

[Mathieulh] X1 yah they do

[Mathieulh] but they started because they knew they can get him for the npdrm stuff

[X1] he should get a better lawyer

[Mathieulh] you don’t start a legal battle unless you have some grounds for wining

[X1] and technical guy

[X] he sure need a better one X1

[Mathieulh] obviously

It’s obvious that many of good developers, such as Mathieulh aren’t happy with the direction of the PS3 hacking scene–with the release of the Rebug custom firmware, it doesn’t help with the situation and Mathieulh has a lot to say (complain) about it:

[Mathieulh] just look at how people behaved with rebug

[X1] also because they still planned +5years for ps3

[Mathieulh] they are hording the debug store now

[Mathieulh] if they had npdrm they’d be totally warezing the rest of the store and making cod lobbies

[Mathieulh] I mean X seriously, those rebug guys even tried getting credits for Mr Anonymous’ sh*t

[Mathieulh] well, those Rebug “devs” claim to be l33t h4xx0r, all they do is to do some scripting and use official debug sh*t + already released tools

[Mathieulh] they totally knew ALL rebug allows is to warez xD

[Mathieulh] and they still released their stuffs

[Mathieulh] you can’t even debug using rebug

[Mathieulh] When sony gets pissed off enough by people hording the debug stores, they’ll probably start adding the rebug guys to their court collection

[X1] I’m still amazed the still didnt after the first week

[Mathieulh] they didn’t do anything yet

[Mathieulh] they are probably considering their options right now

[Mathieulh] and they probably needed a week to figure out that morons were messing with sp-ibt

[Mathieulh] int *

[Mathieulh] they probably know by now though

[Mathieulh] if I were them, I’d be logging everyone that’s not on a real debug box

[Mathieulh] and add their ips to the court exhibits xD

[Mathieulh] I am glad those rebug guys don’t know half of what can be done with their stuff

[Mathieulh] but that rebug sh*t has shown me how I’ve been more than right not to share those keys

[Mathieulh] besides, if I did, I’d get sued

[Mathieulh] that’s not really my forte

[X8] what’s the problem with rebug anyway? they are ruining online games or?

[Mathieulh] X8 they are warezing, spoofing’s proples accounts on production servers in call of duty games and so on

Below, Mathieulh discuss the process of obtaining the 3.60 application keys–the path to custom firmware v3.60+.

[X1] why would they care about bootldr keys?

[Mathieulh] X1 cause you can get lv0 decrypted

[Mathieulh] once you get lv0 decrypted

[Mathieulh] you get appldr

[Mathieulh] once you get appldr

[Mathieulh] you get 3.60 application keys

[Mathieulh] once you get that

[Mathieulh] you warez

[X] mess with the devs and you mess with my future game producers X8

[X8] also, with those keys you can sign your own lv0, no ps3 fw update can beat you then

[Mathieulh] yah

[Mathieulh] you can have your 3.60+ custom firmware then

[Mathieulh] and warez even more

[Mathieulh] and mess with the psn again

[Mathieulh] and so on

[Mathieulh] the guy who leaks those keys, Sony will totally be after him xD

[X8] yep.

[X8] *ss raped, sued into oblivion

[Mathieulh] yah xD

[Mathieulh] stcuk in that back room with 12 hairy monkeys xD

[Mathieulh] even just leaking the 3.60 app keys would piss them off already

Are you interested in cracking the latest security found on firmware v3.60? If so, Mathieulh has decided to help you out a bit–but it will not be easy.

[Mathieulh] yah

[Mathieulh] so I know what it takes

[Mathieulh] and pwning the bootloader is easier

[Mathieulh] that just gives you an idea

[X1] how easy?

[Mathieulh] pwning the bl is HARD too

[Mathieulh] but it’s not that HARD

[X] I always keep in mind that you still have bricked consoles – that is keeping me from trying bad stuff beyond my comprehention xD

[Mathieulh] it’s not only about knowing the aim algo and sh*t

[Mathieulh] it’s also about what values you need to change

[Mathieulh] and how

[Mathieulh] you can’t just change the target to 0×82 and call it a day

[Mathieulh] and if you do the slightest f*ck up

[Mathieulh] you brick

[Mathieulh] and I really mean the slightest

[Mathieulh] then it’s lv0 brick

[Mathieulh] cause lv0 does extensive idps checks

[X] btw, I saw a quote somewhere that mentions you said something like ‘pwning loaders can be done with a single line of code’ (yes, that very same site you ranted just now). How true is this?

[Mathieulh] X nah, not a single line of code, at least not for the implementation

[Mathieulh] but finding the exploit itself

[Mathieulh] is EASY

[Mathieulh] except no one has gone looking

[Mathieulh] I’ve seen lots of askings and whining, very little looking xD

[Mathieulh] if someone who remotely knows spu reversing starts looking

[Mathieulh] he’ll find it

[Mathieulh] at the very worse in a matter of hours

[Mathieulh] the bug is retardly stupid to begin with

[X] LV0, EID0, anything with coreOS imo should not be done without a hardwareflasher. Atleast with that you can undo the mess.

[Mathieulh] yeah

[Mathieulh] I am a bit of a red head here xD

[X] you keep saying that, but I suck at SPU assembly

[Mathieulh] you’d find it even if you fail at it

[Mathieulh] you just need to know where to look

[Mathieulh] just look at how selfs are processed by ldrs

[Mathieulh] and you’ll find it

[Mathieulh] hell, I’ll help you, it’s about overflowing a certain buffer

[X] yes, that is what defyboy and I tried to document in the ps3devwiki : bootprocess and loader locations etc.

[Mathieulh] well if you know how selfs are processed by loaders, it’s easy

[Mathieulh] another hint

[Mathieulh] it happens before the ecdsa check

[X] my earlier guess btw was that it was a header overflow, which gave access to the local storage

[Mathieulh] It’s a retarded exploit

[Mathieulh] if you want to know what it is, I’ll tell you

[Mathieulh] the function that copies the SCE header from the shared LS to the isolated Local Store

[Mathieulh] doesn’t check the header’s size

[Mathieulh] it’s just THAT retarded

[Mathieulh] implementing it isn’t easy though

[Mathieulh] cause loaders have failsafes and sh*t

[Mathieulh] but now that you know, you can try it on your own

[Mathieulh] you craft a self with a HUGE header

[Mathieulh] so it overwrites ldr code as it gets copied to the isolated LS

[Mathieulh] and you wait the loader to jump to it

[X1] lolol must try heh

[Mathieulh] X1 it’s a total bitch to implement

[Mathieulh] but feel free xD

[X1]

[Mathieulh] there are probably other fails anyway

[Mathieulh] I should start looking for more

[X] you can never have enough exploits in the backpocket Mathieulh

[Mathieulh] if someone pwns the bl with this and gets the keys, he’ll have my kudos

[Mathieulh] cause finding the exploit is the easy part

[Mathieulh] Sony’ll fix it now, but it’s not like I care much

[Mathieulh] their “unhackable” ps3s are probably already on the way