Editing KaKaRoTo Kind of ´Jailbreak´

= How it all started =
   Updated my ps3 to 3.73... oh and THEN I jailbroke it! (kind of) :D

   1 - I won't share it until it's ready to use (still a bit complicated + some missing components), 2 - don't update if you're on 3.55.

   The "kind of" meant I need to fix NPDRM algo for it to run. And no, this will not allow backup managers. And no, it's not a CFW
[https://twitter.com/#!/KaKaRoToKS Twitter]

== First Read ==
You might want to read this first: [http://kakaroto.homelinux.net/2011/11/clarifications-about-3-73-jailbreak/ Clarifications about 3.73 “jailbreak”]

In short: It means one wall taken, 2 others still intact:
   1) getting in   2) getting access/to run   3) takeover/modify systemfiles
What we call 'jailbreaking is actually more like breaking inside jail to revolt.

=== Q&A ===
Q: Will I need special hardware (e.g. flasher, dongle, modchip etc.)? <br />
A: No. <br />

Q: Will homebrew work? <br />
A: With <abbr title="Makeself NP-DRM signing">NPDRM</abbr> fixed, yes. Showtime would certainly be possible. <br />

Q: Will recent games play correct? <br />
A: Yes, its 4.x, sure it plays all 1.00 - 4.x games. <br />

Q: Will PSN work? <br />
A: Yes, its 4.x, sure goes online without problems. <br />

Q: Does it have Peek & Poke? <br />
A: No. Peek & Poke require modifying lv1 and lv2. <br />

Q: Do Backup manangers (e.g. [http://code.google.com/p/multiman/ MultiMAN], Rogero etc.) work? <br />
A: No, see previously answer about Peek & Poke. <br />

Q: Will my old homebrew still work? <br />
A: No. All homebrew need the fixed <abbr title="Makeself NP-DRM signing">NPDRM</abbr>. Homebrew that relies on specific other patched functions/syscalls (e.g. Peek&Poke, BDemu etc.) will not work either, see previously answer about Peek & Poke. <br />

Q: Does it gets us keys? <br />
A: No. <br />

Q: Does it gets us "CFW"/MFW? <br />
A: No. <br />

Q: Does OtherOS++ (Linux/FreeBSD) work? <br />
A: No. Sony removed OtherOS feature after 3.15 and OtherOS++ relies on modifying the firmware. See previous "CFW"/MFW question. <br />

Q: Will it allow downgrade? <br />
A: No. <br />

Q: Does it work on all PS3 models? <br />
A: Yes. all current models.<!--//including CECH-300.A/CECH-300.B with KTE-001 board//--> <br />

Q: Are there brick risks? <br />
A: No (standard disclaimer: It will be tested rigorously before release as you can expect from anything that KaKaRoTo has put his name on). <br />

Q: Will this only work on 4.x? <br />
A: No. It was pretested on 3.60 and again confirmed on 3.73 before any public Tweet about it. <br />

Q: What if Sony releases 4.x+ before release? <br />
A: In that case it will be pretested on that version. <br />

Q: So why are all the newssites hyping this that it does give CFW? <br />
A: Because they don't read wiki's/blog's xD Besides, every minor news gets 'prolly CFW soon!' tagged by the bad ones. <br />

Q: Is there a release date? <br />
A: No, besides KaKaRoTo not able to work on it for 2 weeks, it also relies on (other people) fixing <abbr title="Makeself NP-DRM signing">NPDRM</abbr>. <br />


=== Current Status ===

I'm sick and tired of people asking me every day "please update the status" or "why didn't you update it in the last 2 hours" or "is the status correct ?" or "what does the letter I mean?" or "Why is that task still at 0%" or "why didn't that task change today?", etc... 

I thought I'd give you a status page so you can follow SILENTLY the progress, but all it did was flood me even more with people asking me questions all the time about it, so I'm taking it down, you don't deserve to know wtf is happening or where we are in fixing all the issues (not 'you' specifically, but all those who can't keep their mouth shut and need to fucking annoy me every hour). Sorry for the collateral damage.

The current status is : IT"S BEING WORKED ON!!!! It will be release when it is ready, and asking me all the time about it IS NOT HELPING. I never answered anyone asking me about the status or when it will be released or all of that, so don't try the "maybe he'll answer me", no I won't, I just might block you instead.

-- KaKaRoTo

==== Intermezzo Update ====
Hello all,

I decided to post here because I needed a poll and I would like to have everyone's opinion.

As you all know, I have had a 'half jailbreak' ready for a few months now, I can install what I want on the ps3, even with the latest firmware version, but I cannot run the apps (unless they are real demos of course)... I started working on a way to find a new exploit in order to run the apps on 4.x but in the past 2 months, I've been very busy with work and with life and I haven't had any time to look into the ps3 hacking at all.

So now, I have a dilemna: I have this tool/code that can be useful to some people, but if I release it, sony might block it in their next version so the jailbreak will not work anymore., On the other hand, I'm not working on it anymore, and I don't want all those months of work to be wasted... And finally, there are some other talented devs that are working on trying to get code execution working... so what to do ? release my stuff as is and that's the end of it ? wait until I have more free time to finish it or until someone finds a way to make it into a full jailbreak ? wait for a few more months until a 'timeout' then release it as is no matter what happens ?

I'd like to point out that if I release it now, the most probable result is that: no one will use it, most will consider this completely useless, and sony will prevent it from being used on future firmwares. But at least, people will stop annoying me on twitter asking for a release (I wish! I bet that won't stop them!), and I'll stop being treated as a 'fake' (even though I don't care about that). Mostly I want to fulfill my promise of "I will release it" even though I wouldn't be fulfilling the "when it's ready" promise.
So.. what do you think ?

p.s: Note that the poll is just to better understand what the community wants, the results of the poll will not necessarily dictate what I will do, so even if 100% say release it now, it doesn't mean that I will release it now, I will simply take that into consideration before making a decision.
p.p.s: Other than voting in the poll, of course, you can also give your opinion as a comment to this thread.

Thanks,
KaKaRoTo 

Source: http://www.ps3hax.net/showthread.php?t=35721<br />
Poll: http://www.ps3hax.net/poll.php?do=showresults&pollid=305<br />


'''Update:'''

wow, thanks everyone who replied, I was busy today again then saw the 16 pages of comments, I do not yet have time to ever read through them, but I promise I will read everyone's comments (but I probably can't reply to everyone). I have read however the first 3 pages, and, along with the poll results, I get the general feeling that people do not want it to be released until it's finished. I saw a lot of "release it privately to trusted devs", my answer to you is : Yes, it is already in the hands of a few devs that I trust and while I have been busy for the past 2 months, they have continued their work on getting code execution working (and they made incredible advances since I left). I am hoping to see them unlocking the missing piece in the coming months, and hopefully by then, I'll be free again to help them and continue working with them!

I am still undecided but I'm very happy to see that many people are patient and believe in the "don't release until it's done", and I didn't see people whining about it taking so long (well I didn't read all the comments yet ) and i believe that my choice now is torn between "release when it's done" and "release in a few months if no new exploit is found", but I will not make any decisions for now, I will give it time and we'll see how it goes.

Thanks again for sharing your opinion with me. I hope that everyone will be happy and nobody gets disappointed when it's released (hopefully with code execution)

==== 3.60 keys Update ====
Q: recently 3.60 keys surfaced (lv1ldr, lv2ldr, isoldr, appldr), what does this mean for this release and the future?<br />
A: That is actually a multiparted answer:
:* now that several binairies ([[Iso module]] + [[CoreOS]] minus the loaders that are inside lv0) can be decrypted, more investigation can be done in them, which give a new boost in (unrelated to the HeN) other targets, like:
:** Hardwareless downgrades : [[Downgrading with PSgrade Dongle]] (lv1.self)
:** [[QA Flagging]] / systemtokens (spu_token_processor.self) and usertokens (spu_utoken_processor.self)
:** [[Emulation#ps2emu|PS2 compatibility]] (mc_iso_spu_module.self , me_iso_for_ps2emu.self , sv_iso_for_ps2emu.self)
:** Getting [[Per_Console_Keys#per_console_root_key_1_.2F_EID_root_key|per_console_root_key_1 / EID_root_key]] on 3.56+/slim3K (lv1.self , aim_spu_module.self)
:** [[Dev_Tools#SceTool|Backsigning]] [http://pastie.org/4369367 applications] for &lt;=3.55 and patch sys_proc_param_version (appldr.self , lv2_kernel.self)
:Q: So does this mean a future release would be sooner?
:A: Only God knows ;) But it can also be that because of the above, it would become meaningless/surpassed by better progress. So lets all hope for the best :)

==== lv0 key Update ====
<pre>Since the LV0 keys have now been leaked, I believe I can now share this info with you, to help out those who are trying to build their own 4.x CFW :
The NPDRM ECDSA signature in the SELF footer is checked by lv2. It first asks appldr to tell it whether or not the signature is to be checked, and appldr will only set the flag if the SELF is a NPDRM with key revision from 3.56+ (the ones without private keys). This means that the SELF files signed with the new 3.56+ keys still don't have their ecdsa checked (probably to speed up file loading).
If appldr says the ecdsa signature must be checked, then lv2 will verify it itself, and return an error if it's not correct. There are many ways to patch this check out.
1 - Patch out the check for the key revision in appldr
2 - Patch out the "set flag to 1" in appldr if the key revision is < 0xB
3 - Patch out the code in lv2 that stores the result from appldr
4 - Patch out the actual sigcheck function from lv2.
5 - Ignore the result of the ecdsa from lv2.

Here is one of the patches (the 4th one, patching out the check function from lv2) :
In memory 0x800000000005A2A8, which corresponds to offset 0x6a2a8 in lv2_kernel.elf, replace :
  e9 22 99 90 7c 08 02 a6
With :
  38 60 00 00 4e 80 00 20

This is for the 4.21 kernel (that was the latest one when I investigated this), I will leave it as an exercise to the reader to find the right offsets for the 4.25 and upcoming 4.30 kernel files.
And here's another bit of info... in 4.21 lv2, at memory address 0x800000000005AA98 (you figure out the file offset yourself), that's where lv2 loads the 'check_signature_flag' result from appldr, so if you prefer implementing method 3 above, just replace the 'ld %r0, flag_result_from_appldr' by 'ld %r0, 0' and you got another method of patching it out. Either solutions should work just the same though.
Enjoy homebrew back on 4.x CFW....

p.s: Thanks to flatz and glu0n who helped reversing this bit of info.</pre>
https://twitter.com/KaKaRoToKS/status/260742786972798977

===== MFW Builder related patches =====
https://github.com/cfwprpht/mfw/blob/master/tasks/patch_cos.tcl

=== The New "Tool" ===
On December 18th 2014, KaKaRoTo announced "a little something that might make you happy" to PS3 fans on his Twitter page [https://twitter.com/KaKaRoToKS/status/545399879498215425] with an attached link to a pastebin post. The post talks about some "exclusive info" refering to some sort of tool. The post mentioned can be read below.


''Hello PS3 fans!

''I have all these twitter followers who are completely useless (:p) and who tell me how to use my twitter (not to "spam" them with useless stuff :p) but now is ''finally the time for you to become useful and do something for a change!
''I know though that most of my followers just want to see some ps3 exclusive info, and since I've left the ps3 scene, many people were annoyed by some of my '''non-relevant' tweets.

''So here's the deal, I've entered a few contests on reddit and instructables and I'd be very happy if i won something and you will help me do that!
''If you help me win one of the contests, you'll get something in return that will make you very happy. Hint: It's a very useful PS3 tool that was never released before.

''So here's what you need to do : 
''Go to reddit and upvote my comment : http://www.reddit.com/r/3Dprinting/comments/2orjjk/lulzbot_mini_3d_printer_launch_contest/cmsl43u
''You can also go to the reddit contest and enter it yourself if you want a chance of winning a Lulzbot Mini 3D printer! http://www.reddit.com/r/3Dprinting/comments/2orjjk/lulzbot_mini_3d_printer_launch_contest/

''You will then go to my instructables and vote for them on each of the contests in which they are entered.
''To do that, you click on that "Vote" button in the top-right corner, and click the "Vote" button on each of the contests that appear. You will need to login to ''instructables (you can login using twitter/facebook/google+ directly) when you click the vote button. Also, I'm told that if you have adblock, it might give you an ''error when you click on vote, so just login first and it should be ok.
''I have made 4 instructables here :
''http://www.instructables.com/id/Litophanes-How-to-3D-Print-your-photos
''http://www.instructables.com/id/Build-a-3D-printed-Dalek/
''http://www.instructables.com/id/How-to-build-a-custom-bed-of-nails-tester-for-your
''http://www.instructables.com/id/How-to-setup-the-RAMBo-for-your-3D-printer

''You can also go to the instructables contests list and see which contest you find interesting (with interesting prizes) and enter it yourself : ''http://www.instructables.com/contest/

''Once you do all of that, you will receive (telepathically) my thanks, and on January 1st, I will be releasing something awesome for the PS3!

''Thanks everyone!!! 
''Merry Christmas, Happy Hanukah, Happy new year, etc... :)

It is currently unknown to what this tool may be but the post indicates that all will be revealed on January 1st 2015. The tool could be a possible indication of a new jailbreak on the horizon although it is obviously unconfirmed.

=== The Road beyond... ===
(or what can you and others do to expand the useability of it)

==== What is missing Prerelease (state at first public mention)? ====
* Fixing NPDRM
** Make PKG's install and run the SELFs.

==== What is missing after release? ====
* Peek & Poke
** lv1/lv2 dumping/patching
** Payloader3
** Backup Managers
* Downgrade (already possible with [[Hardware flashing]].
* 3.56+ keys / lv0 decrypted dump
** Modifying firmware files
*** OtherOS++

<!--// No, don't expect any leaks - not even hidden :P //-->

==== What is forever missing? ====
* 3.56 and higher private keys


{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>