Status update on the PS3 4.0 HEN

Here’s a “quick” status update on the 4.00 HEN (Homebrew ENabler) for PS3.

Following my clarifications from almost 2 months ago here, there has been a lot of progress. We have not been slacking off, we’re a group of about 10 developers working together for the last 2 months, for sometimes 15 hours everyday in order to bring back homebrew support to the latest version of the PS3.

There are three major parts to the HEN, first, getting the packages to install on the PS3, that part is done, completed, tested, debugged, etc.. the second part is to get the apps to run, that one still has major issues… the last part is something I will not discuss for now (it’s a surprise) but it’s about 60% to 70% done (and it has nothing to do with peek&poke and has nothing to do with backup managers or anything like that. This is and will stay a piracy-free solution for the PS3).

Now, running apps is the biggest challenge that we’ve been working on for the past 2 months. As some of you know, if you’ve been following me on Twitter, we originally had hoped for Mathieulh to give us the “npdrm hash algorithm” that was necessary to run the apps, but he was reluctant, he kept doing his usual whore so people would kiss his feet (or something else) so he’d feel good about himself. But in the end, he said that he refuses to give us the needed “npdrm hash algorithm” to make it work… So what I initially thought would be “this will be released next week” ended up taking a lot more time than expected, and we’re still nowhere near ready to make it work.

Mathieulh kept tossing his usual “riddles” which he thinks are “very helpful for those who have a brain”, and which pisses off anyone who actually does… so he told us that the solution to all our problems was to look in appldr of the 3.56 firmware.. and that it was something lv1 was sending appldr which made the “hash check” verified or not… so we spent one month and a lot of sweat and after killing a few of our brain cells out of exhaustion, we finally concluded that it was all bullshit. After one month of reading assembly code and checking and double-checking our results, we finally were able to confirm that that hash algorithm was NOT in the 3.56 firmware like he told us (at all).

He said  that it was an AES OMAC hash, but after tracking all the uses of the OMAC functions in appldr, we found that it was not used for the “hash”…  he then said “oh, I meant HMAC“, so we do that again and again come up with the same conclusion, then we’re sure it’s not in appldr, and then he says “ah no, it’s in lv1“.. have a look for yourself to what he decided to write : http://www.ps3devwiki.com/index.php?title=Talk:KaKaRoTo_Kind_of_%C2%B4Jailbreak%C2%B4

That happened after the huge twitter fight I had with him for being his usual arrogant ass and claiming that he “shared” something (For your information, the code that he shared was not his own, I have proof of that too (can’t show you the proof because even if I don’t respect him, I gave him my word to not share what he gave me, and I respect my word) since he forgot to remove the name of the original developer from one of the files… also it was completely useless and was not used at all, just made me waste a day reading the crappy undocumented code. So why is he still trying to force his “advice” through these riddles even after we had that fight? Well to sabotage us and make us lose all those months of hard work!

So anyways, we had all accepted that Mathieulh was full of shit (we knew before, but we gave him the benefit of the doubt) and decided to continue working without considering any of his useless riddles. So we then tried to exploit/decrypt the 3.60+ firmware in order to get the algorithm from there.

Now, a few more weeks later, we finally have succeeded in fully understanding that missing piece from the “npdrm hash algorithm”,  and here it is for everyone’s pleasure with some prerequisite explanation :

A game on the PS3 is an executable file in a format called a “SELF“file (kind of like .exe on windows), those “self” files are cryptographically signed and encrypted.. For PSN games (games that do not run from a bluray disc), they need to have an additional security layer called “NPDRM”. So a “npdrm self” is basically an executable that is encrypted and signed, then re-encrypetd again with some additional information. On 3.55 and lower, we were able to encrypt and sign our own self files so they would look like original (made by sony) “npdrm self” files, and the PS3 would run them without problem. However, it wasn’t really like an original file.. a real NPDRM self file had some additional information that the PS3 simply ignored, it did not check for that information, so we could put anything in it, and it worked. Since the 3.60 version, the PS3 now also validates this additional information, so it can now differentiate between NPDRM self files created by sony and the ones that we create ourselves for homebrew. That’s the “npdrm hash algorithm” that we have been trying to figure out, because once we can duplicate that information in the proper manner, then the PS3 will again think that those files are authentic and will let us play them.

Another important point to explain, I said a few times that the files are “signed”.. this means that there is an “ECDSA signature” in the file which the PS3 can verify. The ECDSA signature is something that allows the PS3 to verify if the file has been modified or not.. it is easy to validate the signature, but impossible to create one without having access to the “private keys” (think of it like a real signature, you can see your dad’s signature and recognize it, but you can’t sign it exactly like him, and you can recognize if your brother tried to forge his signature). So how were we able to sign the self files that were properly authenticated on 3.55? That’s because this “ECDSA signature” is just a very complicated mathematical equation (my head still hurts trying to fully understand it, but I might blog about it in the future and try to explain it in simple terms if people are interested you can learn about it here), and one very important part of this mathematical equation is that you need to use a random number to generate the signature, but Sony had failed and used the same number every time.. by doing that, it was easy to just find the private key (which allows us to forge perfectly the signature) by doing some mathematical equation on it. So to summarize, a “signed file” is a file which is digitally signed with an “ECDSA signature” that cannot be forged, unless you have the “private key” for it, which is impossible to obtain usually, but we were able to obtain it because Sony failed in implementing it properly.

Now, back on topic.. so what is this missing “npdrm hash algorithm” that we need? well it turns out that the “npdrm self” has a second signature, so it’s a “encrypted and signed self file” with an additional layer of security (the NPDRM layer) which re-encrypts it and re-signs it again. That second signature was not verified in 3.55 and is now verified since the 3.60 version of the PS3 firmware.

One important thing to note is that Sony did NOT make the same mistake with this signature, they always used a random number, so it it technically impossible to figure out the private key for it. To be more exact, this is the exact same case as the .pkg packages you install on the PS3, you need to patch the firmware (making it cfw) so that those .pkg files can be installed, and that’s because the .pkg files are signed with an ECDSA signature for which no one was able to get the private key. That’s why we call them “pseudo-retail packages” or “unsigned packages”.

The signature on the NPDRM self file uses the exact same ECDSA curve and the same key as the one used in PS3 .pkg files, so no one has (or could have) the private key for it. What this means is that, even though we finally figured out the missing piece and we now know how the NPDRM self is built, we simply cannot duplicate it.

The reason we wasted 2 months on this is because Mathieulh lied by saying that he can do it.. remember when the 4.0 was out and I said “I can confirm that my method still works” then he also confirmed that his “npdrm hash algorithm” still works too? well he didn’t do anything to confirm, he just lied about it because there is no way that he could have verified it because he doesn’t have the private key.

I said I will provide proof of the lies that Mathieulh gave us, so here they are : he said it’s in 3.56, that was a lie, he said it’s an AES OMAC, that was a lie,  he said it’s an HMAC, that was a lie, he said it’s in appldr, that was a lie, he said it’s in lv1, that was a lie, he said that he can do it, that was a lie, he said that “it takes one hour to figure it out if you have a brain”, that was a lie, he said that he verified it to work on 4.0, that was a lie, he said that he had the algorithm/keys, that was a lie, he said that once we know the algorithm used, we can reproduce it, that was a lie, he kept referring to it as “the hash”, that was wrong. The proof ? It’s an ECDSA signature, it’s not a hash (two very different terms for different things), it was verified by vsh.self, it was not in lv2, or lv1, or appldr, and the private key is unaccessible, so there is no way he could build his own npdrm self files. Now you know the real reason why he refused to “share” what he had.. it’s because he didn’t have it…

So why do all this? was it because his arrogance didn’t allow him to admit not knowing something? or was it because he wanted to make us lose all this time? To me, it looks like pure sabotage, it was misleading information to steer us away from the real part of the code that holds the solution…. That is of course, if we are kind enough to assume that he knew what/where it was in the first place.  In the end, he wasn’t smart enough to only lie about things that we could not verify.. now we know (we always knew, but now we have proof to back it) that he’s a liar, and I do not think that anyone will believe his lies anymore.

 

Enough talking about liars and drama queens, back to the 4.0 HEN solution… so what next? well, we now know that we can’t sign the file, so we can’t run our apps on 3.60+ (it can work on 3.56 though). What we will do is look for a different way, a completely new exploit that would allow the files we install to actual run on the PS3. We will also be looking for possible “signature collisions” and for that we will need the help of the community, hopefully there is a collision (same random number used twice) which will allow us to calculate the private key, and if that happens, then we can move forward with a release.

When will the “jailbreak” be released? If I knew, I’d tell you, but I don’t know.. I would have said in last november, then december, then before christmas, then before new year, etc… but as you can see, it’s impossible to predict what we will find.. we might get lucky and have it ready in a couple of days, or we may not and it will not be ready for another couple of months.. so all you need to do is : BE PATIENT (and please stop asking me about an estimated release date)!

I would like to thank the team who helped on this task for all this time and who never got discouraged, and I’d like to thank an anonymous contributor who recently joined us and who was instrumental in figuring it all out. We all believe that freedom starts with knowledge, and that knowledge should be open and available to all, that is why we are sharing this information with the world. We got the confirmation (by finding the public key used and verifying the signatures) yesterday and since sharing this information will not help Sony in any way to block our efforts in a future release, we have decided to share it with you.  We believe in transparency, we believe in openness, we believe in a free world, and we want you to be part of it.

If you want to know more about this ECDSA signature algorithm, I tried to explain it in a blog post here, also, you can read this interesting paper that explains it in detail, and you can also watch Team Fail0verflow’s CCC presentation that first explained Sony’s mistake in their implementation, which made custom firmwares possible.

 

Thanks for reading,

KaKaRoTo

 

297 thoughts on “Status update on the PS3 4.0 HEN

  1. Good stuff and glad their is people like yourselves willing to put the time and effort into coming up with solutions to make the ps3 even better and allowing for more customization and hope it goes well working it all out

  2. Thank you-Merci-Danke-Chokrane-Gràcies-Xièxie-Gracias-Arigatô-Rahmet-Obrigado-Ngiyabonga kakhulu.
    Biiiiiig uppp Kakaroto.

  3. Hey, is a timing attack like Xbox360 out of the question? I thought both consoles use IBM hardware so maybe suffer from same imperfection if you slow down the PS3’s CPU?

  4. Thank you so much for your great effort, and not being discouraged by this twat mathieulh. I hope there HAS been collision, but once again I can only hope. Good luck !
    Alex

  5. yy = xxx + ax + b where 4aaa+27bb is NOT 0

    X and Y are Private and public keys, and A and B are unknowns.

    Please email me. I’ve already done about 10 hours research in the last few days strictly on this. I need to know exactly how to fit this together. I’d love to help. 🙂

    [email protected]

  6. I really apreciate when someone know enough to make things understandable. I hope you success with your efforts!. 😀

  7. seriously u are awesome!!! love wat ur doin + quick question will otheros++ work 2 on the jb 4.00??? cant w8 4 the release! xxx

  8. Thank you for your time into this project. I and many other appreciate it even if it takes a long time.

  9. To have the keys, we need to have the decryption LV0. The desempaquetea LV0 is in RAM, and is decrypted with the key bld. There, the keys are already in the SPU, which is like a safe, impossible to enter (are isolated from the outside).

    When the loaders and lv are already loaded in the SPU, the lv1 clean all traces of the lv and loaders decompressed in memory. But who gives the order to clean? The lv1, so it is playable in an exploitable version!

    To solve the problem, you need to make a lv1 modified to copy the area of interest, the memory of LV0 and put it somewhere else, to then remove it, thereupon continue its routine cleaning and mapping. Thus, we have the memory LV0 safe. And so the LV0 gets exposed to everything.

    From there, we have the appldr, which needs to be decrypted with the LV0, and with that we have “keystore”.

    • Good thinking, but you forgot one thing, you can’t modify lv1 because the loader that decrypts lv1 (lv1ldr) is inside lv0… you can’t patch lv1ldr so you can’t modify lv1, so you can’t run it so you can’t dump lv0 🙂

      • …could you hijack it(for lack of a better term) after it’s already been decrypted? just curious (rudimentary programmer at best, but i was curious =) )

        • to do that, you need access to the RAM before it gets cleared, that means when lv1 is loaded, which you can’t do .. you’d need an exploit but those are hard to find.

  10. I know probably noobish question but what language is most of the ps3 written in? C/C++?

    Kinda new to PS3 hacking(Actualy haven’t hacked a PS3 but hacked PSP) and very curious to as how it ends up…. currently taking a CS1 class and finding this VERY interesting lol

    BUT good job guys. From what I’ve seen you guys are making great progress. Before you know it you’ll find where they screwed up. As me and my family says “Nothing is unhackable, just confusing as all hell”

  11. Thank your KaKaRoTo for all the help and information you have gave us the past few months on the (almost) 4.0 jb/hen thanks so much bro,hope it gets done soon!

    -oG

  12. good thing computers aren’t all that good at random numbers, huh? that should increase your odds slightly =) (for those who don’t know what i mean, the best example i can think of is the shuffle function on any music program on your pc/mac/mp3 player/phone, think about how often certain songs seem to ‘randomly’ appear. this is MAINLY because ‘randomness’ on computers is based off of mathematical algorithms that use the date, time, etc. to generate a ‘random’ number that has almost nothing to do with true randomness. im not a programmer, so i can’t explain it very well, but im sure someone else on this or another dev site can explain it better when they have the time =) )

    • it depends, it’s a good point you are making, but that’s why these algorithms are meant to be used with ‘cryptographically secure random number” rather than the usual “pseudo random number generators”. What this means is that the machine uses real data to create its randomness, for example with sensors that detect the light level, the speed of the wind, the temperature, etc… and use all of that data to randomize the number generation, this way it’s unpredictable (since you can’t know exactly the changes in atmosphere/temperature on the nano scale at the location of the server). Some websites allow you to generate such random numbers using those environmental sensors.
      This is also why a disc encrypter will ask you to move your mouse randomly for 30 seconds, it’s to generate entropy and create true randomness (noone can predict the exact path you did with the mouse, so can’t regenerate the same numbers).

  13. I belive you are wasting time i have already made 4.00 CFW called 4.00-TW (My name Thomas Webster) An EX employee of Sony Computer Entertainment PLC for 12 years i worked in the Software/Firmware Department Before i was Sacked i stole there Firmware Maker (Software) I will be releasing it Next Week on NGU (Next Gen Update) Monday 30th January 2012 at 8.00 am so look out! But good luck Kakaroto

    • ahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahah

    • keep dreaming kid. i bet you cant even jailbreak 3.55 and the instructions would be in your face. Let Kakaroto do his work. your no threat to him. his jailbreak took months of hard work, ppl being dumb/lien to him. let the man work. and stopppp asssking when itll be doneeeeeeee

  14. Hello,
    Does anybody know if you can/will be able to jailbreak if you’re actually on 4.00 FW right now because after i read kakaroto’s page regarding the 3.73 – 4.0 jailbreak i started to wonder if the page was about jailbreaking from 3.73 FW only, which would be sadness for me because i have worked my way through the whole of youtube and other various websites looking for a jailbreak that actually runs on or jailbreaks FW 4.00, and i haven’t found anything that worked, only lots and lots of update files that are useless, and obviously not for the actual 4.00 FW.

    If anyone could help or just clarify for me if this up and coming jailbreak is actually for the 4.0 FW, because i am desperately trying to find a jailbreak that works!

    Many thanks,
    Dan

    • Kakaroto stated when the update for 4.0 was out and said it was safe to update your PS3, no worries dude

    • there are tons of “4.0 jailbreak’ on the internet, but they are all fake. so stop wasting your time looking for one. What I’m working on works on a 4.00, so you don’t have to worry. When I was saying 3.73, that was before the 4.0 was released, that’s all.

  15. i don’t how to thank you enough.. thxx a lot for your effort, time and everything..
    only god can repay u enough.. may god bless u and i wish u the besssssst..

  16. Man that’s some great work i can’t wait to see what you guys can come up with sadly i missed the first wave of jailbreaks and i would love to see the possibilities of a capable team such as yourselves. any way keep up the good work and don’t sweat the release date, yes were all excited and would love to know when it will come but I’m sure that we all realize that you can’t rush genius. Good luck and God speed to the whole team hope to see your work soon.

  17. That link about ECC is really insteresting, but it makes me much more worried about the future of the ps3 scene. and It’s much more clearer to me why we will hardly see a CFW. But there’s still some blurs in my understanding, the private key needed for the signature is the one in the lv0 (the new metldrkey ?) or …? I know you’re busy, so if you don’t have time to answer, it’s okay, plus that might not be the only question i have but, anyway Good luck with you jailbreak.

      • So… what’s the public key? Can I get that from anywhere?

        And how many bytes are the private key and the “random integer”?

        I think I’m making progress… I found some patterns in the basic y^2=x^3+x scaling from 1 to 64. But if I understand correctly, we need A and B to create the equation (the PS3 uses) properly, and the random factor of it is anywhere between 1 and 2^160… why can’t we use prime numbers to narrow it down? We can find prime numbers out in the edge (beyond 2^159) and use that last bit. Any solutions on that line would HAVE to belong to that particular “random integer” as it’s too far out to be doubled, and being prime means no inner integers would carry that same factor. It’s prime. Am I anywhere in the ballpark?

          • I knew part of that… I guess what I’m asking is for the public key, and also, any other info… I’m tryin to piece how all this goes together and what you have and what’s missing. Can ya point me to a good article and PS3 specific info?

            In math, there’s ALWAYS a way back… sometime it just takes a bit of out-of-the-box thinking… 🙂

          • if that private key isn’t anywhere on the ps3, how does the ps3 know that a signature is legit. Doesn’t it recalculate and compare to something?

          • if that private key isn’t anywhere on the ps3, how does the ps3 know that a signature is legit. Doesn’t it recalculate and compare, or simply compare the given signature to something?

          • It know it’s legit because it draws it from the algorithm. That’s the point of the equation.

          • @waynejr87: sorry for obvious legal reasons, I won’t be providing the public key (even though it’s a “public” key). and no, there’s not always a way back, the whole ecdsa security is based on this, and some geniuses have thought this through and there is no way.

            @MiiRaGe: you create a signature with a private key, and you can verify it with a public key and without recalculating it. read about ECDSA on wikipedia.

          • Wait… you said older files had two sigs too… they just weren’t used. So, does that mean each of my Pre-3.60 games actually has a VALID sig for the 2nd set? Otherwise, it wouldn’t work on newer firmware, because it actually reads both of them. It’s the only way, right?

  18. is there any way of downgradeing FW 4.00 or can i just buy tha jailbreak usb to downgrade? just till the new new jail break 4 FW 4.00 COMES OUT?

  19. THANK YOU KAKAROTO 🙂 …. AND GOOD LUCK

    P.S : your name is arabic are you arabic ? ( because I am )

    anyway thanks again for ur efort 🙂

  20. Dude thanks so much for all that you have done! Good luck (on whatever you’re doing)!

  21. Hi KaKaroto,

    I would like to share some idea with you on the ps3.
    can you contact me ?

    thank you.

  22. e contrado una cosa haber si osvale en el menu ps3 ajustes del sistema pulas x luego informacion del sistema x luego pulsando L1 y R1 + el cuadrado la flexa izquierda 10 segundos luego rapidamente start i os sale un menu oculto v.4.0

  23. Hey, I was wondering if i could try to help you and your team out on the making of the 4.00 firmware, If you can will you send me what you guys have so far and tell me where you guys are stuck with, or anything that i can possibly help with.

  24. Thanks so much! Ur doing sik stuff but Ijust need to tell you that I have checked ur blog twice a day for the last two months and nothing much has happened of you working out when you will be finished.

  25. hi
    I am Brazilian!
    I have the ps3 version 3.66, tell me have not jailbroken
    for this version?
    Here in Brazil the government collects 80% tax
    so a game costs 140 reais ($ 280)
    if you can help me?
    thank you.

  26. Kakaroto doesn’t support piracy. Anselmo, you will need firmware 3.55 for pirated games

  27. Thank`s for sharing with us all u`r knowlege.Thank`s a lot.This should everybody do in Internet .

  28. I do not Kakarot infelimente gereçao 3:55 fisso part of the gang who has more, is very happy with their work shared with the whole of Brazil munto.eu hope you can help me to all the world waiting for the release of the 4000 and because this I am, with my intelligence and I can only hope not understand anything at all ’cause the system came up to my ps3 disassemble everything to see the tricks bius tried with another HDD formatted with 3:55 and did not. Then wait esperaça much for your help and who does with you is up to God

  29. Wow. Thanks alot for the detailed explanation and the hard work !
    You don’t keep us in the dark and are a credit to the community !

  30. The “surprise” sounds interesting. Will this “surprise” work even if the apps couldn’t run yet?

  31. I do not know if you might be interested, but I found this discussion on a Italian forum… PSDev concerns a theory about the possible PS3 Exploit fw. 4:00

    Nathan

  32. Hi.
    Once you can install pkg but just not run them, if the pkg is official, like a demo downloaded backdoor from the psn store to the pc and instaled from a usb or something similar, could it be run?
    Thanks in advance.

  33. Pingback: KaKaRoTo: we’re still working on homebrew for PS3 firmware 4.00 | MyCE – My Consumer Electronics

  34. try PS3MWF Builder to fix the blueray drive settings @Kakaroto2 just upload 3.55 and patch the driver. it will delete the Blueray Drive firmware and it will patch the 5.33-Jb so it requires no drive. and if you wana downgrade you need true blue, cobra, or the newest one i cant think of the name. but either way you need to open your ps3. because it needs to flash directly the way Sony dose it. your best bet is the new dongle. it is probably around 100$. id wait for Kakaroto. if i were you id make it have peek & poke to piss off sony. they deserve it considering SOPA is probly gana pass if companies get their employees to vote yes on it.

Comments are closed.