First i will be explaining this in a way anyone with basic PS3 knowledge will be able to understand, lets get started.(hehe)
Click here to see full text
the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys.
Concept in boot order.
Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr
The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where.
So i heard some people calling me a hoax a bull****ter and stuff basically what
Mathieulh goes through and Pockets_69 encourage me to post this so here you go.
Follow me on twitter at RealPsDev
Vous en pensez quoi ? Avec toutes ces news, on est un peu paumé je trouve.
EDIT :
En lisant un peu plus loin, il a publié un dump de la RAM :
http://pastie.org/2972917
Dyonisos.
Modifié par Dyonisos, 06 décembre 2011 - 15:53.