начало
@Mathieulh I have a hard time believing they'd use only HMAC to sign PUPs. Unless they're totally retarded. Which could be, for all I know.
@marcan42 It's not actually, but I have no idea why geohot isn't showing up. The hmac key to resign pups is in software_update_plugin.sprx
@marcan you can swap the pup's tarballs to have the 3.21 vsh on top of the 3.15 coreos, then swap the tarball with sysconf_plugin.sprx.
@marcan42 that's how geohot's "cfw" is done, though I have never seen the point in such a hack, it could be stopped by sony in next updates.
@marcan42 they are, the pups are just containers, the files in them are then signed but you can swap one signed file for another
@marcan42 what was much more stupid of them was to put the key in a vsh's prx rather than in the application loader.
@marcan42 of course the tarballs and the updater self inside the pups are all encrypted with the self crypto and have a stronger signature.
продолжение
@marcan42 I agree with you, and I predict that the hybrid fw was premature... flashing nand with mem patched hv, rather than a pup.
@RichDevX But, couldn't we change the pup that detects it?
@Omega191 it's also very simple to detect hybrid fw...
@Omega191 it's not a pup issue, the hard coded version numbers would be different. VSH/PRXs would be much newer than the kernel/hv
@Omega191 it can be checked with a single syscall, which is also available to games