PS3Hax member TheLostDeathKnight outlines the basic idea:
alright kiddys here is how this works
1.take retail FW
2. patch FW to run debug eboot
3.Rip 3.60+ games
4.burn 3.60+ games to bd-dvd with debug eboot
5.add crap drm to mfw
6. add dongle to validate said crap drm in said mfw
7. sell dongles and pirated games
8…..
9…..
10. PROFIT
sounds simple to me
i.e patch kmeaw to run debug eboots, enjoy, until sony locks down debug eboots xD
|
There is also a convo snippet with PS3 dev Mathieulh and his thoughts on how JB2 works:
<Mathieulh> I kinda figured how it works already
<Mathieulh> they patched lv1 and lv2
<Mathieulh> and they have lv2 to check if the self keyset is 0×10 or higher
<Mathieulh> if so it’s sent to lv1 through a separate hypercall than hvsc99
<Mathieulh> which sends the self or part of it to the usb hw
<Mathieulh> which performs some crypto
<Mathieulh> and returns a decrypted result to lv1
<Mathieulh> at least that’s what I got out of a few minutes of debugging
<Mathieulh> I am pretty sure the keys are on the dongle
<Hewman> as in debug eboots?
<Mathieulh> 3.60+ app keys
|
Итог, Асы ps3 сцены подключаются.
Притом они почти уверены что клучи 3.60+ надо искать в JB2 dongle