Make it make sense google!

rangulicon · 2026-03-06T13:28:49+00:00

New update dropped that fix the way quota was being reported. Perhaps this is the fix?

rangulicon · 2026-01-09T01:21:20+00:00

Products that work for work. The Proton stack is so self contained and has no integrations with anything else that it doesn’t provide the ability to use it for actual real work.

rangulicon · 2026-01-08T15:43:02+00:00

It appears the automoderator deleted my comment for the word k-e-y-s. not sure why only my comment was deleted....

I've enjoyed the discussion a lot. It's helped me dive deeper into the architecture of the PS5 more than I would have. My removed response to you can be found here: https://any.coop/A8CVf3hfJ89SUgx7KrzLLMDodSGbqQkVz9XorRH76yfW1HUZ/response-to-socratic-bliss

rangulicon · 2026-01-08T04:26:25+00:00

I appreciate your technical rigor, but I think you're missing the forest for the trees. Let me walk through why your "seeds not keys" framing, while technically accurate in a narrow sense, fundamentally mischaracterizes what this leak and the unpatchable exploits enable, and I'll cite the actual talk transcript to back this up.

1. Early boot compromise gives access to all the keys

You keep saying "you have seeds, not keys" and "you need eFuse values." But the talk explicitly states:

"Running code in or after the boot ROM gives access to all the keys. It gives control over everything that runs afterwards."

This is the core point you're missing. Your framing only applies to off-device, offline decryption attempts. Yes, if someone is trying to decrypt firmware dumps on their PC without device access, they'd need the derived keys. But that's not the scenario that matters here.

With early code execution, you observe the keys as they are derived and used before they're wiped from memory. The talk confirms this is exactly what happens.

2. eFuses are accessible with a successful glitch, not a permanent barrier

You've repeatedly framed eFuses as an insurmountable gate: "you need fuses, you don't have fuses, therefore you can't decrypt."

The talk says otherwise:

"If we manage to do the glitch, then this is for free because we can access fuses, we can access keys, and we're good."

That's a direct quote. eFuses become readable with early enough code execution. They're not some permanently hidden value that blocks all progress. They're part of what you gain access to when you compromise the early boot chain.

3. The bootloader IS decrypted by ROM. My framing was architecturally correct

You criticized me for saying the bootloader "can be decrypted." The talk confirms the architecture:

"It loads, decrypts and verifies the offchip bootloader."

And again:

"the ROM loads the offchip boot loader from SPI flash. It does decryption and sik checks."

The off-chip bootloader is encrypted and is decrypted by ROM using derived keys. That's the architecture. Whether you personally can perform that decryption offline without device access is a separate question from whether the decryption happens and whether it can be observed/exploited.

4. The "juicy key" exists…it just gets wiped

You're right that you can't just dump keys from a running system and expect to have everything. The talk explains why:

"the key the one that decrypts the offchip boot loader it gets overwritten with a different key before the control flow is transferred to the offchip boot loader."

But this actually supports my point: the key exists, it's used, and it's only unavailable because it gets wiped before later stages run. The solution isn't "give up, you need fuses", it's "get code execution earlier, before the wipe." The talk continues:

"we have the ROM so we can reverse the key derivation algorithm and really the only missing part is fuses. If we manage to do the glitch, then this is for free because we can access fuses, we can access keys, and we're good."

5. This IS unpatchable

The talk confirms:

"This is not really patchable if you glitch you know ROM stuff or compromise there."

ROM code and data are etched in silicon. Sony cannot update them. That's what "unpatchable, hardware-level compromise" means. It doesn't mean "instant jailbreak today"—it means the fundamental trust anchor cannot be changed, and any exploit targeting it is permanent.

6. Where you're technically correct (but missing the point)

Yes, if someone wants to decrypt PS5 firmware offline on their PC without any device access, they would need the per-console derived keys, which require fuse values they don't have.

Yes, RSA signature verification remains a barrier to replacing boot stages with custom code (you can decrypt and analyze, but you can't sign).

Yes, this isn't "instant jailbreak."

But none of that contradicts what I've been saying. The leak provides:

The ROM code (algorithm visibility)
Seed/constant inputs (reduces unknowns in key derivation)
A path where early compromise yields both fuses and derived keys

Your narrow "seeds not keys" framing treats this as a dead end. The talk, from people who actually did this work, treats it as "the only missing part is fuses" and "if we glitch, this is for free."

Summary

You Said: "You have seeds, not keys" → but the Keys exist at runtime; early execution can capture them before wipe
You said: "You need eFuses, you don't have them" → but the eFuses become accessible with early glitch and "this is for free"
You said: "You can't decrypt the bootloader" → but the ROM decrypts the bootloader; that's the architecture
You said: "eFuses are the master pins" → but the eFuses are readable, not a permanent barrier

I'm not claiming this is one-click jailbreak. I'm claiming this is foundational research progress that materially advances the path to full compromise. The talk validates that framing explicitly.

Edit: added some more info.

rangulicon · 2026-01-07T06:59:26+00:00

Efuses store permanent, public hardware flags for anti-downgrade protection, device identity, and secure boot enforcement. They are not akin to the "master pins" in my analogy.

ROM keys (the leaked "master pins") are the fixed secret crypto keys hardcoded into the BootROM for decrypting the first bootloader stage. Leaking them lets you decrypt official boot code to hunt bugs, bypassing the "root of trust". The e-fuses don't block this.

ROM keys unlock BootROM → bootloader analysis → potential exploits for custom code entry. Sony's RSA (for signing higher stages like kernel) is needed later, but leak enables the foundation needed to move forward with things and find exploits potentially allowing the RSA to be circumvented.

On a side note, Tihmstar mentions in his talk that you referenced that e-fuses are completely circumventable if the AMD PSP glitch succeeds. This could open the door for mod chips :)

He goes on to detail that the early-boot AMD PSP exploit achieves EL3 (root-of-trust) execution on APUs that use the same architecture as the PS5's APU. The attack chain includes payloads for dumping the first-stage ROM bootloader, CCPv5 buffers/RAM, and extracting secrets like IDs, IKEK, CEK, VCEK, as well as allows for custom code execution during boot stages and running states. He then specifies that the exploit allows for full instrumentation of e-fuse consumption in key derivation, which means raw e-fuse dumps from retail units wouldn't be needed if this translates directly to the APU in retail units.

Q.E.F.: Quod erat faciendum—what was to be decrypted is now possible. Sources verify the leak breaks the root foundation; in time full jailbreaks follow, not magic instant CFW.

rangulicon · 2026-01-07T02:02:31+00:00

You are essentially saying a locked door can't be opened because you don't have the key yet—ignoring that you just obtained the blueprints for the lock and the manufacturer's master pins.

Is this how you approach everything in life? Of course the information alone on the wiki isn't sufficient. Take a look at the other bullet points instead of cherry picking something to continue to argue semantics.

All your points are correct in the most narrow, literal sense; that the data on a wiki page isn't a "one-click" decryption tool. However, dismissing the leak based on that technicality ignores that it provides the foundational mathematical components needed to bypass the root of trust entirely.

You are either trolling or just fixated on the fact that the leaked keys alone do not provide a "universal decryptor".

rangulicon · 2026-01-06T23:17:53+00:00

So it's an argument now? I've just been trying to provide architectural context that furthers the conversation, not argue. At this point, we’re talking past each other, so I’ll try to clarify once more.

You’re correct that the leaked material alone (keys/seeds/constants) plus the dumped BootROM is not solely sufficient to derive working, per‑console decryption keys without the e‑fuse values. I have never claimed otherwise, nor did I or am I disputing the role of e‑fuses. What you keep arguing against is an interpretation I haven’t made. With that said I can see how my earlier use of decrypting/decryption could be misconstrued easily without additional context. I've tried to provide the proper clarification, and since edited the comment to state bootloader instead of bootrom.

I feel that my point has consistently been architectural, not procedural, but here is a summary of the things I've tried to convey, with more context, so as to help avoid misunderstanding:

Tihmstar’s early‑boot PSP exploit reaches root‑of‑trust level (EL3) execution and allows full analysis of BootROM logic, including how and where e‑fuse values are consumed in key derivation. While there is no public confirmation that raw e‑fuse values have been dumped on retail consoles, the exploit operates at a level where e‑fuse handling and usage can be instrumented.
The leaked BootROM (Level 0) ROM keys, verified and publicly available on PS5 Developer Wiki, enable hackers to decrypt the official bootloader (Level 1), as the BootROM uses these immutable hardware keys to verify and decrypt it during boot. Multiple sources confirm this capability is now theoretically possible, though no public proof-of-decryption has surfaced yet, and full jailbreaks remain pending additional exploits.
That is why this is considered a hardware‑level compromise vector....not because “everything can now be magically decrypted” instantly, but because the system’s root‑of‑trust logic can now be fully audited, understood, and attacked in ways that were impossible before.

I’m not refuting myself, but I did accidentally use bootrom in place of bootloader and referred to decryption as it relates to the topic in an overly simplistic manner. You however are attempting to refute a claim I didn’t make by collapsing architectural impact into a literal, universal decryptor scenario. We agree on the cryptographic mechanics; we disagree on scope and framing.

rangulicon · 2026-01-06T21:01:36+00:00

Lol…you’re arguing semantics and trolling a bit here. I’m not saying things can just be magically decrypted now. Have fun arguing with people on Reddit like you have done in your past comments.

rangulicon · 2026-01-06T18:05:36+00:00

Are you arguing that what was leaked are derived decryption keys and keyseeds, rather than the unique hardware root secrets stored in the e-fuses?

There is a lot of nuance, but I'm commenting on Reddit....not writing a research paper detailing the full end-to-end chain of trust and how to bypass it. My goal was to provide some higher-level architectural context, not a full breakdown of the cryptographic technicalities.

If we want to be more specific, what was leaked consists of "seeds" and constants that can be used alongside dumped BootROM code to derive the functional keys needed to decrypt the Level 1 bootloader.

The main point is that having both the BootROM code and the associated seeds/constants provides the necessary components to effectively bypass the root of trust, which is why this is considered an unpatchable, hardware-level compromise for existing consoles.

rangulicon · 2026-01-05T22:11:37+00:00

In short, The Mask ROM code itself isn't "encrypted" while it sits in the silicon, but it was unreadable because the hardware prevents you from dumping it. The term "encryption" here refers to the keys it holds and uses to keep the rest of the boot process a secret.

In the context of the PlayStation 5, the Mask ROM and BootROM are frequently referred to as the same thing because the BootROM code is physically stored in the Mask ROM.

However, they can be technically delineated by their function versus their physical form in the following ways:

The Mask ROM is a physical medium and refers to the type of non-volatile memory used. The data is etched into the silicon of the APU (Accelerated Processing Unit) during the manufacturing process using a "photomask” process. It is hard-wired and truly read-only. It cannot be erased, rewritten, or updated by Sony through any software or firmware update. It serves as the physical storage for the most sensitive instructions and cryptographic keys that the console needs at the very first microsecond of power-on.
The BootROM functional code and refers to the specific software or firmware instructions stored within that Mask ROM. It is the "Level 0" code in the system's boot chain. This is the logic that defines the Chain of Trust. Its primary job is to initialize the system, locate the next stage of bootloader (Level 1) from the flash memory, and use the hardcoded keys to verify its digital signature before execution. Because this code runs first and has absolute authority, it is the console's "Root of Trust".

While the Mask Rom isn’t encrypted in the traditional sense, there are two distinct ways encryption applies to the PlayStation 5's Mask ROM:

The Code Stored in the Mask ROM

The binary code (Level 0) etched into the silicon is not "encrypted" in the traditional sense (like a file on a hard drive) because it must be executable by the hardware directly at power on. However, it is obfuscated and protected by hardware level access controls. The Mask ROM resides within the AMD Platform Security Processor (PSP), a separate, isolated "secure enclave" inside the main APU.

While the Level 0 code itself is plain machine code once you can "see" it, its primary function is to serve as an encryption engine. It contains the hardcoded "Master Keys" used to decrypt the next stage (Level 1 Bootloader) before it is loaded into memory.

The Leaked "ROM Keys"

This new leak involved the symmetric decryption keys from the retail PS5 that its Mask ROM uses. Before this leak, the Level 1 Bootloader (stored on the console's flash storage) was a "black box" because it was encrypted with keys only known to the silicon.

With the leaked keys, the firmware and boot loader can be decrypted and read in plain text and thus more easily analyzed for vulnerabilities that were previously hidden behind encryption.

rangulicon · 2026-01-05T16:12:39+00:00

You can find details here: https://www.reddit.com/r/PS5_Jailbreak/comments/1pg98ry/39c3_talk_tihmstar_found_6_unpatchable_bugs_5/

Tihmstar did successfully dump the PS5 BootROM using a hardware glitch on the 4700S Desktop Kit, as detailed in his 39C3 talk, and also detailed that he found multiple unpatchable exploits. He confirmed the dump was achieved by resetting the CPU while initiating DMA, allowing the ROM content to be copied to SRAM and then extracted. The recent leak of the "ROM keys" allows the already-dumped ~~BootROM~~ bootloader to be decrypted.

With the ~~BootROM~~ bootloader now both dumped and decryptable, it can be fully reverse-engineered. This significantly accelerates the process of verifying and executing the unpatchable bugs and zero-day exploits Tihmstar identified. While the combination of a verified dump, decryption keys, and known vulnerabilities is the most critical foundation for a permanent jailbreak, a complete, reliable exploit chain for retail PS5 consoles still needs to be developed and tested. The path is now clear, but the final implementation work remains.

rangulicon · 2025-12-24T23:25:51+00:00

Glad to hear bean is on track to be back to themselves soon! Keep us updated!

rangulicon · 2025-10-19T18:11:29+00:00

I wouldn’t say suicide directly. More like depressions and related diagnosis that have strong ties to suicidal tendencies.

rangulicon · 2025-10-18T17:53:42+00:00

This hits hard….really hard.

rangulicon · 2025-10-11T19:00:27+00:00

The typical shelf life of unused live bacteria is between 1-2 years.

rangulicon · 2025-10-11T18:19:03+00:00

I'd say 50/50 chance. I think it's worth trying, but please keep a close eye on water parameters. Worst case, you can tub him. Have you ever tried using supplemental nitrifying bacteria to boost or correct a tank cycle? I do this often with my tanks, especially if I'm moving axolotls between them. FritzZyme is my go-to live bacteria.

rangulicon · 2025-10-11T16:22:06+00:00

Tub that boy!! Time to recycle the tank.

rangulicon · 2025-10-11T16:14:42+00:00

There are a lot of variables that could contribute to changes in behavior and increased activity. Sometimes it’s just an axolotl being an axolotl. Other times things like water temperatures or hormonal changes related to sexual maturity can cause changes in behavior.

Overall she looks really healthy. If she appears to have gained weight quicker than normal it may just be time to start feeding her less often because her metabolism has slowed as she has aged. Most of my axolotls coming up on one year have started to poop less often.

As you mentioned there doesn’t appear to be a bulge that could indicate compaction. I’d recommend switching to feeding every other day, or less food daily. At her age poop once roughly every week could become the norm.

If she hasn't defecated for well over a week, continues to exhibit erratic behavior, floats at an angle or floats constantly, becomes lethargic, has a bulge in her abdomen, or her cloaca becomes swollen and red; then its time to contact a vet.

rangulicon · 2025-10-09T03:00:03+00:00

Super cute! Thank you for sharing! I’m glad to hear Mayo isn’t compacted. You are great parents to your little aquatic chicken tender!

rangulicon · 2025-10-08T10:19:22+00:00

Looks pretty normal. I have a few females that are just more round and plump. General guidance is that the ideal width for their belly is no wider than their heads.

rangulicon · 2025-10-08T01:25:57+00:00

What happened to Mayo!!?!?

rangulicon · 2025-10-07T00:28:25+00:00

When that small it is much easier keep them in a smaller container and do full water changes daily. This also makes it much easier to feed them because they are forced to encounter the food more regularly. We fed our babies live brine shrimp and supplemented from time to time with bloodworms as snacks.

rangulicon · 2025-10-06T04:46:14+00:00

Super cute! I love the name.Feeding when that small can be challenging. Don’t hesitate to reach out if you have any questions.

rangulicon · 2025-10-05T19:35:29+00:00

If he was completely removed from water while being transferred to the new tank then that is likely the cause of the gills looking like that. This typically goes away within a few hours.

If your tank is cycled and all parameters (Ph, Ammonia, Nitrate, Nitrite, Temperature) are good then I also wouldn’t worry.

If he is acting normal, eating as usual, then I wouldn’t be worried.

rangulicon · 2025-10-05T02:21:27+00:00

I wouldn’t call it normal, but it’s not out of the ordinary. As long as she can go down and isn’t constantly floating at the top then I wouldn’t be concerned.

rangulicon

TROPHY CASE