centremonos en el hilo por favor, que nos lo cierran, os pongo unas palabras de mathieulh:
The first exploit I explained in Step I which I called the "meta exploit" is used to trick metldr into decrypting the self metadata in the shared Local Store (which can be accessed from the ppu as it's not isolated)
This exploit works on the bootloader (provided that you can read the shared local store at boot time)
The second exploit explained in step 2 (and used in the leaked files) which I called the "donut exploit" relies on wrapping around the memory to trick metldr into loading a self section onto its own code (and gain code execution), this exploit only works on metldr and doesn't work on metldr.2 because it relies on signing a loader. There is yet another ldr exploit that works on metldr (and metldr.2) and allows to gain code execution but it relies on an hardware implementation flaw and cannot easily be found, because it's not a software exploit (even though it can entirely be triggered by software so long as you at least have code running on the ppu with lv2 privileges)
segun entiendo, con los archivos filtrados se puede hacer todo lo necesario, si no estoy en lo cierto que alguien me corrija