Comments on: PS3 Exploit Tidbits

By: Pandatank

Pandatank — Tue, 18 May 2010 14:52:04 +0000

Guys,

I think it’s great that you’re doing all this work, but being a complete noob to linux I’m not sure what it all means. I bought my PS3 when they first came out. One of the selling points (for me) was the fact that you could use it as a linux based computer as well. I installed yellow dog about 3 months after getting the PS3 and TBH, haven’t done anything since. I do want to learn how to use Linux (eventually), but don’t want to buy another laptop to do it. I’m totally hacked off with Sony for removing this function.
I’ve never used Torrents, downloaded pirated movies, illegally downloaded any music and I’ve never played a hacked game in my life! I’ve had PS1.PS2 and PS3 and have always appreciated the \backward compatibility\ that has been a feature of Playstation as long as I can remember. I don’t wan’t to get involved in hardware hacks and am not interested in piracy or copyright theft, all I want is my other OS back! Currently I’m sat here on Vers. 3.15 waiting for the PUP file that will give me my Other OS but update the rest of the software. (Apparently the noisy fan will go a lot quieter after the update). In an aside, COD4, Modern warfare tried to update last night but failed to install(something to do with not being the right version OS?perhaps) Now I can’t play the game at all. Not even logging in as another user.
George Hotz said that he’d be releasing a PUP file that would let you keep your Other OS function, but I think he’s been \nobbled\ by Sony not to release it. Is a suitably edited PUP file on the cards at all? Or am I to spend my life with my PS3 guts all over the floor, flashing the hypervisor every time I turn the machine off and rewriting code for every update Sony releases?

By: KiCkO

KiCkO — Wed, 24 Mar 2010 13:13:47 +0000

Shut-up dude.. it look pretty cool because they understand what they are talking about between them but this exploit doesn’t do anything special!

It doesn’t bring anything new since the goal of the hack should be to use the Ps3 for other usage then playing game (since it is a gaming console) but nothing is done yet.. We cannot use it as a worstation, cannot use all the core power in Linux and of course cannot play game bypassing the security.

So I don’t know what they are going to do with this “exploit” but all we know is about read and write access on the hypervisor. At least if it was possible to run a homebrew or something.. nothing yet.

By: dude

dude — Wed, 17 Mar 2010 23:15:50 +0000

Guys can you tell me who taught you to know all those things about computers. Me personnally always wanted to know how to program computer but never could know where to learn from.I am just amazed how you know all those details about memory address and that its not scares you that ps3 is well secured.phenomenal.

By: sapperlott

sapperlott — Wed, 03 Mar 2010 19:35:12 +0000

Yeah – that’s true for the HV dump analysis. But the thread I linked to deals with analyzing the NAND dumps and that NAND directory structure @ 0xe3000 I mentioned before.

By: xorloser

xorloser — Wed, 03 Mar 2010 13:57:25 +0000

sapperlott: that “dump anaysis” is basically just a bunch of n00bs reading ascii strings in a hex editor. the dump conatins lots of “parts” of data but not the full things. it is mainly just a dump of the hypervisor (lv1) code.

titanmkd: check my new post for info on htabs and ptes etc. i dont really see how parsing them will help in anyway however. using the sourcecode in my new post you can dump and parse your own. they dont tell you anything of interest that isn’t already known.

kicko: The blu-ray drives are totally untouched by this exploit. You cannot access anything inside the blu-ray drive via this exploit. And the whole PS3 bd-rom drive using rom-mark stuff is garbage, whoever said the PS3 uses it is pulling the information out of their arse.

By: KiCkO

KiCkO — Tue, 02 Mar 2010 20:10:15 +0000

Xorloser : (or everybody else)

I was just wondering.. Since we get access to the Hypervisor, can we get access to the bluray drives’ ram space to mess with the BD ROM-Mark?

Interesting read : http://www.lan.st/showthread.php?t=1722

By: TitanMKD

TitanMKD — Thu, 25 Feb 2010 07:55:03 +0000

xorloser,

Yes it will be a good things to add HTAB / PTE but in a more powerful way
To have full memory mapping from EA -> VA -> Real Addr but it also requires dump of SLB …

Best Regards

By: sapperlott

sapperlott — Thu, 25 Feb 2010 02:32:25 +0000

0xe3000 seems to be some sort of NAND directory structure. So the code referring to unk_E3000 might access the flash. This structure appears at various memory locations (the first 0×80 bytes vary, though – some kind of header?)

There might be some useful info about this here:
http://www.ps3news.com/forums/playstation-3-dev-news/ps3-nand-dump-analysis-93348.html

Just a wild guess but the flash could be mapped @ 0xA0000000. Could someone with an exploit-ready PS3 try to dump some memory from there?

By: PS3 Exploit Tidbits | Hirdyz Emporium

PS3 Exploit Tidbits | Hirdyz Emporium — Thu, 25 Feb 2010 01:57:48 +0000

[...] via http://xorloser.com/?p=230 I haven’t gotten around to doing an update in a while due to work (and a little relaxation) [...]

By: xorloser

xorloser — Wed, 24 Feb 2010 23:11:59 +0000

thanks sapperlott, i have updated the script from your notes (just use the same link from the post above). i wasn’t going to label the peek/poke calls, but i guess since they are otherwise invalid i guess it wont hurt. as for the htab parser, i don’t really see the point of it. if someone can point out how it helps with reversing i will add support for it to the script.