After using the XorHack for a while I realised it was missing some things so I decided it was time for an update. New syscalls have been added to give finer control over data access, now providing 8, 16, 32 and 64 bit reads and writes. Also some new ioctls were added to provide additional useful functions for your userland code. Lastly new userland applications were added which now give the ability to read, write and execute memory from the command line
I finally found the time to complete the PS3 exploit toolkit software I mentioned to in my previous posts. I call it XorHack. It allows you to call lv1 syscalls (level 1 system calls) from a normal (userspace) program. It also lets you run the software required when triggering the PS3 exploit from a normal userspace program. To give an example of how it can be used I have included the following example programs:
- ps3exploit – Runs the software required to exploit the ps3, it loops a number of times which can be specified as a parameter. (This still must be used along with the “button pressing”, it will not exploit the PS3 via software alone).
- dumphv – Dumps the hypervisor to a file in the current directory.
- dumpbl – Dumps the bootloader to a file in the current directory.
- dumprom – Dumps the system rom to a file in the current directory.