170w ago - Just a few days after
kakarotoks released a kernel module to dump out the PS3 Hypervisor and Bootloader someone named
Ps3 Memory Dump from
GeoHot's blog did just that, and has leaked it publically as pictured below.
The included ReadMe file acknowledges
is0mick's recent
Atmega8 port, however, it curiously attempts to flame other PS3 News Devs despite using their code to make the HV dump... go figure, eh?
Preliminary examination of the leaked dump is currently underway by both Devs and end-users alike, with a few noteworthy findings thus far as follows:
From
sapperlott:
• repos @ 0x2c00 - 0x43ff
• partition table @ 0x6000
• SELFs @ 0x20000, 0x37000, 0x55000, 0x1624bc, 0x6c25b4, 0x6d5470
• FSELFs (?) @ 0xa19a0, 0x12dea0, 0x369720
• other SCE files @ 0x35e100, 0x6c5ed4
• LPAR data @ 0x12a0a0
From
Karl69:
• IDA entry point looks like 0x10190 is interesting address.
From
ifcaro:
• Code starts at 0x00203000 according to my analysis.
From
Kimd41:
I found some functions which aren't documented:
• lv1_rsx_enable
• lv1_iosys_enable
And below are some screen highlights from
chipsy and
yellowsnow. Thanks in advance to ALL who continue to publically share their findings with the PS3 scene!
Thanks for letting me know...
One method to strip linux to its bare minimum would be to build a kernel that only contains the modules necessary for the dumping process (no bluetooth, networking etc) and put the dumping software into the initrd to run as the init process. This could be combined into a single image (like kboot / petitboot already does) and stored in flash instead of kboot / petitboot. It would then have to write the dump to an USB attached disk containing for example an ext3 partition.
Sadly you are gravely mistaken. The day Mathieulh first ran around announcing and tweeting it CJPC gave him that opportunity on MSN, more than once, and he not only refused to share any lv2 dump details but also told CJPC (as he did like a hypocrite before with the lv0/lv1 dumps he didn't do himself) to "do it yourself" so he definitely has no intention of helping others dump their own.
Mathieulh did, however, tell CJPC they plan to post some information dragged out slowly over the course of several months (extending their "bragging period" in attempt to make themselves feel important) so this is why many PS3 Devs are now sitting back and letting them do all the work, as it appears that is the way GeoHot and Mathieulh want it.
To anyone still wishing to pursue GeoHot's coldboot ramblings, I suggest you read einzwei's thread as it seems he's one of few able to see through them.
If the footprint of a small linux cannot be shrinked further, i think it still can map to other parts of the mem, so after multiple dump/multiple allocation near complete dump can be done...
Yes, that's the "negative" point. Or we must recode the linux, so it uses the HDD/VRAM/whatever instead of the XDR-RAM...
But after dumping a big part of the RAM, the PS3 could still get really hacked... That little part doesn't matter much. As I said a linux which uses VRAM/HDD/whatever but RAM/... instead of the XDR-RAM, will be just great!!!
@tridentsx: A hard poweroff won't clear the RAM, if you keep the RAM at a very low temperature (-50�C)...
If the footprint of a small linux cannot be shrinked further, i think it still can map to other parts of the mem, so after multiple dump/multiple allocation near complete dump can be done...
Exactly my point. No need to hurry all the time in the world. That was why I was skeptical about doing the power off since that would potentially clear the memory. As soon as that machine has power the memories will refresh them self keeping their content.