IDA IDC Hypervisor Dump Script, PS3 Debug Firmware 3.41 Leaks
Sponsored Links

Sponsored Links

Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33



  1. #1
    Contributor humi's Avatar
    Sponsored Links

    IDA IDC Hypervisor Dump Script, PS3 Debug Firmware 3.41 Leaks

    Sponsored Links
    Today Jack Chen aka anita999 has shared a PlayStation 3 IDA IDC hypervisor dump script on xorloser's blog (linked above) alongside a PS3 Debug / Test Firmware version 3.41 leak from Blackpen0 there as well!

    For those curious, the IDA script is used to extract the protection page list of process obj in PS3 Hypervisor dumps.

    Downloads: PS3 IDA IDC Hypervisor Dump Script / PS3 Debug Firmware v3.41 / [Register or Login to view links] (Mirror - Required UnRAR Password Below)

    To quote: For those who are new to HV reversing like I am. Here I made a quick IDC script for those interested in tracing the process protection pages to realize the VA and RA address mapping being used by the process.

    You must execute the HV_DUMP.IDC from xorloser first, then apply this IDC later because it requires a opd_table to be defined first. and it’s for 3.15 HV only because that’s the only HV dump I have. process 0 is not extractable. There seems some data missing in the process object of process 0.

    I am working on a different IDC script to extract the pages to a new file in order to get a file which RA=VA so I can analyze the code more easily. Here is the output for process 6 extraction from the dump I have.

    [Register or Login to view code]

    Here is the UnRAR Password for the PS3 Debug Firmware 3.41 leak:

    [Register or Login to view code]



    More PlayStation 3 News...
    Attached Files Attached Files

  2. #2
    Forum Moderator PS3 News's Avatar
    Sponsored Links
    Sponsored Links
    Thanks humi and +Rep, I will move this to the main page later tonight also!

  3. #3
    Toucan Sam CJPC's Avatar
    Sponsored Links
    Sponsored Links
    Actually, it seems the correct password is:


    [Register or Login to view code]

    There was a space in there, perhaps due to a copy and paste error!

  4. #4
    I'm confused.

    Both the passwords have spaces in them between the ez et part.

    So it is with the space or no?

  5. #5
    Damn thats reall great

    Im allready on with testing debug files with acid cfw but couldnt get hands on 3.41 debug fw for better compatibility.

    This will maybe the missing key.But first i hope that we can get a full dump of dev_flash.The dump of 3.15 was only partial one and missed a lot of files.

    ps. remove the space and it will work
    Last edited by cfwprophet; 12-01-2010 at 11:56 PM

  6. #6
    Quote Originally Posted by barbnjason View Post
    I'm confused.

    Both the passwords have spaces in them between the ez et part.

    So it is with the space or no?
    Yeah, whoops, no space. Added code tags, should be OK now!

  7. #7
    I will remember to use code tags in the first post... it appears vBulletin automatically adds a space to words containing more than xx characters.

  8. #8

    Wink

    really cool stuff. Finally my debug can keep up with all the goodies with its retail counterpart.

    CJPC, mind sharing how to get a full dump of /dev_flash, /dev_flash2, /dev_flash3 on a debug unit?

  9. #9
    Alas, I do not have a Debug unit anymore, but the simplest way to do it is to just port the JB exploit, it isn't the hardest thing to do, and then dump it right out

  10. #10
    Yea its still partial. So we will need to do with jb on debug con. But i don't have all files to compile a hex for pic 16f2550. Missing assambler code for that chip.

    Now i need to compile for at90usb126 and send one chip to my buddy.

 
Sponsored Links

Page 1 of 4 123 ... LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News