It's been quite a long time since geo opened to the bare metal, but still no real progress in the horizon. So i decided to give it a try, and bought a pal 40g with fw 2.52 (was stucked there, so it was relatively cheap..) to experiment a little bit.
First thing first: ubuntu 8.10 - don't know why, but now missing from the official site. But if you know where to hunt cd images you can still find it.
Secound: install/setup -- everything you can find here is available through basic search.. just to cut things short
-after you login, you can disable gui...just a waste of time/resources: on the top menu/system/administration/services and uncheck the gdm, so you will fallback to cli
-enable root: -install mc.. midnight commander: as root, or with sudo (as root you need to 'mkdir .mc' in /root/ to store setting)
-make fix ip: edit /etc/network/interfaces
(x, y, z need to replace with corresponding values)
iface eth0 inet static
edit /etc/resolv.rc if necessary add line
and to make it work
-install openssh server.. to access from other computer via ssh or putty:
Now time to some real action
apt-get install openssh-server
as the current use of exploits are a little ugly, i thought it would look better, if no components need to install outside the box, so as the most basic interface would work as a trigger-button to the uC: the keyboard-leds! (one of them) It will need to install to one usb-port (thus losing one usb-port.. but if you intsall a hub into another port, you can wire these pre-used ports back to operation)
_details and the actual how-to later.._
ok - you said - it's good, but we already have this, what's next?
as now we need at least dump of the lv2.. but how?
(!!warning the following theories not based on deep knowladge of the system, so maybe completely wrong!!)
case 1) we need to mimic/emulate the system reboot so during some special operation, we could kick the isolated spu and retrieve the codes from it (if it's enabled to run code w/o cleaning berfore)
case 2) somehow "praying" metldr to work and then kick, and get the decrypt-codes as above.. or simply let it do it's job..
case 3) overrun the ps3-flash-tool to access more than the bootloader
case 4) run exploit&dumper on tool/test/debug system in gameos mode and then use the result to achieve pervious cases in retail consoles
as i don't have even acces to any of these, i can't do it myself (nor if i would have, i could do.. but i would try)
Any help is highly welcomed and acclaimed!