Sponsored Links

Sponsored Links

Page 10 of 11 FirstFirst ... 891011 LastLast
Results 91 to 100 of 108



  1. #91
    Registered User mabraham's Avatar
    Join Date
    Mar 2007
    Posts
    2
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by moneymaker View Post
    For the question retail/debug ...forget it..the keys embedded into the SPE which is into the CPU itself are different among the two versions...no way to mess with them, no chance to make a retail unit a debug one..

    For all others occurrencies, maybe there is a chance to open the system so some skillfull team of coders could make an alternate OS capable to run alternate (privately coded) games that's not so exciting as a landscape....

    For sure it could also lead to something more, but's all to be thrown to light ...
    It is not about making a debug unit from retail - it is about making the system behave just about enough as a debug unit. There is a major difference between these two.

    And for your second statement - you are wrong. This exploit maybe is for lv0/lv1 only but using this exploit and the things we no have access to we might (or I would say will) be able to dig deeper into lv2 and the secrets and mistakes embedded in that code...

  2. #92
    Registered User moneymaker's Avatar
    Join Date
    Dec 2009
    Posts
    120
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by mabraham View Post
    It is not about making a debug unit from retail - it is about making the system behave just about enough as a debug unit. There is a major difference between these two.

    And for your second statement - you are wrong. This exploit maybe is for lv0/lv1 only but using this exploit and the things we no have access to we might (or I would say will) be able to dig deeper into lv2 and the secrets and mistakes embedded in that code...
    You do not understand, there is no point into going to harvest anything of lv2 in absence of the root key, that's the target, without it you can only build an alternate OS able to run whatever you want if only you compile it by yourself in a proper language...

    The system without the correct keys into the SPE would NOT behave as a dedug unit neither if you start crying in japaneese...

    If there is something that can reach the insulated SPE is for sure into some kind of device in $ony service labs, surely not on the lv2 neither in a standard or even debug firmware updater's driver...

    We can find the channel for that software to work but we dont have the code, we can compile the same code or a code able to do the same things (in theory) but without the root-key it could go nowhere...

    What do you want to find into lv2 ? Do you really think that the project engineer of the CBE security hint the staff to put those files into the consumer updater module to have them could change the SPE certificates at the user will ? Maybe writing them onto lv2 somewhere furthermore ?

    I'm not so optimistic...
    Last edited by moneymaker; 02-11-2010 at 11:37 AM

  3. #93
    Registered User Raze1988's Avatar
    Join Date
    Dec 2009
    Posts
    221
    Sponsored Links
    Sponsored Links
    Moneymaker you make valid points, but you think too official about those things.

    The hackers will find a way.

  4. #94
    Registered User moneymaker's Avatar
    Join Date
    Dec 2009
    Posts
    120
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by Raze1988 View Post
    Moneymaker you make valid points, but you think too official about those things.
    The hackers will find a way.
    The point is the processor inner code is different and at the actual point there is no light on how to change things..

    ..and to have pointed out that in lv2 there shouldn't be pieces of code able to harvest nothing into the processor ...

    That's all about "points"...

  5. #95
    Contributor Wonderkik's Avatar
    Join Date
    May 2006
    Posts
    160
    Isn't CJPC working towards turning a debug unit into retail and the opposite? I suppose it isn't the same , going from retail to debug must be be harder (If even possible, as you said) since Retail is basically quite locked down (at least for now).

    I'm very far from an expert about Ps3's internal behavior, but I read these forums quite often, and I thought too that it was only a matter of flags.

    We really have a security beast here, am I wrong? ^^

  6. #96
    Registered User Karl69's Avatar
    Join Date
    Feb 2010
    Posts
    32
    Quote Originally Posted by CJPC View Post
    That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!
    Why is it necessary to use an SX28? There is a device quite well known in the smartcard hacking scene called the T911 which can be bought on many internet sites. It uses an easily programmable AVR Atmel 2313 which can probably be overclocked to 25 Mhz to produce the necessary 40ns glitches.

    Cheers

    Karl

  7. #97
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,463
    Quote Originally Posted by Karl69 View Post
    Why is it necessary to use an SX28?
    It's not necessary, the SX28 way just happened to be the next attempt used after the 555 timer didn't work out as planned.

  8. #98
    Registered User mabraham's Avatar
    Join Date
    Mar 2007
    Posts
    2
    Quote Originally Posted by moneymaker View Post
    You do not understand, there is no point into going to harvest anything of lv2 in absence of the root key, that's the target, without it you can only build an alternate OS able to run whatever you want if only you compile it by yourself in a proper language...

    The system without the correct keys into the SPE would NOT behave as a dedug unit neither if you start crying in japaneese...

    If there is something that can reach the insulated SPE is for sure into some kind of device in $ony service labs, surely not on the lv2 neither in a standard or even debug firmware updater's driver...

    We can find the channel for that software to work but we dont have the code, we can compile the same code or a code able to do the same things (in theory) but without the root-key it could go nowhere...

    What do you want to find into lv2 ? Do you really think that the project engineer of the CBE security hint the staff to put those files into the consumer updater module to have them could change the SPE certificates at the user will ? Maybe writing them onto lv2 somewhere furthermore ?

    I'm not so optimistic...
    You are too narrowminded and do not think outside the box. You are hung up on the way IBM/SCE describes security and not showing any hacker mentality.

    You will soon be amazed - I promise you. Maybe not with lv2 exploits leading to loaders and such but other things that will surface. Rest assured - progress is being made as I write this.

  9. #99
    Senior Member Neo Cyrus's Avatar
    Join Date
    Apr 2009
    Posts
    452
    Quote Originally Posted by mabraham View Post
    You are too narrowminded and do not think outside the box. You are hung up on the way IBM/SCE describes security and not showing any hacker mentality.

    You will soon be amazed - I promise you. Maybe not with lv2 exploits leading to loaders and such but other things that will surface. Rest assured - progress is being made as I write this.
    That's what we've all been hoping for.

    Anyway, I wanted to ask how much has been dumped so far. I thought it could all be done at once but we were only shown bits and there has been no announcement that the entire hypervisor has been dumped by the Devs so is it safe to assume that means it's being done a piece at a time? Forgive the crappy question but I have no knowledge on the topic.

  10. #100
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,463
    Quote Originally Posted by Neo Cyrus View Post
    Anyway, I wanted to ask how much has been dumped so far. I thought it could all be done at once but we were only shown bits and there has been no announcement that the entire hypervisor has been dumped by the Devs so is it safe to assume that means it's being done a piece at a time?
    It started out that way, but last night as CJPC posted HERE they got it working properly with new dump code.

    CJPC plans to post an update in the Site News either tonight or tomorrow with the details, and also the dump code will be released then in case others wish to dump their own once they successfully trigger the exploit.

 

Sponsored Links

Page 10 of 11 FirstFirst ... 891011 LastLast
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News