For the question retail/debug ...forget it..the keys embedded into the SPE which is into the CPU itself are different among the two versions...no way to mess with them, no chance to make a retail unit a debug one..
For all others occurrencies, maybe there is a chance to open the system so some skillfull team of coders could make an alternate OS capable to run alternate (privately coded) games that's not so exciting as a landscape....
For sure it could also lead to something more, but's all to be thrown to light ...
It is not about making a debug unit from retail - it is about making the system behave just about enough as a debug unit. There is a major difference between these two.
And for your second statement - you are wrong. This exploit maybe is for lv0/lv1 only but using this exploit and the things we no have access to we might (or I would say will) be able to dig deeper into lv2 and the secrets and mistakes embedded in that code...
It is not about making a debug unit from retail - it is about making the system behave just about enough as a debug unit. There is a major difference between these two.
And for your second statement - you are wrong. This exploit maybe is for lv0/lv1 only but using this exploit and the things we no have access to we might (or I would say will) be able to dig deeper into lv2 and the secrets and mistakes embedded in that code...
You do not understand, there is no point into going to harvest anything of lv2 in absence of the root key, that's the target, without it you can only build an alternate OS able to run whatever you want if only you compile it by yourself in a proper language...
The system without the correct keys into the SPE would NOT behave as a dedug unit neither if you start crying in japaneese...
If there is something that can reach the insulated SPE is for sure into some kind of device in $ony service labs, surely not on the lv2 neither in a standard or even debug firmware updater's driver...
We can find the channel for that software to work but we dont have the code, we can compile the same code or a code able to do the same things (in theory) but without the root-key it could go nowhere...
What do you want to find into lv2 ? Do you really think that the project engineer of the CBE security hint the staff to put those files into the consumer updater module to have them could change the SPE certificates at the user will ? Maybe writing them onto lv2 somewhere furthermore ?
Isn't CJPC working towards turning a debug unit into retail and the opposite? I suppose it isn't the same , going from retail to debug must be be harder (If even possible, as you said) since Retail is basically quite locked down (at least for now).
I'm very far from an expert about Ps3's internal behavior, but I read these forums quite often, and I thought too that it was only a matter of flags.
We really have a security beast here, am I wrong? ^^
That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!
Why is it necessary to use an SX28? There is a device quite well known in the smartcard hacking scene called the T911 which can be bought on many internet sites. It uses an easily programmable AVR Atmel 2313 which can probably be overclocked to 25 Mhz to produce the necessary 40ns glitches.
You do not understand, there is no point into going to harvest anything of lv2 in absence of the root key, that's the target, without it you can only build an alternate OS able to run whatever you want if only you compile it by yourself in a proper language...
The system without the correct keys into the SPE would NOT behave as a dedug unit neither if you start crying in japaneese...
If there is something that can reach the insulated SPE is for sure into some kind of device in $ony service labs, surely not on the lv2 neither in a standard or even debug firmware updater's driver...
We can find the channel for that software to work but we dont have the code, we can compile the same code or a code able to do the same things (in theory) but without the root-key it could go nowhere...
What do you want to find into lv2 ? Do you really think that the project engineer of the CBE security hint the staff to put those files into the consumer updater module to have them could change the SPE certificates at the user will ? Maybe writing them onto lv2 somewhere furthermore ?
I'm not so optimistic...
You are too narrowminded and do not think outside the box. You are hung up on the way IBM/SCE describes security and not showing any hacker mentality.
You will soon be amazed - I promise you. Maybe not with lv2 exploits leading to loaders and such but other things that will surface. Rest assured - progress is being made as I write this.
You are too narrowminded and do not think outside the box. You are hung up on the way IBM/SCE describes security and not showing any hacker mentality.
You will soon be amazed - I promise you. Maybe not with lv2 exploits leading to loaders and such but other things that will surface. Rest assured - progress is being made as I write this.
That's what we've all been hoping for.
Anyway, I wanted to ask how much has been dumped so far. I thought it could all be done at once but we were only shown bits and there has been no announcement that the entire hypervisor has been dumped by the Devs so is it safe to assume that means it's being done a piece at a time? Forgive the crappy question but I have no knowledge on the topic.
Anyway, I wanted to ask how much has been dumped so far. I thought it could all be done at once but we were only shown bits and there has been no announcement that the entire hypervisor has been dumped by the Devs so is it safe to assume that means it's being done a piece at a time?
It started out that way, but last night as CJPC posted HERE they got it working properly with new dump code.
CJPC plans to post an update in the Site News either tonight or tomorrow with the details, and also the dump code will be released then in case others wish to dump their own once they successfully trigger the exploit.
Originally Posted by moneymaker
Reply With Quote
