Page 1 of 13 12311 ... LastLast
Results 1 to 10 of 130



  1. #1
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174

    PS3 Hypervisor and Bootloader Dumped from RAM and More!


    We are happy to report that the PS3 Hypervisor LV1 and Bootloader LV0 are dumped from the PlayStation 3's RAM after getting our SX28 Hardware a few days ago, utilizing code for glitching and mashing buttons for hours - the exploit eventually will get triggered!

    We tried a few different ways to dump out the real memory - the biggest "problem" was the fact that you can't just simply use File I/O code in a kernel module. Furthermore, you can't call the lv1_peek function from user mode either.

    Luckily, resident DEV kakarotoks was up to the challenge. After some trial and error (and too many PS3 crashes!) he made a kernel module which maps the "real" PS3 memory to a device in /proc. The /proc area lets the kernel and userland interact some.

    Basically, the device /proc/ps3_hv_mem is created when the kernel module is inserted. Once it is inserted, you can use dd to read the device. By doing this, the device gets passed arguments, which is passed along to lv1_peek - which in turns reads out the real memory.

    Be advised, don't go beyond the PS3's upper memory limit. At around 260MB, the PS3 tends to crash - it does not like trying to read beyond RAM limits! So, for usage:

    First, run the exploit, and get it triggered and working - that's the hard part!

    Next, download the attached file, inside are three files, a Makefile, the ps3_hv_mem.c and a pre-compiled version. Stick these in a folder, and run make. It will then compile a kernel module for you (ps3_hv_mem.ko, or use the pre-compiled one). Then simply type: sudo insmod ps3_hv_mem.ko

    Enter your password and check /proc for a ps3_hv_mem entry, or your dmesg. If it is there - let the dumping begin!

    You can dump out the PS3 Hypervisor and Bootloader (and the rest of the real memory) via dd. You can use the command:

    dd if=/proc/ps3_hv_mem of=PS3_Memory_Dump.bin bs=1024 count=10K

    That command will dump out 10485760 bytes, or about 10MB - which nicely includes the goodies like LV0 and LV1. Finally, you can also increase the count, which will increase the amount dumped (multiply by blocksize).

    PS3 Hypervisor and Bootloader Dumped from RAM and More!

    PS3 Hypervisor and Bootloader Dumped from RAM and More!

    More PlayStation 3 News...
    Attached Files Attached Files

  2. #2
    Senior Member mushy409's Avatar
    Join Date
    Oct 2008
    Posts
    329

    WOW! Top stuff! I'm sure there's plenty of interesting things to be had out of those dumps.

    What is contained in the upper memory? (above 260Mb) Or is this still unknown?

  3. #3
    Registered User red8316's Avatar
    Join Date
    Feb 2009
    Posts
    205
    Great job everyone! This is fantastic news! I'm glad the local dev's were able to get it to work. I'm sure there is lots to look over and examine. It's in good hands now.

  4. #4
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Quote Originally Posted by mushy409 View Post
    WOW! Top stuff! I'm sure there's plenty of interesting things to be had out of those dumps.

    What is contained in the upper memory? (above 260Mb) Or is this still unknown?
    Yeah considering the fact that the PS3 only has 256MB of System Memory, I'd take a "giant guess" and say nothing at all!

  5. #5
    Registered User livpool's Avatar
    Join Date
    Sep 2009
    Posts
    211
    omg that is so awesome! you guys finally have the dumps! woo

    p.s. i can't believe the hypervisor is only 10mb? i thought it would be way bigger

  6. #6
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    26,873
    Quote Originally Posted by livpool View Post
    p.s. i can't believe the hypervisor is only 10mb? i thought it would be way bigger
    Basically you can dump out all the memory, but the "goods" are actually contained in the first 10MB of RAM so the Devs just chose to dump that... whereas xorloser chose to dump 16MB, etc so it boils down to personal preference.

  7. #7
    Senior Member ekrboi's Avatar
    Join Date
    Oct 2009
    Posts
    78
    Quote Originally Posted by CJPC View Post
    Yeah considering the fact that the PS3 only has 256MB of System Memory, I'd take a "giant guess" and say nothing at all!
    =P

    side note - awesome news.. lookin forward to findin the dumps out in hyperspace sooner than later i hope.

  8. #8
    Registered User Citrus's Avatar
    Join Date
    Feb 2010
    Posts
    1

    Thumbs Up

    This is great news. I can't believe how quickly you guys were able to do this after just getting the SX28.

  9. #9
    Registered User colima's Avatar
    Join Date
    Jan 2010
    Posts
    12
    Great news . Now comes the next step finding an exploit XD

  10. #10
    Contributor richleva's Avatar
    Join Date
    Jan 2009
    Posts
    14

    whats now?

    Great Job guys!! so i guess we're at the part were geo said "make something useful out of it" we just need someone to customize the codes?

    This is great!!!

 


 
Page 1 of 13 12311 ... LastLast