Page 11 of 18 FirstFirst ... 910111213 ... LastLast
Results 101 to 110 of 179



  1. #101
    Registered User titanmkd's Avatar
    Join Date
    Jan 2010
    Posts
    29
    Quote Originally Posted by sapperlott View Post
    First of all - nice catch! Could you tell me where you got the names of the vectors > 0x1000 from? Power ISA v2.03 (attached; page 412) states that 0x0000-0x0fff contains the interrupt vectors and that 0x1000-0x2fff is reserved for implementation-specific purposes.

    Apart from the ones you posted the ISA lists 0x0f00 as "Performance Monitor Interrupt" and 0x0f20 is named "Vector Unavailable Interrupt" there.
    That just come from official Cell documentation CellBE_Handbook_v1.12_3Apr09_pub.pdf -> Table9-3.Interrupt Vector and Exception Conditions page 253 of 876

    Can be downloaded here:
    https://www-01.ibm.com/chips/techlib/techlib.nsf/techdocs/7A77CCDF14FE70D5852575CA0074E8ED/$file/CellBE_Handbook_v1.12_3Apr09_pub.pdf

    I advise everybody to get IBM Cell documentation to understand better the architecture, all is documented very well.

    see following link for required documentation on Cell:
    https://www.ibm.com/developerworks/power/cell/documents.html?S_TACT=105AGX16&S_CMP=LP

    Best Regards

    TitanMKD

  2. #102
    Registered User sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Quote Originally Posted by titanmkd View Post
    That just come from official Cell documentation CellBE_Handbook_v1.12_3Apr09_pub.pdf -> Table9-3.Interrupt Vector and Exception Conditions page 253 of 876
    Haha - that's the one I didn't look at (I got them all in printed form) *slaps forehead*

  3. #103
    Registered User Recorator's Avatar
    Join Date
    Jun 2009
    Posts
    12
    Not to sound like an arse kisser, but I think you an all of the people who have worked hard on the ps3 deserve major kudos. I'm gunna start checking through the dump myself. I'm new to coding but hey you never know right?

  4. #104
    Registered User nannou's Avatar
    Join Date
    Oct 2009
    Posts
    36
    The sky is the limit fellows!

  5. #105
    Registered User ju2ef's Avatar
    Join Date
    Jan 2010
    Posts
    38
    Is US and EUR FW the same?
    RAM:00362C4F aFeurus_fw_bin: .string "öeurus_fw.bin"

  6. #106
    Registered User yellowsnow's Avatar
    Join Date
    Feb 2009
    Posts
    22
    Quote Originally Posted by ju2ef View Post
    Is US and EUR FW the same?
    the dump string you posted seems to refer to a network firmware maybe WiFi or Gigabit
    Code:
    /dev/net0
    /local_sys0/sys/internal/eurus_fw.bin
    eurus_fw.bin
    net_manager::reset_eurus failed(%d) flag=%d
    net_manager::read_firmware invaild jump command : command=0x%08x, new_data_size=%d current_offset=%d, data_offset=%d
    net_manager:: Error : eurus F/W download failed.
    net_manager::read_firmware invaild data : command=0x%08x, new_data_size=%d current_offset=%d, data_offset=%d
    net_manager::read_firmware data: %d, firm_offset: %d
    net_manager::put_firmware read firmware fails.
    net_manager::put_firmware ioctl (EURUS_FIRM) fails %d
    net_manager::open_firmware can't open file (FAT)
    net_manager::open_firmware open file (FAT)
    net_manager::open_firmware open file (COMPOSITE)
    net_manager::on_event_received ioctl (EURUS_STAT) failed.
    net_manager::on_event_received Error : eurus F/W download failed.
    net_manager::on_event_received firmware downloaded.
    update
    net_manager::start_firmware_download get_node_value failed. %d
    net_manager::start_firmware_download
    net_manager::initialize ...
    net_manager::initialize couldn't open the file %s. (%d)
    net_manager::initialize mac_addr=0x%016lx
    net_manager::initialize ioctl (NET_INIT) fails %d
    net_manager::initialize ... completed.

  7. #107
    Registered User titanmkd's Avatar
    Join Date
    Jan 2010
    Posts
    29

    Extract of self files (lv2ldr.self, appldr.self, isoldr.self) from dump

    Hi,

    I have found very interesting things in the dump for the next step (to load them through SPU to have decrypted code/data).

    Thanks to xorloser for his great tool SelfTool.exe v1.0 (maybe some hint why it crash on last 3 files ??, i'm also interested on source code of his selftool ...).

    These files are found manually using this basic rule:
    SELF identifier offset0:"SCE" and at offset145:"ELF" in that case it is a self file.

    lv2ldr.self (filesize 0x16830 / 92208 Bytes)
    DumpFileOffset 0x20000

    appldr.self (filesize 0x1D564 / 120164 Bytes)
    DumpFileOffset 0x37000

    isoldr.self (filesize 0x129A4 / 76196 Bytes)
    DumpFileOffset 0x55000

    SELF (corrupted ??) -> Crash SelfTool v1.0 ???
    DumpFileOffset 0x1624BC

    SELF (corrupted ??) -> Crash SelfTool v1.0 ???
    DumpFileOffset 0x6C25B4

    SELF (corrupted ??) -> Error loading file ...
    DumpFileOffset 0x6D5470

    I hope my next post here will be a working self loader with dump of decrypted self code/data ... (but i still haven't the metldr any help to obtain it will be great).

    Best Regards

  8. #108
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    26,864

    Thumbs Up

    Quote Originally Posted by titanmkd View Post
    Thanks to xorloser for his great tool SelfTool.exe v1.0 (maybe some hint why it crash on last 3 files ??, i'm also interested on source code of his selftool ...)
    I'm not sure if he is willing to share the source code, but he probably will be interested to know that it crashes with those files and likely can fix that.

    He's currently been busy with his job (this is why he hasn't updated his blog lately), but we can pass the message along and let you know his reply (or you can try to contact him through the blog, of course).

  9. #109
    Registered User titanmkd's Avatar
    Join Date
    Jan 2010
    Posts
    29
    Quote Originally Posted by PS3 News View Post
    I'm not sure if he is willing to share the source code, but he probably will be interested to know that it crashes with those files and likely can fix that.

    He's currently been busy with his job (this is why he hasn't updated his blog lately), but we can pass the message along and let you know his reply (or you can try to contact him through the blog, of course).
    I have posted a message on his blog about it and how to reproduce the problem

    Crash happen with files extracted at following offset:
    0×006C25B4 with size 256KB -> Crash.
    0×006D5470 with size 256KB -> return Error loading …
    0×001624BC with size 256KB -> Crash.

    Best Regards

  10. #110
    Registered User sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Did anyone find the HV call table yet as suggested by George as a next step? I tried this morning by looking at the exploit code and applying that knowledge to the contents of the dump but didn't succeed.

    Oh - and the Cell OS could indeed be based on BSD since I found references to MFS (@0x319628) which is an in-memory filesystem common to all three BSD flavors (FreeBSD, OpenBSD, NetBSD). This would actually make sense - the HV running from a memory based FS while the LV2 OSes get to use the disk for storage purposes. That would also mean that the whole root FS of the HV could be included in the dump (which could actually be the area holding all the SELFs found in the dump).

 


 
Page 11 of 18 FirstFirst ... 910111213 ... LastLast