PS3 Hypervisor and Bootloader Memory Dump Publically Leaked

[CJPC]

Just of note (the whole big brother thing), around ~646900 is the HDD serial, and ~646940 is the HDD model - just another way for Sony to start tracking these dumps!

It's also byteswapped and speckled thru there a few more times (along with BD drive model, etc).

[Rahimamir786]

someone care to tell me what this signifies? I'm kinda a noob with this right now.... (the untitled file.. the other one is a joke )

[PS3 News]

What program would be the best to analyse the data?

Many are currently using IDA with xorloser's plug-in (xorloser.com/blog/wp-content/uploads/2010/01/ppcaltivec_plugin_v1.6_for_ida_v5.6.zip), however, I have yet to see a "trial" version of v5.6 floating around.

I don't believe it will work with the older ones, but if anyone wants to check out v5.5 anyway a few links from Google are: rapidshare.com/files/323871806/HEX-RAYS_www.softarchive.net.rar or hotfile.com/dl/21372420/86412a4/HEX-RAYS_www.softarchive.net.rar.html

[CJPC]

it curiously attempts to flame other PS3 News Devs despite using their code to make the HV dump... go figure, eh?

Indeed - you'd think he would at least edit out his MAC address, you can find it in any dump by searching for "/flh/os/this_is_dummy" , look about 224 bytes above, should be starting with (in hex):

Code:

001315
0015C1
0019C5
001D0D
001FA7
00248D

It's also riddled through the dump as well, but that's the most reliable place to find it in the dump.

Needless to say, in this case, today's winning 'numbers' are 00:19:C5:C9:90:F9

[PS3 News]

Needless to say, in this case, today's winning 'numbers' are 00:19:C5:C9:90:F9

ROFL! I guess he should update his "ReadMe" file to:

Ps3news FTW!!!

H8r FTL -_-

[PARDES]

Hi , i have no skills, but i have take a look of the memorydump. I don´t know it´s helps you ?

I have search things about bludisc drive firmware and the package and another things.. Hw config and boot dat. Maybe it´s help you guys , hope so.

[Tidusnake666]

Anyone tried xorloser's plugin on older versions of IDA? 5.2, 5.5 anyone?

[Osirisx]

The part with the fook off, i posted a pic of it dont know why it did not show up in my post.. but besides that. when people are coding they put notes in there stuff sometimes i think it was a developers note in there lol..

it could be dev notes, just take a look at the notes that were left in the leaked sorce code for windows 2000.

then again that word might be a custom dictionary entry he has made.

[livpool]

Indeed - you'd think he would at least edit out his MAC address, you can find it in any dump by searching for "/flh/os/this_is_dummy" , look about 224 bytes above, should be starting with (in hex):

Code:

001315
0015C1
0019C5
001D0D
001FA7
00248D

It's also riddled through the dump as well, but that's the most reliable place to find it in the dump.

Needless to say, in this case, today's winning 'numbers' are 00:19:C5:C9:90:F9

wait, so you guys DIDNT release the dump? someone else really did do it?

[PS3 News]

wait, so you guys DIDNT release the dump? someone else really did do it?

Correct... we actually never had to since the "leaker" beat us to it. A few more related blog comments also:

mathieulh 11 minutes ago in reply to snowboardextr3me

Dumping doesn't necessarly mean you can write to anything.

In theory though you can use the loaders to decrypt lv2, then patch it and run the patched version from ram. All of that using the readily available exploit from geohot.

The content is decrypted within the isolated spu vault, but then the result (plain data) is copied to the XDR ram (with the exception of isolated loaders themselves which are decrypted within the vault and executed in place, meaning the data never leaves the spu)

So you can technically get decrypted versions of anything (without the knowledge of keys/ivs and algos) except the loaders themselves using the said loaders to decrypt such content for you.