Sponsored Links

Sponsored Links

Page 4 of 7 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 64



  1. #31
    Junior Member xplozion's Avatar
    Sponsored Links
    Sponsored Links
    Ooh man. Can't wait for the next month to see the improvements!

    I bet $ony is damn scared of things to come

  2. #32
    Registered User fhwk's Avatar
    Sponsored Links
    Sponsored Links
    Nice work with the memdump - I've been pretty miffed at Sony for their stunt and decided to hop in with the hacking bandwagon to see if there's anything I could help with. I don't currently have Linux on my PS3 so I haven't tried these out myself yet, but maybe someone could give them a try.

    First of all, there's a few linux kernel boot options which may be useful in making sure that the kernel doesn't overwrite the first 36MB of RAM. From the kernel documentation:

    memmap=nn[KMG]$ss[KMG]
    Mark specific memory as reserved. Region of memory to be used, from ss to ss+nn. Example: Exclude memory from 0x18690000-0x1869ffff:
    memmap=64K$0x18690000
    or
    memmap=0x10000$0x18690000

    So, by adding memmap=36M$0x00000000 to LILO/GRUB boot options would probably do the job. If I remember correctly, this also means that the kernel won't allocate RAM from this area for userspace programs.

    Also, as there's no need to boot up a complete system, just starting a kernel and a shell would be enough. The init option lets you to specify the location of the init program (/sbin/init by default) so setting it to /bin/sh would probably be enough. Ie.

    init=/bin/sh

    This would give a really minimal linux console to work with when getting a dump out.

  3. #33
    Contributor chipsy's Avatar
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by TUHTA View Post
    really cool, is it any good results?

    Is it a way to take "SPECIAL" USB and return to service mode?
    I actually think you could achieve it , but then again it would require some special software which of course isn't publicly available and don't expect it to be leaked any time soon, because it's hidden deep down in Sony's headquarter and you will have to go through 100 of firewalls to get it.

    (you know what I mean)

  4. #34

    Question

    how much left to play games copies?

  5. #35
    Quote Originally Posted by fhwk View Post
    First of all, there's a few linux kernel boot options which may be useful in making sure that the kernel doesn't overwrite the first 36MB of RAM. From the kernel documentation:

    memmap=nn[KMG]$ss[KMG]
    Mark specific memory as reserved. Region of memory to be used, from ss to ss+nn. Example: Exclude memory from 0x18690000-0x1869ffff:
    memmap=64K$0x18690000
    or
    memmap=0x10000$0x18690000
    Nice catch! The only problem is that the bootloader used on the PS3 is a small Linux system itself so by the time this parameter is evaluated the bootloader Linux system is already loaded into memory without any contstaints. It would be possible to re-build the bootloader image with the same parameters, though.

  6. #36
    Quote Originally Posted by sapperlott View Post
    Nice catch! The only problem is that the bootloader used on the PS3 is a small Linux system itself so by the time this parameter is evaluated the bootloader Linux system is already loaded into memory without any contstaints. It would be possible to re-build the bootloader image with the same parameters, though.
    Nice point, beside the LILO/GRUB he catched as an example is our case petiteboot/kboot that's better to rebuild..

    Building a kernel image as small as possible and running it into the highest memory space avaliable coul make the thing easier..

    Even better could be to find a way to run a minimal linux in the backward compatibility reserved memory (32MB) of some models but this, even if possible, could envolve quite more work...

  7. #37
    Quote Originally Posted by sapperlott View Post
    Nice catch! The only problem is that the bootloader used on the PS3 is a small Linux system itself so by the time this parameter is evaluated the bootloader Linux system is already loaded into memory without any contstaints. It would be possible to re-build the bootloader image with the same parameters, though.
    hi, is posible build a bld whith the ps3sdk,but the problem is the store dump file.

    The sdk ps3 dont have include for mount and storage.

    the best is using ethernet cable for dump,using a otheros whith it support but need included the exploit files

    1saludo and yes that dump have parts linux,remember when rst don't volatilice the ram the old data mix with the new.

  8. #38

    Lightbulb

    hmm... so if i understand what i've been reading right, the hypervisor dump that we got was polluted with linux code, the solution to this would be to try to rework the otheros bootstrap which would just dump the same data without the linux code mixed into it, this would require the bootstrap to load from somewhere in the memory after the 36mb of code that we actually want (possibly by moving the bootstraps load location to the hardware on a HWBC console), this should give us our golden key right?... well ok, a map to the golden key but you know what i'm saying.

    another option is to figure out how to build an external chip, aka MODCHIP (i know everyone cringes at the mention as they require hardware modification but this dose too), that would somehow record and output all everything thats loaded into the ram or other chips be recoded and outputted to a computer. but this is a very complicated process and could take years.

  9. #39
    Quote Originally Posted by laggmaster View Post
    hmm... so if i understand what i've been reading right, the hypervisor dump that we got was polluted with linux code,
    actually it is the lv2 right now.. the hypervisor have been done a few weeks back.
    yes, some part of it has been overwritten but hey, there is at least something to start with!
    Quote Originally Posted by laggmaster View Post
    another option is to figure out how to build an external chip, aka MODCHIP (i know everyone cringes at the mention as they require hardware modification but this dose too), that would somehow record and output all everything thats loaded into the ram or other chips be recoded and outputted to a computer. but this is a very complicated process and could take years.
    well, it's not the cross-dump, but the content of the ram what has the problems: AFAIK the ram can be decoded by the runnung sys (thus it's encrypted)

  10. #40
    Does the ability still exist to install the test firmware on a retail box? (I know it didn't work 100%) and if is possible has anyone tried dumping it (or does the lack of otheros make this impossible?)

 
Sponsored Links

Page 4 of 7 FirstFirst ... 23456 ... LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News