Sponsored Links

Sponsored Links

Page 6 of 7 FirstFirst ... 4567 LastLast
Results 51 to 60 of 64



  1. #51
    Banned User
    Join Date
    Mar 2008
    Posts
    303
    Sponsored Links
    Sponsored Links
    awsome work. very nice.

  2. #52
    Contributor jumbohype's Avatar
    Join Date
    Oct 2007
    Posts
    4
    Sponsored Links

    Lightbulb

    Sponsored Links
    How about using a network shell with the ps3sdk instead of linux to dump the level 2?

  3. #53
    Contributor renanbianchi's Avatar
    Join Date
    Jan 2008
    Posts
    53
    Sponsored Links

    Arrow

    Sponsored Links
    Exploration Pic by Demonhades:

    Attached Thumbnails<br><br> Attached Thumbnails

    kernelpic.png  

  4. #54
    Contributor sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Quote Originally Posted by korn16ftl3 View Post
    question tho what is an XDR bus?
    It's the memory bus - you have to know how the system talks to the memory first before trying to tap it. Just forget about tapping into the XDR memory.

  5. #55
    Senior Member SCE's Avatar
    Join Date
    Jan 2009
    Posts
    172
    Quote Originally Posted by sapperlott View Post
    It's the memory bus - you have to know how the system talks to the memory first before trying to tap it. Just forget about tapping into the XDR memory.
    Actually Geo was talking about this in the beginning of his work on PS3. But since it required an expensive device , he didn't go that way...

  6. #56
    Contributor moneymaker's Avatar
    Join Date
    Dec 2009
    Posts
    120
    Quote Originally Posted by SCE View Post
    Actually Geo was talking about this in the beginning of his work on PS3. But since it required an expensive device , he didn't go that way...
    Hehe, brain is the most expensive device...

    However each system has it's own Achille's heel, if the isolated SPU cannot be manipulated in regular ways it doesn't mean it has not the ability to decrypt it's own content if it should be feeded to the SPU itself through the normal channel, it's "isolated" between quotes cause it actually decrypts everything is /needed/feeded ...if introduced in the right way....

    Next step is to dump the SPU cache, it's a pain, I admit it... but bare metal assembler code it's really powerful... maybe it's not impossible...

  7. #57
    Contributor sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    SPU Isolation is a hardware feature - not much you can do about it in software (even if it's written in Assembler ).

  8. #58
    Contributor moneymaker's Avatar
    Join Date
    Dec 2009
    Posts
    120
    Quote Originally Posted by sapperlott View Post
    SPU Isolation is a hardware feature - not much you can do about it in software (even if it's written in Assembler ).
    Hehe... "isolated"... this means no data "enters" the SPU and no data "exits" from there ? NO!

    Isolated my rear, let we say it only executes fixed tasks (among which there is also one task we could like to show Kanna her's system is not forced to be unbreakable cause everyone thinks it's unbreakable...

    By "hardware" it means it should not be any bus connections between the SPU and the rest of the processor and you have to connect directly on the SPU bus to reach it... and this is not true...cause actually it performs action (de/cypher) on data that runs "through" it... if it were truly isolated it could act only as an hardware replacement protection...

    Furthermore there is no hardware that runs by itself "without" software, and both of them could be initialized someway and what proprietary software can also self written LM can...

    Yeah, it's a very secure system but's not WrathofGod-proof...

    It CAN be found an appropriate use for it's potential, believe me or not, unfortunately I'm not at the level to gain more out of this my idea, specially in theese ones that are hard times for me.
    Last edited by moneymaker; 04-07-2010 at 09:39 PM

  9. #59
    Senior Member SCE's Avatar
    Join Date
    Jan 2009
    Posts
    172
    So, any ideas how to start making a better dump? At least telling kernel to not to use first 36 MB of RAM?

  10. #60
    Contributor sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Well - here's how I understand it after reading through the docs (and spufs sources):

    When an SPU enters isolation mode, it fetches the encrypted / signed (with the hardware root key) binary (normally a loader) from memory (via DMA) into its Local Store, decrypts it there and runs it. When in isolated mode, only a very small window of its Local Store is accessible through DMA by the other components (other SPUs, PPU, RSX, etc) while outbound DMA requests aren't restricted.

    The rest of the Local Store is protected and can only be accessed by the code running on the isolated SPU itself. So if the programmer of the isolated SPU code isn't a complete idiot and does perform proper sanity checks on the (probably malicious) data that enters the SPU through that window there's very little chance to mess with it.

    The IBM isolation loader for example expects you to write the memory address where the encrypted binary (to be decrypted by the loader code already running) resides into the accessible Local Store window. After doing so the SPU fetches the encrypted binary via DMA, decrypts it into the inaccessible regions of its Local Store and runs it. It seems plausible that METLDR uses a similar mechanism.

    I'd be interested in how you think this could be circumvented without the keys necessary to create own signed / encrypted binaries.
    Quote Originally Posted by SCE View Post
    So, any ideas how to start making a better dump? At least telling kernel to not to use first 36 MB of RAM?
    As far as I see it, it's nearly impossible to tell the Linux kernel "not to use the first xx MB of RAM" since the Linux kernel uses LV1 calls to allocate memory. What looks like one big chunk of contiguous memory to the kernel might consist of many small parts (LPARs) spread over the entire physical memory range.

    So in order to have such tight control over memory allocation I guess one would have to patch the hypervisor.

 
Sponsored Links

Page 6 of 7 FirstFirst ... 4567 LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News