Sponsored Links

Sponsored Links

Page 7 of 7 FirstFirst ... 567
Results 61 to 64 of 64



  1. #61
    Senior Member tragedy's Avatar
    Join Date
    Mar 2009
    Posts
    135
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by sapperlott View Post
    I'd be interested in how you think this could be circumvented without the keys necessary to create own signed / encrypted binaries.
    Well, that all depends if your goal is signing code so it can run on any console or just allowing unsigned code to run on your console. The latter will be possible, although still difficult.

    At the end of the day, the vast majority of encrypted code runs on the PPU after decryption, so even considering the encrypted metldr block, the general principle is:

    PPU: does basic initialisation
    PPU: requests SPU to start up in isolation mode
    SPU: decrypts lv0 and puts in somewhere PPU can access it
    PPU: waits for SPU to finish decrypting lv0
    *INSERT HACK HERE TO PATCH lv0 HERE*
    PPU: executes decrypted lv0 code
    ...
    PPU: lv0 sends message to still running metldr SPU to decrypt lv1
    SPU: decrypts lv1 and puts in somewhere PPU can access it
    PPU: waits for SPU to finish decrypting lv1
    *INSERT HACK HERE TO PATCH lv1 HERE*
    PPU: executes decrypted lv1 code
    ...
    PPU: lv1 sends message to still running metldr SPU to decrypt lv2
    SPU: decrypts lv2 and puts in somewhere PPU can access it
    PPU: waits for SPU to finish decrypting lv2
    *INSERT HACK HERE TO PATCH lv2 HERE*
    PPU: executes decrypted lv2 code
    ...
    *CHECK*
    PPU: lv2 sends message to still running metldr SPU to decrypt self
    SPU: decrypts self and puts in somewhere PPU can access it
    PPU: waits for SPU to finish decrypting self
    *INSERT HACK HERE*
    PPU: executes decrypted self code

    So, even without knowing the encryption keys, provided we can obtain the original metldr, we can always execute signed code so we can continue to run regular games with a modified lv2.

    To run unsigned code, where I've written *CHECK*, we check to see if the code is unisgned, if so we just execute it directly without ever asking the SPU to decode the data.

  2. #62
    Registered User sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Sponsored Links
    Sponsored Links
    All valid points and a very good summary of the boot process and a possible attack vector. But the original argument was about whether or not the data inside the isolated SPU can be compromised.

  3. #63
    Contributor teusjuh's Avatar
    Join Date
    Jul 2007
    Posts
    23
    Sponsored Links

    Question

    Sponsored Links
    got an noob question

    with all information what public is... how far is it away to get unsigned code running. i mean how far is it away for devs to make an first hello world or something?

    edit: or is there still not enough dump information??

  4. #64
    Registered User moneymaker's Avatar
    Join Date
    Dec 2009
    Posts
    120
    Quote Originally Posted by tragedy View Post
    At the end of the day, the vast majority of encrypted code runs on the PPU after decryption, so even considering the encrypted metldr block, the general principle is:

    PPU: does basic initialisation
    <----here we can be already screwed, which code do you think PPU uses to init and ask SPU to start in isolation mode ?
    PPU: requests SPU to start up in isolation mode
    SPU: decrypts lv0 and puts in somewhere PPU can access it
    PPU: waits for SPU to finish decrypting lv0
    *INSERT HACK HERE TO PATCH lv0 HERE*
    PPU: executes decrypted lv0 code
    ...
    I just wonder a couple of things, what kind of code should switch on the SPU and what kind of system the SPU uses to de/crypt..

    To explain me better I'll use an example: to a secretary whom knows her job you can kindly pass a note asking her to translate it or you can simply throw it onto her desktop and she will do the translation without the need to ask...

    Have I given the idea of what I mean ?

 

Sponsored Links
Page 7 of 7 FirstFirst ... 567
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News