Sponsored Links

Sponsored Links

Page 2 of 16 FirstFirst 123412 ... LastLast
Results 11 to 20 of 158



  1. #11
    Registered User BKATTACK's Avatar
    Join Date
    Mar 2007
    Posts
    5
    Sponsored Links
    Sponsored Links
    Based on the yesterdays NFO from PDX they clearly state that the hardware in the Euro release PS3 is causing there process not to work. The only hardware difference that I know of is the removal of the PS1/PS2 chip as seen in this post from the news back on March 14th:

    Concerns regarding PS3's backward-compatibility have been raised since Sony announced European consoles would use software, rather than a dedicated internal chip, to emulate PSone and PS2 titles. This reduces the number of backward-compatible games for EU PS3s significantly, compared to the approximately 98% playable on American and Japanese machines.

    I have no experience reverse engineering or developing, but to those that do I truly believe that this is where PDX was saying they found the exploit. Maybe they figured out a way to trick this chip into running an iso from the hard drive or external drive instead of a PS2 game in the BR drive. Maybe someone with more knowledge will shoot this theory down, or know of some other hardware changes done in the PAL units. But in my opinion this is the area to look at.
    Last edited by BKATTACK; 03-29-2007 at 03:55 PM Reason: Automerged Doublepost

  2. #12
    Registered User daz500's Avatar
    Join Date
    Jan 2007
    Posts
    6
    Sponsored Links
    Sponsored Links
    Can you give a high-level overview as to how their loader works so that others can try to break the stages down into more detail?

  3. #13
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,811
    Sponsored Links

    Thumbs Up

    Sponsored Links
    Quote Originally Posted by BKATTACK View Post
    Based on the yesterdays NFO from PDX they clearly state that the hardware in the Euro release PS3 is causing there process not to work.
    Point well taken BKATTACK! This just goes to show you don't have to necessarily be a DEV'er to help out here.

    You are actually correct! PDX is actually using a hole in the PS2 hardware to jump into PS3 mode essentially (as it still does run). Once there, they have User Mode access and use a second hole/exploit (likely the LS hint mentioned) to escalate to Kernel Mode for running their iSO Loader, etc.

    And again, you are correct on the console changes too... currently theirs doesn't work on PAL due to software. They can't get their exploit working because the PS2 is being emulated (different programming) so the hole is missing in action.

    However, I have been told this is actually slightly "outdated" as of last night. I believe they have made some further progress (although I have no specifics on it at this time).

  4. #14
    Senior Member cyberfix's Avatar
    Join Date
    Oct 2005
    Posts
    55
    Is there a way to access installed game files? For instance, can we change the Motor Storm or Lemmings demo launch icon to point to something different like the iso files, etc.?

    Also, PDX mentioned that the SPEs use shared memory. One SPE acts as the security. Is it possible that during the boot of the OtherOS that the system's security be can compromised to launch an iso at that point?

    Could all of this have something to do with launching a PS2 game to launch a PS3 game? After all PDX did mention that the PAL hardware changes have created a problem. With no Emotion Engine chip, this would fall in line with that.

    Just some thoughts that have been plaguing my ever waking moment.

  5. #15
    Contributor internetfloozy's Avatar
    Join Date
    Aug 2005
    Posts
    87
    Im currently at work and im overwhelmed but I finding time to still research possibilities. I have been curious about the chances of just wrapping a common PS2 ELF file or rebuilding the code from an ELF loader for example to work with the Cell BE.

    One thing is catching my eye it is called "embedspu"
    This is a special tool that converts SPE programs into an object file that can be linked into a PPE executable. It also creates a global variable that refers to the SPE program so that the PPE can load the program into the SPEs and run the program as needed.

    Im wondering if it is possible to embed an ELF or disquise it to run somehow. I know, it could be crazy and make no sense but im throwing things out there.

  6. #16
    Registered User dogSPring's Avatar
    Join Date
    Apr 2005
    Posts
    1
    Hey guys,

    i'm developing on Cell since the my jap PS3 arrived here in europe and achieved some knowledge on ppu/spu data transfer. Well, there is very useful function called spu_mfcdma32 !

    The parameters are pretty easy:
    spu_mfcdma32((void *)(&ctx), (unsigned int)parm, sizeof(context), tag_id, MFC_GET_CMD);

    ctx: pointer to address in LocalStore (256 KB limit!!)
    param: pointer to address in MainStore (256mb limit :P)
    sizeof(context): i think, this is the tricky and most important part to generate an exploit. YOU decide how many bytes will be transfered from MS to LS. So if you transfer more than ~256kb (cause there is no limit check), you should get a buffer overrun, put data/code from you MS into the SPUs register and mabye change the return addresse :??

    To get familiar with this topic, you should read the "Cell B.E. Programming Tutorial 2.0". Take a look at SPE registers on page 61 and page 86 for the MFC commands.

    Well this is just my idea how this it COULD works.
    Good night and good luck

  7. #17
    Registered User knollebolle's Avatar
    Join Date
    Feb 2007
    Posts
    4
    Quote Originally Posted by dogSPring View Post
    Hey guys,

    i'm developing on Cell since the my jap PS3 arrived here in europe and achieved some knowledge on ppu/spu data transfer. Well, there is very useful function called spu_mfcdma32 !
    cant u make a pointer or something like that , after the 256 kb to load a little file which starts a program ?

    i mean that u use a pointer in the code to jump to a certain position in your sourcecode. is this a possibility ?

  8. #18
    Registered User Albut35's Avatar
    Join Date
    Mar 2007
    Posts
    6
    Quote Originally Posted by PS3News View Post
    Point well taken BKATTACK!

    You are actually correct! PDX is actually using a hole in the PS2 hardware to jump into PS3 mode essentially (as it still does run). Once there, they have User Mode access and use a second hole/exploit (likely the LS hint mentioned) to escalate to Kernel Mode for running their iSO Loader, etc.
    So we have to find an exploit inside of an exploit to gain kernel access. Kind of like the PSP GTA:LCS hack... Also, from what I understand, the explioit is from the PS2 chip (I don't know the 'offical' name of it) inside the PS3. Does anyone know if OtherOS cancels off access to the PS2 chip? Maybe Sony forgot to add security to that? I'm just throwing ideas out to get some people thinking. I'll look more into it tonight..

  9. #19
    Registered User downloads2k5's Avatar
    Join Date
    Apr 2005
    Posts
    7
    o.k. take things back a notch, when you insert a ps1 title into the ps3 deos the emulation run "straight" from the ps3 or does it "borrow" ps1 emulation from the emotion engine. if so in pal ps3 is the ps1 emulation now running from the ps2 emulation (confusing i know) or is the ps1 info running through software on the ps3 itself. also how are memory cards / saves for the ps1/2 dealt with from the point of view of the ps3, it obviously creates virtual memory cards for these emulated machines.

    do these "memory cards" live in protected or unprotected space. in other words is it possible to take apart a ps2 or ps1 save (which we have have a good understanding of) and somehow run or inject some arbitrary code, assuming that the memory cards are allowed kernal / user mode access to the ps3. the memory card files must be somhow linked through the emulation process in the ps3 to "relink" to some part of the hard disk in the ps3. are these files stored in a user accessible part of the ps3 ?

    just some random thoughts from the top of my head, i'm more a thinker than a programmer.

  10. #20
    Registered User Darkflame808's Avatar
    Join Date
    Jan 2007
    Posts
    11
    I understand that sony probably did a collective effort into patching all "known" exploits in the ps2/ps1 saga etc.

    I wanted to throw this out there for devs to consider. From the time the first ps1 exploit came out to the time the last ps2 exploit came out. A lot was learned regarding exploits. I have noticed people focused their efforts on exploiting games of interest.

    Maybe the information gained from exploiting ps2 days a few months back (that is patched now in ps3) could be used into digging around in games from years back when that everyone seems to have forgotten. Maybe a save exploit that worked on GTA VC might have opened up a new approach to lunar for ps1. That kind of thing. I am assuming that the ps3 runs ps2/ps1 games in some sort of higher level then linux.

    Also rather then games from big wig companies, how about crap games from gun and run publishers. maybe those programmers are the ones that left more shody programming in their software then the 400,000$ programmers that work for rockstar...etc.

    Just a thought.
    Last edited by Darkflame808; 03-29-2007 at 05:07 PM

 

Sponsored Links
Page 2 of 16 FirstFirst 123412 ... LastLast

Tags for this Thread

Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News