Sponsored Links

Sponsored Links

Page 1 of 2 12 LastLast
Results 1 to 10 of 18



  1. #1
    Contributor whinis's Avatar
    Join Date
    Jan 2010
    Posts
    133
    Sponsored Links

    Lightbulb Thought on PS3 Dump Problems

    Sponsored Links
    I do not claim to be an expert on anything ps3 or hardware related. But why couldn't someone take a broken ps3, take its ram chip and add a second smaller ram chip on there making a sort of mod chip? The second ram chip could have the function to dump the ram, It would be totally undisturbed because the ps3 wouldn't realize it was its more than expected.

    This would allow you to dump the entirety of the ram with no clipping. This could also be used to extract the keys as you could read them as they go by.

    1. Make mod chip for ram that allows firmware to load onto it and also dump then entire contents

    2. install modchip

    3. dump

  2. #2
    Contributor ionbladez's Avatar
    Join Date
    Apr 2009
    Posts
    225
    Sponsored Links
    Sponsored Links
    keys never hit the ram, if i've been following correctly :[

    however ya i would think in theory the ram can be dumped without the need for otherOS, I find it highly possible, only for the hardcore devs and hackers out there though.

    I'm sure the exploit is still there, they just tried to hide it better now by removing otherOS.

    heh, putting a sheet over a hole in the ground ain't gonna stop anyone from going in.

  3. #3
    Contributor whinis's Avatar
    Join Date
    Jan 2010
    Posts
    133
    Sponsored Links
    Sponsored Links
    Well If I understand computer correctly they must either hit the ram or be burned in the processor, as for the otherOs what is stopping devs from taking a ram dump from previous otherOs and then loading that into ram through whatever means and then still using its.

    Also we should be able to get the signature when the pup talks to the firmware to say "yes, im from sony" and then copy that signature onto a custom firmware.

  4. #4
    Senior Member tragedy's Avatar
    Join Date
    Mar 2009
    Posts
    135
    Quote Originally Posted by whinis View Post
    Well If I understand computer correctly they must either hit the ram or be burned in the processor
    Yes, that's exactly it. The cell processor as you know has many cores. You can configure these cores to run an encrypted program which is decrypted using a per-CPU key that's specific to that one processor. Each PS3 has its own version of the decryption software, itself decrypted using the processor key, so that its secrets are safe.

    You cannot just determine what the per-CPU key is, because we can't encrypt for it without the key and you can't read the memory of an encrypted core.

    Basically, as was said earlier, the keys never get into RAM.

  5. #5
    Contributor whinis's Avatar
    Join Date
    Jan 2010
    Posts
    133
    Does the processor decrypt the program and then re-crypt it before it leaves, it not all you need to do it compare the incoming information to the outgoing and decipher a key based on the appearant algorithm.

  6. #6
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Quote Originally Posted by whinis View Post
    Does the processor decrypt the program and then re-crypt it before it leaves, it not all you need to do it compare the incoming information to the outgoing and decipher a key based on the appearant algorithm.
    Well, take for example you want to run a game, the main executable (EBOOT.BIN) is pushed into memory, then some "magic" is done by an encrypted SPU program (which, is never decrypted in main memory), and the EBOOT.BIN is then decrypted into main memory, where it is executed so you can play.

    So the programs running in the SPU never sees the light of day outside of the CELL processor.

  7. #7
    Contributor Darny's Avatar
    Join Date
    Jun 2010
    Posts
    11
    Quote Originally Posted by CJPC View Post
    Well, take for example you want to run a game, the main executable (EBOOT.BIN) is pushed into memory, then some "magic" is done by an encrypted SPU program (which, is never decrypted in main memory), and the EBOOT.BIN is then decrypted into main memory, where it is executed so you can play.

    So the programs running in the SPU never sees the light of day outside of the CELL processor.
    We'll its got to be said Sony did do a very good job

  8. #8
    Contributor whinis's Avatar
    Join Date
    Jan 2010
    Posts
    133
    I just read up on SPU's and SPE's and from what I read that they are like mini computers including ram. So since they never see the light of day read what goes into them and what comes out. By watching what goes in/out you can determine was is happening inside. Either that or decap it and read it yourself.

  9. #9
    Contributor xclusiv's Avatar
    Join Date
    Apr 2010
    Posts
    3
    Hmm.. It's been a while since I last worked with the Cell BE, but from what I recall the SPE/SPUs are completely self-sufficient. So even the PPE cant monitor everything being sent out to the EIB from that SPU unless its to the PPEs mailbox, and since (I think) the Cell has its own DMA controller which isn't intertwined with the PPE it can probably send decrypted data straight to RAM without any chance of the PPE knowing. Bus sniffing would be impossible on those busses i'm pretty sure considering how fast they are.. Please correct me if im wrong

  10. #10
    Contributor whinis's Avatar
    Join Date
    Jan 2010
    Posts
    133

    Post

    Would it be possible to do what they did to the DS which from what I read had better security than the ps3 until they decaped the processor and slowed it down to around 200mhz to read it. they ended up dumping something around 40 gb from the processor.

 
Sponsored Links

Page 1 of 2 12 LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News