Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36



  1. #21
    Registered User 56547645646's Avatar
    Join Date
    Feb 2007
    Posts
    3
    so this would allow for grabbing files that are encrypted on the disc (after using psjailbreak) to be retrieved from memory while decrypted right? (like sound files, gfx files, etc)

  2. #22
    Registered User pasky's Avatar
    Join Date
    Feb 2007
    Posts
    68
    Only if they're already loaded into memory.

  3. #23
    Registered User 56547645646's Avatar
    Join Date
    Feb 2007
    Posts
    3
    the game's i'm thinking of make different heaps & different heap sizes based on the type of file, so there's one heap allocated for gfx, one for music files (i've looked at the config files for the games), does that sound like it could be grabbed from memory? (i'm only double checking as this will be my reason on if i get a ps3 or not as i'm just purely interested in researching the original files in there decrypted state)

  4. #24
    Registered User frammm's Avatar
    Join Date
    Aug 2010
    Posts
    1
    Quote Originally Posted by 56547645646 View Post
    the game's i'm thinking of make different heaps & different heap sizes based on the type of file, so there's one heap allocated for gfx, one for music files (i've looked at the config files for the games), does that sound like it could be grabbed from memory? (i'm only double checking as this will be my reason on if i get a ps3 or not as i'm just purely interested in researching the original files in there decrypted state)
    In the moment it seems that it's not possible to dump a game's memory. The author of the video has said this in the video comments:

    Code:
    This wont allow people to cheat at games as you cant run two things at a time on the ps3.
    So that means that you can't dump too the game memory.

    Thought can't be used CreateThread function or something similar to PS3 in order to run a background app while running a game?

    PSP already made it, so I don't see why PS3 no.

  5. #25
    Registered User junior2k9's Avatar
    Join Date
    Aug 2010
    Posts
    54
    Quote Originally Posted by junior2k9 View Post
    take a look at offset 2b6327 it calls on vsh.self maybe we can patch and write back to memory ...Also at offset 2d0fa7 its talking about ps3 update possible to patch this and downgrade?
    also it calls on vsh.self at 4c93e0 and at 4c9a90 and 4c9ab0 which is before 2b6327

    Quote Originally Posted by junior2k9 View Post
    also it calls on vsh.self at 4c93e0 and at 4c9a90 and 4c9ab0 which is before 2b6327
    I meant to say after but typed before lol

    Quote Originally Posted by junior2k9 View Post
    also it calls on vsh.self at 4c93e0 and at 4c9a90 and 4c9ab0 which is before 2b6327

    I meant to say after but typed before lol
    a lso at 363110 seems like a lot of calls to vsh.self did anyone notice in the idc script released by kakaroto that in the tools there was a file called dump elfs 3.41 payload...that would be nice if we could compile it and dump vsh.self ....
    Last edited by junior2k9; 10-11-2010 at 07:26 PM Reason: Automerged Doublepost

  6. #26
    Contributor datalogger's Avatar
    Join Date
    Sep 2010
    Posts
    61
    Well, technically none of those are the calls. Those are memory addresses where the string "Vsh_self" is stored.

    Syscall_987 at offset 0x89CCC loads %r3 from indirect offset 0x338F98 on line 0x089E64.
    Code:
    ROM:00089E64  ld  %r3, dword_338F98
    That location points to offset 0x002B6328, where the string is stored.

    The others in the 0x4cxxxx area are temps stores.


    That's just my opinion, I could be wrong....

  7. #27
    Registered User junior2k9's Avatar
    Join Date
    Aug 2010
    Posts
    54
    in the 0x4cxxx areas it actually was saying dev_flash/vsh/modules/vsh.self I also noticed when scrolling these sections of code are actually labeled for what they are almost like a table scroll down and see if you can tell (IE" ......../Lv2" then lv2 codes start then another example "...../HDD0" then hdd0 codes start then.

    I think i might of even found the calls for the JB payloads lol not that i know much of what to do with this still very interesting to look through... Also it seems the updates write to HDD1 which I dont think we have access to yet? I've seen it show up in ftp but always get invalid when trying to browse it
    Last edited by junior2k9; 10-11-2010 at 08:09 PM

  8. #28
    Contributor datalogger's Avatar
    Join Date
    Sep 2010
    Posts
    61
    The strings at offset 0x002B6100 are kind of interesting... the part about "System Software Version: 0x00%1d%1d%1d000\n" could be a possible area of interest.

    I know this is only for the Crash Info, but if we know where the system reads the version level from, we might know where to change it...

  9. #29
    Registered User red8316's Avatar
    Join Date
    Feb 2009
    Posts
    205

    Question

    Quote Originally Posted by sk group View Post
    my dump didn't actually come out as what was on the ps3...

    just encrypted strings then some random junk about the peek poker
    Yeah just tried it. Could see the stings on tv but not when viewing the dump. Still fun reading through.

  10. #30
    Registered User junior2k9's Avatar
    Join Date
    Aug 2010
    Posts
    54
    Quote Originally Posted by red8316 View Post
    Yeah just tried it. Could see the stings on tv but not when viewing the dump. Still fun reading through.
    you can see the strings in a hex viewer on pc even its a small section of the list but do a search for dev or something in your hex editor and you'll find where the strings are located

 


 
Page 3 of 4 FirstFirst 1234 LastLast