Page 1 of 2 12 LastLast
Results 1 to 10 of 11



  1. #1
    Registered User oldschool400's Avatar
    Join Date
    Oct 2009
    Posts
    33

    [Answered] CFW for Hypervisor?


    We all know that the hypervisor is HW based, so it should therefore have a FW... has anyone been able to dump the data for the hypervisor and possibly be able to make a CFW for the firmware that would allow for the PS3 to accept a CFW for the XMB?

    dunno if this has been covered, but i've been researching for the past week and this seems like the only "viable" solution to gain full access to the HW.

  2. #2
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174

    I suggest you search and do some reading. The biggest hurdle with doing what you say is the fact that its all encrypted, so just "dumping" it won't help any.

  3. #3
    Contributor ionbladez's Avatar
    Join Date
    Apr 2009
    Posts
    225

    Smile

    I wish I had my damn board probe kit. Lost that one day, don't remember how - but I had the works on it lol.

    encrypted or not, all hardware has an instruction set. I don't know if we haven't tried to follow said instruction set before, but we may want to try. I have made a thread for the video controller onboard as well with no information, but that doesn't make me give up. I'm trying to now focus on aspects of security and encryption in programming.

    Anything running through a controller must have an instruction set of it's own.

    in any case, I'm sure if we dump it, there would likely be a pattern. If anyone, especially the devs, I'd like to get my hands on a 2-4 MB of anything you guys can actually get your hands on. Send me a PM if you can, puzzles are more "my thing".

    I figure if I am gonna do something, mine as well do something great, right?
    I am good with SOME asm (IBM/Intel/Celeron), a lot of c variants, ect.

  4. #4
    Registered User oldschool400's Avatar
    Join Date
    Oct 2009
    Posts
    33
    Quote Originally Posted by CJPC View Post
    I suggest you search and do some reading. The biggest hurdle with doing what you say is the fact that its all encrypted, so just "dumping" it won't help any.
    Dumping by itself won't help.. but getting the dump, it'll give us something work with to get a decrypter up and running, then once decrypted, we could start looking at it for exploits.

    I figure if I am gonna do something, mine as well do something great, right?
    ^^ couldnt of said it better myself ^^
    Last edited by oldschool400; 12-23-2009 at 02:10 AM Reason: wanted to add something

  5. #5
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    26,857

    Arrow

    Quote Originally Posted by oldschool400 View Post
    Dumping by itself won't help.. but getting the dump, it'll give us something work with to get a decrypter up and running, then once decrypted, we could start looking at it for exploits.
    If you have the ability to decrypt such things without the algo or keys by all means demonstrate it here and you will be invited into the PS3 Dev IRC channel.

    However, most people are just end-users with no skills seeking a dump to "pass around" which won't ever happen publically... until the PS3 is unlocked, all work is being done privately so that Sony can't close what few holes may exist.

  6. #6
    Contributor playforfun's Avatar
    Join Date
    Jul 2009
    Posts
    50

    Smile

    Quote Originally Posted by oldschool400 View Post
    We all know that the hypervisor is HW based, so it should therefore have a FW... has anyone been able to dump the data for the hypervisor and possibly be able to make a CFW for the firmware that would allow for the PS3 to accept a CFW for the XMB?

    dunno if this has been covered, but i've been researching for the past week and this seems like the only "viable" solution to gain full access to the HW.
    Hello,

    It's normally possible to dump hypervisor and at this day, i think this dump exist. now, with this hypothese, maybe someone have begin to reverse it to find a way to hack it but again, no information maybe no break found for the moment.

    so wait and see is the word for this long story

  7. #7
    Contributor semitope's Avatar
    Join Date
    Feb 2009
    Posts
    606
    Quote Originally Posted by oldschool400 View Post
    Dumping by itself won't help.. but getting the dump, it'll give us something work with to get a decrypter up and running, then once decrypted, we could start looking at it for exploits.

    I figure if I am gonna do something, mine as well do something great, right?
    ^^ couldnt of said it better myself ^^
    How would you go about decrypting it? Geohot says its some aes blah blah thingy.

    Is there an analysis of the encryption used anywhere here? Any professionals have looked at it or figured out a possible way of decrypting it (regardless of the years it would take)

  8. #8
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Quote Originally Posted by ionbladez View Post
    I wish I had my damn board probe kit. Lost that one day, don't remember how - but I had the works on it lol.

    encrypted or not, all hardware has an instruction set. I don't know if we haven't tried to follow said instruction set before, but we may want to try.
    Yeah, unless your probe tools work on a 45nm chip- you're kind of out of luck. The initial bringup code is on the cell itself. Read how the cell works at IBM's site, and prepare to be discouraged!

  9. #9
    Contributor ionbladez's Avatar
    Join Date
    Apr 2009
    Posts
    225
    lol ya I read that, I was talking more into the lines of the video controller first, I do understand it is not sandboxed, but there is a thin line between that and encrypted, ESPECIALLY over CELL.

    my probe kit had a pulse/wave generator even with rhythmic control and debug pin latches, really cool, but it was probably stolen or something.

    I used to dev for the original playstation back when I was younger LOL. Back then I didn't know too much but security gets better and better. So do hackers.

  10. #10
    Banned User Mathieulh's Avatar
    Join Date
    Mar 2008
    Posts
    31
    The hypervisor IS software, you can't dump a decrypted version unless you manage to sniff the XDR bus and considering how fast it is you would need a very good equipment.

 


 
Page 1 of 2 12 LastLast