Linux kernel - The Hypervisor Weak Point?

[hacked2123]

I was just looking through some the files of the YDL 5 kernel and I saw a file called "ps3pf_storage_base.diff". Then I read through it some (funny that I say reading, anyways) I find that it pulling information from the hypervisor, asking for the number of drives, and then it +1's it, making more than the visor says (I believe that's what I see). I scroll down more and I see this line:

static void ps3pf_stor_slave_destroy(struct scsi_device * scsi_dev) {...}
ret64 = ps3pf_free_dma_region(1v1_dev_info->bus_id)

and so much more, this stuff looks like gold to me, later on I even HDD information specific to PS3. Any linux uber guru's out there, I don't care if you don't spend but 5 minutes on it, just read it and see if you see what I see.

I see the potential for a Virtual SCSI device

[hacked2123]

Just read through another file "ps3fb-base.diff" and I see a command that says "#define DDR_SIZE (0)"
Wonder what happens if we change a couple lines here and there, make that a 256, make the max frames buffer > 2. Sounds like fun to me.

[hacked2123]

I stand corrected on something, in another file it's more apparrent but it's not 1v1 it Lv1, and I believe it has to do with the state of the hypervisor, I'm reading more right now.

Here's a good comment "/* Invoke the hypervisor */", anyone want to tell me why you would want to call the hypervisor into action?

[hacked2123]

I looked into it further and its seems a even more crucial point is the PS3 Add-on CD because this throughs around locations and commands that work without the kernel, and even adds the kernel. Also I added a boot command to the kboot and I managed to view what appeared to be the hash of Resistance Fall of Man, got a deferent result for Talladega Nights, its very strange, but I think it's crucial to a bootloader. Will post a pic soon.

[hacked2123]

[Sticks tongue out]
haha I am actually making it somewhere,

boot-game-os find-other-os-flash other-os-flash-util ps3videomode /sbin/ /usr/bin/ -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
try find-other-os-flash or other-os-flash-util -s (then the output of the prior]
This commands were added into the kernel and drew information from the system because it output my IP from the XMB
Going to read into it further now

[hacked2123]

lol I know it means nothing but look....ITS A BOOT LOADER LOL
ldr_size = fread(ldr_buf, 1, size, ldrfile);
fclose(ldrfile);

if (ldr_size > size - 0x200 * hdr.offset2) {
printf("boot loader is too large.\n");
ret = 10;
goto end;
}
}

/* change boot flag */
if (n_flag >= 0) {
write_be32(hdr_buf + 0x200, n_flag);
if ((fseek(file, 0x200, SEEK_SET) != 0) ||
(fwrite(hdr_buf + 0x200, 4, 1, file) < 1)) {
perror(argv[0]);
ret = 11;
goto end;
}
printf("boot flag changed.\n");
}

/* change boot loader format flag */
if (n_format >= 0) {
write_be32(hdr_buf + 0x20, n_format);
if ((fseek(file, 0x20, SEEK_SET) != 0) ||
(fwrite(hdr_buf + 0x20, 4, 1, file) < 1)) {
perror(argv[0]);
ret = 12;
goto end;
}
printf("boot loader format changed.\n");
}

/* write boot loader */
if (n_file != 0) {
if ((fseek(file, hdr.offset2 * 0x200, SEEK_SET) != 0) ||
(fwrite(ldr_buf, ldr_size, 1, file) < 1)) {
perror(argv[0]);
ret = 13;
goto end;
}
write_be32(hdr_buf + 0x24, ldr_size);
if ((fseek(file, 0x24, SEEK_SET) != 0) ||
(fwrite(hdr_buf + 0x24, 4, 1, file) < 1)) {
perror(argv[0]);
ret = 14;
goto end;
}
printf("new boot loader wrote(%ld bytes).\n", ldr_size);
}

[hacked2123]

found a hidden command for ps3videomode
case 'H':
opt |= PS3AV_MODE_HDCP_OFF; /* PS3tool only */
break;

{ "hdcp" , 0, NULL, 'H' }, /* HDCP OFF, Retail PS3 product doesn't support this */

[hacked2123]

I knew I would finally find something absolutely amazing!!!! I just acquired some files that I'm betting 10 of you have, and those of you that do, signed NDA, I'm telling you this is it. I can't be wrong about this

Edit: okay...maybe not.....still im going to look over it...its what I was looking for

[CJPC]

I hate to throw water on your fire, but ya, some people that are curious (myself included) have seen them. They are interesting (especially the HDCP off, which even on forcing a recompile, dont seem to work)

The boot-game-os = interesting too, as it changes the boot flag in the 4mb flash (aka /dev/sdb on a 20gb atleast) which has basic data, video mode, ip, bootloader, etc

It also has some (possible) region settings , setting O/X as confirm (tho even after changing = no dice in XMB.

In a future kernel revision, there is support to get the PS3 firmware version (which seems interesting!), but the key is the ASM in the startup code (its in one of the patches)

ive also recompiled w/ numb devices set higher w/ higher timeout = does not "see" anything extra, but nice stuff nevertheless!

You should really come by iRC #ps3news !

[hacked2123]

I found a way to "peak" through to the hypervisor, when @ kboot: make sure you have bluray game in
and then TYPE cd /dev/cdrom: bam there you go, now try TYPE init PS3_DISK.SFB
you'll get information that is cool trust me, the same applies to /dev/sdf1: & /dev/sda1:

Anyone think they can use this.. Oh would it help to have the kboot src? Is it easy to find?