Sony Sues Graf Chokolo for 1 Million Euros, He's Still PS3 Hacking!

117w ago - Shortly following Sony's raid on his house, Dukio have now confirmed while posting a legal notice that Sony is suing Alexander Egorenkov known in the PS3 scene as Graf Chokolo for 1 million Euros and he states that he still wants to continue hacking the PlayStation 3 console with VGHQ.net reporting he has received over $28k in donations already!

To quote: I received a legal notice from SCEE lawyers requesting me to remove the coolstuff links that graf_chokolo has distributed on grafchokolo.com as well as the links at this blog. What i found interesting in the legal notice is that the lawyers are suing graf_chokolo for 1 million euros. That is quite a number, but graf_chokolo doesn't seem to care.

He still want to hack the PS3, where he said he cannot sleep knowing that he cannot touch the hypervisor of the PS3. Man, i never see someone like graf, he is an extraordinary genius hacker that Sony wasting it by making a lawsuit against him.

Back I don't have a PC at home now guys, so i will post here only when i'm able. I will try to answer all your questions about HV and installing Linux. But expect some delays because as i said i don't have access to the Internet all the time.

You know guys, you will say i'm totally crazy now, but i never slept better than in the last 2 days I don't know how to explain this feeling but i don't care about those threats with jail and high money penalties, btw, SONY wants about 750.000 euros from me if i don't cooperate They don't know me at all I don't care about it and they might double it

The higher is the sum the higher gets my motivation They don't understand what makes me tick. Money and even my life doesn't mean to me very much without knowledge. I have a scientific mind and the knowledge is food to my brain. Without HV, Linux and FreeBSD kernel hacking my life is meaningless.

I miss my HV terribly In the last 2 days i got so “hungry” for more knowledge that i cannot control it anymore. I need knowledge and research, it has a huge meaning in my life. Jail or even death cannot hold it back anymore.

The SONY's laywer asked me why i'm doing what i'm doing, because of my hatred for SONY ? He cannot understand why i'm doing it, because he is paid for what he does. I'm not. I don't hold a grudge against SONY even now Hatred clouds your mind, keeps you from more important things. I have a better use for my mind and knowledge

So, SONY you failed again, you took my equipment but my mind is still free and you canot control it. You failed again. They are just tools, i can get new ones and will continue my HV reversing and bringing back PS3 Linux which you took from us. If you want me to stop then you should just kill me because i cannot live without programming, HV and Linux kernel hacking You know who am i and where i live, so come and get me !!!

And to prove it, i will reopen right now my HV reverse engineering page And i will post my latest findings about Update Manager and BD drive here. Most of you know already that i was able to update CORE OS from Linux. And on the last weekend i tries to hel some PS3 devs with BD drive authentication and discovered some interesting stuff about it which i will post here.

And please guys, could someone post here a link to the latest version of my cloned Linux kernel. I need it. The last week i implemnted a updater for Linux and it was finished but the police got first before i could upload it. But do not fear, i have everything in my head I can write it down again and show you how it works.

So, about BD drive authentication The most importnat HV process is 6. It contains Update Manager and Storage Manager e.g. Update manager flashes e.g. new CORE OS, BD firmware or SYSCON firmware. Storage Manager sets ATA keys, authenticates HDD and BD drives.

Storage Manager

I looked at VSH closer in the last week. And found out that VSH uses the following Storage Manager services: 0×5004 – to authenticate PS3 discs, 0×5007 – to authenticate PS3 discs.

Bothe these services can be used by GameOS through VUART 10 and Dispatcher Manager (is also in a HV process), I already implemented a driver for VUART 10 and DM on Linux and uploaded it, so guys who has my latest Linux version could use it on Linux And get access to PS3 discs and PS2 discs but i didn't have time to test it.

Both these services accept one parameter: 32 bit integer. Look at the funtion stor_mgr_packetid_0x5004 in my IDA database for HV 3.15. Everything is still the same on 3.41 and 3.55, so my HV 3.15 bible is the key to HV 3.41 and 3.55. They changed almost nothing in new HV versions And look also at function stor_mgr_packetid_0x5007. I could write down a simple Linux program which uses my DM driver to communicate with Storage Manager and show you how it works It's very easy. I will upload it maybe next week.

To authenticate PS2 discs, VSH uses parameter 0×52 and service 0×5004. To authenticate PS3 discs, VSH uses parameter 0×53 and service 0×5007. But i didn't test it on my own unfortunately.

PS3′s BD support different profiles for different media, e.g. for PS3 discs, for DVD, for PS2 discs. And storage manager can tell BD drive which profile it should use.

All the communication between Storage Manager and BD drive goes through ATAPI/SCSI interface.

To read the current profile of BD drive, the Storage Manager uses the storage device command 0×11, look at storage_device_RBD_do_device_command in my HV 3.15 IDA database (lv1_storage_Send_device_command) and ATAPI_GetConfiguration. But HV procs do not use HV calls, they use HV syscall, and Storage Manager sends ATAPI commands to BD drive through device file /dev/rbd0. With lv1_storage_Send_device_command(0×11) you could read the current BD profile.

Also very interesting ATAPI commands used by Storage Manager are Report Key/Send Key commands. Look at functions HW_report_key and HW_send_key in my HV proc 6 IDA database. HW_report_key function is e.g. used by Storage Manager to read BD drive policy. Storage Manager checks the policy of BD drive.

Storage Manager uses sv_iso_spu_module.self isolated module to authenticate BD drive. sv_iso_spu_module.self gives Storage Manager data which is sent to BD drive and back.

And look closer at function HW_disc_auth_emu in HV process 6. It’s for BD emu stor_mgr_check_drive_policy in HV prcoess 6 checks BD drive policy.

Functions storage_mgr_set_ata_key/storage_mgr_delete_ata_key sets/deletes ATA keys. These functions are used in Storage Manager service 0×5002. This service is used by System Manager in HV process 9 during LPAR boot.

Update Manager

The name of this service explains already the purpouse of it. The GameOS updater communicates with this service and sends encrypted packages to it. The GameOS updater stores a pkg in memory and passes the LPAR memory address of the pkg to Update Manager. Look at function update_package. This functions can update/inspect and extract packages. UM services 0×6001(update), 0×6002(inspect) and 0×6005 (extract) use it. Inspect just checks if a pkg is valid, Update service installs it and Extract service extracts it and you can get it back extracted from UM.

I implemnted an updater for Linux which uses all these services and it worked like a charm I could extract and inspect packages. Allocate a huge page on Linux with mmap, lock it with mlock, store there a pkg and send LPAR address to one of this service through DM. I will upload soon my PS3 Linux updater and show you how we can update firmware without GameOS even noticing it

Updater Manager object in HV process 6 has a member variable which checked during package update, and if it contains a magic valu then you can install just any package version Look at function update_manager_is_valid_access in my IDa database for HV proc 6.