Sponsored Links

Sponsored Links

GeoHot Releases Sample PS3 Linux Isolated SPU Loader Code


Sponsored Links
243w ago - Today GeoHot has released sample PS3 Linux isolated SPU loader code for those with OtherOS to experiment with.

To quote: "Right now, I'm playing with the isolated SPEs, trying to get metldr to load from OtherOS. Interesting thing, I am not using the exploit. I always assumed the enable isolation mode register was hypervisor privileged.

It's not, it's kernel privileged, which means using hypervisor calls you can all get to it. So, get to hacking. [Register or Login to view links] is the code I am playing with.

I'm not that opposed to releasing the exploit, but I think the majority of you are going to be disappointed, even if you do get it working. Unless you have pushed the HV to it's limits, this exploit really isn't going to do much for you... yet.

So install OtherOS and start playing around. If people start coming up with convincing reasons why they need the exploit to go further, I'll release it. It's just a waste to release if people can't make use of it.

As far as the GPU goes, I have full access to the GPU memory space 0x2800... But without a driver, it's useless. 3D video card drivers are notoriously hard to write, look at the ATI and NVIDIA ones for linux. The best are still the closed source manufacturer ones.

I'm not even sure I believe that the HV restricts video card access, just that the OtherOS driver is 2D. If someone skilled in video card driver development comes forward, and they can explain in detail what the HV is restricting, I'll send them the exploit."



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 44 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

PS3 News's Avatar
#9 - PS3 News - 243w ago
Quote Originally Posted by XSamurai View Post
CJPC maybe?

CJPC is busy with classes and doing his own thing (with his new hardware) so he isn't getting overly involved with the GeoHot stuff like Mathieulh or others are, but I will try to get him to reply.

I know a few of the Devs on IRC gave this a try so maybe they can also comment on it.

Here is a snippet from IRC:
he's recreating SPE 0xb, one already owned by otheros and trying to map it with metldr contents.. well clearly he's putting it in isolation mode by modifying some obscure flags

printk(KERN_ERR "status: %lx\n", problem_mapped[0x4020/8]);
printk(KERN_ERR "privileged control: %lx\n", privileged_mapped[0x4040/8]);
privileged_mapped[0x4040/8] |= 4;
printk(KERN_ERR "privileged control: %lx\n", privileged_mapped[0x4040/8]);

well, with a lv1 dump, its easy to see obscure flags :P

Finally, Donatello I moved your post to a new thread in the Site News since this is the first GeoHot "release" but we won't necessarily start a new thread for all of his updates, only the bigger ones.

XSamurai's Avatar
#8 - XSamurai - 243w ago
Sounds pretty interesting. Maybe one of the devs want to explain to us what can be done with this code. Seems like George knows that this method is very limited and full access is just possible with his exploit.

CJPC maybe?

playforfun's Avatar
#7 - playforfun - 243w ago
i have read now he have access to isolate SPE and RSX memory, wow ! he explain also the access to the SPE is done with no exploit !

to finish, he say the RSX drivers is coded in 2d and say if someone have knowledges about drivers, he want to know some things about RSX drivers.

he have explained one important detail about exploit => his exploit is not useful if the HV is not pushed to limits, i think it's the bootloader or a control module to protect the console

hellospaceboy's Avatar
#6 - hellospaceboy - 243w ago
My guess is he's getting sick of the people invading the blog with piracy comments, and there are few who posts knowledgable answers relating to coding/the exploit etc - although he did say he found some useful.

Tidusnake666's Avatar
#5 - Tidusnake666 - 243w ago
In digital signature there is only ONE SPECIFIC pair of Public (decryption) and Private (Encryption and decryption) Keys.

Encrypting content with private key from one pair of keys and decrypting with public key of other pair is not possible.

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News