119w ago - Another update from
graf_chokolo and
Marcan42 who are working to bring OtherOS back to PS3, to quote:
I managed to boot an unencrpyted LV2 kernel from VFLASH. The decrypted LV2 kernel from Service JIG just made some strange sounds for several seconds and then did shutdown
Normal unencrypted LV2 kernels boot normally. We could kick out lv2ldr from HV completely and boot enencrypted LV2 kernel always
Working now on Linux bootloader. Stay tuned.
I didn’t use default.spp to boot decrypted LV2. I patched HV process which loads LV2 kernel, kicked out lv2ldr, replaced the function which loads lv2_kernel.self with my own code which loads just any OS from a VFLASH region
It can be either petitboot, LV2 kernel or something else
And dual boot is also possible with this approach. We could store several kernels on VFLASH and decide at boot time which one to boot.
And yesterday i found also out how to enable all debug and log messages in HV and HV procs and actually see these log messages
Expect more soon. And greetings to SONY
I will try today to boot decrypted 3.56 LV2 on my 3.41 PS3
If you could upload a binary image of AsbestOS for me please, i could test booting it today from VFLASH. Thanks.
Guys, i would be greatful if someone could upload me decrypted 3.56 lv2 kernel. Thanks.
If i got the right version then i just booted decrypted lv2 kernel 3.56 from VFLASH
Thanks for the images. Just booted your tftp image from VFLASH
And i see UDP packets coming from PS3
From
marcan42: twitter.com/marcan42
Don't confuse AsbestOS itself (a Linux bootloader) with the way you launch it: USB exploit, lv2 payload, lv2 replacement, or (now) OtherOS++
In other words, there's absolutely no reason why you couldn't use AsbestOS with his "OtherOS++"; in fact, you should! (once it's done)
Graf_chokolo doesn't seem to "get" AsbestOS. It isn't mutually exclusive with GameOS; AsbestOS built as otheros.bld is still a good idea.
graf_chokolo, I don’t think you “get” AsbestOS. It’s just a linux bootloader, in fact it would work great as otheros.bld or any other way of running it as an lv2 binary, and it’s more robust than petitboot (and smaller and easier to modify).
OtherOS + extra rights isn’t a replacement for AsbestOS, it’s an alternative to our original approach of replacing lv2 with AsbestOS. There’s already one released way to boot AsbestOS (USB exploit, which isn’t very clean/handy), Hermes is working on a runtime lv2 bootstrap for it (also not very clean but handy for people who like CFWs), there’s the lv2 replacement that we demoed but which isn’t out yet (which is clean, though can’t dual-boot GameOS yet), and once you release what you’re working on you will be able to just boot AsbestOS with it. Of course you could just run petitboot too, but where’s the fun in that? (we could’ve just used petitboot as a lv2 kernel for the 27c3 demo too, but AsbestOS is just much easier to make work and I already have a working new boot ABI using the devtree to pass the region1 allocation to Linux and patches that make it work regardless of whether the bootmem split is 128/128 or 16/240).
This isn’t a competition, I see no reason why AsbestOS can’t work great with whatever you’re getting ready
Btw, re: disk encryption, they use the same key and a NULL IV (can’t remember if all 00 or all ff) for every sector. It’s a very stupid/insecure block encryption scheme. There are flags for the sector read commands to toggle encryption on and off, that’s what we used to boot Linux off of a raw, totally DOS formatted disk with no encryption or lv1 regions.
Also, we thought about booting an unencrypted lv2 kernel too (I assume you’re messing with default.spp?) but we were very short on time and self was easier. Of course, you know a lot more about lv1 than we do
I think this blog is eating my comments if they have URLs…
Here are three binaries (compiled off of the public git, it’s just stage2_native.bin) with three different boot modes (config.h settings):
.http://marcansoft.com/transf/asbestos-20110203-hdd.bin
.http://marcansoft.com/transf/asbestos-20110203-tftp.bin
.http://marcansoft.com/transf/asbestos-20110203-netrpc.bin
-hdd boots from a raw DOS formatted HDD (first partition must be FAT and contain a kboot.conf, same as we used at 27c3), -tftp boots from DHCP/TFTP (bootfile should be a kboot.conf), and -netrpc sets up a server that lets you read/write memory and issue hypercalls from a client on your PC, for experiments (see netrpc scripts in asbestos.git). See the AsbestOS readme for info on how to boot kernels with it (you need my ps3-linux.git patches). Git is at git.marcansoft.com.
You should run dbgcli on your PC on the same network as the PS3 to watch the debug output (even if you don’t set up the kernel/kboot.conf, if you get that it means it’s working). You can compile it from git, or here are two Linux binaries (64/32bit):
.http://marcansoft.com/transf/dbgcli
.http://marcansoft.com/transf/dbgcli32
Have fun
Great app! Hopefully I'll dodge YLoD on my 60GB using this. Just one thing though, I can't figure out how to edit and install custom Payload settings....
Update: Now Sony is new documents reveal they also plan to subpoena PlayStation 3 hacking related Web sites.
Following legal action against GeoHot, today Sony has sent out DMCA takedown notices to sites hosting PlayStation 3 developer files including California-based Github, and as a result the PS3 hackers have now mirrored the removed files on Norway-based Gitorious.
Those seeking to read Sony's takedown notice can do so https://github.com/github/dmca/blob/master/2011-01-27-sony.markdown, with the violation citing "Trafficking a device that circumvents effective access controls, and/or Trafficking a device that circumvents effective copyright protection measures."
The mirrored ps3keys, ps3tools, and lv2patcher PS3 GIT files are now posted http://gitorious.org/ps3free on Gitorious for the time being.
To quote from PSX-Scene (linked above): "First Professor Carnegie Mellon who had 'mirrored' geohot's original keys open door site, took his down to be on the 'safe' side of the action:
1/27/2011 Update: Judge Illston has granted the TRO against George Hotz despite the venue issue still being contested by Hotz's attorney. And I'm out of town. Since CMU has a west coast campus in California and is therefore subject to her jurisdiction, I have disabled my mirror until I can get back to Pittsburgh and look more closely at the current state of things.
Then early this morning DMCA takedowns started to get received by the various scene developers, first kmeaw, a good coder behind a working CFW, got one: kmeaw: I have just received a DMCA takedown notice
Next graf_chokolo, a now world-famous coder for his wonderful PS3 'decryption' skills, posted the following on Xorloser's Blog, that his GIT has been taken down by Sony:
graf_chokolo says: SONY took down my GIT repo :-) Who still needs my source code just email me and i will upload it for you :-) Still working on ENCDEC reversing :-) It’s fun :-)
And recently KaKaRoToKS has tweet'ed that he also has gotten a DMCA notice: Looks like github has received DMCA takedown and my repository are now unavailable."
Finally, graf_chokolo posted the following warning to Sony on http://xorloser.com/?p=297&cpage=21#comment-3204's blog, to quote:
If SONY will continue like this i will upload my IDA database for HV and HV procs :-)
Here is a link to my payload: http://www.sendspace.com/file/64s8gh
No fear, jack :-) It just motivates me more to continue my reversing :-) It was just my public GIT repo, for making releases :-) Nothing lost :-)
More PlayStation 3 News...