190w ago - Another update from graf_chokolo and Marcan42 who are working to bring OtherOS back to PS3, to quote:
I managed to boot an unencrpyted LV2 kernel from VFLASH. The decrypted LV2 kernel from Service JIG just made some strange sounds for several seconds and then did shutdown Normal unencrypted LV2 kernels boot normally. We could kick out lv2ldr from HV completely and boot enencrypted LV2 kernel always Working now on Linux bootloader. Stay tuned.
I didn’t use default.spp to boot decrypted LV2. I patched HV process which loads LV2 kernel, kicked out lv2ldr, replaced the function which loads lv2_kernel.self with my own code which loads just any OS from a VFLASH region It can be either petitboot, LV2 kernel or something else And dual boot is also possible with this approach. We could store several kernels on VFLASH and decide at boot time which one to boot.
And yesterday i found also out how to enable all debug and log messages in HV and HV procs and actually see these log messages Expect more soon. And greetings to SONY I will try today to boot decrypted 3.56 LV2 on my 3.41 PS3
If you could upload a binary image of AsbestOS for me please, i could test booting it today from VFLASH. Thanks.
Guys, i would be greatful if someone could upload me decrypted 3.56 lv2 kernel. Thanks.
If i got the right version then i just booted decrypted lv2 kernel 3.56 from VFLASH
Thanks for the images. Just booted your tftp image from VFLASH And i see UDP packets coming from PS3
From marcan42: twitter.com/marcan42
Don't confuse AsbestOS itself (a Linux bootloader) with the way you launch it: USB exploit, lv2 payload, lv2 replacement, or (now) OtherOS++
In other words, there's absolutely no reason why you couldn't use AsbestOS with his "OtherOS++"; in fact, you should! (once it's done)
Graf_chokolo doesn't seem to "get" AsbestOS. It isn't mutually exclusive with GameOS; AsbestOS built as otheros.bld is still a good idea.
graf_chokolo, I don’t think you “get” AsbestOS. It’s just a linux bootloader, in fact it would work great as otheros.bld or any other way of running it as an lv2 binary, and it’s more robust than petitboot (and smaller and easier to modify).
OtherOS + extra rights isn’t a replacement for AsbestOS, it’s an alternative to our original approach of replacing lv2 with AsbestOS. There’s already one released way to boot AsbestOS (USB exploit, which isn’t very clean/handy), Hermes is working on a runtime lv2 bootstrap for it (also not very clean but handy for people who like CFWs), there’s the lv2 replacement that we demoed but which isn’t out yet (which is clean, though can’t dual-boot GameOS yet), and once you release what you’re working on you will be able to just boot AsbestOS with it. Of course you could just run petitboot too, but where’s the fun in that? (we could’ve just used petitboot as a lv2 kernel for the 27c3 demo too, but AsbestOS is just much easier to make work and I already have a working new boot ABI using the devtree to pass the region1 allocation to Linux and patches that make it work regardless of whether the bootmem split is 128/128 or 16/240).
This isn’t a competition, I see no reason why AsbestOS can’t work great with whatever you’re getting ready
Btw, re: disk encryption, they use the same key and a NULL IV (can’t remember if all 00 or all ff) for every sector. It’s a very stupid/insecure block encryption scheme. There are flags for the sector read commands to toggle encryption on and off, that’s what we used to boot Linux off of a raw, totally DOS formatted disk with no encryption or lv1 regions.
Also, we thought about booting an unencrypted lv2 kernel too (I assume you’re messing with default.spp?) but we were very short on time and self was easier. Of course, you know a lot more about lv1 than we do
I think this blog is eating my comments if they have URLs…
Here are three binaries (compiled off of the public git, it’s just stage2_native.bin) with three different boot modes (config.h settings):
-hdd boots from a raw DOS formatted HDD (first partition must be FAT and contain a kboot.conf, same as we used at 27c3), -tftp boots from DHCP/TFTP (bootfile should be a kboot.conf), and -netrpc sets up a server that lets you read/write memory and issue hypercalls from a client on your PC, for experiments (see netrpc scripts in asbestos.git). See the AsbestOS readme for info on how to boot kernels with it (you need my ps3-linux.git patches). Git is at git.marcansoft.com.
You should run dbgcli on your PC on the same network as the PS3 to watch the debug output (even if you don’t set up the kernel/kboot.conf, if you get that it means it’s working). You can compile it from git, or here are two Linux binaries (64/32bit):
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Some more graf_chokolo updates: [Register or Login to view links]
Figured out how to disable HDD encryption permanently by patching HV
Just theory for now, still needs testing Will report back after i tested it.
Holy crap, guys Patched HV at runtime, disabled HDD encryption, rebooted GameOS and GameOS started to format my HDD and i lost all data on my HDD I guess because everything was encrypted and GameOS didn’t understand it because i disabled decryption, so it reformated HDD.
HV reversing is fun
Dumped raw and decrypted UFS2 filesystem of PS3 with HV calls
The difference is that i do not use LV2 at all to decrypt/encrypt storage devices. Storage device encryption/decryption is done by HV and peripheral devices like ENCDEC or RBD. I’m trying to understand how the storage subsystem of HV works currently, it’s by far the most complex part of HV i have seen so far.
And recently i figured out that the VFLASH region, where Linux boot loader (otheros.bld) is stored, is still there on 3.41 firmware. I’m trying now to boot Linux bootloader from this region. OtherOs.self writes otheros.bld image to this VFLASH region and creates cekk_ext_os_area where several parameters are stored. On 3.15 firmware, when Linux was booted, the Linux System Manager (in HV process 9) loads Linux bootloader from the VFLASH region, decompresses it and boots it.
The problem with 3.4.1 firmware is, that SONY removed Linux System Manager from HV process 9. It’s no problem for me to store Linux bootloader on this VFLASH partition. But there are 2 problems, first the VFLASH region where Linux is stored is 0×40000 bytes large, so there is not much place for Linux bootloader on VFLASH, so it should be compressed to make it smaller. Second problem is, i have to patch HV process, insert my code which loads it from VFLASH and decompresses Linux bootloader. And after that we could boot Linux from HDD and it would have GameOS rights, e.g. has access to Dispatcher Manager e.g.
or run isolated SPUs.
And more, HV has a nice feature to boot Linux bootloader with System Debugger Too bad i don’t have a debugger for HV
I dumped now both decrypted and encrypted sectors of UFS2. And the same plaintext is encrypted to the same ciphertext Encryption is independent of sector position.
And SONY uses 128-bit block cipher to encrypt the blocks within a sector.
Yeah, it would be possible to redirect dev_flash to another HDD region, e.g. by patching Hypervisor’s storage subsystem. HDD has enough space for that.
And i figured out that the size of VFLASH region where 3.15 stored otheros.bld can be doubled and i will be able to store decompressed Linux bootloader otheros.bld on this VFLASH region It will simplify HV patching immensely, i do not need now to decompress Linux bootloader in HV. I will test it today and report back. There are 0×2000 extra unused sectors between the VFLASH region for otheros.bld and the next VFLASH region, so i can use those sectors and increase the size of VFLASH region for otheros.bld.
We could make a CFW by patching HV with dual boot option, either GameOS or Linux could be booted from HDD.
It’s not as easy as booting Linux from HDD or booting second lv2 kernel from FLASH. I don’t want to say it’s impossible but it’s very hard.
I updated now my partition table of VFLASH and incresed the size of VFLASH region where Linux bootloader is stored. After that i stored petitboot Linux bootloader on VFLASH successfully. Next step – patching HV at runtime and booting petitboot from HDD which will allow me to install a Linux distribution on a HDD region on my 3.41 PS3.
CORE OS is not on VFLASH, it’s on a real FLASH, NOR flash. That makes it hard to redirect, i would say impossible. But by creating our HV which could switch ISO loaders table and redirecting VFLASH it would be possible to boot 2 different GameOS versions. For that we need our own patched HV.
My approach will enable OtherOS to have the same access rigths as GameOS, it means access to Dispatcher Manager, Update Manager, VFLASH, HDD encryption/decryption, isolated SPUs and RSX of course. GameOS is only good for games, for PS3 development and hacking is Linux or FreeBSD with GameOS rights are a lot better. And i want a clean approach for booting Linux, not like AsbestOS, it’ not very clean.
I have my loader for OtherOS bootloader ready now, will patch HV today and try it out in the evening, after that will report back. Stay tuned.
Actually i do the next best thing: I bought a PS3, but USED on Ebay. Then sold it, because there are not any good games for it. 60 Dollars on a game is ridiculous. Also, I bought an Xbox 360 USED. Not only that, anytime i get a game i WAIT until it goes down in price.
Either way, I have not paid Microsoft a nickel, oh yeah I don't even have Xbox Live Gold.
There is ALWAYS ways around the system.
Originally Posted by afly
It's not just the pirates. Sony wont like homebrew either. Every man and his dog able to write software for the platform VS compulsory 100,000k developer kits needed.
They need to bite the bullet on this one though, the scene is unstoppable now. Best bet is to try and capitalize and monetize the situation best they can.
Pirates are going to pirate, they should focus on the opportunities this could provide them for the rest.
What scene? Since GEoHot lost the case, every hacker is going to be scared crapless, and not publish any "hacks" anymore. Unless every hacker in the world, gets together and sues/counter sues Sony. Say goodbye to the PS3 Scene.
The Fact of the matter is: as previously stated, people are whiny spoiled brats. Of course you don't wanna spend 60 dollars for a game and such, but you know what, its life! We got to spend money. Many people don't care for Linux running on their PS3, they don't care about Homebrew, all they want is backups.
Yea i do have some backups, but i also support the company who made the console im using. Before running your mouth, think about it thoroughly. I'm neutral one both sides cause i understand the business side of Sony(knowing that your screwed but trying to slow it down), but also i understand The hacking community and how kickass, and generous they are when they release a jailbreak and any apps.