Sponsored Links

Sponsored Links

How to Load METLDR in SPU Isolation Mode on PlayStation 3


Sponsored Links
233w ago - Just over a month ago the PS3 Hypervisor lv2 (GameOS) was dumped and GeoHot hinted that it was accomplished by commanding an SPU to load METLDR.

Today dondolo let us know that simone has detailed how to load METLDR in SPU isolation mode on the PlayStation 3 and included some [Register or Login to view links].

While this is definitely a step forward, he still doesn't specify what the read/write u32 functions are... or which functions to add to the recent XorHack release.

Those interested can check it out below, and to quote:

"After some experiment I succeded to load METLDR in spu isolation.

You need geohot's exploit to do this, because you need to turn spu relocation off (MFC_SR1[R]=0) and not let know the HV you are using a SPU (so no calls to lv1_construct_logical_spe or similar). For some strange conf, it doesn't work in HV way."





Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 48 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

CJPC's Avatar
#43 - CJPC - 232w ago
Don't think there's anything to add to XorHack's code. Just compile a new module to be "modprobed" after the hack is done (i'm not sure even if the hack has to be done).

anyway, read_uXX(in_address) reads a 32/64 bit value from in_address. write_uXX does the exact opposite. The problem you have are not the functions, it's the constants SPU_PX(XXXXX), but they could be already defined in the kernel, really don't know...

Actually the SPU_PX() is defined in the released code - however, both read/write_u32 do need to be added in to XorHack - namely the author says it does, plus it's not there.

But the hack does need to be done first, as xorlosers code provides the nice set of tools to interact between kernel and user mode, and adds in functions that the SPU isolation code calls.

r3pek's Avatar
#42 - r3pek - 232w ago
CJPC said he would once the missing details are available (what the read/write u32 functions are, which functions to add to the XorHack, etc) so no worries.


Don't think there's anything to add to XorHack's code. Just compile a new module to be "modprobed" after the hack is done (i'm not sure even if the hack has to be done).

anyway, read_uXX(in_address) reads a 32/64 bit value from in_address. write_uXX does the exact opposite. The problem you have are not the functions, it's the constants SPU_PX(XXXXX), but they could be already defined in the kernel, really don't know...

Raze1988's Avatar
#41 - Raze1988 - 233w ago
Oh wow, once again all eyes are upon CJPC and his team

But it's really interesting that things like that turn up out of nowhere. Shows that the "well known" PS3 sceners aren't the only ones who can achieve something.

SenorPickle's Avatar
#40 - SenorPickle - 233w ago
noob here, what does that mean and what outcome can happen for end users?
Advice: Read the entire thread before asking a question that was already answered. That way you don't look like a dumbass.

Actually I take that back, you quoted the answer you were looking for when you posted your question. If you don't understand what "running unsigned code from the XMB" means perhaps you should do some googling.

waleed's Avatar
#39 - waleed - 233w ago
Well, as we all know, LV2 = our glorious kernel. With the kernel, it can be reversed and holes can be looked for - possibly leading the way to load unsigned code straight from the XMB without any hardware (on any model of PS3, slim included).

Of course, it may only be usermode code (or, perhaps kernel mode), but it would still be a very nice step in the right direction!
noob here, what does that mean and what outcome can happen for end users?

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News