171w ago - We are happy to report that the PS3 Hypervisor LV1 and Bootloader LV0 are dumped from the PlayStation 3's RAM after getting our
SX28 Hardware a few days ago, utilizing code for glitching and mashing buttons for hours - the
exploit eventually will get triggered!
We tried a few different ways to dump out the real memory - the biggest "problem" was the fact that you can't just simply use File I/O code in a kernel module. Furthermore, you can't call the
lv1_peek function from user mode either.
Luckily, resident DEV
kakarotoks was up to the challenge. After some trial and error (and too many PS3 crashes!) he made a
kernel module which maps the "real" PS3 memory to a device in
/proc. The
/proc area lets the kernel and userland interact some.
Basically, the device
/proc/ps3_hv_mem is created when the kernel module is inserted. Once it is inserted, you can use
dd to read the device. By doing this, the device gets passed arguments, which is passed along to
lv1_peek - which in turns reads out the real memory.
Be advised, don't go beyond the PS3's upper memory limit. At around 260MB, the PS3 tends to crash - it does not like trying to read beyond RAM limits! So, for usage:
First, run the exploit, and get it triggered and working - that's the hard part!
Next, download the
attached file, inside are three files, a
Makefile, the
ps3_hv_mem.c and a pre-compiled version. Stick these in a folder, and run make. It will then compile a kernel module for you (
ps3_hv_mem.ko, or use the pre-compiled one). Then simply type:
sudo insmod ps3_hv_mem.ko
Enter your password and check
/proc for a
ps3_hv_mem entry, or your dmesg. If it is there - let the dumping begin!
You can dump out the PS3 Hypervisor and Bootloader (and the rest of the real memory) via
dd. You can use the command:
dd if=/proc/ps3_hv_mem of=PS3_Memory_Dump.bin bs=1024 count=10K
That command will dump out 10485760 bytes, or about 10MB - which nicely includes the goodies like LV0 and LV1. Finally, you can also increase the count, which will increase the amount dumped (multiply by blocksize).
No
Are you Depressed?...
...
i have the possibility (microcontroller labor, and knowledge about asm, pulse sending, compiling etc) but no ps3 where i can test it =/
if someone from Berlin would help me, i could also try to get a dump our of the black box
That's providing that a hole is found..
If I understood correctly, right now the dumps are being analyzed, compared, and reverse engineered. I assume it will take some time, even with 10Mb dumps (I don't think the size is quite relevant here by the way), and only once all this is done and a flaw is found we'll have an Hello world ready.
Once we have it, then it will be just as the Psp or Wii scene, a giant shower of Homebrews, from the most useful to the useless (and so needed ^^ )
imo, I hope they don't release a backup laucher. ISO, sure, but backup DVD launcher = no.
I completely disagree. I don't remember the last time I played a demo that gave any more than the slightest glimpse of what the game would be like. With demos that limited you could get just as much information from pictures or videos showing the game, which give next to no info at all.
Most games don't even have demos and the ones that do get them much after the game is already released, that alone somewhat defeats the purpose.
I hope the first thing that's accomplished is a backup loader. If they create something to run ISOs that's already a backup, I'd prefer that over having to burn a BD anyway.