119w ago - As a follow-up to
Kmeaw's PS3 Linux update and his
previous work, PlayStation 3 hacker
Graf Chokolo has now brought PS3 Linux back to Firmware 3.41.
To quote from
xorloser's blog: And here we go
Linux is officially back on PS3 3.41. It’s even better now
It has all GameOS features, it has access to all HDD, VFLASH and FLASH regions. It can communicate with Dispatcher Manager, Update Manager, SYSCON Manager, it can run isolated SPUs, and of course RSX
I uploaded some screenshots of the Debian distribution i installed on my PS3 HDD. The Debian distribution is a just normal PPC64 Linux without any modification, all i changed was my dutifully and beloved Hypervisor
I modified the Hypervisor so far that it boots the Linux bootloader petitiboot from VFLASH and petitboot loads the Linux distribution installed on a HDD region.
And what is better than Linux to boot Linux ?
I practically implemented Dual Boot feature GameOS+OtherOS in the Hypervisor
Linux is not the only OS which can be booted like this from PS3 HDD.
Now we don’t need GameOS anymore to run our code, no need anymore for SELFs and we can start now programming our own games on PS3 on Linux
I will make everything public
And greetings to SONY
Hand me over the maintance and implementation of PS3 Hypervisor
I will improve it and maintain for free
We all will benefit. HV hacking is great fun
Here are some screenshots:
postimage.org/image/17rifsmh0/
postimage.org/image/237tff2lg/
postimage.org/image/237ye142s/
postimage.org/image/23801kgkk/
postimage.org/image/238506i1w/
postimage.org/image/238bmbw10/
PS: Compiling now my own Linux kernel on PS3 itself
Guys, one step after another, first test and implement with 3.41 then port to 3.55
HV is practically the same, don’t worry.
Be patient guys. I will test everything properly and then release. I don’t want to cause any bricks.
CORE OS and GameOS firmware updates are possible now from Linux because we have access to Dispatcher Manager and Update Manager of Hypervisor
Linux can do now everything what GameOS can do
Linux rules
We have lots of things to do now
E.g. implement Dispatcher Manager in Linux because Linux has only drivers for A/V-Manager and System Manager
And ps3 block device driver have to be improved also, because now it allows only one HDD region to be accessed.
I’m not an expert in RSX, that is the only part of HV i didn’t try to reverse yet
With normal Linux environment the possibilities are limitless now
I don’t need anymore my payloads, will start to port them, write normal Linux programs
ENCDEC and SYSCON are still on my list
The HV reversing will progress now a lot faster with Linux.
New Linux driver need to be written and so on.
BTW, guys, does someone has clue how to recompile Debian netinstaller, you will need it
Because what i did to make it run was pure hack, not for developers i fear. We need to recompile it with new ps3disk driver.
Yeah, it’s possible to patch HV to skip CORE OS hash checks.
I do not intend to stop. I didn’t even read those docs
Better spend my time with HV reversing.
I was thinking about FreeBSD of course, i like it very much
And there is already a port to PS3
When $ONY comes after me i will still have enough time to release everything for PS3 devs, don’t worry
I do not intend to stop my reversing and development.
Regarding RSX, i think it’ s in LV2 kernel, but not sure, i didn’t reverse LV2 much.
Yes, we can resize/create/delete storage regions. That is what i did to make the VFLASH region larger in order to be able to store there petitboot uncompressed, because uncompressed petitboot is quite large
~7 MB
And yes, we could even boot 2 OSs.
Successfully compiled and booted the latest Linux kernel 2.6.37
Improving HDD and FLASH device drivers for Linux
So we could get direct access to GameOS regions on Linux
Damn, ps3flash device driver doesn’t support several FLASH devices and regions
The driver is so crappy. Have to redesign it completely
Some related previous posts by
graf_chokolo from the blog:
Hehe, HV does say to GameOS that Linux region is not accessible
I think we can do something about it
Damn, i have to be very carefull or i might install Linux on a wrong region
Linux HDD region is accessible on petitboot
But the problem is that i have access to all HDD regions and Linux just tries to use the first one, unfortunately owned by GameOS
Have to patch petitboot so it selects the right region for Linux
HV hacking is cool
And please guys, i appreciate your support, but keep the conversation technical if possible, it’s hard to follow the blog
Yes baby
Now is Linux HDD region accessible from petitboot
ps3disk sb_02: ps3stor_probe_access:130: 4 accessible regions found. Only the third one will be used
ps3disk sb_02: First accessible region has index 3 start 135329976 size 20971512
ps3disk sb_02: ps3da is a Hitachi HTS542580K9SA00 (76319 MiB total, 10239 MiB for OtherOS)
ps3da: unknown partition table
brd: module loaded
loop: module loaded
ps3_system_bus_match:362: dev=7.0(sb_01), drv=7.0(ps3rom): match
irq: irq 18 on host null mapped to virtual irq 29
scsi0 : ps3rom
scsi 0:0:0:0: CD-ROM SONY PS-SYSTEM 302R 4151 PQ: 0 ANSI: 0
Driver ‘sd’ needs updating – please use bus_type methods
Driver ‘sr’ needs updating – please use bus_type methods
sr0: scsi3-mmc drive: 0x/0x cd/rw xa/form2 cdda tray
Uniform CD-ROM driver Revision: 3.20
sr 0:0:0:0: Attached scsi CD-ROM sr0
NEXT STEP – INSTALLING DEBIAN ON HDD
Activated now access to all HDD regions
ps3disk sb_02: ps3stor_probe_access:130: 4 accessible regions found
HV does what i tell him to do
Ditifully and beloved HV
Partition table ready
root@ps3-linux:/# ls -l /dev/ps3da*
brw-rw—- 1 root root 254, 0 Feb 5 09:00 /dev/ps3da
brw-rw—- 1 root root 254, 1 Feb 5 09:01 /dev/ps3da1
brw-rw—- 1 root root 254, 2 Feb 5 09:00 /dev/ps3da2
root@ps3-linux:/#
HOLY CRAP !!! Debian Installer launched
And GameOS still boots so i did partition my HDD right
Great
Today is my best day in the last years
So much fun is HV hacking
Stay tuned. Too excited now
Damn, i have to patch kernel from Debian installer because Linux has now access to all HDD regions and it tries to use always the first accessible one
And that’s the one from GameOS
Yeah, right wipe out this cryppy GameOS
Seriously, i already patched petitiboot for that
Stay tuned.
PS: Debian installer works fine
Yeah, access to all HDD regions might also have some disadvantages
Damn, have to recompile Linux kernel, who writes such drivers, he ?
PS� disk driver allows only one region to be accessible. We will se whta can be done about that
Screw Debian
How can i recompile debian netinstaller ? Because i have to patch ps3disk driver or else it will install Debian on GameOS region
Damn, i think i will stick with my beloved Arch Linux
If someone has tips how to recompile Debian netisnatller please share with me
I will try now to install gentoo over Network on my HDD, don’t know how to recreate Debian Netinstaller
Linux on 3.14 had access to only one HDD region, HV made it sure, but nwo with full GameOS features i have access to all HDD regions and Linux’ ps3 disk driver uses always the first region it find, stupid driver.
Finally installing Debian on HDD
Patched HV and disabled access to all HDD regions temporarily except one where Linux is installed
I didn’t thought that i will patch HV and actually remove features from there
Stay tuned.
But i will enable all HDD regions in HV again as soon as i patched ps3disk on Debian
And then we need a new ps3disk driver to access all regions simultaneously
The driver is not very good.
Installing Debian packages currently
I think i won’t need my payloads anymore, can run now everything through SSH on my Debian PS3
Great
HV rules.
I don’t know yellow dog, never used it unfortunately.
I’m installing just an ordinary unmodified Debian distribution, nothing changed by me. Just normal PPC64 distribution. The only thing i changed was my beloved HV
But we have to modfy ps3disk device driver to get access to all HDD regions because default Linux driver allows only one.
You could install whatever distribution of Linux you wnat which supports PS3 arch.
Hm, maybe we should contact the maintainer of the driver. The driver is simple, i patched it already for petitboot so it’s uses the right HDD region for booting. But for normal Linux we need a ps3disk driver with multiinstance capability, for several HDD regions.
Installation is done, now configuring my brand new PS3 Debian Linux
Unfortunately i don’t have a camera to take photos but i could make screenshots later when X11 is running
yeah...
insmod ./ps3_jupiter.ko
insmod ./ps3_jupiter_ap.ko
iwconfig wlan1
wlan1 IEEE 802.11bg ESSIDff/any Nickname:"ps3_jupiter_ap"
Mode:Master Channel:0
# Configure channel and SSID
iwconfig wlan1 channel 6
iwconfig wlan1 essid wlan_rockz
# Configure opmode
iwpriv wlan1 set_opmode 1 (0 = 11b, 1 = 11g, 2 = 11bg)
iwconfig wlan1
wlan1 IEEE 802.11bg ESSID:"wlan_rockz" Nickname:"ps3_jupiter_ap"
Mode:Master Frequency:2.437 GHz
ifconfig wlan1 192.168.201.200
ifconfig wlan1 up
# WLAN LED should be green now
# Connect to the AP with a PC client and try to ping your AP
# Set static IP address ony your client, e.g. 192.168.201.201
No Security
iwconfig wlan1 channel 6
iwconfig wlan1 essid wlan_rockz
iwpriv wlan1 set_wpa_mode 0
ifconfig wlan1 up
WEP40
iwconfig wlan1 channel 6
iwconfig wlan1 essid wlan_rockz
iwpriv wlan1 set_wpa_mode 0
iwconfig wlan1 key 0123456789
ifconfig wlan1 up
WEP104
iwconfig wlan1 channel 6
iwconfig wlan1 essid wlan_rockz
iwpriv wlan1 set_wpa_mode 0
iwconfig wlan1 key 01234567890123456789012345
ifconfig wlan1 up
WPA1-TKIP
iwconfig wlan1 channel 6
iwconfig wlan1 essid wlan_rockz
iwpriv wlan1 set_wpa_mode 1
iwpriv wlan1 set_wpa_group 2
iwpriv wlan1 set_wpa_pairwise 2
iwpriv wlan1 set_wpa_psk ps3_wlan
ifconfig wlan1 up
WPA1-AES
iwconfig wlan1 channel 6
iwconfig wlan1 essid wlan_rockz
iwpriv wlan1 set_wpa_mode 1
iwpriv wlan1 set_wpa_group 3
iwpriv wlan1 set_wpa_pairwise 3
iwpriv wlan1 set_wpa_psk ps3_wlan
ifconfig wlan1 up
wpa_supplicant.conf for WPA1-TKIP or WPA1-AES
• This configuration file i used on my PC WLAN client to test PS3 WLAN AP.
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="wlan_rockz"
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="ps3_wlan"
priority=2
}
WPA2
• It seems that WPA2 is not supported.
Tested On:
• Tested on my PS3 Slim with Linux kernel 3.5.4 and Debian
• Tested successfully with no security, WEP40, WEP104, WPA1-TKIP and WPA1-AES
Introduction
• WLAN AP driver for PS3 Jupiter (slim only)
• Please report bugs and problems to me (Glevand)
Features
• 802.11bg support
• Wireless Extension interface
• WEP, WPA1 and WPA2 support (work in progress)
PS3 Jupiter Driver
Source code: gitorious.ps3dev.net/ps3linux/ps3jupiter
Compiling
You can compile it on PS3 Linux or cross-compile on a Linux PC
But first you have to build a Linux kernel from source.
cd ps3jupiter
make KSRC_DIR=/home/glevand/kernel/linux-3.5.3 ARCH=powerpc CROSS_COMPILE=powerpc64-linux-
Configuration
• For configuration you need wireless-tools: iwconfig and so on.
insmod ./ps3_jupiter.ko
insmod ./ps3_jupiter_ap.ko
iwconfig wlan1
wlan1 IEEE 802.11bg ESSID
Mode:Master Channel:0
# Configure channel and SSID
iwconfig wlan1 channel 6
iwconfig wlan1 essid wlan_rockz
# Configure opmode
iwpriv wlan1 set_opmode 1 (0 = 11b, 1 = 11g, 2 = 11bg)
iwconfig wlan1
wlan1 IEEE 802.11bg ESSID:"wlan_rockz" Nickname:"ps3_jupiter_ap"
Mode:Master Frequency:2.437 GHz
ifconfig wlan1 192.168.201.200
ifconfig wlan1 up
# WLAN LED should be green now
# Connect to the AP with a PC client and try to ping your AP
# Set static IP address ony your client, e.g. 192.168.201.201
Test
• Tested on my PS3 Slim with Linux kernel 3.5.3 and Debian
• Tested with no security
Testing AP Mode with libusb
• No kernel drivers are involved
• Easier to test than with Linux kernel drivers
• I use it to test new and unknown commands
• Source code: gitorious.ps3dev.net/ps3linux/ps3jupiter_libusb
• You need a patched Linux 3.2 kernel too
A USB will do fine. In the USB section of the post you will find what to do.
Sometimes we need to boot Linux without HDD e.g. if you want to experiment with HDD encryption, enable/disable it without causing damage to your data. For such cases we need a LiveCD which doesn't mount HDD at boot.
Creating Initial System with debootstrap
mkdir livecd
debootstrap --arch powerpc squeeze /root/livecd http://ftp.us.debian.org/debian
# Grab a beer and reverse some PS3 stuff in the meantime
# Enter chroot environment
mount -t proc none /root/livecd/proc
mount --rbind /dev /root/livecd/dev
LANG=C chroot /root/livecd /bin/bash
export TERM=xterm-color
echo "debian" > /etc/hostname
dpkg-reconfigure tzdata
# Configure network interfaces
cat /etc/network/interfaces
---
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid ssid
wpa-psk psk
-EOF-
# Configure APT
cat /etc/apt/sources.list
---
deb http://ftp.us.debian.org/debian squeeze main
deb-src http://ftp.us.debian.org/debian squeeze main
deb http://security.debian.org squeeze/updates main
deb-src http://security.debian.org squeeze/updates main
-EOF-
aptitude update
aptitude install locales
dpkg-reconfigure locales
aptitude install console-data
dpkg-reconfigure console-data
tasksel install standard
aptitude install binutils gcc make git vim openssh-server sudo wireless-tools wpasupplicant libssl-dev libncurse5-dev
aptitude install gcc-spu g++-spu newlib-spu spu-tools
aptitude install parted kpartx cryptsetup libreadline-dev libaio-dev libdevmapper-dev libudev-dev
# Make SSH server start at boot so we could ssh to our LiveCD
update-rc.d ssh defaults
aptitude clean
rm -f /etc/udev/rules.d/70-persistent-net.rules
# exit chroot environment
exit
# Unmount dev and proc
umount /root/livecd/dev/shm
umount /root/livecd/dev/pts
umount /root/livecd/dev
umount /root/livecd/proc
Creating Root Filesystem
mksquashfs * ../root.sfs
Modifying Root Filesystem
unsquashfs root.sfs
cd squashfs-root
# Make your changes
mksquashfs * ../root-changed.sfs
Linux 3 Kernel
We need a Linux 3 kernel with overlayfs support so we could create a tmpfs over our read-only base filesystem.
Furthermore, we want to compile PS3 HDD driver as module because in this case we can easily change HDD region flags.
See my GIT repos:
• gitorious.ps3dev.net/ps3linux/kernel-configs
• gitorious.ps3dev.net/ps3linux/kernel-patches-34
• gitorious.ps3dev.net/ps3linux/kernel-patches-35
• gitorious.ps3dev.net/ps3linux/livecd
• We need a couple of user-space applications to mount filesystems, load kernel modules and so on.
• And make sure you compile BusyBox without any library dependencies.
• I compiled my BusyBox executable on PS3 Linux but you could cross-compile it too but then you need a complete PowerPC toolchain with libc.
tar xvjf busybox-1.20.1.tar.bz2
cd busybox-1.20.1
make menuconfig
make
Creating the Image
mkdir initramfs
cd initramfs
mkdir -p bin dev etc lib/modules/3.5.3 mnt proc sbin sys usr/bin usr/sbin
cp ~/busybox-1.20.1/busybox bin/
cd bin
ln -sf busybox sh
cd ..
echo 'sda.* 0:6 0660' >> etc/mdev.conf
echo 'sr[0-9] 0:6 0660 @ln -sf $MDEV cdrom' >> etc/mdev.conf
cat >etc/modules vfat
> isofs
> crc-ccitt
> crc-itu-t
> lzo_compress
> udf
> squashfs
> overlayfs
> ps3_gelic
> ps3stor_lib
> sg
> ps3rom
> usb-common
> usbcore
> ehci-hcd
> ohci-hcd
> usb-storage
> EOF
for mod in fat vfat isofs crc-ccitt crc-itu-t lzo_compress udf squashfs overlayfs \
ps3_gelic ps3stor_lib sg ps3rom usb-common usbcore ehci-hcd ohci-hcd usb-storage; do
path=`find /home/glevand/linux-3.5.3-build/lib/modules/3.5.3 -name $mod.ko`
cp $path lib/modules/3.5.3/
done
# Create initramfs
find . | cpio -H newc -o > ../initramfs.cpio
cd ..
cat initramfs.cpio | gzip > initramfs.cpio.gz
# Make changes to initramfs
gunzip initramfs.cpio.gz
mkdir initramfs
cd initramfs
cpio -i -d -H newc --no-absolute-filenames < ../initramfs.cpio
Images
• vmlinux-3.5.3.xz: http://www.multiupload.nl/0R2TP29KZC (MD5 2da491cd3a213cab41797216ef0a2332)
• root.sfs: http://www.multiupload.nl/ANFAPX646J (MD5 e402b631c8317166367f28785c65ba6c)
• Tools available on the root filesystem: gcc, spu-gcc, spuisofs, spuldrfs, ps3vuart-tools, ps3sed and all my other PS3 Linux drivers. Everything you need to compile and test various PS3 stuff.
• In case someone still hasn't figured it out yet, password for root is root and password for glevand is glevand
• I enabled DHCP on Ethernet.
• You could use WLAN too but for that you have to modify the root filesystem and configure your SSID and PSK in /etc/network/interfaces.
USB
• Your USB drive should be formatted with FAT32 filesystem.
• initramfs-usb.cpio.gz: http://www.multiupload.nl/OW560Y66Y2 (MD5 c8ae892b68dfd7078415a4a52c440f39)
• Create debianlive directory on your USB drive.
• Put vmlinux-3.5.3 (extract xz archive), initramfs.cpio.gz and root.sfs into this directory.
total 257696
-rwxr-xr-x 1 root root 6746154 Aug 18 17:44 initramfs.cpio.gz
-rwxr-xr-x 1 root root 249835520 Aug 18 17:15 root.sfs
-rwxr-xr-x 1 root root 7288832 Aug 18 17:31 vmlinux-3.5.3
$ ls -l /mnt/usb/
-rwxr-xr-x 1 root root 188 Aug 18 17:30 kboot.conf
And create kboot.conf in the root directory of your USB drive with this content:
CDROM
• initramfs-cdrom.cpio.gz: http://www.multiupload.nl/OT9YTIN8XU (MD5 7b1899301bae7e17be6e16e3d0bd9803)
• debianlive.iso.xz: http://www.multiupload.nl/0QMH8KFP2Z (MD5 d03993d0ea6d6f37c85585d6e8d9506e)
cp root.sfs initramfs.cpio.gz vmlinux-3.5.3 iso/debianlive
echo "debianlive=/debianlive/vmlinux-3.5.3 initrd=/debianlive/initramfs.cpio.gz" > iso/kboot.conf
cd iso
mkisofs -R -J -l -o ../debianlive.iso .
cd ..
sudo cdrecord -v dev=/dev/sr0 blank=fast
sudo cdrecord -v dev=/dev/sr0 debianlive.iso