Sponsored Links

Sponsored Links

 

PS3 LV2_Kernel Exploit Sample Implementation By Naehrwert

1300°
101w ago - Following up on his PS3 SCETool update and PS3 Dump_Rootkey code, today Sony PlayStation 3 hacker Naehrwert has posted some details on exploiting the PlayStation 3 lv2_kernel and has made available a sample 3.41 implementation below.

To quote from his blog: Exploiting (?) lv2

A long while ago KaKaRoTo pointed me to a stack overflow he found while reversing lv2_kernel. But there are two problems:

1. The vulnerability is in a protected syscall (the SELF calling it got to have the 0x40... control flags set). So you’d first need to find a suitable usermode exploit (don’t ask us), that gives you code execution with the right privileges.

2. The payload data is copied to lv2 heap first and the function will do a free call on it before the payload has any chance to get executed. This might not sound like a problem but it looks like lv2′s heap implementation will overwrite the free’ed space with 0xABADCAFE and thus destroy the payload.

Here (pastie.org/4755699) is my sample implementation for 3.41 lv2_kernel...
 

DexL0ve PS3 Patched DEX LV2_Kernel.Self for CEX Consoles Arrives

1300°
134w ago - Following up on the previous update, this weekend PlayStation 3 homebrew development group DexL0ve have made available a PS3 patched DEX LV2_Kernel.Self for CEX consoles followed by a revision below that fixes PS3 crashing issues.

Download: [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links]

Essentially this PKG release is a patched LV2 DEX (Debug / Test) kernel for CEX (Retail) PS3 consoles based on the recent LV2 Loader release.

To quote: From my limited understanding of PS3 coding and reading the NFO file, that by using the LV2_Loader released by Team Rebug earlier, and by QA flag'ing your CEX machine, this file is basically a patched LV2 DEX kernel that will load fully on your CEX machine and thereby give you some DEX (aka) TEST machine L0VE on your Jailbroken PS3 Console.

From Cyberskunk:...
 

Graf Chokolo Decrypts PS3 LV2_Kernel.self, 3.50 Decryption WIP

500°
195w ago - Following up on the PS3 Master Key news and his previous work, today via xorloser's blog graf_chokolo has confirmed that he has decrypted several PS3 SELF files including LV2_Kernel.self and is currently working on PlayStation 3 Firmware 3.50 decryption now.

To quote: Guys, i was not idle again I'm able now to decrypt lv2_kernel.self, ps2_emu.self, ps2_softemu.self and ps2_gxemu.self from 3.41 firmware by using metldr and lv2ldr directly.

I'm working now on 3.50 decryption $ONY changes something in 3.42 and 3.50

lv2_kernel.self
http://pastie.org/1353785

ps2_emu.self
http://pastie.org/1353794

ps2_softemu.self
http://pastie.org/1353804

ps2_gxemu.self
http://pastie.org/1353806

I will make everything public very soon, as usually.

lv2_kernel.self from debug 3.41 decrypted.

http://pastie.org/1354026

lv2_kernel.self from 3.15 decrypted

http://pastie.org/1354090

lv2_kernel.self from 2.43 (service jig) decrypted

http://pastie.org/1354092
 
Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links






Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News

Sponsored Links