Sponsored Links

Sponsored Links

 

PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert

1350°
110w ago - Following up on the previous PS3 Lv0ldr / Bootldr clarifications by marcan42 and wololo, today PlayStation 3 hacker naehrwert has shared some details based on reverse-engineering the exploit used to dump it.

To quote from his blog: The Exploit

As the exploit that was used to dump lv0ldr/bootldr/howeveryouliketocallit is public now, let's have a closer look at it to understand what's going on. Here is what I have reversed from lv0 (it shares the syscon portion of the code with its SPU counterpart):

[Register or Login to view code]


 

PS3 LV2_Kernel Exploit Sample Implementation By Naehrwert

1350°
119w ago - Following up on his PS3 SCETool update and PS3 Dump_Rootkey code, today Sony PlayStation 3 hacker Naehrwert has posted some details on exploiting the PlayStation 3 lv2_kernel and has made available a sample 3.41 implementation below.

To quote from his blog: Exploiting (?) lv2

A long while ago KaKaRoTo pointed me to a stack overflow he found while reversing lv2_kernel. But there are two problems:

1. The vulnerability is in a protected syscall (the SELF calling it got to have the 0x40... control flags set). So you’d first need to find a suitable usermode exploit (don’t ask us), that gives you code execution with the right privileges.

2. The payload data is copied to lv2 heap first and the function will do a free call on it before the payload has any chance to get executed. This might not sound like a problem but it looks like lv2′s heap implementation will overwrite the free’ed space with 0xABADCAFE and thus destroy the payload.

Here (pastie.org/4755699) is my sample implementation for 3.41 lv2_kernel...
 

PS3 SCETool v0.2.9 by Naehrwert Updated, Adds NP Fix and More

1350°
121w ago - Following up on his previous release, today Sony PlayStation 3 hacker Naehrwert has updated SCETool to version 0.2.9 which now includes an NP application types fix and more followed by an unofficial update from Gamma Argon as detailed in the changes below.

Download: [Register or Login to view links] / [Register or Login to view links] (Required) / [Register or Login to view links] (Mirror) / [Register or Login to view links] (no zlib1.dll or data folder required) by ben.ss7 / [Register or Login to view links] by TheUnkn0w / PS3 SCETool v0.2.9 (4.46 keys) by Smhabib and Naewhert / [Register or Login to view links] by Deroad (aka Wargio) / [Register or Login to view links] by SMOKE / [Register or Login to view links] / [Register or Login to view links]...
 

PS3 SCETool v0.2.8 by Naehrwert Updated, Adds SPP Parsing

1350°
125w ago - Following up on his previous release, this weekend Sony PlayStation 3 hacker Naehrwert has updated SCETool to version 0.2.8 which now includes SPP parsing among the changes outlined below.

Download: [Register or Login to view links] / [Register or Login to view links] (Required)

For those unaware, SCETool is a PS3 key crypto tool that supports a wide range of binary file types (SELF, RVK, PKG, SPP, OTHER).

To quote via Twitter: SCETool 0.2.8 (intermediate release)

Version 0.2.8 (intermediate release):

  • Fixed minor bugs where scetool would crash.
  • Added SPP parsing.
  • Decrypting RVK/SPP will now write header+data to file.



 

PS3 Dump_Rootkey Code and Brief Guide Arrives from Naehrwert

550°
127w ago - Following up on his Quick PS3 CoreOS Image Tool code release and recent hints, today PlayStation 3 developer Naehrwert has made available PS3 Dump_Rootkey code and a brief guide below so users can dump their own PlayStation 3 root key without Linux.

Download: [Register or Login to view links] / [Register or Login to view links] (Modified and compiled by Attila for Windows using Cygwin - just provide the IP as parameter after dump_rootkey like this: dump_rootkey.exe 192.168.0.1) / [Register or Login to view links] by Attila

Naehrwert has also confirmed that Asbestos PKG only works in 3.41. He has posted the [Register or Login to view links] and [Register or Login to view links] to change the offset for people to adapt it to other PS3 Firmware versions and tul compiled the ELF to an [Register or Login to view links]
 
Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links






Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News

Sponsored Links