Monday, April 19, 2010

On GeoHotz CFW 3.21

Ever since I heard about George Hotz custom firmware image Ive been thinking about how to get it on a Ps3 that has been updated to 3.21(official). My findings are that one *Should* be able to erase their Ps3 Hard Drive, put the CFW image on a USB stick, boot into recovery mode and load the custom firmware image, providing it passes the key checks.

Method 1)
1) Remove hard drive
2) Put it in a Laptop
3) Format drive
4) Put drive back in PS3
5)Boot into recovery mode
6) Load CFW image from USB drive

Method 2(not as safe)
1)Format drive in XMB and half way through flip the power switch to the PS3
2)Boot recovery menu
3)Load CFW from USB drive

now this is providing that it passes standard checks and the PS3 is OK with the PUP. I dont know if this will work or not, because I dont have the CFW image. Ill give it a go when it is released.

Ps3 Hacking Updates

I just got off the phone with an old friend of mine. We have decided that a group effort is needed to hack the PS3, oddly enough he was working on it independently and had no idea I was too. So the good thing is that we have separate ideas, which is good and I have created an action plan and he will be over in the next week or two and we will have a Red-Bull fueled week of PS3 hacking. We will keep the updates coming and release ALL of our findings (Failures are just as important to discuss so that we can kind of unite the community) updates to come, ive been generating various forms of code for the Cell and we will see about some injection techniques later(remote too). One thing I would love is to find a new exploit that does not require hardware modifications. more Updates to come. Thanks to Gatz85 for the inquires, he re-ignited my passion for opening this platform to homebrew and may be contributing to this group, we will see

Monday, April 5, 2010

PS3 Memory Glitch Mod.

Its nearly 3:00am and I just finished the PS3 Hardware Exploit, I will post a detailed how-to ASAP and it will include pictures of the process. Now the real work begins. Mehr im Morgen

Sunday, April 4, 2010

Quick Exploit Code ( NOT FOR PS3)

This is just a quick local get() exploit which you can feed your Shellcode however you do, im really just tossing this up so I can get to it wherever I want.

http://www.pastie.org/903458

Saturday, April 3, 2010

8==D~ PS3 BluRay Firmware.(pew pew)


Now on to more pressing matters, I will be writing a program to set in Userspace for the PS3: I think I will call it Ps3-Decrypt-bin, Ill be using the SPE to decrypt things and the only thing I care about right now.....BluRay firmware. I think the scene could benefit from a program to load Binary-encrypted files into the SPE for decryption then be able to write that back decrypted data back. Imagine using this command : ps3-decrypt-bin core_os (which is inside the update.tar within the PS3UPDATE.PUP. Not an easy task, but one ill try.

Again I can only say... We will see what happens..

Pulse trigger NEEDS TESTING

I started writing an Load Interrupt program because I don't want to buy a FPGA board or make a 555 timer. When complete this will send a pulse out of a port( which one I haven't decided). I got this idea from jaicrab and wanted to make it easier for users to complete, I don't know about you but I have 4 computers, none of which have a LPT port. So I'm writing something to send the pulse out of ANY port! This is also capable of running the XorHack when its needed, just uncomment the line in main()

edit: this is finished and I need testers !
Source http://www.pastie.org/902030



Thursday, April 1, 2010

Reading DECRYPTED PS3 Firmware 3.15

I am about 25% Done reading the Hypervisor and here are a few interesting things I have found:

/home/aoki/svn/head/sys/trunk/cellos/src/implementation/driver/rsx/core/device.h
PCI Express use 1GB MMIO area.(sys.lv1.large_pciex is 1.)
DDR : 0x2000_0000 - 0x2FFF_FFFF 256MB
PCI : 0x3000_0000 - 0x3FFF_FFFF 256MB
PCI Ex : 0x4000_0000 - 0x7FFF_FFFF 1GB
/src/UX/utils/ELF64.cc
/src/UX/selective/secure/certified_file.cc

spu_pkg_rvk_verifier.self
spu_token_processor.self
spu_utoken_processor.self
_iso.self
aim_spu_module.self
spp_verifier.self
mc_iso_spu_module.self
me_iso_spu_module.self
xsv_iso_spu_module.self
sb_iso_spu_module.self
default.spp
plv1.self
lv2_kernel.self
eurus_fw.bin
Hemer_init.self
hdd_copy.self
mc_iso_spu_module.self
PS2_SW_LPAR
local_sys0/ps2emu/ps2_softemu.self
USB_DONGLE_AUTH_USB_DONGLE