graf_chokolo: almost bring back OtherOS - 改機

http://xorloser.com/?p=297&cpage=22#comment-3270
graf_chokolo:
@ModIt

My approach will enable OtherOS to have the same access rigths as
GameOS, it means access to Dispatcher Manager, Update Manager, VFLASH,
HDD encryption/decryption, isolated SPUs and RSX of course.

GameOS is only good for games, for PS3 development and hacking is
Linux or FreeBSD with GameOS rights are a lot better. And i want a
clean approach for booting Linux, not like AsbestOS, it's not very
clean.

I have my loader for OtherOS bootloader ready now, will patch HV today
and try it out in the evening, after that will report back. Stay tuned.

GameOS在玩遊戲上或許沒什麼問題，但要破解主機或是開發程式的話，Linux 比
GameOS有用得多。

http://xorloser.com/?p=297&cpage=22#comment-3283

graf_chokolo:
I managed to boot an unencrpyted LV2 kernel from VFLASH. The decrypted
LV2 kernel from Service JIG just made some strange sounds for several
seconds and then did shutdown :-) Normal unencrypted LV2 kernels boot
normally. We could kick out lv2ldr from HV completely and boot
enencrypted LV2 kernel always :-) Working now on Linux bootloader.
Stay tuned.
graf_chokolo成功用PS3 主機載入 Linux了，有了 Linux之後也就不用$QNY那限
制多多的lv2ldr。如果有NOR Flash 寫入權限的話很可能可以改 MAC位址或是傳
聞中的PSID來躲$QNY的水桶，雖然說 MAC位址跟PSID很可能都是燒死在 ROM裡面
的。

以 MAC位址來說，有很多廠牌的網卡可以用工具程式修改，連螃蟹牌(realtek)
這種廉價卡都行。PSID這種東西因為不是標準規範，所以十之八九是讀出來先存
在記憶體中然後才傳到 PSN伺服器，因此找得到位址就有辦法可以改。不過也要
注意，$QNY的維修手冊裡面有寫到，一台主機的 MAC、PSID、BD光碟機序號等，
一定必須吻合資料庫裡面的檔案，而且是唯一的一組，所以也許不是那麼容易。

http://xorloser.com/?p=297&cpage=22#comment-3289

Marcan:
graf_chokolo, I don't think you "get" AsbestOS. It's just a linux
bootloader, in fact it would work great as otheros.bld or any other
way of running it as an lv2 binary, and it's more robust than
petitboot (and smaller and easier to modify).
Marcan上來老王賣瓜了XD，之前graf_chokolo嫌棄說AsbestOS的開機方式太髒，
所以他自己弄了個乾淨一點的petitboot ，但Marcan反駁說AsbestOS更好用，而
且檔案大小比petitboot 更小。

OtherOS + extra rights isn't a replacement for AsbestOS, it's an
alternative to our original approach of replacing lv2 with AsbestOS.
There's already one released way to boot AsbestOS (USB exploit, which
isn't very clean/handy), Hermes is working on a runtime lv2 bootstrap
for it (also not very clean but handy for people who like CFWs),
there's the lv2 replacement that we demoed but which isn't out yet (
which is clean, though can't dual-boot GameOS yet), and once you release
what you're working on you will be able to just boot AsbestOS with
it. Of course you could just run petitboot too, but where's the fun
in that? (we could've just used petitboot as a lv2 kernel for the
27c3 demo too, but AsbestOS is just much easier to make work and I
already have a working new boot ABI using the devtree to pass the
region1 allocation to Linux and patches that make it work regardless
of whether the bootmem split is 128/128 or 16/240).

This isn't a competition, I see no reason why AsbestOS can't work
great with whatever you're getting ready ;)

Btw, re: disk encryption, they use the same key and a NULL IV (can't
remember if all 00 or all ff) for every sector. It's a very
stupid/insecure block encryption scheme. There are flags for the
sector read commands to toggle encryption on and off, that's what we
used to boot Linux off of a raw, totally DOS formatted disk with no
encryption or lv1 regions.
順帶一提，$QNY用了個非常蠢的方式來幫硬碟資料加密，全部都是同一個金鑰而
且對應的IV也是空的，然後在每個磁區的開頭都有某個旗標(flag)設定該磁區是
否被加密，所以我們才有辦法在使用 DOS格式化過，而且完全沒有加密的磁碟上
直接跑 Linux。

Also, we thought about booting an unencrypted lv2 kernel too (I assume
you're messing with default.spp?) but we were very short on time and
self was easier. Of course, you know a lot more about lv1 than we do ;)
當然我們也差不多快可以跑未加密的lv2 核心程式了，我猜你大概是漏了
default.spp ？總之我們時間也沒多少，self對我們而言比較容易就是，當然說
到lv1 還是你最行。

--

○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
ｏ _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
ｏ

--