graf_chokolo：我把硬碟加密關了！ - 改機

http://xorloser.com/?p=297&cpage=21#comment-3221

PS3 主機是使用Unix的UFS2檔案系統，同時會將所有的資料加密。然而目前
graf_chokolo已經有辦法藉由控制HyperVisor將檔案加密。

結果不幸的事情發生了，當加密關閉後，GameOS無從解碼讀取資料，判定主機的
硬碟是全新的，所以把他的硬碟格式化掉了。不過主機並沒有掛掉，還是可以正
常開機，於是graf_chokolo把整個加密跟未加密的硬碟資料用磁碟救援工具讀出
，準備尋找解密金鑰。

同時也把HV裡面硬碟加密相關的指令全部拿出來了。

http://xorloser.com/?p=297&cpage=22#comment-3246

Storage device encryption/decryption is done by HV and peripheral
devices like ENCDEC or RBD. I'm trying to understand how the storage
subsystem of HV works currently, it's by far the most complex part
of HV i have seen so far.

And recently i figured out that the VFLASH region, where Linux boot
loader (otheros.bld) is stored, is still there on 3.41 firmware. I'm
trying now to boot Linux bootloader from this region. OtherOs.self
writes otheros.bld image to this VFLASH region and creates
cekk_ext_os_area where several parameters are stored. On 3.15
firmware, when Linux was booted, the Linux System Manager (in HV
process 9) loads Linux bootloader from the VFLASH region,
decompresses it and boots it. The problem with 3.41 firmware is,
that SONY removed Linux System Manager from HV process 9. It's no
problem for me to store Linux bootloader on this VFLASH partition.
But there are 2 problems, first the VFLASH region where Linux is
stored is 0x40000 bytes large, so there is not much place for Linux
bootloader on VFLASH, so it should be compressed to make it smaller.
Second problem is, i have to patch HV process, insert my code which
loads it from VFLASH and decompresses Linux bootloader. And after
that we could boot Linux from HDD and it would have GameOS rights,
e.g. has access to Dispatcher Manager or run isolated SPUs.
要要修改HV，才有辦法讓GameOS與Linux 共容，還有一個問題就是VFLASH的空間
太小，塞不進 Linux的Bootloader。

http://xorloser.com/?p=297&cpage=22#comment-3248

I dumped now both decrypted and encrypted sectors of UFS2. And the
same plaintext is encrypted to the same ciphertext :-) Encryption is
independent of sector position.

And SONY uses 128-bit block cipher to encrypt the blocks within a
sector.
非常合邏輯的設計，以磁區(sector)為單位加密，用太大的單位加解密的話，會
耗用過多的系統資源，拖慢磁碟效率。

http://xorloser.com/?p=297&cpage=22#comment-3259

And i figured out that the size of VFLASH region where 3.15 stored
otheros.bld can be doubled and i will be able to store decompressed
Linux bootloader otheros.bld on this VFLASH region :-) It will
simplify HV patching immensely, i do not need now to decompress Linux
bootloader in HV. I will test it today and report back. There are
0x2000 extra unused sectors between the VFLASH region for otheros.bld
and the next VFLASH region, so i can use those sectors and increase
the size of VFLASH region for otheros.bld.

We could make a CFW by patching HV with dual boot option, either
GameOS or Linux could be booted from HDD.
水啦～過不了多久就能雙開機了。

--

○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
ｏ _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
ｏ

--