http://www.ps3hax.net/2010/12/graf_chokolo-exploits-hv-through-lv2-gameos/
http://psx-scene.com/forums/f6/graf_chokolo-hv-exploit-dump-gameos-73893/
Originally Posted by graf_chokolo
I have just exploited and dumped HV 3.15 from GameOS.
I used memory glitching like Geohot to get dangling HTAB entry but
2nd and 3rd stages are quite different. I used my knowledge about HV
internals and created a simpler exploit for stage2 and stage3.
I didn't use second VAS like Geohot. I used
lv1_undocumented_function_114 and lv1_undocumented_function_115 to
exploit HV after I got a dangling HTAB entry
Now we don't need Linux to exploit and dump HV. Furthermore, HV dump
from GameOS is a lot better because when GameOS is running more
features are activated in HV So, I can reverse now more C++ objects
and understand better how HV works.
I will make everything public very soon and i plan to dump HV 3.41
in the next days.
Happy New Year guys!
今天graf_chokolo宣稱參考George Hotz(geohot) 的方法,利用漏洞在3.15版的
韌體的GameOS模式將整個 PS3 Lv2的HyperVisor讀了出來。按照他的說法,就是
日後不再需要Linux 才能將記憶體讀出,而且在GameOS底下比在OtherOS 底下讀
記憶體好,原因是GameOS向HV要求的功能比較多,所以可以讀到更多東西。
讀出來之後就是利用逆向工程把C++ 物件還原成組合語言,然後開始找漏洞,然
後針對漏洞寫程式攻破HV,最後就是最後一關Lv1 了。
明後兩天他要嘗試在3.41版韌體上再試一次。
******
graf_chokolo這邊的研究成果應該對自製韌體會有貢獻,他主要在研究 PS3韌體
程式的更新過程。要說有什麼突破性的進展,就是解開程式更新的方式,日後可
以同時兼顧 PSN連線、遊戲執行跟執行自製程式。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
http://psx-scene.com/forums/f6/graf_chokolo-hv-exploit-dump-gameos-73893/
Originally Posted by graf_chokolo
I have just exploited and dumped HV 3.15 from GameOS.
I used memory glitching like Geohot to get dangling HTAB entry but
2nd and 3rd stages are quite different. I used my knowledge about HV
internals and created a simpler exploit for stage2 and stage3.
I didn't use second VAS like Geohot. I used
lv1_undocumented_function_114 and lv1_undocumented_function_115 to
exploit HV after I got a dangling HTAB entry
Now we don't need Linux to exploit and dump HV. Furthermore, HV dump
from GameOS is a lot better because when GameOS is running more
features are activated in HV So, I can reverse now more C++ objects
and understand better how HV works.
I will make everything public very soon and i plan to dump HV 3.41
in the next days.
Happy New Year guys!
今天graf_chokolo宣稱參考George Hotz(geohot) 的方法,利用漏洞在3.15版的
韌體的GameOS模式將整個 PS3 Lv2的HyperVisor讀了出來。按照他的說法,就是
日後不再需要Linux 才能將記憶體讀出,而且在GameOS底下比在OtherOS 底下讀
記憶體好,原因是GameOS向HV要求的功能比較多,所以可以讀到更多東西。
讀出來之後就是利用逆向工程把C++ 物件還原成組合語言,然後開始找漏洞,然
後針對漏洞寫程式攻破HV,最後就是最後一關Lv1 了。
明後兩天他要嘗試在3.41版韌體上再試一次。
******
graf_chokolo這邊的研究成果應該對自製韌體會有貢獻,他主要在研究 PS3韌體
程式的更新過程。要說有什麼突破性的進展,就是解開程式更新的方式,日後可
以同時兼顧 PSN連線、遊戲執行跟執行自製程式。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
All Comments