PS3 Exploit Talk Pushed Back to Wedn … - 改機
By Kyle
at 2010-12-28T15:41
at 2010-12-28T15:41
Table of Contents
http://www.ps3hax.net/2010/12/graf_chokolo-exploits-hv-through-lv2-gameos/
http://psx-scene.com/forums/f6/graf_chokolo-hv-exploit-dump-gameos-73893/
Originally Posted by graf_chokolo
I have just exploited and dumped HV 3.15 from GameOS.
I used memory glitching like Geohot to get dangling HTAB entry but
2nd and 3rd stages are quite different. I used my knowledge about HV
internals and created a simpler exploit for stage2 and stage3.
I didn't use second VAS like Geohot. I used
lv1_undocumented_function_114 and lv1_undocumented_function_115 to
exploit HV after I got a dangling HTAB entry
Now we don't need Linux to exploit and dump HV. Furthermore, HV dump
from GameOS is a lot better because when GameOS is running more
features are activated in HV So, I can reverse now more C++ objects
and understand better how HV works.
I will make everything public very soon and i plan to dump HV 3.41
in the next days.
Happy New Year guys!
今天graf_chokolo宣稱參考George Hotz(geohot) 的方法,利用漏洞在3.15版的
韌體的GameOS模式將整個 PS3 Lv2的HyperVisor讀了出來。按照他的說法,就是
日後不再需要Linux 才能將記憶體讀出,而且在GameOS底下比在OtherOS 底下讀
記憶體好,原因是GameOS向HV要求的功能比較多,所以可以讀到更多東西。
讀出來之後就是利用逆向工程把C++ 物件還原成組合語言,然後開始找漏洞,然
後針對漏洞寫程式攻破HV,最後就是最後一關Lv1 了。
明後兩天他要嘗試在3.41版韌體上再試一次。
******
graf_chokolo這邊的研究成果應該對自製韌體會有貢獻,他主要在研究 PS3韌體
程式的更新過程。要說有什麼突破性的進展,就是解開程式更新的方式,日後可
以同時兼顧 PSN連線、遊戲執行跟執行自製程式。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
http://psx-scene.com/forums/f6/graf_chokolo-hv-exploit-dump-gameos-73893/
Originally Posted by graf_chokolo
I have just exploited and dumped HV 3.15 from GameOS.
I used memory glitching like Geohot to get dangling HTAB entry but
2nd and 3rd stages are quite different. I used my knowledge about HV
internals and created a simpler exploit for stage2 and stage3.
I didn't use second VAS like Geohot. I used
lv1_undocumented_function_114 and lv1_undocumented_function_115 to
exploit HV after I got a dangling HTAB entry
Now we don't need Linux to exploit and dump HV. Furthermore, HV dump
from GameOS is a lot better because when GameOS is running more
features are activated in HV So, I can reverse now more C++ objects
and understand better how HV works.
I will make everything public very soon and i plan to dump HV 3.41
in the next days.
Happy New Year guys!
今天graf_chokolo宣稱參考George Hotz(geohot) 的方法,利用漏洞在3.15版的
韌體的GameOS模式將整個 PS3 Lv2的HyperVisor讀了出來。按照他的說法,就是
日後不再需要Linux 才能將記憶體讀出,而且在GameOS底下比在OtherOS 底下讀
記憶體好,原因是GameOS向HV要求的功能比較多,所以可以讀到更多東西。
讀出來之後就是利用逆向工程把C++ 物件還原成組合語言,然後開始找漏洞,然
後針對漏洞寫程式攻破HV,最後就是最後一關Lv1 了。
明後兩天他要嘗試在3.41版韌體上再試一次。
******
graf_chokolo這邊的研究成果應該對自製韌體會有貢獻,他主要在研究 PS3韌體
程式的更新過程。要說有什麼突破性的進展,就是解開程式更新的方式,日後可
以同時兼顧 PSN連線、遊戲執行跟執行自製程式。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
Tags:
改機
All Comments
By Kristin
at 2010-12-29T15:37
at 2010-12-29T15:37
By Charlotte
at 2010-12-30T03:29
at 2010-12-30T03:29
By Andrew
at 2011-01-04T02:37
at 2011-01-04T02:37
Related Posts
PSP GO 有從外盒辨識韌體的方法嗎?
By Frederica
at 2010-12-28T01:11
at 2010-12-28T01:11
PSP GO 有從外盒辨識韌體的方法嗎?
By Charlotte
at 2010-12-28T00:54
at 2010-12-28T00:54
想請問一下 MHP3(日)
By Skylar DavisLinda
at 2010-12-27T22:20
at 2010-12-27T22:20
求助AdhocToUSB無法連線?
By Hedy
at 2010-12-27T22:14
at 2010-12-27T22:14
6.20HEN iso_loader 不需拔插記憶卡
By Joseph
at 2010-12-27T21:23
at 2010-12-27T21:23