Hey there.

So... you use an ad blocker. That's cool. Sometimes we do too.


But without ad revenue, we wouldn't even be here. And we might not be here much longer.

Please disable your ad blocker and click to continue.

Page 1 of 2 12 Last
  1. #1
    titanmkd Guest

    Post How to Build GeoHot PS3 Exploit Easily from Kernel Build to Exploit Run

    Tested on Yellow Dog Linux 6.2 (developer install) but should work on any linux distribution. (Yellow Dog Linux 6.2 DVD link: http://ydl.oregonstate.edu/iso/yello...D_20090629.iso)

    Required before before to start this tutorial:

    1) Have a working internet connection (to download exploit and kernel source).
    2) Have at least 60MB of hard disk free for /boot/ (required to install new kernel).
    3) Have at least 1GB of hard disk free for /usr/src/ (required for kernel source build).
    4) Have done the PS3 hardware with a push button connected to a PIC/FPGA... to send a pulse of 40ns on the Memory Bus Controller. (else the exploit will run infinitely and lockup everything until hard reset).

    Step1 building the kernel and booting on it:

    1) Launch a shell and logon as root user using "su -" (required later to install kernel ...)
    2) Download Linux Kernel 2.6.25(linux-2.6.25.tar.bz2) and the exploit in /usr/src/
    3) Extract kernel and exploit in /usr/src/
    4) Change directory to kernel directory source and use PS3 default config for kernel.
    5) Build the kernel.
    6) Install the kernel in /boot/
    7) Install the kernel modules (required to build the exploit).
    8) 8) Add new kernel config to kboot config using 720p fullscreen mode (/boot/etc/kboot.conf).
    9) Reboot on newly built kernel 2.6.25 (type reboot in shell)
    When kboot: appear click on keyboard "Tab" until you see kernel 2.6.25 and click on enter.
    If X server cannot be launched click on cancel or NO, in any case use shell with Ctrl+Alt+F1 and logon as root.

    Step2 building and launching the exploit:

    1) Change directory to Exploit directory and Build it (write make).
    2) Run the exploit.
    3) When "PRESS THE BUTTON IN THE MIDDLE OF THIS" appear push button connected to a PIC/FPGA... to send a pulse of 40ns on the Memory Bus Controller.

    Step1 shell script building the kernel and booting on it:

    File step1.sh:

    [Register or Login to view code]

    Step2 shell script building and launching the exploit:

    File step2.sh

    [Register or Login to view code]

    All scripts can also be downloaded.

  2. #2
    Join Date
    Apr 2005
    Posts
    25,041
    Thanks for making this handy and detailed guide titanmkd and +Rep to you!

  3. #3
    TUHTA Guest
    Nice handly tutorial!! Rep+ to you! But what about harware part? And what to do when we ran step 2? where it will dump or how?

  4. #4
    titanmkd Guest

    [Register or Login to view code]

    add something like:

    [Register or Login to view code]

    And it should display a dump of a part of Hypervisor Call Table ... (to see the dump launch dmesg) and give feedback

  5. #5
    adrianc1982 Guest
    titanmkd so this means you now have a dump and are sharing with the devs? I was following the inter-dev relationships thread but saw this one and by the looks you already runned successfully the exploit. If you have run the exploit congrats and thanks for investing your time/money/console.

  6. #6
    TUHTA Guest
    and... that's ok... but what about hardware that we need to do exploit? i mean SPI flasher or something! And how to do it?

  7. #7
    playforfun Guest

    Thumbs Up

    cool tutorial but i don't really want to open my original 60gb JP

    maybe, if one of my friend would like sell me his 40gb blue ray killer, i want try this.

    yep, his ps3 have 3 time blue ray drive changed but each time, the drive is dead

  8. #8
    Assignator98 Guest

    Thumbs Up

    Wow this is a great guide and +rep.

  9. #9
    titanmkd Guest
    Quote Originally Posted by adrianc1982 View Post
    titanmkd so this means you now have a dump and are sharing with the devs? I was following the inter-dev relationships thread but saw this one and by the looks you already runned successfully the exploit. If you have run the exploit congrats and thanks for investing your time/money/console.
    No, I have no dump because:

    1) My PS3 is an old FAT PS3 still under extended warranty (and i'm sure in 6 month the BlueRay lens will be dead and I could change freely my PS3 for a new one).
    2) I have not done the hardware to generate the glitch.

    I'm very interested in any dumps (to disassemble it) for those who have done the little hardware and dumped the memory ...

    Best Regards

    TitanMKD

  10. #10
    TUHTA Guest
    i can't start your step1.sh and step.2 just open up it in console and its so quickly going closed

Page 1 of 2 12 Last

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in