Hey there.

So... you use an ad blocker. That's cool. Sometimes we do too.


But without ad revenue, we wouldn't even be here. And we might not be here much longer.

Please disable your ad blocker and click to continue.

  1. #1
    shummyr Guest

    Dumping Level 2 Code

    How do you dump Code from Lvl2 on a ps3 test, like if you wanted to look at any data or anything?

  2. #2
    CJPC Guest
    You can not dump out LV2 (the kernel) - that memory area is protected, on a TEST, and even on a TOOL without internal files.

  3. #3
    rickylyh Guest
    if we could do it, ps3 is hacked...

  4. #4
    shummyr Guest
    i was curious because i wanted to dump data from a disc.

  5. #5
    CJPC Guest
    If you want to dump data from a disk, you can use cellftp.self, load it up on your console in Debug mode, and then you can copy the files out to app_home.

  6. #6
    CodeKiller Guest

    Lightbulb

    I'm just wondering: you can run unsigned code on test/debug, but no lv2 dump? Why not using the hv-exploit to gain full access in gameos? The excuse to run it in linux is that retail models can run unsigned codes only in otheros. But what about the test/debug units?

  7. #7
    ekrboi Guest
    If I'm not mistaken.. there is no otheros on the debug/test units.. so no exploit..

  8. #8
    CodeKiller Guest
    Quote Originally Posted by ekrboi View Post
    If I'm not mistaken.. there is no otheros on the debug/test units.. so no exploit..
    no, they have (up to fw3.20).. but that's not the interesting part. You can run unsigned (aka homebrew) codes in gameos which can include the exploit. And then if you make dump (in gameos), it should contains the uncrippled lv2.

  9. #9
    ruger1234 Guest
    Quote Originally Posted by CodeKiller View Post
    no, they have (up to fw3.20).. but that's not the interesting part. You can run unsigned (aka homebrew) codes in gameos witch can include the exploit. And then if you make dump (in gameos), it should contains the uncrippled lv2.
    I think you are exactly right. I can not imagine OtherOS being needed to exploit the "deallocation+glitching combo" vulnerability on a TEST.

    On the Xbox 360 we had the same situation way back when kernel 4532/4548 first were found vulnerable i 2007. Linux was needed to run the exploit on retail boxes (to get the fuseset with the CPU key). On XDKs (devkits) it was not really needed, but many people stilled used the Linux approach since it was simple. However there are also XEXs today that exploit the same vulnerability without the need for Linux.

    My explaination above is a bit oversimplified of course. For those who wonders unsigned shaders were used to write to memory in the first place on the Xbox 360. That made it possible to get control of the instruction pointer, which in turn made it possible to load Linux.

    Linux was only an environment in which the fuseset reading could easily be done afterwards.

    On the XDKs shaders were not needed to pull of the exploit. An XEX could do the exploit directly and read the fuseset.

    Still many people used the retail tools on XDKs and used shaders to load Linux, and then used Linux as a platform to get the fuseset.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in