It doesn't take a rocket scientist to know that, to speculate, Mathieulh's people who are reversing the dump now could easily pass along their findings to C&D, Dark AleX, M33, etc and such things could be possible sooner.
The last thing I'd want to do here is crush hope... maybe Booster, Humma Kavula, a Russian hacker or someone "anonymous" will end up doing it. Really it's free game for everyone on the Internet now, but we'll do our best to keep people posted as it happens.
01-27-2010 #122Banned User
- Join Date
- Jul 2008
I'm guess the isolated spu will fall before we have full working rsx drivers. So GH already is in the isolated spu but without rsx drivers we only have 2d gfx to work. For full hb (mediacenters, games, isoŽs) we need 3d gfx. But i'm sure it only need some time.
One of the main annoying things about this is the fact that most people replying to this topic (other than the mods & devs) have NO IDEA what it involves or how complicated the hack will be to develope into something useable.
Simply posting 'I want a tutorial' will get you nothing and contributes zilch to the scene. All these so called 'Hackers' who can mod PSPs etc (BIG wow) will find this is a different kettle of fish altogether.
Let the real mods & devs do their work and we will hopefully see something interesting in the next week or 2.
As my dad told me, there are no stupid questions - just stupid people.
Look at this...
Any software that might have been adversely modified will not be given access to the unsealed keys. (http://www.ibm.com/developerworks/po...-cellsecurity/)
Controling the HV is the first key to the enigma. Make a software gain acess to the root key (by faking it as authorized) then capture it while running through the mem, if it doesnt work, then spur some drops of water on the chip out-conector, it could lead to fried the chip, i know, but not before you can take some or all the data from inside of it. By the way, you should connect some wires and all on the out-connector and must have a dump hardware to take the data inside the isoleted SPE.
Anyway, to take those keys out, you guys will need to use some brute force, cause the only other way to take then, are with factory equipaments or by creating some new gadges (hardwares that can interpret some new methods and translate them and/or dump then) and/or ways to circumvent this problem.
You should be learning "how to take out data from isolated CPUs" before going crazy and lost time trying to discover some softmods to do this tricks. Geohotz have some engineer knowledgments and tools to have come this far, and it seems that he hit the great wall of the Sonys security scheme. To go further its nothing that some soft hacks and knowledge can handle.
Why not try to hijack the comunication between the isolated SPE and the Memory process? Does anyone try this yet? Because maybe its the case that the isolated SPE can send some fragments or all the keys to the mem, but the mem blocks they keys for then to not be so easely hijaked. Dont know, dont have time to study on the PS3 specs. If nothing works, just try a way to fake the first authentication, but to capture the key, i think only by brute force (hadware).
The word ISOLATED doesnt exist for nothing.
All the data are there just waiting to be stolen, but not by the tradicional ways like showed by Geohotz. Keep that in mind.
My 2 cents.
YDL 3D grafic interface
I would like to see people focus on the YDL 3D grafics solution... it would make possible to see videos in mkv 1080p and much more!
From what i know these are the best places to check the development of such solution:
Im very n00b in all of this but i want to try and help in any way i can to fully unlock the ps3 power to linux... i dont really care about the games or all the stuff going on.
Rather play videos and the like through xmb.. dual booting sucks when you want to switch between functions frequently.
nice work guys, and thx geohot for his amazing work.
i can just say " BallŽin"
I recall that the only difference between Retail and Debug is the activation of certain flags. With this hack wouldnt it be possible using that HDD removal method to install Debug firmware, then use this hack to activate certain flags thus making the inoperable debug features work?
That hybrid is really Debug Firmware, but with a Retail COREOS, as the debug COREOS fails validation (due to said flags).