Hey there.

So... you use an ad blocker. That's cool. Sometimes we do too.


But without ad revenue, we wouldn't even be here. And we might not be here much longer.

Please disable your ad blocker and click to continue.

Page 20 of 29 First ... 10192021 ... Last
  1. #191
    int0 Guest
    Quote Originally Posted by titanmkd View Post
    I'm software developer and i'm working on the GeoHot exploit (kernel module).
    I'm porting it on latest PS3 Linux Kernel available on my PS3(Fat with FW 3.15) Linux system Yellow Dog 6.2 with kernel 2.6.29.3.

    You maybe already know GeoHot has done the exploit on PS3 ubuntu 8.10 with kernel 2.6.25-2.3, but since kernel 2.6.27 the htab is not mapped anymore and the exploit is not anymore working and crash
    Thanks for sharing I also spotted this problem and also problem with compilation such as get_irq_chip_data(20) in newer kernel its defined as function and gives you an error ".irq_to_desc not found" I replaced that with: get_irq_desc[20].chip_data;

    @titanmkd, can you tell me what did you fix to load HTAB? I'm wating for my FPGA to be delivered on 3rd of Feb. also im not really familiar with linux architecture because i'm windows DEV and RE Thnx.

  2. #192
    mushy409 Guest
    Quote Originally Posted by TUHTA View Post
    Well i know about warrenty i don't use it... so i can solder (i soldered infectus and did dump) so and this is not difficult for me... but i can't understand about hardware part.
    Infectus is only for dumping the NAND which is encrypted. This exploit allows you to dump & inject into memory space (RAM) I believe.

    Infectus will only be useful once we have:

    A) The decryption keys for the NAND (CPU key if you like)
    or
    B) Some kind of CFW or Rebooter similar to the 360.

  3. #193
    einzwei Guest
    seems like hwmod needed for running geohot's exploit is not very hard to make

    let's look at hv intrinsics closer

  4. #194
    TUHTA Guest

    Exclamation

    Quote Originally Posted by mushy409 View Post
    Infectus is only for dumping the NAND which is encrypted. This exploit allows you to dump & inject into memory space (RAM) I believe.
    no i just mean that i can solder.. that i'm good in that and i can do anything with ps3... so just neeed to understand.. and how to program... board to 40ns.

  5. #195
    CJPC Guest
    Quote Originally Posted by einzwei View Post
    seems like hwmod needed for running geohot's exploit is not very hard to make

    let's look at hv intrinsics closer
    Hey einzwei, nice to see you around again - its been quite a while. Actually having some issues sourcing parts fast enough - got any ideas?

  6. #196
    Mdiv Guest
    Quote Originally Posted by TUHTA View Post
    no i just mean that i can solder.. that i'm good in that and i can do anything with ps3... so just neeed to understand.. and how to program... board to 40ns.
    You could probably make the circuit for a couple of quid (attached gif) if you don't have access to the components for free. I won't be trying it because tolerances of the components would probably make the pulse time swing wildly and I hate precision oscilloscopes with a passion to test the circuit.

    t = R*C*Ln(3)

    if t = 40 nS, C = 300 pF then R = 121.21 Ohms

    using a 120 Ohm resistor (which is a standard value) gives 39.93 nS.

    HEF4016B (Quadruple bilateral switch Data sheet here)

  7. #197
    Poopsqueege Guest

    Lightbulb

    Does anyone think that a normal wave generator would work for the pulse or would you have to rig something up with a 555 timer ic?

  8. #198
    lavatar Guest
    Whats about Xbox 360s Hypervisor, is it possible to glitch it with the same method? But without Otheros Linux nearly impossible?

  9. #199
    Mdiv Guest
    The way I see it is you have to connect the point on the PS3 to ground only once and for 40 nS. I don't think a wave generator could do that as it will go from 0V to 5/10/whatever Volts (unless it has a one shot function which you can trigger) but then I can only see it to be used to trigger an addition circuit.

  10. #200
    titanmkd Guest

    [Register or Login to view code]

    I will post the source code of new exploit.c and kernel patch required when all will be clean and working (does anyone know how to post that on this website because i'm new user and I have no right to upload files ...).

    [Register or Login to view code]

    I plan also to add services to the exploit to use the kernel module to read/write in memory using user space with fopen() ...

    Best Regards

    TitanMKD

Page 20 of 29 First ... 10192021 ... Last

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in