Ooh man. Can't wait for the next month to see the improvements!
I bet $ony is damn scared of things to come
Nice work with the memdump - I've been pretty miffed at Sony for their stunt and decided to hop in with the hacking bandwagon to see if there's anything I could help with. I don't currently have Linux on my PS3 so I haven't tried these out myself yet, but maybe someone could give them a try.
First of all, there's a few linux kernel boot options which may be useful in making sure that the kernel doesn't overwrite the first 36MB of RAM. From the kernel documentation:
Mark specific memory as reserved. Region of memory to be used, from ss to ss+nn. Example: Exclude memory from 0x18690000-0x1869ffff:
So, by adding memmap=36M$0x00000000 to LILO/GRUB boot options would probably do the job. If I remember correctly, this also means that the kernel won't allocate RAM from this area for userspace programs.
Also, as there's no need to boot up a complete system, just starting a kernel and a shell would be enough. The init option lets you to specify the location of the init program (/sbin/init by default) so setting it to /bin/sh would probably be enough. Ie.
This would give a really minimal linux console to work with when getting a dump out.
(you know what I mean)
how much left to play games copies?
Building a kernel image as small as possible and running it into the highest memory space avaliable coul make the thing easier..
Even better could be to find a way to run a minimal linux in the backward compatibility reserved memory (32MB) of some models but this, even if possible, could envolve quite more work...
04-04-2010 #37Banned User
- Join Date
- Nov 2008
The sdk ps3 dont have include for mount and storage.
the best is using ethernet cable for dump,using a otheros whith it support but need included the exploit files
1saludo and yes that dump have parts linux,remember when rst don't volatilice the ram the old data mix with the new.
hmm... so if i understand what i've been reading right, the hypervisor dump that we got was polluted with linux code, the solution to this would be to try to rework the otheros bootstrap which would just dump the same data without the linux code mixed into it, this would require the bootstrap to load from somewhere in the memory after the 36mb of code that we actually want (possibly by moving the bootstraps load location to the hardware on a HWBC console), this should give us our golden key right?... well ok, a map to the golden key but you know what i'm saying.
another option is to figure out how to build an external chip, aka MODCHIP (i know everyone cringes at the mention as they require hardware modification but this dose too), that would somehow record and output all everything thats loaded into the ram or other chips be recoded and outputted to a computer. but this is a very complicated process and could take years.
yes, some part of it has been overwritten but hey, there is at least something to start with!
Does the ability still exist to install the test firmware on a retail box? (I know it didn't work 100%) and if is possible has anyone tried dumping it (or does the lack of otheros make this impossible?)