03-29-2007 #21samir12 Guest
hey guys im not really a programmr or anything and i don't now anything about the hardware in the ps3 but can i point that i recently heard that people got swapmagic working with the ps3 (since it is considered as a original game by the ps2 so it must work with the ps3) so my theory is that since swapmagic can run exploits maybe we can use swapmagic to run exploits in the ps3.
03-29-2007 #22HanSooloo Guest
http://www-128.ibm.com/developerwork...-cellsecurity/ we learn that one of the SPEs get assigned the duty of secure execution at Secure Boot process. When the PS3 goes into PS2 game mode, can we then, safely assume that the SPE is taken out of the secure execution mode, thereby allowing free reign on the hardware?
Total speculation, but to get people to think :-)
03-29-2007 #23Diverge Guest
03-29-2007 #24tworkemon Guest
Maybe using swap magic or the ps2 backup trick can get a ps2bios dump of a NTSC ps3 console and go from there ?
Edit: We already know that we can run ps2 code with swap but what code?? The ps3 does provide lots of resources for the ps2 side of things like usb, disk drive, memory card, network etc... so again what to run ? What to try to exploit?
03-29-2007 #25Albut35 Guest
To be honest guys. I don't think you're going to be able to use a swap magic method to find this hole.. You would think that Sony would have patched that for sure. I may be wrong, but I highly doubt that any kind of swap magic stuff will help us here..
03-29-2007 #26downloads2k5 Guest
does action replay max work on the ps3 - i seem to remember that program does some very funky crap with regards to hard and fast coding. if remember there was a way in later versions to run emulators from a cdr ? i think this was a seperate exploit type way of loading .elf files because it didnt as far as i recall require the rebooting of the ps2. i will try to dig out some of my old documentation on the armax, prehaps something will hit me.
Edit: o.k. what we know about the ps2 exploit:
1) you NEED an original disk (be it ps1 or ps2) the bootloader has never been truely from software alone been hacked.you need a ps1 disk to do the independance day hack etc.
2) the exploit worked by interupting the ps2's handover to the ps1. (how does the ps3 handover to the ps2?)
03-29-2007 #27DanzigX Guest
Ok, once again, not a Dev here, but.... Lets try to break this into a stage process. First we need to get INTO ps2 mode, THEN we need to find the second exploit. So lets focus on getting into ps2 mode:
It has been confirmed that the system uses ps2 mode to jump BACK to ps3 mode. the swap magic thing is a possibility because it stops everything and waits for a signal from the user to continue. BUT, going back to the ferrox loader that we saw a video of... she used the otherOS area to launch. So, what I was thinking is that if the two exploits are similar that maybe a modification to a linux kernel that redirects the system to somehow use ps2 mode. Others with more knowledge might be able to speculate better than I.
I've been a casual observer in the scene for a long time, one thing to note about PDX is that they do work in mysterious ways... thus, I wouldn't doubt if some little blue birdies visit the thread, drop some info and disappear never to be seen or heard from again. BTW, Thanks for initial brainstorming BK.
03-29-2007 #28Albut35 Guest
03-29-2007 #29sabeer99 Guest
Hmmm, If the exploit came from the ps2 hardware, and the PS3 has the ability to run PS2 games that are downloaded from the Playstation Store, in the future of course, maybe there might be a hack somewhere there. Of course that's a far shot...
03-29-2007 #30steddyman Guest
The EUR PS3 emulates the PS2 CPU via the Cell and still has the PS2 hardware GPU.
I would have thought the issue is that with the JAP/US PS3, when it executes PS2 code the hypervisor is out of the loop. If you find an exploit you are in, even though still in some sort of protected environment.
However, on the EUR PS3 since the PS2 CPU is emulated by the Cell then the hypervisor will still be active. If thats the case this is probably why they can no longer exploit it using the method found.
I could be wrong, but it seems logical.