Hey there.

So... you use an ad blocker. That's cool. Sometimes we do too.

But without ad revenue, we wouldn't even be here. And we might not be here much longer.

Please disable your ad blocker and click to continue.

  1. #1
    CJPC Guest

    Revised PS3 Boot Information

    Our Resident DEVS have revised the PS3 Bootup procedure, with some more interesting information.

    asecure_loader is not at start of the NAND. The first 512KB also is skipped, or actually any 512 block of FF is skipped.

    Furthermore, the asecure_loader differs per box, possibly encrypted with a per-box key. Files of course are not in clear, that suggests that at every step an encryption/decryption is done.

    The boot loader in IDA does not look microcode for IDL, maybe it's encrypted with cpu key (the IBM secure boot/asecure_loader), that can explain also why a NAND dump can be restored only on the PS3 from which it was taken.

    asecure_loader ----> lv0 which start lv1ldr or lv2ldr depending on 0 or other number in NAND FS
    lvldr ----> lv1.self ----> cell_ext_area partition NAND, boot compressed linux kernel for example

    load trvk_prg
    spu_pkg_rvk_verifier.self load trvk_pkg
    lv2ldr load lv2_kernel.self
    spp_verifier.self load default.spp (bluetooth ?)
    isoldr (?)
    appldr (?)
    sc_iso.self (?)
    LV2 KERNEL MODULE ----> spu_token_processor.self
    LV2 KERNEL MODULE ----> aim_spu_module.self
    LV2 KERNEL MODULE ----> mc_iso_spu_module.self
    LV2 KERNEL MODULE ----> me_iso_spu_module.self
    LV2 KERNEL MODULE ----> sv_iso_spu_module.self
    LV2 KERNEL MODULE ----> sb_iso_spu_module.self

    That is just a taste of some interesting information, expect more soon!

    More PlayStation 3 News...

  2. #2
    Ni0b Guest
    If you install a Bootloader from the OtherOS.bld and OtherOS.self does he write himself to the MBR and will be booted before the XMB OS is booted.

    The otheros.bld contains a vmlinux.bin or if u take the original sony bootloader a exoboot.bin- its a gzipped archiv and can be recreated by this way.

    I tested that.

    The Petit-Bootloader is a modification of the standart kboot-bootloader.
    Are their any possibilities to create an own Bootloader who is able to boot the XMB with special parameters?

    Can the XMB get surrounded by VMBRs (special Rootkits)?

  3. #3
    hacked2123 Guest
    Will mess with this soon, sorry I haven't been around on irc; having trouble finding my ssh information and shell.

  4. #4
    Siptang Guest
    hey hacked2123.

    i guess i have things to read here.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Log in