Revised PS3 Boot Information
Our Resident DEVS have revised the PS3 Bootup procedure, with some more interesting information.
asecure_loader is not at start of the NAND. The first 512KB also is skipped, or actually any 512 block of FF is skipped.
Furthermore, the asecure_loader differs per box, possibly encrypted with a per-box key. Files of course are not in clear, that suggests that at every step an encryption/decryption is done.
The boot loader in IDA does not look microcode for IDL, maybe it's encrypted with cpu key (the IBM secure boot/asecure_loader), that can explain also why a NAND dump can be restored only on the PS3 from which it was taken.
asecure_loader ----> lv0 which start lv1ldr or lv2ldr depending on 0 or other number in NAND FS
lvldr ----> lv1.self ----> cell_ext_area partition NAND, boot compressed linux kernel for example
spu_pkg_rvk_verifier.self load trvk_pkg
lv2ldr load lv2_kernel.self
spp_verifier.self load default.spp (bluetooth ?)
LV2 KERNEL MODULE ----> spu_token_processor.self
LV2 KERNEL MODULE ----> aim_spu_module.self
LV2 KERNEL MODULE ----> mc_iso_spu_module.self
LV2 KERNEL MODULE ----> me_iso_spu_module.self
LV2 KERNEL MODULE ----> sv_iso_spu_module.self
LV2 KERNEL MODULE ----> sb_iso_spu_module.self
That is just a taste of some interesting information, expect more soon!
More PlayStation 3 News...
If you install a Bootloader from the OtherOS.bld and OtherOS.self does he write himself to the MBR and will be booted before the XMB OS is booted.
The otheros.bld contains a vmlinux.bin or if u take the original sony bootloader a exoboot.bin- its a gzipped archiv and can be recreated by this way.
I tested that.
The Petit-Bootloader is a modification of the standart kboot-bootloader.
Are their any possibilities to create an own Bootloader who is able to boot the XMB with special parameters?
Can the XMB get surrounded by VMBRs (special Rootkits)?
Will mess with this soon, sorry I haven't been around on irc; having trouble finding my ssh information and shell.
i guess i have things to read here.
Tags for this Thread