Results 1 to 4 of 4

Thread: Revised PS3 Boot Information

  1. #1
    CJPC Guest

    Revised PS3 Boot Information

    Our Resident DEVS have revised the PS3 Bootup procedure, with some more interesting information.

    asecure_loader is not at start of the NAND. The first 512KB also is skipped, or actually any 512 block of FF is skipped.

    Furthermore, the asecure_loader differs per box, possibly encrypted with a per-box key. Files of course are not in clear, that suggests that at every step an encryption/decryption is done.

    The boot loader in IDA does not look microcode for IDL, maybe it's encrypted with cpu key (the IBM secure boot/asecure_loader), that can explain also why a NAND dump can be restored only on the PS3 from which it was taken.

    asecure_loader ----> lv0 which start lv1ldr or lv2ldr depending on 0 or other number in NAND FS
    lvldr ----> lv1.self ----> cell_ext_area partition NAND, boot compressed linux kernel for example

    load trvk_prg
    spu_pkg_rvk_verifier.self load trvk_pkg
    lv2ldr load lv2_kernel.self
    spp_verifier.self load default.spp (bluetooth ?)
    isoldr (?)
    appldr (?)
    sc_iso.self (?)
    LV2 KERNEL MODULE ----> spu_token_processor.self
    LV2 KERNEL MODULE ----> aim_spu_module.self
    LV2 KERNEL MODULE ----> mc_iso_spu_module.self
    LV2 KERNEL MODULE ----> me_iso_spu_module.self
    LV2 KERNEL MODULE ----> sv_iso_spu_module.self
    LV2 KERNEL MODULE ----> sb_iso_spu_module.self

    That is just a taste of some interesting information, expect more soon!

    More PlayStation 3 News...

  2. #2
    Ni0b Guest
    If you install a Bootloader from the OtherOS.bld and OtherOS.self does he write himself to the MBR and will be booted before the XMB OS is booted.

    The otheros.bld contains a vmlinux.bin or if u take the original sony bootloader a exoboot.bin- its a gzipped archiv and can be recreated by this way.

    I tested that.

    The Petit-Bootloader is a modification of the standart kboot-bootloader.
    Are their any possibilities to create an own Bootloader who is able to boot the XMB with special parameters?

    Can the XMB get surrounded by VMBRs (special Rootkits)?

  3. #3
    hacked2123 Guest
    Will mess with this soon, sorry I haven't been around on irc; having trouble finding my ssh information and shell.

  4. #4
    Siptang Guest
    hey hacked2123.

    i guess i have things to read here.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts