Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links
Sponsored Links
Page 1 of 2 12 LastLast
Results 1 to 10 of 18



  1. #1
    Registered User whinis's Avatar
    Sponsored Links

    Lightbulb Thought on PS3 Dump Problems

    Sponsored Links
    I do not claim to be an expert on anything ps3 or hardware related. But why couldn't someone take a broken ps3, take its ram chip and add a second smaller ram chip on there making a sort of mod chip? The second ram chip could have the function to dump the ram, It would be totally undisturbed because the ps3 wouldn't realize it was its more than expected.

    This would allow you to dump the entirety of the ram with no clipping. This could also be used to extract the keys as you could read them as they go by.

    1. Make mod chip for ram that allows firmware to load onto it and also dump then entire contents

    2. install modchip

    3. dump

  2. #2
    Sponsored Links
    keys never hit the ram, if i've been following correctly :[

    however ya i would think in theory the ram can be dumped without the need for otherOS, I find it highly possible, only for the hardcore devs and hackers out there though.

    I'm sure the exploit is still there, they just tried to hide it better now by removing otherOS.

    heh, putting a sheet over a hole in the ground ain't gonna stop anyone from going in.

  3. #3
    Well If I understand computer correctly they must either hit the ram or be burned in the processor, as for the otherOs what is stopping devs from taking a ram dump from previous otherOs and then loading that into ram through whatever means and then still using its.

    Also we should be able to get the signature when the pup talks to the firmware to say "yes, im from sony" and then copy that signature onto a custom firmware.

  4. #4
    Quote Originally Posted by whinis View Post
    Well If I understand computer correctly they must either hit the ram or be burned in the processor
    Yes, that's exactly it. The cell processor as you know has many cores. You can configure these cores to run an encrypted program which is decrypted using a per-CPU key that's specific to that one processor. Each PS3 has its own version of the decryption software, itself decrypted using the processor key, so that its secrets are safe.

    You cannot just determine what the per-CPU key is, because we can't encrypt for it without the key and you can't read the memory of an encrypted core.

    Basically, as was said earlier, the keys never get into RAM.

  5. #5
    Does the processor decrypt the program and then re-crypt it before it leaves, it not all you need to do it compare the incoming information to the outgoing and decipher a key based on the appearant algorithm.

  6. #6
    Quote Originally Posted by whinis View Post
    Does the processor decrypt the program and then re-crypt it before it leaves, it not all you need to do it compare the incoming information to the outgoing and decipher a key based on the appearant algorithm.
    Well, take for example you want to run a game, the main executable (EBOOT.BIN) is pushed into memory, then some "magic" is done by an encrypted SPU program (which, is never decrypted in main memory), and the EBOOT.BIN is then decrypted into main memory, where it is executed so you can play.

    So the programs running in the SPU never sees the light of day outside of the CELL processor.

  7. #7
    Quote Originally Posted by CJPC View Post
    Well, take for example you want to run a game, the main executable (EBOOT.BIN) is pushed into memory, then some "magic" is done by an encrypted SPU program (which, is never decrypted in main memory), and the EBOOT.BIN is then decrypted into main memory, where it is executed so you can play.

    So the programs running in the SPU never sees the light of day outside of the CELL processor.
    We'll its got to be said Sony did do a very good job

  8. #8
    I just read up on SPU's and SPE's and from what I read that they are like mini computers including ram. So since they never see the light of day read what goes into them and what comes out. By watching what goes in/out you can determine was is happening inside. Either that or decap it and read it yourself.

  9. #9
    Hmm.. It's been a while since I last worked with the Cell BE, but from what I recall the SPE/SPUs are completely self-sufficient. So even the PPE cant monitor everything being sent out to the EIB from that SPU unless its to the PPEs mailbox, and since (I think) the Cell has its own DMA controller which isn't intertwined with the PPE it can probably send decrypted data straight to RAM without any chance of the PPE knowing. Bus sniffing would be impossible on those busses i'm pretty sure considering how fast they are.. Please correct me if im wrong

  10. #10

    Post

    Would it be possible to do what they did to the DS which from what I read had better security than the ps3 until they decaped the processor and slowed it down to around 200mhz to read it. they ended up dumping something around 40 gb from the processor.

 

Sponsored Links
Page 1 of 2 12 LastLast
Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News