Thread: Thought on PS3 Dump Problems
08-02-2010 #1whinis Guest
Thought on PS3 Dump Problems
I do not claim to be an expert on anything ps3 or hardware related. But why couldn't someone take a broken ps3, take its ram chip and add a second smaller ram chip on there making a sort of mod chip? The second ram chip could have the function to dump the ram, It would be totally undisturbed because the ps3 wouldn't realize it was its more than expected.
This would allow you to dump the entirety of the ram with no clipping. This could also be used to extract the keys as you could read them as they go by.
1. Make mod chip for ram that allows firmware to load onto it and also dump then entire contents
2. install modchip
08-02-2010 #2ionbladez Guest
keys never hit the ram, if i've been following correctly :[
however ya i would think in theory the ram can be dumped without the need for otherOS, I find it highly possible, only for the hardcore devs and hackers out there though.
I'm sure the exploit is still there, they just tried to hide it better now by removing otherOS.
heh, putting a sheet over a hole in the ground ain't gonna stop anyone from going in.
08-02-2010 #3whinis Guest
Well If I understand computer correctly they must either hit the ram or be burned in the processor, as for the otherOs what is stopping devs from taking a ram dump from previous otherOs and then loading that into ram through whatever means and then still using its.
Also we should be able to get the signature when the pup talks to the firmware to say "yes, im from sony" and then copy that signature onto a custom firmware.
08-03-2010 #4tragedy Guest
You cannot just determine what the per-CPU key is, because we can't encrypt for it without the key and you can't read the memory of an encrypted core.
Basically, as was said earlier, the keys never get into RAM.
08-03-2010 #5whinis Guest
Does the processor decrypt the program and then re-crypt it before it leaves, it not all you need to do it compare the incoming information to the outgoing and decipher a key based on the appearant algorithm.
08-03-2010 #6CJPC Guest
So the programs running in the SPU never sees the light of day outside of the CELL processor.
08-03-2010 #7Darny Guest
08-03-2010 #8whinis Guest
I just read up on SPU's and SPE's and from what I read that they are like mini computers including ram. So since they never see the light of day read what goes into them and what comes out. By watching what goes in/out you can determine was is happening inside. Either that or decap it and read it yourself.
08-04-2010 #9xclusiv Guest
Hmm.. It's been a while since I last worked with the Cell BE, but from what I recall the SPE/SPUs are completely self-sufficient. So even the PPE cant monitor everything being sent out to the EIB from that SPU unless its to the PPEs mailbox, and since (I think) the Cell has its own DMA controller which isn't intertwined with the PPE it can probably send decrypted data straight to RAM without any chance of the PPE knowing. Bus sniffing would be impossible on those busses i'm pretty sure considering how fast they are.. Please correct me if im wrong
08-04-2010 #10whinis Guest
Would it be possible to do what they did to the DS which from what I read had better security than the ps3 until they decaped the processor and slowed it down to around 200mhz to read it. they ended up dumping something around 40 gb from the processor.