PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

December 11, 2010 // 2:34 am - As a follow-up to his recent PS3 SELF Decrypter PSGroove Payload and PS3 3.50 Firmware Decryption work, today PlayStation 3 developer graf_chokolo has released a PS3 LV2 Kernel Decrypter payload for PSGroove.

Download: PS3 LV2 Kernel Decrypter PSGroove Payload / GIT

To quote from his comment on xorloser's blog, linked above:

graf_chokolo says:

I just release my lv2 kernel decrypter You need metldr, lv2ldr, RL_FOR_PROGRAM.img and lv2_kernel.self. You have first to dump your metldr from FLASH memory. lv2ldr you will find also in your FLASH memory or in decrypted CORE_OS_PACKAGE.pkg from PUP files.

RL_FOR_PROGRAM.img is a revoke list for programs and can be also found in PUP files. lv2_kernel.self is on your FLASH memory or in decrypted CORE_OS_PACKAGE.pkg.

First i send all files to PS3 and store them in memory. After that i load metldr in isolation mode and pass it the addr e ss of lv2ldr. The code is very low level and many things are done by directly manipulating SPU registers

If you have any questions or problems then feel free to contact me or ask here. I will try to help you. I will try to document my findings on my homepage

I also uploaded a code which can communicate with USB Dongle AUthenticator by using Dispatcher Manager without using any GameOS functions It’s exactly what GameOS does, just low level

Have fun guys

lv2_kernel.self from 1.10 firmware decrypted

Guys, just to make sure that you know LV2 decrypter is also PS2 emu decrypter, just change LPAR auth id in code PS2 emu is like GameOS, it’s LV2 and is decrypted by lv2ldr

Just decrypted vsh.self from 1.10 firmware Just like old good days

I decrypted software_update_plugin.sprx but didn’t have time to reverse it yet


Loading metldr

  • Physical/Virtual memory address of an isolation module that should be loaded by metldr is written into SPU register SPU_In_Mbox. The SPU register SPU_In_Mbox is 32bit, so 64bit memory address is written in 2 steps.
  • MFC relocation is turned off by clearing R-bit in SPU register MFC_SR1. By doing this, HV enables real address mode for MFC of SPU.
  • On GameOS, it also works with relocation on. You just have to initialize SLB of SPU and insert valid SLB entries.
  • Physical/Virtual memory address of metldr is written to SPU registers Sig_Notify1 and Sig_Notify2
  • Isolation load request is enabled by writing SPU register SPU_PrivCntl
  • Isolation load request is made by writing value 0x3 into SPU register SPU_RunCntl


SPE_load_request_metldr - 0x002B00A4 (3.15)


  • lv2ldr is used to decrypt lv2_kernel.self
  • syscalls 0x10042 and 0x1004A use lv2ldr
  • syscall 0x10042 is used by HV Process 3 during LV2 LPAR construction
  • syscall 0x1004A uses different parameters as syscall 0x10042


SPE_load_request_lv2ldr_1 - 0x002AE82C (3.15)

SPE_load_request_lv2ldr_2 - 0x002AE8D8 (3.15)

Loading lv2ldr

  • 64 bit memory address of lv2ldr is written into 32 bit SPU register SPU_In_Mbox
  • metldr is loaded

Decrypting SELFs with appldr and lv1_undocumented_function_99

  • lv1_undocumented_function_99 loads and prepares appldr for SELF decryption.
  • When appldr is ready to decrypt data, it sends a message via mailbox.
  • The address and the size of the encrypted data is passed to appldr via a shared memory.

Patent Reveals Sony to Increase PS3 Power via External Processor

Patent Reveals Sony to Increase PS3 Power via External Processor

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#8 - Shrink - December 11, 2010 // 10:41 am
Shrink's Avatar
Absolutely agreed. SUB and Ethernet are too slow. Not to speak of Bluetooth or Wifi... But an harddisk adaptor could do it. every console has an interchangable harddrive. So none would be left out. Also the speed would be tops compared to other interfaces. However I guess all of this is just a concept.

Marketing would be way easier for a new console.

#7 - DreaDNoughT1666 - December 11, 2010 // 10:34 am
DreaDNoughT1666's Avatar
yeah this sounds intresting and i would belive it could add the ps2 support, and as for connection, id say they would go with the ps2 method and have a stick out addon to where the harddrive inteface is and have the hdd on the inside of the mod and have the board bridge between the ps3 and the hdd too, tht way it would be both cost effective could be done so tht it looks nice AND have really good speed.

#6 - 01010247 - December 11, 2010 // 10:33 am
01010247's Avatar
Quote Originally Posted by BALLISTIKAL View Post
How is this thing supposed to connect to the PS3??

Well, assuming that varanty void = opening your console, the only way how to connect PS3's of today (not speaking of new REV) is just through USB (unlikely) or WI-FI (even more unlikely)... I think it'll work like external GPU's for laptops, but for PS3 it'd be just waste of money - PS3 is powerful enough today, so you'll need something really big and high-performance so it makes sense

edit: ethernet is also the way to do it, but I think they'll make an ethernet switch then, coz still many people connect through cable to their router

#5 - Tatsh2DX - December 11, 2010 // 10:29 am
Tatsh2DX's Avatar
If SOMEHOW the USB connects to somewhere besides the serial bus, that might be how.

Otherwise, I see this as something for new PS3s. I certainly don't see where this could go other than USB (at great expense to the power it is supposed to bring) logically.

#4 - BALLISTIKAL - December 11, 2010 // 10:19 am
How is this thing supposed to connect to the PS3??

#3 - KrzyInuYasha - December 11, 2010 // 9:48 am
KrzyInuYasha's Avatar
Interesting concept though I wonder how it will connect to the system. Will it be a specialized port added to a new revision of PS3s. Or will it be backwards compatible to the current line using either USB or LAN connection. Both could work but I wonder how badly the USB bandwidth would limit it While the Ethernet would be faster it could add extra cost.

#2 - PS4 News - December 11, 2010 // 9:35 am
PS4 News's Avatar
Thanks for the news fattysc, moved it to the main page now and +Rep!

#1 - moja - December 11, 2010 // 8:37 am
moja's Avatar
I read the patent on this thing... It is worded to be usable for several computer-based applications, but then describes 'hypothetical' uses for sharing bandwidth between graphics and external memory subsystems. I cannot decide how to speculate on this, but given the increasing R&D cost of developing new systems, I can understand creating an incremental upgrade of sorts (to at least extend the console life). I think boosting the system memory and graphics hardware would be a sound investment.

I wonder if it could be used to leverage the rumored PS2 compatibility hardware add-on.