PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

December 13, 2007 // 1:37 am - Our Resident DEVS have revised the PS3 Bootup procedure, with some more interesting information.

asecure_loader is not at start of the NAND. The first 512KB also is skipped, or actually any 512 block of FF is skipped.

Furthermore, the asecure_loader differs per box, possibly encrypted with a per-box key. Files of course are not in clear, that suggests that at every step an encryption/decryption is done.

The boot loader in IDA does not look microcode for IDL, maybe it's encrypted with cpu key (the IBM secure boot/asecure_loader), that can explain also why a NAND dump can be restored only on the PS3 from which it was taken.

asecure_loader ----> lv0 which start lv1ldr or lv2ldr depending on 0 or other number in NAND FS
lvldr ----> lv1.self ----> cell_ext_area partition NAND, boot compressed linux kernel for example

load trvk_prg
spu_pkg_rvk_verifier.self load trvk_pkg
lv2ldr load lv2_kernel.self
spp_verifier.self load default.spp (bluetooth ?)
isoldr (?)
appldr (?)
sc_iso.self (?)
LV2 KERNEL MODULE ----> spu_token_processor.self
LV2 KERNEL MODULE ----> aim_spu_module.self
LV2 KERNEL MODULE ----> mc_iso_spu_module.self
LV2 KERNEL MODULE ----> me_iso_spu_module.self
LV2 KERNEL MODULE ----> sv_iso_spu_module.self
LV2 KERNEL MODULE ----> sb_iso_spu_module.self

That is just a taste of some interesting information, expect more soon!

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#3 - Siptang - January 5, 2008 // 10:03 pm
Siptang's Avatar
hey hacked2123.

i guess i have things to read here.

#2 - hacked2123 - January 5, 2008 // 9:57 pm
hacked2123's Avatar
Will mess with this soon, sorry I haven't been around on irc; having trouble finding my ssh information and shell.

#1 - Ni0b - January 5, 2008 // 6:26 pm
Ni0b's Avatar
If you install a Bootloader from the OtherOS.bld and OtherOS.self does he write himself to the MBR and will be booted before the XMB OS is booted.

The otheros.bld contains a vmlinux.bin or if u take the original sony bootloader a exoboot.bin- its a gzipped archiv and can be recreated by this way.

I tested that.

The Petit-Bootloader is a modification of the standart kboot-bootloader.
Are their any possibilities to create an own Bootloader who is able to boot the XMB with special parameters?

Can the XMB get surrounded by VMBRs (special Rootkits)?