PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

December 27, 2010 // 5:49 pm - Update: Estx has now released both a P3KG (Linux) and P3KGWN (Windows) PS3 Dongle ID Key Generator for those interested, winocm has started a PlayStation 3 Dongle Key Generator GIT (compiled binaries with source HERE), and Waninkoko has also shared a PS3 USB Dongle Key Generator JavaScript Version.

Today Graf_Chokolo announced that he has successfully exploited the PS3 hypervisor 3.15 through GameOS and dumped it, and plans to do the same for version 3.41 along with sharing more details soon.

Here is what he had to say on the matter, to quote: "I have just exploited and dumped HV 3.15 from GameOS

I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.

I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry

Now we don't need Linux to exploit and dump HV. Furthermore, HV dump from GameOS is a lot better because when GameOS is running more features are activated in HV So, i can reverse now more C++ objects and understand better how HV works

I will make everything public very soon and i plan to dump HV 3.41 in the next days

Finally i will get access to SYSCON, EPROM, ENCDEC device and more

And now i dumped the real USB Dongle Master Key guys Noone needs it now but here it is. I tested it with HMAC SHA1 and dongle key 0xAAAA and got the same dongle key that was reversed by KaKaRoTo

Just as i said previously, use USB Dongle Authenticator, then dump HV and the decrypted USB Dongle Master Key will be in HV dump I extracted this key from my HV dump after i used USB Dongle Authenticator on GameOS. Then i rebooted GameOS but not HV and the key was still in HV and still decrypted

static u8 master_key[20] = { 46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2 };

You still need to do memory glitching like it did Geohot. I used sx28 devboard for this. But software exploit is totally different. I used my HV knowledge and exploited HV quite differently, i didn't use a second VAS like Geohot did.

I did my exploit from exploited GameOS. I used a FAT PS3 but it doesn't matter anymore, you could use a Slim PS3 even. Once exploited, the HV remains exploited as long as PS3 is not powered off, that means you can reboot GameOS as much as you want, HV still remains exploited And you have full read/write access to all RAM and peripheral devices from GameOS except isolated SPUs That means full access to SYSCON, ENCDEC device (which is responsible e.g. for HDD encryption/decryption) and other very interesting stuff

That means, with an exploited GameOS every HV can be dumped and reversed. If GameOS >= 3.42 could be exploited then we could dump the new HV again and reverse SELF decryption again and decrypt new games

And i will dump HV 3.41 soon And look for pure software exploits in it.

I just patched Dispatcher Manager and enabled access to all HV services Dumped SYSCON EPROM

Decrypted USB Dongle Master Key with Virtual TRM Manager and guess what, it's the same i posted yesterday

HV 3.41 exploited and dumped Hehe, found HV call table already Good

Damn $ONY They removed LPM HV calls from HV 3.41 "

We are still yet to know if any hardware is required, I have already asked him this, but i think it is not!

Graf Chokolo Announces PS3 Hypervisor Exploit & GameOS Dump

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew.

#17 - solrac1974 - December 28, 2010 // 9:59 am
solrac1974's Avatar
Good news indeed, new year will be very good for PS3 scene!

#16 - condorstrike - December 28, 2010 // 8:27 am
condorstrike's Avatar
Quote Originally Posted by deanrr View Post
:D They'll have to remove GameOS, too And they'll say 'read the EULA - we can do it'.

and when sales drop, they'll come to your house with a torch to melt the gold traces off the boards. And they'll say 'read the EULA - we can do it...

back to the story, after this they'll become like Nintendo... they'll give up cause there's not much they can do, so they'll release a bunch of updates to keep developers at bay, because of the fear of piracy.

Whose Fault is it, Sony??

#15 - deank - December 28, 2010 // 8:16 am
deank's Avatar
Quote Originally Posted by Jes03 View Post
Oh he found an exploit in GameOS... Watch out $ony will now remove it in their next update.

There was no reason to remove OtherOS. Now there is even more reasons why it shouldn't have been removed.

:D They'll have to remove GameOS, too And they'll say 'read the EULA - we can do it'.

#14 - condorstrike - December 28, 2010 // 7:39 am
condorstrike's Avatar
It's a good idea to enlighten the noobs before they flood this thread with 3.55 Dgrade questions...

answer: NO, the USB Dongle Master Key will not allow you to downgrade a 3.55 fw PS3 cause that dongle is the same outdated dongle that was reversed by KaKaRoTo and the self files were revoked as of FW3.55. sorry, Sony is not that stupid...

what it does mean is that, when a new leak comes out of the Jailbreak team or any other and if the self files are usable with this dongle, then we will have it... cracked like a walnut...

The actual good news is he used a memory glitch to exploit GameOS and that dumping hypervisor doesn't need Linux. In lame terms this means that Sony better start building the PS4; cause now there's really no stopping the PS3 scene, great job by graf_chokolo, mad props...

#13 - Jes03 - December 28, 2010 // 5:24 am
Jes03's Avatar
I think someone should start a new poll. What feature will $ony remove next? LOL

Last was 3rd party accessories.

It only DID everything, now it does... there's nothing left for it to do. It only does "stop the door from closing"

#12 - inginear - December 28, 2010 // 4:45 am
inginear's Avatar
quite an achievement! would the gameos remain relatively the same over the firmware updates? i know hooks would be added for 3d games and move support.

#11 - condorstrike - December 28, 2010 // 4:03 am
condorstrike's Avatar
alright, dongle master key... thanks boss.

#10 - PS4 News - December 28, 2010 // 3:59 am
PS4 News's Avatar
I have added the dongle master key to the first post now as well.

#9 - condorstrike - December 28, 2010 // 3:38 am
condorstrike's Avatar
Quote Originally Posted by Jes03 View Post
Oh he found an exploit in GameOS... Watch out $ony will now remove it in their next update.

There was no reason to remove OtherOS. Now there is even more reasons why it shouldn't have been removed.

I think if sony removes GameOS, then we have to become creative and use the PS3 as a basketball...

or maybe they'll remove it and leave us with KolibriOS...

#8 - Moegames - December 28, 2010 // 3:37 am
Moegames's Avatar
like i mentioned before.. once they are in, they are in. It was only a matter of time before things with the ps3 scene would kick into full gear. A lot of talk by noobs saying its all over with, etc but it's not true.. it's only begun.

Good work... looking forward to what can be done with the ps3 fully hacked..