PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

February 12, 2010 // 10:22 pm - We are happy to report that the PS3 Hypervisor LV1 and Bootloader LV0 are dumped from the PlayStation 3's RAM after getting our SX28 Hardware a few days ago, utilizing code for glitching and mashing buttons for hours - the exploit eventually will get triggered!

We tried a few different ways to dump out the real memory - the biggest "problem" was the fact that you can't just simply use File I/O code in a kernel module. Furthermore, you can't call the lv1_peek function from user mode either.

Luckily, resident DEV kakarotoks was up to the challenge. After some trial and error (and too many PS3 crashes!) he made a kernel module which maps the "real" PS3 memory to a device in /proc. The /proc area lets the kernel and userland interact some.

Basically, the device /proc/ps3_hv_mem is created when the kernel module is inserted. Once it is inserted, you can use dd to read the device. By doing this, the device gets passed arguments, which is passed along to lv1_peek - which in turns reads out the real memory.

Be advised, don't go beyond the PS3's upper memory limit. At around 260MB, the PS3 tends to crash - it does not like trying to read beyond RAM limits! So, for usage:

First, run the exploit, and get it triggered and working - that's the hard part!

Next, download the attached file, inside are three files, a Makefile, the ps3_hv_mem.c and a pre-compiled version. Stick these in a folder, and run make. It will then compile a kernel module for you (ps3_hv_mem.ko, or use the pre-compiled one). Then simply type: sudo insmod ps3_hv_mem.ko

Enter your password and check /proc for a ps3_hv_mem entry, or your dmesg. If it is there - let the dumping begin!

You can dump out the PS3 Hypervisor and Bootloader (and the rest of the real memory) via dd. You can use the command:

dd if=/proc/ps3_hv_mem of=PS3_Memory_Dump.bin bs=1024 count=10K

That command will dump out 10485760 bytes, or about 10MB - which nicely includes the goodies like LV0 and LV1. Finally, you can also increase the count, which will increase the amount dumped (multiply by blocksize).

PS3 Hypervisor and Bootloader Dumped from RAM and More!

PS3 Hypervisor and Bootloader Dumped from RAM and More!

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.

#59 - inginear - February 13, 2010 // 1:42 pm
inginear's Avatar
Quote Originally Posted by Karl69 View Post
IDA should be a good tool to start disassembling this stuff

it would be a good tool if you can afford the $539 single user license. and while that is out of my price range i'll just have to wait for the wealthy among us to do the dirty work. i really want nothing more than to help with this process, however the price of admission is far above me.

shoot, $539 is about what i will pay for my next three classes next semester at school. and one of those classes is advanced c++ programming, a class i definitely want to take.

link to price page:

#58 - semitope - February 13, 2010 // 1:07 pm
semitope's Avatar
Quote Originally Posted by TonyHart View Post
Is there a digital watermark? Has anybody got the three known dumps in one place? Have they been compared yet? Would they need to be from the same FW to make comparing useful?

If they get banned I doubt it matters. ban 3 ps3s from psn? No big deal..

#57 - DarkOgr - February 13, 2010 // 12:38 pm
DarkOgr's Avatar
ps3 freedom is one step closer

#56 - febag92 - February 13, 2010 // 12:24 pm
febag92's Avatar
Hey hey hey.. Are you worried about legal issues? Release group? Really, I can do the job. I live in Brazil and we basically don't have laws for the Internet, AT ALL. We are one of the countries with the highest number of spams, malwares and these kinds of things. And no one ever go to jail because of that.

Send me the file and I will be glad to upload it. Torrent, http and any other you want.

#55 - JesusFMA - February 13, 2010 // 12:14 pm
JesusFMA's Avatar
About the linux full hardware access, I think that's something we'll never gonna see, I think they don't do such a thing in order to avoid the PS3 getting hacked .... which is completely useless now . PS2 Backwards ... Anything can happen.

I just wanna say that the Dev's are doing a good gob and I think that someday they're going to surprise us with a very functional and fun application(s).

#54 - syphonlord - February 13, 2010 // 12:06 pm
syphonlord's Avatar
well done lads, the truth is out there!

#53 - TonyHart - February 13, 2010 // 11:42 am
TonyHart's Avatar
Surely its a good idea to compare dumps to see if there is a "watermark" identifying the exact PS3 that they originated from. If there is a digital watermark, I can see those consoles getting banned if the unmodified dumps are released publically.

Is there a digital watermark? Has anybody got the three known dumps in one place? Have they been compared yet? Would they need to be from the same FW to make comparing useful?

#52 - zangetsu1 - February 13, 2010 // 11:32 am
zangetsu1's Avatar
Everyone is waiting to see something released... most of us share the same goal.. most of us have been waiting to see the PS3 HACKED for 3 years.

So please lets keep the comunity spirit up..

peace out!

#51 - Nivdeb - February 13, 2010 // 11:21 am
Nivdeb's Avatar
Thanks to ps3news to share it for those who can do something with it!

#50 - Lazy Boy - February 13, 2010 // 10:18 am
Lazy Boy's Avatar
Release group... Just throw on some proxies and release that piece of gold. Sock5

[Register or Login to view code]