PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

277w ago - We are happy to report that the PS3 Hypervisor LV1 and Bootloader LV0 are dumped from the PlayStation 3's RAM after getting our SX28 Hardware a few days ago, utilizing code for glitching and mashing buttons for hours - the exploit eventually will get triggered!

We tried a few different ways to dump out the real memory - the biggest "problem" was the fact that you can't just simply use File I/O code in a kernel module. Furthermore, you can't call the lv1_peek function from user mode either.

Luckily, resident DEV kakarotoks was up to the challenge. After some trial and error (and too many PS3 crashes!) he made a kernel module which maps the "real" PS3 memory to a device in /proc. The /proc area lets the kernel and userland interact some.

Basically, the device /proc/ps3_hv_mem is created when the kernel module is inserted. Once it is inserted, you can use dd to read the device. By doing this, the device gets passed arguments, which is passed along to lv1_peek - which in turns reads out the real memory.

Be advised, don't go beyond the PS3's upper memory limit. At around 260MB, the PS3 tends to crash - it does not like trying to read beyond RAM limits! So, for usage:

First, run the exploit, and get it triggered and working - that's the hard part!

Next, download the attached file, inside are three files, a Makefile, the ps3_hv_mem.c and a pre-compiled version. Stick these in a folder, and run make. It will then compile a kernel module for you (ps3_hv_mem.ko, or use the pre-compiled one). Then simply type: sudo insmod ps3_hv_mem.ko

Enter your password and check /proc for a ps3_hv_mem entry, or your dmesg. If it is there - let the dumping begin!

You can dump out the PS3 Hypervisor and Bootloader (and the rest of the real memory) via dd. You can use the command:

dd if=/proc/ps3_hv_mem of=PS3_Memory_Dump.bin bs=1024 count=10K

That command will dump out 10485760 bytes, or about 10MB - which nicely includes the goodies like LV0 and LV1. Finally, you can also increase the count, which will increase the amount dumped (multiply by blocksize).

PS3 Hypervisor and Bootloader Dumped from RAM and More!

PS3 Hypervisor and Bootloader Dumped from RAM and More!

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.



#49 - dante489 - 277w ago
dante489's Avatar
wish you all luck devs of ps3news.. the fact that your wasting your time and money for the sake of a full functioned ps3 for the world is just fare enough for us even if you we couldn't get actual homebrews to run.

#48 - Karl69 - 277w ago
Karl69's Avatar
IDA should be a good tool to start disassembling this stuff

Cheers

Karl

#47 - mckarlsson - 277w ago
mckarlsson's Avatar
nice news!!! i think this is a huge step !

#46 - denunes - 277w ago
denunes's Avatar
hot great stuff!! one more step for hv to go down... and homebrew to come up.

#45 - dvbtr - 277w ago
dvbtr's Avatar
Quote Originally Posted by CJPC View Post
We tried a few different ways to dump out the real memory - the biggest "problem" was the fact that you can't just simply use File I/O code in a kernel module. Furthermore, you can't call the lv1_peek function from user mode either.

Luckily, resident DEV kakarotoks was up to the challenge. After some trial and error (and too many PS3 crashes!) he made a kernel module which maps the "real" PS3 memory to a device in /proc. The /proc area lets the kernel and userland interact some.


Good job guys but i want to ask you something. Did you try to dump memory more then one time for compare?

#44 - zeromx - 277w ago
zeromx's Avatar
Great work guys... keep it up

#43 - yellowsnow - 277w ago
yellowsnow's Avatar
While the hypervisor is definitely Sony's copyrighted code reverse engeneering it to make your own new completely rewirtten code is not so if we do figure out a hypervisor bug and exploit it to run a modified HV the modified HV will have to be new code not part of Sony's or it will have to modify the existing HV.

Its like if you dumped the hypervisor and hexedited your name to the bottom its still Sony's copyrighted code, but if you look at Sony's code (which is kinda of a gray legal area) and made your own based on their code it isn't illegal and bravo CPJC all the PS3News team this is what we have been waiting for.

#42 - cmccmc - 277w ago
cmccmc's Avatar
Quote Originally Posted by diablodiab View Post
What would be the problem with making the HV dump available immediately? Surely there can't be any legal issues involved with a memory dump - why are they surrounded by privacy as if that was the case?

They are illegal to distribute.. thats why they need a release group to do it for them

#41 - Recorator - 277w ago
Recorator's Avatar
Congrats Guys! I think people will join me in saying that this place (PS3News) has been the only interesting location for news relating to the PS3 since day 1. Glad to see that your moving ahead quickly with this work.

#40 - diablodiab - 277w ago
diablodiab's Avatar
Quote Originally Posted by PS3 News View Post
My guess would be a few days, but until we get the go-ahead from a release group it's hard to say for sure.


What would be the problem with making the HV dump available immediately? Surely there can't be any legal issues involved with a memory dump - why are they surrounded by privacy as if that was the case?