PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

268w ago - As promised, today JaicraB has revealed the PS3 Hypervisor LV2 (GameOS) dump method and circuit used to allow the PS3's memory to persist while booting into OtherOS, which then allows dumping of the memory.

This was apparently on a CECHG model system with board model SEM-001 1-875-384-21

To quote, roughly translated: DemonHades / JaicraB Extraction Method:

First of all, be careful if you're going to attempt this, I am not responsible.

It's about keeping the RAM alive when moving to OtherOS. To do this the ram must be fed at all times so as not to erase the data.

Overview map
Refer to the First Image below.

Zone A
http://4.bp.blogspot.com/_4rtVxQc9D6s/S7dexn30R7I/AAAAAAAAAFs/tpo2XxknPKs/s1600/Zona+A.JPG

This area is sensitive. At that point we had settled with two resistors together. You have to remove it (remove it, but you could also cause a short circuit). It has 4 legs. At this point it tells the RAM and the integrated MOSFET turns off.

Zone B
http://3.bp.blogspot.com/_4rtVxQc9D6s/S7deyC8VeyI/AAAAAAAAAF0/bGUuh1knvRA/s1600/Zona+B.JPG

From the point labeled we get the feed. You can put anywhere on the track.

Zone C
http://2.bp.blogspot.com/_4rtVxQc9D6s/S7deye-D8wI/AAAAAAAAAF8/1EeIUE6Keyw/s1600/Zona+C.JPG

At this point labeled we have to make a bridge to defeat the two resistors.

Zone D
http://2.bp.blogspot.com/_4rtVxQc9D6s/S7dYDoRKnRI/AAAAAAAAAE0/tp9grVoM5kQ/s1600/Zona+D.jpg

The original point of the exploit.

Mini Circuit
Refer to the Second Image below.

The Technique

It is possible that the first time you start count him to do for the recovery.

It Summarized a bit with the following steps:

• Log into XMB.
• Touching, ejectura, configure, filling the memory with more information.
• Run a game, insert a BD, etc, etc.
• Then boot to OtherOS.
• Dump memory to exploit.

Remember: The first 36 Megabytes are the "privileged memory" that contains LV00, LV1, LV2. The rest is waste memory of XMB (very interesting) and data from OtherOS.

The next thing to try is to start a tiny linux system and do a full dump. So we would get more data from the XMB and less disturbed memory (from OtherOS)

The bad thing is my two-week vacation is over (I would have liked to have one more week to follow up).

Good luck to all and share!

PS3 Hypervisor LV2 (GameOS) Dump Method is Revealed!

PS3 Hypervisor LV2 (GameOS) Dump Method is Revealed!

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.




#13 - moneymaker - 268w ago
moneymaker's Avatar
It's not a bad idea at all but... who tells the linux OS to NOT overwrite memory blocks used by XMB ?

This needs a specially crafted allocation table in the initrd to work, otherwise the system booting may corrupt the RAM content...

Am I wrong ? And who tell us the memory blocks which are not used by XMB in order to use them to boot linux ?

Experience maybe, just try, try, try again I suppose...

#12 - saviour07 - 268w ago
saviour07's Avatar
Quote Originally Posted by Raze1988 View Post
Man, that looks so very complicated. I hope the guys who dumped the HV before have no problem understanding/reproducing this.

I think because the dump has already been publically released, all dev's will just take that and examine it instead of recreating the entire process.

That was the whole problem with GeoHot in the first place - people had to recreate what he had already done just so they could see the lv1 dump. But because DemonHades and JaicraB have released a dump for all to see, anyone with the knowledge can just examine it without having to go through what they did.

They've released a mini tutorial on how to do it yourself purely for those that are interested in how it was obtained and incase someone else wants to try and do it.

So I think no it's been released publically it's just going to be under the scrutiny of the dev's now.

#11 - foresttree1 - 268w ago
foresttree1's Avatar
great job DemonHades / JaicraB. You have done a great service to the ps3 world. Keep up the great work!

#10 - dondolo - 268w ago
dondolo's Avatar
i tried to post the guide yesterday in the afternoon but i suppose i'm still under moderation.

#9 - Raze1988 - 268w ago
Raze1988's Avatar
Man, that looks so very complicated. I hope the guys who dumped the HV before have no problem understanding/reproducing this.

#8 - proskopina - 268w ago
proskopina's Avatar
thanks guys you working so hard!! i think soon we will have something out of this!!!

#7 - Christiann - 268w ago
Christiann's Avatar
This might sound interesting:

Download a demo from the playstation store and install it (usually a .pkg file). Then boot into OtherOS, and use the exploit to dump the lv2/GameOS memory. If we got lucky, the memory dump contains the decryption key which was used to decrypt the .pkg demo file.

#6 - Warrorar - 268w ago
Warrorar's Avatar
very nice, i hope someone will find a hole in the lv2 dump.

would be awsome to see a cfw with backup support and 3D Output

#5 - Pcsx2006 - 268w ago
Pcsx2006's Avatar
Thanks very much JaicraB and DemonHades your contributions to the scene will never be forgotten. thank you once again and i hope you guys keep working like this bcz due to people like you scene is alive and will remains alive forever.

#4 - PS4 News - 268w ago
PS4 News's Avatar
OK I moved the post to the Site News of yours ps3junkie2010 and merged the others to this thread. I gave +Rep to everyone who replied as well, but removed the duplicate guide posts and left the comments and additional translations.