PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

269w ago - Update: JaicraB has now shared a second (36MB) dump and update, details and the download link are available HERE and the guide is being worked on!

Today JaicraB (linked above) with the help of DemonHades have done what GeoHot failed to do, dump and publicly leak the PS3 Hypervisor LV2 (GameOS) for the entire PS3 scene to begin reversing and examining for new holes, exploits, etc!

But wait, there's more... they also plan to share a guide soon detailing how the LV2 dump was done (see HERE for the LV1 dump leak) so that everyone in the PlayStation 3 development community can join in on the fun!

This is indeed refreshing news in comparison to a lone glory hound out only for himself instead of the PS3 scene, seeking attention while blinded by his own e-fame from the notion that others in the community are just as capable, if not moreso, as will surely be demonstrated in coming months.

BIG PROPS to both JaicraB and DemonHades, you guys deserve it and we are honored to see your willingness to share with everyone to further PS3 development. You truly are shining examples of what the scene is all about, and you will be remembered for this.

Download: PS3 Hypervisor LV2 (GameOS) Dump [48.0MB (50,331,648 bytes)] / PS3 Hypervisor LV2 (GameOS) Dump [35.2MB (37,000,000 bytes)]

To quote, roughly translated: "DHorg friends because that is in luck, and I DemonHades and JaicraB we have dump the LV2 (supervisor) thereby obtaining ps3 kernel very soon we detailed the dump.

Jaicrab a pleasure working with you friend.

Best to all! A week ago I started to dismount for the first time a PS3 and install Linux without any experience. My only goal was to teach people to change the cooling of a PS3. Gradually I was calling attention to the world of SCENE and a week I give the LV2.

This concludes a long afternoon with only one thought. DemonHades Thanks for sharing your experience with me and spend the whole evening with me and discuss check for teaching me everything you know in two hours. The truth is that without DemonHades would have been almost impossible. A great and wise person.

After an entire afternoon leading a project in mind, we could dump the LV2. We had read access of the last session before entering XMB Other.

I promised. It will explain the method to follow if you want to do you the same. Enjoy it!

Next step? The next step is Inmagine. First of all tomorrow if I can I will explain the process of how to do it.

It is not a simple dump LV2, but a dump of the entire session previously opened in XMB. What you need to debug the dump way to make things not to mix the session Other and so we can analyze everything that we run in XMB.

This dump was made with an upper size LV2, which contains trash otheros session mixed with XMB. The LV2 area is intact, are the first 36 megabytes, which is lv0, LV1, LV2.

You open a door and you find 50 more, each new door you can open 50 more doors. Choose your path to investigate and share it with everyone."

Finally, pictured below is the IDA Pro SPU processor module in action!

PS3 Hypervisor LV2 (GameOS) Dumped and Publicly Leaked!!

PS3 Hypervisor LV2 (GameOS) Dumped and Publicly Leaked!!

PS3 Hypervisor LV2 (GameOS) Dumped and Publicly Leaked!!

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.




#127 - daGraveR - 268w ago
daGraveR's Avatar
This is true, unless the 'hacker' controls the DNS, like in this case. There's nothing preventing the 'hacker' to change the address of ps4news.com to 1.2.3.4, which would act as a proxy sniffing out interesting stuff and then forwarding requests to 74.52.36.42 and send it back to the client.

http://en.wikipedia.org/wiki/Man_in_the_middle_attack
I have a computer engineering degree.

Seriously, I'd ask my money back if I were you...
Even it were possible to hi-jack the data .. you'd need an IBM blade server with a bunch of cell cpu's

No, you don't in case of SSL-traffic MITM-attacks also work nicely with forged/faked certificates.

#126 - gravesg - 268w ago
gravesg's Avatar
Quote Originally Posted by triple7 View Post
It's not safe because when using this DNS, your communication with Sony's servers passes through this server. This means whoever owns the server might be able to listen in on the communication and possibly steal your PSN password, credit card details etc.

dns servers serve to give you an ip address when you enter a .com, net, org, etc

it works like this, lets say i want to goto ps4news.com. i tell my browerser ps4news.com my computer tells the dns server ps4news.com and the dns server tells my computer/modem 74.52.36.42 and then wahh laaa .. i get a web site.

THERE IS NO DATA THAT TRANSFERS through the dns server. IT WOULD BE IMPOSSIBLE TO STORE SO MUCH.

I have a computer engineering degree. so i trust i explained this as simple as possible. Even it were possible to hi-jack the data .. you'd need an IBM blade server with a bunch of cell cpu's

you gotta realize every major isp runs dns servers and lets use comcast for example, they'd have 20 million people requesting websites every 10-14 seconds.

thats 100 million in less than a minute, do you know how big a log file would be for an hour, it'd take you YEARS to decipher any infomation you might have stolen, which i may add is not possible.

#125 - GrandpaHomer - 268w ago
GrandpaHomer's Avatar
In regards of using (any) "unverified" or nontrusted DNS servers - it is indeed impossible (directly) to do much via DNS server itself ... BUT - who says it will not redirect the certain specific services / downloads / etc. (apart of the much needed version bypass) via his own servers to do some sniffing, eh?

As unfortunatelly using several "local" bypass methods the connection / program was pretty unstable with getting disconencted all the time and not even being able to connect to some games online at all (e.g. Everybody's Golf: World tour / Hot Shots Golf) I'm using that proxy on 2 of 3 of mine PS3s (not working for one with fw 1.50 neither any of the proxy programs so far) and all I can suggest is to remove your creditcard details linked to your PSN account and change your passwords often and keep them long and strong. It does indeed use https communication so chance of any of your details are pretty slim but still - better be sure than sorry.

A bit of OT - anyone still uses PS3 with some of the lower FWs (2.00 or 1.50 or similar) to go online? If yes - can you please at least briefly direct me to teh right direction for mine 1.50 (UK) one? I believe it SHOULD work with proxy if the "correct" version file is supplied but after several attempts to do so and all failing I'm a bit sceptic now ... Any help will be much appreciated.

#124 - sapperlott - 268w ago
sapperlott's Avatar
Just took a brief look at the dump and basically you can ignore anything after offset 0x1000000 since that's where Linux lives.

Compared to a "regular" LV1 dump, there's different content starting at 0x800000. So if you're looking for LV2 content your best chance to find something is in between 0x800000 and 0xffffff.

Another interesting fact: this dump was taken from the same PS3 the LPT triggered dump originates from. So it could help to compare the new dump to the LPT triggered one.

#123 - jimmychoochewit - 268w ago
jimmychoochewit's Avatar
Opendns is a good public server. Pretty popular too..

So, what can this exploit lead to in the future? I have some knowledge, but nothing like this.

#122 - triple7 - 268w ago
triple7's Avatar
Quote Originally Posted by nannou View Post
The DNS thing isn't safe? Why is that?


It's not safe because when using this DNS, your communication with Sony's servers passes through this server. This means whoever owns the server might be able to listen in on the communication and possibly steal your PSN password, credit card details etc.

#121 - korn16ftl3 - 268w ago
korn16ftl3's Avatar
Quote Originally Posted by nannou View Post
The DNS thing isn't safe? Why is that?

The public DNS that some one else set up mentioned earlier in the thread isn't safe. i myself don't use anything like that less its trusted in the first place.

#120 - nannou - 268w ago
nannou's Avatar
The DNS thing isn't safe? Why is that?

#119 - TUHTA - 268w ago
TUHTA's Avatar
Quote Originally Posted by ionbladez View Post

[Register or Login to view code]


Apparently, we have ourselves the line we've been looking for now, sadly - still I have no PS3 to test this, but rest assured I am looking at the dump and from what I see factory mode relies on a very specific bit in the "usb dongle".

It doesn't look like anything more than a single bit that is flipped in the filesystem headers.

However this theory could be 100% incorrect, so everyone bare with me.

well, you are pretty right! Yes it is! It look like code, that is working for "USB JUNGLE"!

Maybe Devs can modify this code, for that we can use any USB storage, to get working as "USB JUNGLE"

#118 - ionbladez - 268w ago
ionbladez's Avatar

[Register or Login to view code]


Apparently, we have ourselves the line we've been looking for now, sadly - still I have no PS3 to test this, but rest assured I am looking at the dump and from what I see factory mode relies on a very specific bit in the "usb dongle".

It doesn't look like anything more than a single bit that is flipped in the filesystem headers.

However this theory could be 100% incorrect, so everyone bare with me.