PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

April 2, 2010 // 7:44 pm - Update: JaicraB has now shared a second (36MB) dump and update, details and the download link are available HERE and the guide is being worked on!

Today JaicraB (linked above) with the help of DemonHades have done what GeoHot failed to do, dump and publicly leak the PS3 Hypervisor LV2 (GameOS) for the entire PS3 scene to begin reversing and examining for new holes, exploits, etc!

But wait, there's more... they also plan to share a guide soon detailing how the LV2 dump was done (see HERE for the LV1 dump leak) so that everyone in the PlayStation 3 development community can join in on the fun!

This is indeed refreshing news in comparison to a lone glory hound out only for himself instead of the PS3 scene, seeking attention while blinded by his own e-fame from the notion that others in the community are just as capable, if not moreso, as will surely be demonstrated in coming months.

BIG PROPS to both JaicraB and DemonHades, you guys deserve it and we are honored to see your willingness to share with everyone to further PS3 development. You truly are shining examples of what the scene is all about, and you will be remembered for this.

Download: PS3 Hypervisor LV2 (GameOS) Dump [48.0MB (50,331,648 bytes)] / PS3 Hypervisor LV2 (GameOS) Dump [35.2MB (37,000,000 bytes)]

To quote, roughly translated: "DHorg friends because that is in luck, and I DemonHades and JaicraB we have dump the LV2 (supervisor) thereby obtaining ps3 kernel very soon we detailed the dump.

Jaicrab a pleasure working with you friend.

Best to all! A week ago I started to dismount for the first time a PS3 and install Linux without any experience. My only goal was to teach people to change the cooling of a PS3. Gradually I was calling attention to the world of SCENE and a week I give the LV2.

This concludes a long afternoon with only one thought. DemonHades Thanks for sharing your experience with me and spend the whole evening with me and discuss check for teaching me everything you know in two hours. The truth is that without DemonHades would have been almost impossible. A great and wise person.

After an entire afternoon leading a project in mind, we could dump the LV2. We had read access of the last session before entering XMB Other.

I promised. It will explain the method to follow if you want to do you the same. Enjoy it!

Next step? The next step is Inmagine. First of all tomorrow if I can I will explain the process of how to do it.

It is not a simple dump LV2, but a dump of the entire session previously opened in XMB. What you need to debug the dump way to make things not to mix the session Other and so we can analyze everything that we run in XMB.

This dump was made with an upper size LV2, which contains trash otheros session mixed with XMB. The LV2 area is intact, are the first 36 megabytes, which is lv0, LV1, LV2.

You open a door and you find 50 more, each new door you can open 50 more doors. Choose your path to investigate and share it with everyone."

Finally, pictured below is the IDA Pro SPU processor module in action!

PS3 Hypervisor LV2 (GameOS) Dumped and Publicly Leaked!!

PS3 Hypervisor LV2 (GameOS) Dumped and Publicly Leaked!!

PS3 Hypervisor LV2 (GameOS) Dumped and Publicly Leaked!!

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#117 - Inferis - April 4, 2010 // 7:36 am
Inferis's Avatar
Yea as soon as I saw that dns method mentioned I figured it was shady. Anyways, all this news is keeping me quite interested in what's going on now! Hard to keep my eyes off the forum for updates on what people find in the lvl2 dump. Wish I knew more about this stuff myself so I could contribute, but it's great to see the scene moving again, and exciting to see how people figure this stuff out! Thanks for keeping the ball rolling guys, and great work!

#116 - Luckluka - April 4, 2010 // 6:21 am
Luckluka's Avatar
This is perfect! Anyway, i'm new, but good in electronics and stuff. I dumped the LV2 today by using his method (used an old linux kernal which is 768KB in size). I'm uploading the lv2 dump, upload speed is slow (2KB/s), bear with me.

and another thing about dns: he can know the strings you sent, because you can decrypt HTTPS Connections, by using programs like Fiddler (Web Debugger)

#115 - PS4 News - April 4, 2010 // 6:12 am
PS4 News's Avatar
OK I checked DemonHades Blog (, I will post the translation of it here since it deals with their LV2 dumps anyway and what Mathieulh whined about as well.

From DemonHades:
Garbage? then that is good for you only what you and "your" and you say you draw? you realize it became obvious to tangible things and not just words? the talk is very well but we have published and made ... I know you're one of the greatest impediments for which ps3 cap it all, we in Brief TOPO.

Second do not use the DNS method, this method is devised by soplatintas MATHIEUTH and vanes (math BioH4z4rD poodle, Geo and I left some droppings on the way) to sniff and evaluate a sony of users who are connecting to the redirection and located them, when I say they can sniff located passwords and private information that they recojeran.


That the prestigious mathieulth that by msn talk very well and then to the back ... you criticize me for going to criticize me but that I will post everything in this time have not wanted to publish one

Ahmm and the same should say because I ps3news ban aaron of such mole

1saludo and ara you and helmets, and if you eat garlic spears

From Mathieulh:
I just saw the demonhades main page not only they can't spell my nick right but what they shows is not from lv2_kernel.self but from the vsh

I am not here to play kid's games about who has what, or who is right, I am telling you the lv2_kernel isn't there (or not enough of it)

I am not here to play some lame stringwar with them but here are some strings to expect from a proper lv2 dump:

By the way to demonhades, I do not have anythign to do with the dns, Aaron is but you know you can't sniff packets with a dns server right?

Not to mention all the psn details are encrypted using https, but I bet those guys don't know the slightest things about networks.

And here is what Mathieulh states should be found in a good/clean LV2 HV dump: Strings from lv2 to show people what they should expect from a proper dump

[Register or Login to view code]

The only other thing I got out of the translation is that DemonHades mentioned not to use that IP ( circulating around for your DNS to bypass and connect to PSN as allegedly it is being used to collect people's PSN or credit card info. It apparently is ran by this kid on IRC: Aaron is [email][email protected][/email] * Aaron

Obviously there are people saying the above is possible and not possible, so it comes down to whether you want to take the risk or use one of the other methods really.

#114 - Shrink - April 4, 2010 // 5:51 am
Shrink's Avatar
An then use the gathered data substractive?

#113 - tridentsx - April 4, 2010 // 5:20 am
tridentsx's Avatar
Ok In my understanding they make a jumper to supply the ram chips with power even during a hard reboot. Then dump memory the same way that we have done previously.

So if we compiled the xorloser xploit pack for the kboot kernel we should minimize linux footprint and avoid as much as possible the over writing of memory.

#112 - PS4 News - April 4, 2010 // 4:31 am
PS4 News's Avatar
Quote Originally Posted by dante489 View Post
hey boss! there are some updates in demonhades blog it was a reply for Mathieulh!

I will check it out in a few, then will post the guide and update the news, etc!

#111 - dante489 - April 4, 2010 // 4:26 am
dante489's Avatar
hey boss! there are some updates in demonhades blog it was a reply for Mathieulh!

#110 - PS4 News - April 4, 2010 // 3:39 am
PS4 News's Avatar
Quote Originally Posted by TUHTA View Post
Ok i reuploaded this archive!

Delete password and archive By WINRAR

Thanks TUHTA and +Rep. I am just catching up now as I was out all day (freaking SUPER weather here!) so I have now added that to the Download links in the first post.
Quote Originally Posted by dante489 View Post
i'm wondering what do cjpc and the devs think about this dump? did they already start working on it?

The first step will be to get a good and clean dump to work with, and while the 'messy' method posted works there is definitely room for improvement (ie loading ldrs, etc.) so this is what CJPC plans to look into. Obviously if/when he sorts out how to get a "nice nice" LV2 dump he will post a guide, etc but JaicraB or DemonHades may update theirs first so whatever works really.

Quote Originally Posted by RadioactiveSoup View Post
From mathieulh's twitter:
@Cloudhunter trust me, I know. The only reason I spoke about it is because I rather not see reversers waste their time on a linux kernel.

LOL, what a douche... now he pretends to be concerned about people wasting their time, yet Mathieulh nor GeoHot will share a good/clean LV2 dump or how it was done which thus far has accomplished exactly that. He gets more amusing each day and changes his mind on things more than a woman.

First it's "Geo sucks, the exploit should be released or it's fake" and then he gets the info and dumps and his attitude changes to "Geo's legit, let's not share now that I have it." Then he says "warez are bad" after running an illegal DECH PS3 iSO server on LAN and leaking SCE SDK files, and now it's "I care about people's time, but I won't help them save any by contributing back to the scene any useful information that was passed along to save me time."

Does he think people are oblivious to him changing his tune when and as often as it suits him to do so? Ah well, at least the rest of the PS3 scene is finally moving forward again.

#109 - nipsen - April 4, 2010 // 3:03 am
nipsen's Avatar
Quote Originally Posted by Progeria View Post
Great, but, how would this be possible in the future?

if they change the firmware so you can't reverse it in the same ways, then you have to get a new dump of it right? but that won't be possible as they removed otheros so the exploit cant be used?

or can you somehow reverse it without a ps3 to make a custom fw of it? or, if there will ever be a custom fw from this, will there never be another one?

..yes and no. Like people say, the exploit doesn't give us much as users. It's a long way off before any custom firmware anyway.

On the other hand, if you have a good picture of how the firmware works, it would be easier to imagine how a wrapper program for executing user-code would have to be written, and where on the hdd the modifications might have to be made. And maybe if we can make a program like that, inserting it into a firmware might not be necessary..

...just speculating. Because, I mean, expecting someone to write new routines into the firmware, that's a tall order. It's not a phone with a simple certificate check, or anything like that.

#108 - korn16ftl3 - April 4, 2010 // 2:44 am
korn16ftl3's Avatar
Question out of curosity, we know that the PS2 backwards compatable 60GB PS3 uses hardware emulation and the 80GB uses software emulation would it be possable once everything is figured out to extract the software emulation from the 80GB and re insert it into the non-backwards compatable models? just food for though..