PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

125w ago - Following up on the previous PS3 Lv0ldr / Bootldr clarifications by marcan42 and wololo, today PlayStation 3 hacker naehrwert has shared some details based on reverse-engineering the exploit used to dump it.

To quote from his blog: The Exploit

As the exploit that was used to dump lv0ldr/bootldr/howeveryouliketocallit is public now, let's have a closer look at it to understand what's going on. Here is what I have reversed from lv0 (it shares the syscon portion of the code with its SPU counterpart):

[Register or Login to view code]

The syscon library implements some high level functions, e.g. to shutdown the console on panic or to read certain configuration values. Every of this functions internally uses another function to exchange packets with syscon and the exchange function uses the read_cmpl_msg one to get the answer packet. The top-level function will pass a fixed size buffer to the exchange function.

So if we are able to control syscon packets, e.g. by emulating MMIO (and thanks to IBM we are), we can change the packet size between the two packet readings and overwrite the caller stack. And if we first copy a little stub to shared LS and let the return address point to it, we can easily dump the whole 256 kB.

Nothing more left to say now, let's wait and see if this is going to be fixed in future firmware versions (we just have to check lv0 fortunately).


PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!


  • Sponsored Links




#252 - alcabcucu - 19w ago
alcabcucu's Avatar
SO I understand this allows you to fix eboot files, am i right?

#251 - justinster123 - 19w ago
justinster123's Avatar
woah, maybe now i can decrypt eboot.bin 3.6+

#250 - matija90 - 20w ago
matija90's Avatar
Quote Originally Posted by PS3 News View Post
You can try the Our MFW 1.0.0 Build 0.2.6.0 Update here which may be of use: http://www.ps4news.com/ps3-cfw-mfw/ps3mfw-builder-1-0-0-our-mfw-1-0-0-build-2-0-0-is-released/

thank you

#249 - hoangduchi - 21w ago
hoangduchi's Avatar
thank you.

#248 - PS4 News - 21w ago
PS4 News's Avatar
You can try the Our MFW 1.0.0 Build 0.2.6.0 Update here which may be of use: http://www.ps4news.com/ps3-cfw-mfw/ps3mfw-builder-1-0-0-our-mfw-1-0-0-build-2-0-0-is-released/

#247 - Badger1975 - 21w ago
Badger1975's Avatar
Where can you get the most recent PS3 keys?

#246 - myteethareshiny - 25w ago
myteethareshiny's Avatar
So do these work with Cheat Enabler?

Never mind, I figured it out.

#245 - johnluke197863 - 26w ago
johnluke197863's Avatar
cool

#244 - PS4 News - 92w ago
PS4 News's Avatar
I have also added it to the main article for those keeping track. Thanks and +Rep Gunner54.

#243 - Gunner54 - 92w ago
Gunner54's Avatar
I decided I would make a tool to extract and inject the loaders of lv0. Should be useful for some people.

Download: https://mega.co.nz/#!ONV0yAib!PW1SMQ6xq6JjO8m14Zv9qxs4Pfk0XisuQEFRSKM4DEc / http://puu.sh/3AkD0.zip

Here's the source:


[Register or Login to view code]


 











Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News