PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

November 20, 2012 // 10:23 pm - Following up on the previous PS3 Lv0ldr / Bootldr clarifications by marcan42 and wololo, today PlayStation 3 hacker naehrwert has shared some details based on reverse-engineering the exploit used to dump it.

To quote from his blog: The Exploit

As the exploit that was used to dump lv0ldr/bootldr/howeveryouliketocallit is public now, let's have a closer look at it to understand what's going on. Here is what I have reversed from lv0 (it shares the syscon portion of the code with its SPU counterpart):

[Register or Login to view code]

The syscon library implements some high level functions, e.g. to shutdown the console on panic or to read certain configuration values. Every of this functions internally uses another function to exchange packets with syscon and the exchange function uses the read_cmpl_msg one to get the answer packet. The top-level function will pass a fixed size buffer to the exchange function.

So if we are able to control syscon packets, e.g. by emulating MMIO (and thanks to IBM we are), we can change the packet size between the two packet readings and overwrite the caller stack. And if we first copy a little stub to shared LS and let the return address point to it, we can easily dump the whole 256 kB.

Nothing more left to say now, let's wait and see if this is going to be fixed in future firmware versions (we just have to check lv0 fortunately).

PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#5 - YuuZA - October 17, 2012 // 5:10 am
YuuZA's Avatar
Quote Originally Posted by Hernaner28 View Post
Oh wow, let's hope it's true. BTW, what are those keys for?

Subject to correction but with these keys any game, update or demo out for 4.25 OFW can work on current CFW once signed. If proved to be real then there will be no need to jump onto dex or use the odd device.

Seems someone heard N0DRM's cry after their PDX tweet

#4 - niwakun - October 17, 2012 // 3:15 am
niwakun's Avatar
give me appldr keys, roar I need it!

#3 - JOshISPoser - October 17, 2012 // 3:14 am
JOshISPoser's Avatar
if it doesn't blow up in an hour, i'll go with that it is fake. would be too big of news for it not to be everywhere

#2 - elser1 - October 17, 2012 // 2:19 am
elser1's Avatar
hopefully it will be good news then and not fake. i wouldnt know what to do with it anyways! LOL

#1 - Hernaner28 - October 17, 2012 // 1:03 am
Hernaner28's Avatar
Oh wow, let's hope it's true. BTW, what are those keys for?