Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links
Sponsored Links
Home PS4 News - Latest PlayStation 4 and PS3 News

PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert


Sponsored Links
123w ago - Following up on the previous PS3 Lv0ldr / Bootldr clarifications by marcan42 and wololo, today PlayStation 3 hacker naehrwert has shared some details based on reverse-engineering the exploit used to dump it.

To quote from his blog: The Exploit

As the exploit that was used to dump lv0ldr/bootldr/howeveryouliketocallit is public now, let's have a closer look at it to understand what's going on. Here is what I have reversed from lv0 (it shares the syscon portion of the code with its SPU counterpart):

[Register or Login to view code]

The syscon library implements some high level functions, e.g. to shutdown the console on panic or to read certain configuration values. Every of this functions internally uses another function to exchange packets with syscon and the exchange function uses the read_cmpl_msg one to get the answer packet. The top-level function will pass a fixed size buffer to the exchange function.

So if we are able to control syscon packets, e.g. by emulating MMIO (and thanks to IBM we are), we can change the packet size between the two packet readings and overwrite the caller stack. And if we first copy a little stub to shared LS and let the return address point to it, we can easily dump the whole 256 kB.

Nothing more left to say now, let's wait and see if this is going to be fixed in future firmware versions (we just have to check lv0 fortunately).


PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!

Comments 252

+ Reply to Thread


#192 - Foo - 126w ago
Foo's Avatar
Oi, I'm getting some reports that the lv2diag.421.self file is false. Awaiting confirmation from Euss.

#191 - PS4 News - 126w ago
PS4 News's Avatar
Yep, generally most stuff on YouTube is fake... we have a thread for YouTube (fake) stuff but this isn't it so let's try to keep focused here.

#190 - KLAYPEX - 126w ago
KLAYPEX's Avatar
PS3SCENER please upload this

hey guys these might be legitimate PS3 4.30 KEYS!!




[erk=CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9AB2D215865878A]
[riv=F9205F46F6021697E670F13DFA726212]
[pub=A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB925AAF4AFFF34D41EEB54DD128700D]
[priv=001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3]
[ctype=33]

Maybe we will have a 4.30 jb after all.

if found this on youtube is this a fake?

#189 - Foo - 126w ago
Foo's Avatar
I have to clear something up for the noobs... There will more than likely not be a CFW that will install above 3.55 for a very long time. That involves per_console_keys which we only know how to obtain approx 2/5 of them so if we can't get them then how do you think we could exploit them? Exactly.

#188 - d3adliner - 126w ago
d3adliner's Avatar
Haha. Yeah, that would be pretty bad. Maybe you're right and they've already been offered a nice amount for it. LoL.

#187 - PS4 News - 126w ago
PS4 News's Avatar
I'm a "glass is half full" (optimistic) kinda guy, and yeah I do believe it. Whether he ends up sharing or not remains to be seen, but here is to hoping he does do so publicly and not sell out to Max Louarn, Paul Owen or the Chinese so they can find a way to ReDRM it and cash in on the PS3 scene all over again... that's my biggest fear actually.

#186 - d3adliner - 126w ago
d3adliner's Avatar
So you guys are believing it? If the guy was so anxious to get it out there, it would have already been uploaded. Pretty sure the person knows how to upload to one of hundreds of file hosting sites, as was mentioned. It's been over an hour since they said "I have the file(s) necessary for installing CFW of 3.56+ OFW!!!" Sorry, but I don't buy it.

#185 - PS4 News - 126w ago
PS4 News's Avatar
Yeah these days most people just use free file-sharing sites, especially for larger files... I usually use uploadmirrors.com which uploads to a bunch of others automatically but almost of them any will do the trick as something like this would be remirrored a thousand times anyway.

#184 - StanSmith - 126w ago
StanSmith's Avatar
I've been here for a long time and I didn't know till he just said how to upload files here.

Quote Originally Posted by Ps3scener View Post
how do i upload a file on here?


Just upload them to rghost.net then post the link. Thats the easiest way.

#183 - d3adliner - 126w ago
d3adliner's Avatar
Quote Originally Posted by Ps3scener View Post
in regards to the keys and the fw updates coming, it is possible to create a 4.30 jailbreak that does not require 3.55 installation. i have some files to leak which could help a experienced dev team create the jailbreak that we are all waiting for. all i ask is for a reply.


That would be excellent, but I'm sure you understand the skepticism when it's coming from someone who just joined the site today, whose first post is stating you have the thing everyone has been waiting for to make CFW over 3.56+ OFW possible, but in an hour since posting have yet to upload said file... not to mention that I don't really believe that a "PS3 Scener" would need to ask HOW to upload a file in the first place. If I'm wrong, then I'm wrong. But like I said, I'm sure you understand.







Sponsored Links

Sponsored Links






Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News