PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

128w ago - Following up on the previous PS3 Lv0ldr / Bootldr clarifications by marcan42 and wololo, today PlayStation 3 hacker naehrwert has shared some details based on reverse-engineering the exploit used to dump it.

To quote from his blog: The Exploit

As the exploit that was used to dump lv0ldr/bootldr/howeveryouliketocallit is public now, let's have a closer look at it to understand what's going on. Here is what I have reversed from lv0 (it shares the syscon portion of the code with its SPU counterpart):

[Register or Login to view code]

The syscon library implements some high level functions, e.g. to shutdown the console on panic or to read certain configuration values. Every of this functions internally uses another function to exchange packets with syscon and the exchange function uses the read_cmpl_msg one to get the answer packet. The top-level function will pass a fixed size buffer to the exchange function.

So if we are able to control syscon packets, e.g. by emulating MMIO (and thanks to IBM we are), we can change the packet size between the two packet readings and overwrite the caller stack. And if we first copy a little stub to shared LS and let the return address point to it, we can easily dump the whole 256 kB.

Nothing more left to say now, let's wait and see if this is going to be fixed in future firmware versions (we just have to check lv0 fortunately).


PS3 Lv0ldr / Bootldr Exploit Reverse-Engineering Details by Naehrwert

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.


  • Sponsored Links




#182 - PS4 News - 131w ago
PS4 News's Avatar
I added the IRC snippet on it to the main article now, doesn't go into any real details though.

#181 - Foo - 131w ago
Foo's Avatar
Where you get this PS3 Downgrade 3.60++ (Lv2diag.421.self)?

Like real talk O.O I'm interested in trying this but I don't know anything about it.

#180 - PS4 News - 131w ago
PS4 News's Avatar
As long as it's under 50MB in size, click "Reply to Thread" then scroll down to "Manage Attachments" and browse to find it on your PC and attach it then submit the post and done!

#179 - Ps3scener - 131w ago
Ps3scener's Avatar
how do i upload a file on here?

#178 - kiwto - 131w ago
kiwto's Avatar
what you waiting for just released it and everyone will jump to work on it.

#177 - Ps3scener - 131w ago
Ps3scener's Avatar
i can send you the files but i wont say where i got them from... only one private key needs to be calcuated , and it needs to be signed and decrypted properly to avoid bricking installing on ofw 4.30

#176 - GotNoUsername - 131w ago
GotNoUsername's Avatar
It is possible to create a CFW that can be installed on the non down gradable PS3's but y need a HW - Flasher to "install" it. But you will need good dev's for that ! There is nearly no chance in getting the private keys again Sony fixed their random number Problem after 3.55++. So Privat keys are calculated correctly and so we can't get them

#175 - Foo - 131w ago
Foo's Avatar
What is this downgrade thing I see?

#174 - StanSmith - 131w ago
StanSmith's Avatar
Quote Originally Posted by windrider42 View Post
I have heard they are the real deal, and guys already fixed Borderlands 2 for 3.55

Yep. They do work and I did patch Borderlands 2 to work in 3.55 myself.

#173 - Ps3scener - 131w ago
Ps3scener's Avatar
in regards to the keys and the fw updates coming, it is possible to create a 4.30 jailbreak that does not require 3.55 installation. i have some files to leak which could help a experienced dev team create the jailbreak that we are all waiting for. all i ask is for a reply.