из блога геохота
these function names are nothing new
http://wiki.ps2dev.org/ps3:hypervisor
Quote:
Carlos said...
@Benjamin: he just match them from the mem dump
Quote:
George Hotz said...
@Benjamin yea, thats the point
There is more than enough infos on this blog for sony to patch this exploit though, How long until they start using lv1ldr to hash lv1's ram or its interesting bits I wonder ?
Quote:
Mathieulh said...
By the way, most of these hypercalls were documented in the following place:
http://wiki.ps2dev.org/ps3:hypervisor
Quote:
George Hotz said...
If they start using lv1ldr for anything I don't like...I'll just kick it out.
Just because it's isolated doesn't mean it keeps running. PPE can say no.
Quote:
George Hotz said...
And for GPU access, I think you already have it, just no driver. Hacking doesn't change that, although reversing lv1 could aid development.
Quote:
Mathieulh said...
@geohot, how can you kick it out when lv1ldr is the one that actually loads lv1 in the first place ? They can just make resident in the spu (which is what they already do) and have it permanantly check the lv1 ramspace (or even just the bits that set it to r/w) then store the hash in the isolated spu ram to make sure you can tweak with that either
That would make your hack quite hard to perform then.
Not to mention considering the spu cache is way faster than xdr is, the system wouldn't suffer any slowdowns would this kind of security be enforced.
Quote:
George Hotz said...
On my system SPE3 is disabled and SPE2 runs security, leaving 6 SPEs for games and otheros. Theres another fuse register which says which SPEs are actually broken and hard disabled in manufacture, which mine is. But yea, I bet a percentage of PS3s could get access to all 8.
S said...
Until you extract the decryption keys that are securely stored in the SPE, you cannot say that you hacked the PS3, like you stated in your other post.
Quote:
Mathieulh said...
@S Whoever you are, you've got the truth to it xD
In my opinion as well, the ps3 will only truly be hacked once the isolated spu loaders are dumped and the keys leaked. (though then sony just have to update the loaders and change the keys..., this means to really hack the console you need to dump the hardware root key and decrypt the bootloader, good luck on that)
I do agree that dumping lv1 is a nice step forward and that it is no easy task, for that I give my kudos to geohot.
Quote:
George Hotz said...
The SPUs don't actually need to be hacked to do anything with the system. The PPE can kick out isolated SPUs, so it has the higher level of control. You can just use the SPUs to load things, kick them out, then patch to your hearts content.
Quote:
George Hotz said...
Granted, if we could decrypt the ISO SPUs, things would be a lot easier.
Quote:
Mathieulh said...
@geohot yes but the whole security relies on the isolated spu, all the keys are there and it does much more than just decryption and checks, so yes you can manage without hacking them, you can even get rid of them (though I can't guarantee that wont crash the system) but it still isn't hacking the system overall until you get to hack every single part of the console and dump every single piece of hidden code.
In that regard even the psp isn't truly hacked considering the kirk and spock engines have not been dumped.
Quote:
George Hotz said...
Read your last paragraph in your last comment, and you'll see why I'm right.
You can't expect to know everything and dump every piece of code. This hack is enough for homebrew, full linux, and even backups.
Quote:
S said...
Once data leaves the SPE its encrypted again,how do you plan on patching that?
But, if you're planning to just execute data using the PPU then you are limited with what you can do. NO gpu access will work for example. for that you will need to run it through SPE
Read more:
http://www.ps3news.com/forums/ps3-hacks ... z0dVwjtbMq
