Search found 10 matches

by gigi
Thu Mar 27, 2008 7:44 pm
Forum: PS3 Development
Topic: The hunt for HV's FIFO/Push buffer...
Replies: 463
Views: 918814

Just to add a little contribution to this topic , the lv1_gpu_device_map ( see wiki ) is different between fw releases , i should update the wiki with my findings a day , for now from my kernel module: Fw 1.9.3 ( asking to map device 9,10,11 ): [ 193.304459] *Video RAM at offset 0x0ff10000******* [ ...
by gigi
Sat Mar 01, 2008 12:14 am
Forum: PS3 Development
Topic: Cold Boot Attacks on Disk Encryption
Replies: 9
Views: 13346

Mostly I expect the same following secure boot patent , but if it's feasible to setup a test at least we can have some answer. Also the ringbus configuration with APU in isolated mode is for initial setup , in second stage i wonder how things are implemented.
by gigi
Wed Feb 27, 2008 1:02 am
Forum: PS3 Development
Topic: Cold Boot Attacks on Disk Encryption
Replies: 9
Views: 13346

fantastic, then any idea? :-) would be very nice to understand if for example, - Is it possible to setup an environment to dump the operative system while the ps3 is powered on , for me not ( i'm talking about "freezing ram" , phisically remove it and dump it via socket to an external medi...
by gigi
Tue Feb 26, 2008 8:26 pm
Forum: PS3 Development
Topic: Cold Boot Attacks on Disk Encryption
Replies: 9
Views: 13346

The most interesting thing is probably a hot dump of the ram modules but of course there are no known information ( correct me if i' m wrong ) about hardware pin out of ram , socket etc. So it's quite difficult , at least for me , to think about a possible setup of a test case. Gpu changes as alread...
by gigi
Tue Jan 22, 2008 5:09 am
Forum: The Incredible Hall Of Shame
Topic: Hello World on GameOS Framebuffer
Replies: 9
Views: 15606

This forum as already explained in various thread is not about hacking and if you are not able to write a simple hello world yourself you should read at least some cell documentations before instead of bothering.


gg
by gigi
Mon Nov 12, 2007 10:06 pm
Forum: PS3 Development
Topic: The hunt for HV's FIFO/Push buffer...
Replies: 463
Views: 918814

just to add the the l33t b33f l33t cod3 a probable meaning , i found this reference googling:

http://www.artima.com/insidejvm/whyCAFEBABE.html

Feel free to remove the post , if you think it's not in topic.

ciao
gigi
by gigi
Sat Nov 10, 2007 5:21 am
Forum: PS3 Development
Topic: ps3 hypervisor security
Replies: 15
Views: 22292

Interesting, yes, that .self seems to contain an unencrypted executable at offset 0x980... I don't think I've seen that before. Me too , still I can't understand why they distributed such way the update , anyway good for us we can acquire major knowledge of gameos; after few hours I'm quite thinkin...
by gigi
Fri Nov 09, 2007 8:19 pm
Forum: PS3 Development
Topic: ps3 hypervisor security
Replies: 15
Views: 22292

other findinds

Just to share my findings , this week I looked into the gameos , and the boot process of self files. I found a good way ( i won't discuss that right now it's so early ) to copy thought patches of games ( like the warhawk method ) the EBOOT.BIN file and execute it , at the moment with the latest firm...
by gigi
Sat Nov 03, 2007 7:54 pm
Forum: PS3 Development
Topic: ps3 hypervisor security
Replies: 15
Views: 22292

Re: ps3 hypervisor security

further researching i noticed this document seattle.toorcon.org/talks/felixdomke.pdf but i' ve quite problem in replicating the bug That bug describes a very specific problem in xbox 360 code, which as you know is written by Microsoft. Sony's hypervisor is known to be very similar to the reference ...
by gigi
Sat Nov 03, 2007 8:24 am
Forum: PS3 Development
Topic: ps3 hypervisor security
Replies: 15
Views: 22292

ps3 hypervisor security

Sorry to make , some maybe obvious question , but i started from few days to play with new playstation 3 , fantatic device. Said so i saw that under the hv mode i'm restricted into an lpar partition with user permission and everything called from the linux kernel is interpreted as an hv call , notic...