KaKaRoTo Dumps LV1 Syscalls
, has announced some significant progress today via his twitter
. Today he tweeted that he was able to dump, via ethernet, all PS3 LV1 calls. He does not have LV1 access just yet, only the ability to dump the hypercalls. This should lead to a better understanding of the PS3 hypervisor and hopefully towards gaining more control over the PS3. He has not publicly released his method yet, but he is planning a release soon. We ask that you follow this news post as we will update it as soon as a release is available.
For those of you living under a rock for the past two months, KaKaRoTo, has done extensive work on the PL3 and psgroove payload projects. He is one of the leading contributors to the PS3 scene, and continues the progress today.
FINALLY able to dump (over eth) all lv1 calls!! Will push it soon!
To everyone misunderstanding: no lv1 access, all I did was be able to dump the "call trace" of lv1 hypercalls. same as payload_dump_syscalls
For those of you unfamiliar with LV1, here is a brief description.
level-1 syscalls are used to call hypervisor functions. On a PS3 the hypervisor is known as as “lv1″ (level1) since it is the lowest level that runs directly on top of the hardware. The operating system is executed on top of this and is known as “lv2″ (level2). The two common operating systems are GameOS which PS3 games run on, and OtherOS which is usually used to run linux. Since both OSes run on top of the same lv1 hypervisor, they use the same set of hypercalls which has been partially documented here.
Thanks to Dertyp
for keying us into this story.