TrueBlue & Cobra USB Payload Download

**Secludedly** · 02-18-2012,02:46 PM

http://www.brewology.com/?p=2559

I (aka shadoxi) figured out where is locatedthepayload of Trueblueandcobradongle. You can find it at offset @360000 in lv2_kerneland 7f0000 in ps3 memory.

First of all you need to edit the header of lv2_kernel.self (from cfw trueblue) at offset 0×1D, replace 36 1A 00 by 4C FC F0. And decrypt it with unself toolfrom fail0verFlow.Openlv2_kernel.elf with Ida pro (in binary file mode), go to offset 360000 and press “C” to convert to asm code.

TrueBlue use some HVCALL: lv1_insert_htab_entry lv1_undocumented_function_114 lv1_undocumented_function_115 lv1_allocate_device_dma_region lv1_map_device_dma_region lv1_net_start_tx_dma lv1_net_control lv1_panic (shutdown ps3 when TB is unplugged)

This payload do some hvcall: lv1_insert_htab_entry (maplv1) lv1_allocate_device_dma_region (?) lv1_map_device_dma_region(?) lv1_net_start_tx_dma (?) lv1_net_control(?) lv1_panic (shutdown ps3 when TrueBlue Dongle is unplugged) lv1_undocumented_function_114 (map lv1) lv1_undocumented_function_115 (unmaplv1)

We need now to dump lv2 and lv1 memory when TrueBlue is plugged. So I create a modified TrueBlue Cfw with peek and poke syscall. It work fine!

**hcode123** · 02-18-2012,03:31 PM

This is big news. Why isn't this front page.

**tthousand** · 02-18-2012,04:22 PM

Originally Posted by hcode123

This is big news. Why isn't this front page.

Have you looked on the front page?!?! It was there about 10 minutes before you posted

User Tag List

Thread: TrueBlue & Cobra USB Payload Download

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!