Dual Chip Method

**Qraze** · 05-24-2011,05:28 PM

if you could do this, wouldn't the hdd reformat itself on each bootup to a different fw (if you're lucky)? erasing linux in the process. wouldn't this need a switch for a second hdd as well to avoid the reformat and to store the second fw on?

i don't know very much, but it seems like a few things have to be ironed out for this theory to work as planned.

**jarmster** · 05-24-2011,05:33 PM

to run 2 diff fw, yes
to dump 3.61 lvl0....no

**defyboy** · 05-24-2011,09:36 PM

Originally Posted by jarmster

remember this????

@xShadow125 You can update from your pwn pup only from 3.55 or lower, unless you have an exploit.

@xShadow125 Of course that should be fixed in upcoming lv0 revisions anyway (By moving the ldrs to the top of lv0)

@xShadow125 You run the 3.60 lv0, then you switch the nor, and pull the cell reset line, and you dump the extra KBs where the loaders are.

@xShadow125 Basically you have a nor with 3.55 (or lower) lv0 and your own small lv1 code that does the dump, and 3.60 lv0 on the other.

@xShadow125 You wont get all of lv0 but the part with the loaders shouldn’t be overwritten.

@xShadow125 You can actually get all the 3.60 keys/loaders without knowing lv0 keys by dumping lv0 from ram with dual nor and signed lv1.

This is a theoretical exploit that has been around for a long time. It would involve booting 3.60, switching the flash and resetting the cell. Aparently the memory is not cleared on reset (design fault) so booting an older firmware with a modification that will dump the contents of RAM. The major limitation with this is that when you boot the older firmware, it will overwrite the areas of interest. Perhaps if you can dump it at a higher point in the boot chain (lv1 etc) you might just be able to extract enough information to get the appldr key.

Again it sounds like a good idea that will work, but it is still theoretical and involves alot of work.

**ModIT** · 05-25-2011,03:29 AM

It is not theoretical ?
At least math did it (if he is not sitting on another exploit)

**defyboy** · 05-25-2011,07:13 AM

Originally Posted by ModIT

It is not theoretical ?
At least math did it (if he is not sitting on another exploit)

No he didn't

User Tag List

Thread: Dual Chip Method

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!