HV reversing

**KDSBest** · 11-17-2010,04:14 AM

Hi,

alot of new infos about the HV hitted the scene.

Hypervisor Reverse Engineering - PS3Wiki

thanks to graf_chokolo.

is there a way to use "0x10042 - decrypt_lv2_self(spe id, LPAR auth id, SELF file image ptr, LPAR memory address) "?

Can we execute higher Syscalls?

**stoker25** · 11-17-2010,06:57 AM

Originally Posted by KDSBest

Hi,

alot of new infos about the HV hitted the scene.

Hypervisor Reverse Engineering - PS3Wiki

thanks to graf_chokolo.

is there a way to use "0x10042 - decrypt_lv2_self(spe id, LPAR auth id, SELF file image ptr, LPAR memory address) "?

Can we execute higher Syscalls?

graf's modded payload is able to use the HV services, so once hes released that we should be able to decrypt selfs, although it seems that function decrypts a SELF into an LPAR memory region, so we might still need a LV1 exploit to read that memory, i'm thinking of setting up asbestos and using geo's exploit, but i'm not sure what hardware is needed, if anybody knows i'm willing to go buy it, please drop me a PM

**Jon Salat** · 11-17-2010,07:10 AM

Atmega8 can be used;

Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz - PS3 NEWS - PlayStation 3 News - PS3 Hacks

The actual internal hardware is pretty simple, just one wire soldered onto a resistor, with another wired to ground.

PS3 Exploit: Hardware « xorloser’s blog
PS3 Exploit: Software « xorloser’s blog

**KDSBest** · 11-17-2010,09:06 AM

that is not needed with the help of this syscall

0x10002 - lpar_memory_addr_to_phys_addr(LPAR id, LPAR address, physical addr)

or am i wrong?

I really want to have that payload

**newzy32** · 11-17-2010,06:12 PM

Originally Posted by KDSBest

that is not needed with the help of this syscall

0x10002 - lpar_memory_addr_to_phys_addr(LPAR id, LPAR address, physical addr)

or am i wrong?

I really want to have that payload

I was under the impression you just had to patch in a new lv2 syscall that just passes on a call to the lv1 syscall? (the same way peek and poke are patched into lv2)

so you would just need to add new lv2 syscalls as proxies for any lv1 syscall you wanted. Or have i misunderstood the situation?

**newzy32** · 11-17-2010,07:59 PM

his payload is here by the way

https://github.com/grafchokolo/psgroove

**Heden_DeLiGhT** · 11-19-2010,05:22 PM

Originally Posted by newzy32

I was under the impression you just had to patch in a new lv2 syscall that just passes on a call to the lv1 syscall? (the same way peek and poke are patched into lv2)

so you would just need to add new lv2 syscalls as proxies for any lv1 syscall you wanted. Or have i misunderstood the situation?

You are right !
The Idea is to code a "bridge" LV2 -> LV1 syscall...
For that, there are some syscalls in LV2 that can give help ;-)

**KDSBest** · 11-19-2010,06:58 PM

the "bridge" would be a nice to have. Why does everyone wants to make a payload what is against creating a kammy plugin?

**ceckin** · 11-20-2010,04:53 PM

Originally Posted by KDSBest

the "bridge" would be a nice to have. Why does everyone wants to make a payload what is against creating a kammy plugin?

Kammy is lv2 user patches, while HV patches are for research purpose only, normal user would never need to have lv1/HV/SPU access by default. I believe graf_choko's payload should be the base for every other research payload.

User Tag List

Thread: HV reversing

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!