Graf_Chokolo: HV Exploit and Dump from GameOS!

**The Central Scrutinizer** · 12-27-2010,06:35 PM

The decrypting and hypervisor master of the PS3 console, "Mr. Graf_Chokolo" has done it again!

Today, he informs our PSX-SCENE viewers that he is able to dump the Hypervisor v3.15 via the GameOS and plans to do the same for v3.41 and make all the technical details public in a few days!

Originally Posted by graf_chokolo

I have just exploited and dumped HV 3.15 from GameOS

I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.

I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry

Now we don't need Linux to exploit and dump HV. Furthermore, HV dump from GameOS is a lot better because when GameOS is running more features are activated in HV

So, i can reverse now more C++ objects and understand better how HV works

I will make everything public very soon and i plan to dump HV 3.41 in the next days

Happy New Year guys!

BREAKING NEWS UPDATE: -- FINALLY THE REAL KEY! -- Thanks Graf!

Originally Posted by graf_chokolo

And now i dumped the real USB Dongle Master Key guys

Noone needs it now but here it is. I tested it with HMAC SHA1 and dongle key 0xAAAA and got the same dongle key that was reversed by KaKaRoTo

Just as i said previously, use USB Dongle Authenticator, then dump HV and the decrypted USB Dongle Master Key will be in HV dump

I extracted this key from my HV dump after i used USB Dongle Authenticator on GameOS. Then i rebooted GameOS but not HV and the key was still in HV and still decrypted

static u8 master_key[20] =
{

Code:

46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2

};

This man can make the PS3 turn inside out and spill all its bits & bytes to him!

**chesh** · 12-27-2010,06:39 PM

Damn graf, you're amazing! Keep up the good work. Been watching everything you've been saying on the xorlosers blog. Very interesting stuff indeed.

**Pockets69** · 12-27-2010,06:41 PM

AHHHHHHH GOD!!!
thank you very much for your effort graf_chokolo, one thing though that i didn't understand, did you use the Geohot glitch to exploit it, or was a lv2 exploit and therefor no hardware required.

**Grey_Wolf** · 12-27-2010,06:42 PM

Originally Posted by graf_chokolo

I have just exploited and dumped HV 3.15 from GameOS :-)

I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.

I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry :-)

I will make everything public very soon and i plan to dump HV 3.41 in the next days :-)

Happy new year guys

Thank god we have you graf. Excellent work and merry christmas.

**chesh** · 12-27-2010,06:45 PM

But guys, I thought the scene was dying?!?!?! Oh noez!! Graf can never come out with this, because it may lead to new exploits or reverse engineering other components of the PS3. Then we can't have anymore newbies posting that this is the end because they can't play their precious GT5 or NFSHS!!!

LOL, joking aside, this is going to lead to some really great stuff. Also, happy new year to you too graf!

**Pockets69** · 12-27-2010,06:49 PM

damn you chesh i was about to post that the scene is dying! instead i will just post, the scene is running dry

and i swear if i see anyone asking can we play gt5 or nfs with this! i will go appe shit on him!

**ken_oh** · 12-27-2010,06:58 PM

lool.. pocket69 & chesh I was thinking bout the same thing to wonder where theve all gone

..

and to graf THANK YOU always comming out with new surprises I'm sure every1ns going to have a happy new yer now

**Pockets69** · 12-27-2010,07:00 PM

Originally Posted by ken_oh

lool.. pocket69 & chesh I was thinking bout the same thing to wonder where theve all gone

..

and to graf THANK YOU always comming out with new surprises I'm sure every1ns going to have a happy new yer now

AHAH i can tell you that one of them (RAPOSA) got banned, aha bootlegninja banned him! with that awesome line on my sig!

**tank87** · 12-27-2010,07:38 PM

what is gameOS??? what can this lead to????

**SnoopDo2G** · 12-27-2010,07:39 PM

I can't wait for the day that we could use our ps3's as we want fully

i mean use it like a real PC and use all functions and tweak em the way each person
wants !!! that's how it should be !!
Even able to add any hardware without having to be a technician lol.
Just connect stuff & let it add drivers for it

Keep up the dirty job down there !!!!

User Tag List

Thread: Graf_Chokolo: HV Exploit and Dump from GameOS!

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!