[PsDev]

Originally Posted by loller Man you dont need my confirm for know what's fake or what not. The "no more cfw" rule of 3.56 days is still valid today, we will never get the private keys again. New hacks will be something not key releated, run unsigned code doesnt mean cfw. Forget about cfw.

Sorry but if you do dump the ram you will get all the loaders cause the lv0 copys them there cause the metldr still has to run them this is verfied and this is not old what so ever

[autechre]

Originally Posted by PsDev Sorry but if you do dump the ram you will get all the loaders cause the lv0 copys them there cause the metldr still has to run them this is verfied and this is not old what so ever

This, at my limited understanding at least, sounds like a logical assumption. The keys would have to be decrypted in physical memory, processed and output to the appropriate loader (metldr). If the PS3 could be coerced into executing this process while running other OS, then wouldn't the kernel module /dev/fmem give a usable RAM dump, as long as the dump was at the required moment ?

[PsDev]

Originally Posted by TizzyT yes I understand most of it but to be honest not all of it. I understand all parts that can be referenced by watching failoverflows videos like the order of the loaders, and how each one connects and in a sense requires each other. What I don't get is how are you dumping the ram??? Now correct me if im wrong: You stated that you got the decrypted loaders to load into ram with a kernal. and the from there used hardware to make a dump of said ram, that way you have a complete dump of ram and essentially the decrypted loaders. Reason for me refusing to believe this (also correct me if I am wrong lol): You mentioned kernel and that automatically at least in my head throw a trigger. Watching failoverflow's video kernel mode is on lv2 and anything done in kernel mode is still restricted to anything its not allowed to access, like for example lv0. compromising lv2 will allow one to run his own code but only in kernel level and only with in a sense kernel mode privileges. lv0 is above lv2 and handles the loading of metldr which is used to decrypt the other loaders using a spu. Lv0 has code that is run in hyperV mode and so it has in a sense higher privileges, so compromising hyperV seems like something that is needed to even allow a kernel to run like you propose in the first place. In this time the hyperV then initializes the CPU and then using a spu loads metldr. So without first doing all that how is it possible to just use something in kernel mode to get all the way to lv0??? again I am really not all that technical, just do a lot of research and piece things together until it makes sense in my mind, but then again just because it makes sense to me doesn't mean its correct. So please enlighten me lol. would like to learn a thing or two if this turns out to be factual.

Sorry i fell asleep I am a human. But you did not ready very well cause the ps3 is the one the copys all the ldrs into the ram before feeding them to the metldr we dont need the lvokey to dump the lv0 we can do this. you use a kernal MODULE to map out the real memory of the ps3 so we can dump the ram you dont use a kernal to copy the ldrs into the ram that is done. you have to get these loaders from a ram with dual nor and you may need a signed lv1 still. But once you map out the real memory by all mean dumping the ram is the next step and once that done you have the keys basically. but as of know the lv0 has all they keys into it as a ppu binary. Side note- The lv0 is not perconsle encrypted and can be updated. The lv0 also is decrypted by the bootldr as mentioned in my thread. if your a commen user messing with all this could result in a ylod/brick + sorry for spelling grammer ect: i was typing fast and hurrying

[loller]

Originally Posted by PsDev Sorry but if you do dump the ram you will get all the loaders cause the lv0 copys them there cause the metldr still has to run them this is verfied and this is not old what so ever

So why dont you did it already?

http://www.*******.com/PS3-Hacks/jai...playstation-3/

If you dump the ram you will just get encrypted info, decription will be inside cell isolated spe, so stop say bullsh1t or do it.

[PsDev]

Originally Posted by loller So why dont you did it already? http://www.*******.com/PS3-Hacks/jai...playstation-3/ If you dump the ram you will just get encrypted info, decription will be inside cell isolated spe, so stop say bullsh1t or do it.

Incorrect sorry learn before you speak \. if you dump the ram you very well will get the loaders we DONT have to know the lv0 key to dump the lv0

[ps3tricks]

from what i have seen this will lead us to nothing,not because of this walkthrough but because there is no one with needed skills,except math and few others who will never release something this big.

PsDev thx for sharing this possible exploit,but this is just like math guide but much more n00b friendly. Devs only post guide how to do something but its up to others to do hard part,if u know how (seems u know) and have needed skills why don't you do it anyway?

[munky875821417]

what about using binary2elf it has a ppu setting to convert binary to elf? binary2elf --ppu <lv0> lv0.elf --64 --little

[VIRGIN KLM]

I like what's happening in this thread.(not jokking)

[autechre]

So then would it be a case of a single RAM dump at a specified stage, or multiple dumps in order to attain the keys at various instances. Also, what hardware would be used to aquire a "hard" dump of the PS3 RAM ? Presumably this would have to be soldered into the motherboard, does anybody know the PS3's system architecture well enough to spectulate how this would be implimented ? This method seems the most promising of all proposed so far, as it would mean ALL FUTURE data encryption would be in effect compromised.

[munky875821417]

there are data sheets of the ram