|
|
02-17-2012
|
#1 |
|
Member
 
Join Date: Jan 2012
Posts: 192
Likes: 132
Liked 64 Times in 43 Posts
Mentioned: 11 Post(s)
Tagged: 0 Thread(s)
|
TrueBlue and Cobra payload
 I (aka shadoxi) figured out where is located the payload of Trueblue and cobra dongle. You can find it at offset @360 000 in lv2_kernel and 7f0000 in ps3 memory. First of all you need to edit the header of lv2_kernel.self (from cfw trueblue) at offset 0x1D, replace 36 1A 00 by 4C FC F0. And decrypt it with unself tool from fail0verFlow. Open lv2_kernel.elf with Ida pro (in binary file mode), go to offset 360000 and press "C" to convert to asm code. TrueBlue use some HVCALL: lv1_insert_htab_entry lv1_undocumented_function_114 lv1_undocumented_function_115 lv1_allocate_device_dma_region lv1_map_device_dma_region lv1_net_start_tx_dma lv1_net_control lv1_panic (shutdown ps3 when TB is unplugged) This payload do some hvcall: lv1_insert_htab_entry (map lv1) lv1_allocate_device_dma_region (?) lv1_map_device_dma_region (?) lv1_net_start_tx_dma (?) lv1_net_control (?) lv1_panic (shutdown ps3 when TrueBlue Dongle is unplugged) lv1_undocumented_function_114 (map lv1) lv1_undocumented_function_115 (unmap lv1) We need now to dump lv2 and lv1 memory when TrueBlue is plugged. So I create a modified TrueBlue Cfw with peek and poke syscall. It work fine ! Payload mirror: www.mediafire.com/?vpf113m30y5x4kh source: ps3newz Last edited by Nateblitz16; 02-17-2012 at 05:56 PM. |
|
|
|
Likes: (5) |
|
02-17-2012
|
#2 |
|
Apprentice
Join Date: Jul 2008
Posts: 1
Likes: 0
Liked 0 Times in 0 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
This is true? Now what?
Sent from my u8800 using Tapatalk |
|
|
|
|
02-17-2012
|
#3 | |
|
Member
Join Date: Nov 2009
Posts: 190
Likes: 27
Liked 88 Times in 57 Posts
Mentioned: 11 Post(s)
Tagged: 0 Thread(s)
|
|
|
|
|
|
|
02-17-2012
|
#4 |
  Join Date: Oct 2010
Posts: 531
Likes: 21
Liked 116 Times in 64 Posts
Mentioned: 6 Post(s)
Tagged: 0 Thread(s)
|
Wait what? what does this work for huh
Is this big news or what? |
|
|
|
|
02-17-2012
|
#5 |
|
Member
Join Date: Jan 2012
Posts: 192
Likes: 132
Liked 64 Times in 43 Posts
Mentioned: 11 Post(s)
Tagged: 0 Thread(s)
|
ps3newz just deleted the thread..
|
|
|
|
|
02-17-2012
|
#6 | ||
  
Join Date: Jun 2009
Location: up sh*t creek without a paddle
Posts: 7,642
Likes: 2,745
Liked 5,250 Times in 2,510 Posts
Mentioned: 358 Post(s)
Tagged: 1 Thread(s)
|
__________________
|
||
|
|
|
|
02-17-2012
|
#7 | ||
|
Join Date: Jun 2009
Location: up sh*t creek without a paddle
Posts: 7,642
Likes: 2,745
Liked 5,250 Times in 2,510 Posts
Mentioned: 358 Post(s)
Tagged: 1 Thread(s)
|
__________________
|
||
|
|
|
|
02-17-2012
|
#8 |
|
Member
 
Join Date: Jul 2011
Location: IN YOUR MUM'S BED
Posts: 375
Likes: 300
Liked 100 Times in 72 Posts
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
|
WHAT!!!!!!!!!
__________________
|
|
|
|
|
02-17-2012
|
#9 |
|
Join Date: Oct 2010
Posts: 531
Likes: 21
Liked 116 Times in 64 Posts
Mentioned: 6 Post(s)
Tagged: 0 Thread(s)
|
not downloaded the files, too lazy
But are the payloads for other atmel devices? |
|
|
|
|
02-17-2012
|
#10 |
|
Member
 Join Date: Sep 2011
Posts: 49
Likes: 64
Liked 13 Times in 10 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
hopefully this is the end of the disease
__________________
 |
|
|
|
 |
| Bookmarks |
| Thread Tools | |
|
|
