[hellsing9]

I have a partial/test/pre-alpha exploit with skyrim. Since the game itself bring the PROM to his knees. Maybe could work.

Don't know.

[jarmster]

im sorry but if your going to dump ram after pulling the cell reset, you are going to need to dump ram long before you have an option to use an exploit.....i would think. if you want anything useful from the ram dump anyways

[Calliope]

Originally Posted by jarmster im sorry but if your going to dump ram after pulling the cell reset, you are going to need to dump ram long before you have an option to use an exploit.....i would think. if you want anything useful from the ram dump anyways

But what if we make the system crash and, when it tries to recover/restart we inject the code so that the code runs in the second recycle of the process? Bypassing the first cycle of check.

[svenmullet]

Originally Posted by jarmster you need to run the code too. loading your custom code to ram is one thing but then you need to execute it. So what? metldr runs the lvl1ldr, loads your custom lvl1 to ram. then what? its the lvl1ldr with control which in turns returns to the metldr which loads lvl2ldr.... Im just speculating but you see what i mean,you need to understand the loaders and how they work in order to get your code to run....

I see. So it has to be a metldr exploit then?

My problem is I can read about this stuff all day long (and I do) but it's just beyond my comprehension, mostly What I do know is that the ramdump has to take place very early in the reboot, before anything overwrites the memory. So metldr's first task is loading Lv1ldr.self, what about replacing Lv1ldr with the custom self? As I said, it doesn't matter what happens after that, the work is done already by the time the PS3 crashes...

[DjKlown]

@hellsing9 don't think the memory failure in said games will be of anyuse. Sony did learn from their mistakes with psp. But would love to hear wjat u have... Must remember that the hv will not allow that from what i know.

[cfwprpht]

No Team Rebug is not involved as far as i know. And by the way your now on the right way but you don't need a hardware guy or a dual NOR or something like that. But keep going guys ther are always more ways to one goal

I attached a litle POC for you all. It's a dump of 3.55 and the used app is BlackBox. I just used a small app to make things to start more easy. We also have a RAM dump of OFW 3.74 and we don't have used any hardware or software moddifications. To time i still hold back some infos i hope for your understanding.

[jarmster]

exactly....rewrite the lvl1ldr to dump ram and resign it. i think i remember math saying that the lvl1ldr still had access to ram early on....but see...this is all speculation....first and formost.....disassemblies of the loaders...thats where you start..you need to understand the code and what the hell it does....if you cant, you'll never dump ****.

[svenmullet]

Originally Posted by cfwprpht No Team Rebug is not involved as far as i know. And by the way your now on the right way but you don't need a hardware guy or a dual NOR or something like that. But keep going guys ther are always more ways to one goal I attached a litle POC for you all. It's a dump of 3.55 and the used app is BlackBox. I just used a small app to make things to start more easy. We also have a RAM dump of OFW 3.74 and we don't have used any hardware or software moddifications. To time i still hold back some infos i hope for your understanding.

The thing is, we don't have 3.60+ keys. If we want to decrypt 3.60+ games, we have to be running 3.60+FW to load them into memory in the first place. And since we can't dump ram on 3.60+, a dual NOR/NAND with a hacked loader seems to be the only way to do this... how did you get a ram dump of 3.74?

[cfwprpht]

Well some times you all think to complicate. We have no keys to this stage of work and if we some days get hands on new keys we will release them. We get the dump on the same way like Paradox or True Blue i guess.

Please understand when i don't want tell you how it works cause i don't want to have it patched by sony in one of the new fw's till it is finished or till we can provide some new 3.6+ games free for all.

And maybe even then chances are high that i don't will release till the scene will have something new that sony can't patch with future updates like eg a full working bootloader exploit.

[hellsing9]

Originally Posted by DjKlown @hellsing9 don't think the memory failure in said games will be of anyuse. Sony did learn from their mistakes with psp. But would love to hear wjat u have... Must remember that the hv will not allow that from what i know.

they can keep patching the game but not some faulty memory issue theres another *title* that cause the same chain reaction, if that happens half of what i was doing is ****ed.

But we never know what surprise might bring