[Disane]

Originally Posted by KDSBest That's bull****. You can't dump it that's the point. What you talk about is from the nand/nor, but not the memory. In memory Lv2 is not encrypted and can not be dumped from userland. If you can dump it from userland you got the power to really search an exploit. I need 2 bytes in lv2 on a syscall i can call and I can pwn the whole lv2. First patch peek -> dump the real one (if you don't got it) Then patch a poke -> poke real peek and poke syscalls -> restore overwritten lv2 stuff with the poke syscall -> done Theory is always as simple as that. There is no need for complicated payloads if you manage to write to a syscall that is callable from userland. The whole security breaks apart from that on. Of course such things are patchable. We should wait for ps4 and checkout what AMD came up with. In my opinion IBM > AMD, but we will see ^^. The cell has a strong security system, just the implementation lacks. Biggest mistake was that they said, metldr is not patchable . They just don't use it anymore. I did enough, most people don't even know what I all did. It's time for a new generation . I am an oldie to the ps3 scene xD and still very underestimated ^^

So, if I'm not mistaken you are patching the syscall table at this point. Did it work?

[TheEvolution_PT]

Originally Posted by KDSBest That's bull****. You can't dump it that's the point. What you talk about is from the nand/nor, but not the memory. In memory Lv2 is not encrypted and can not be dumped from userland. If you can dump it from userland you got the power to really search an exploit. I need 2 bytes in lv2 on a syscall i can call and I can pwn the whole lv2. First patch peek -> dump the real one (if you don't got it) Then patch a poke -> poke real peek and poke syscalls -> restore overwritten lv2 stuff with the poke syscall -> done Theory is always as simple as that. There is no need for complicated payloads if you manage to write to a syscall that is callable from userland. The whole security breaks apart from that on. Of course such things are patchable. We should wait for ps4 and checkout what AMD came up with. In my opinion IBM > AMD, but we will see ^^. The cell has a strong security system, just the implementation lacks. Biggest mistake was that they said, metldr is not patchable . They just don't use it anymore. I did enough, most people don't even know what I all did. It's time for a new generation . I am an oldie to the ps3 scene xD and still very underestimated ^^

You are a nice guy

[devil hunter]

Originally Posted by KDSBest That's bull****. You can't dump it that's the point. What you talk about is from the nand/nor, but not the memory. In memory Lv2 is not encrypted and can not be dumped from userland. If you can dump it from userland you got the power to really search an exploit. I need 2 bytes in lv2 on a syscall i can call and I can pwn the whole lv2. First patch peek -> dump the real one (if you don't got it) Then patch a poke -> poke real peek and poke syscalls -> restore overwritten lv2 stuff with the poke syscall -> done Theory is always as simple as that. There is no need for complicated payloads if you manage to write to a syscall that is callable from userland. The whole security breaks apart from that on. Of course such things are patchable. We should wait for ps4 and checkout what AMD came up with. In my opinion IBM > AMD, but we will see ^^. The cell has a strong security system, just the implementation lacks. Biggest mistake was that they said, metldr is not patchable . They just don't use it anymore. I did enough, most people don't even know what I all did. It's time for a new generation . I am an oldie to the ps3 scene xD and still very underestimated ^^

Well, asuming they are using the same CPU type of home pcs (x86-64)

then we should experience another xbox era ^^. Also, I believe that ps successor and xbox successor can't can't get another PPC cpu, because IBM was sold and no one else develops/designs such cpus anymore .

Off topic, THANK YOU <3 for your work, best wishes.

Sorry for any grammar errors.

[oPolo]

For whatever guy/girl that says this will allow backups to play on FW 4.20... If I am not mistaken, this is a usermode exploit right, and as such, no memory peeking or poking is possible, and as such no ordinary backupmanagers is possible... However, all homebrew not playing with those two, should work out

[sonyisass]

Hacker's community need our donations to buy a Tianhe - 2A (the most powerfull supercomputer) to crack sony firmware.

[bigo93]

Originally Posted by sonyisass Hacker's community need our donations to buy a Tianhe - 2A (the most powerfull supercomputer) to crack sony firmware.

Or get hundreds of ps3's linked together with linux to produce a much cheaper supercomputer, the US Airforce did it.

[sonyisass]

Originally Posted by bigo93 Or get hundreds of ps3's linked together with linux to produce a much cheaper supercomputer, the US Airforce did it.

What the.... ??, how can such a thing be used to
create a supercomputer.
even if it can be done sony would
soon hijack our system

[stussy1]

Originally Posted by sonyisass What the.... ??, how can such a thing be used to create a supercomputer. even if it can be done sony would soon hijack our system

link

http://phys.org/news/2010-12-air-pla...rcomputer.html

[JustThatDude]

Originally Posted by bigo93 Or get hundreds of ps3's linked together with linux to produce a much cheaper supercomputer, the US Airforce did it.

I believe thats what fail0verfl0w did or another team as well. If im not mistaken if I am correct me and show me proff

[manster]

Originally Posted by JustThatDude I believe thats what fail0verfl0w did or another team as well. If im not mistaken if I am correct me and show me proff

this is what fail0verflow did:


DCEmu Reviews - 27C3 - Chaos Communication Congress 2010 - fail0verflow - FULL VIDEO - YouTube


sorry for off topic.