[JustThatDude]

Originally Posted by hellsing9 To see the files of a .PUP you need fairfl0w tools. Regarding MAD downgrade, i will advice that you don't go for it.

Im not going to try and downgrade with MAD i was just wondering cause i want to make another lv2diag.self to get out of FSM. I wanted to look into MAD because i wanted to see how they did it with the syscalls.


Sent from my iPhone using Tapatalk

[hellsing9]

Originally Posted by JustThatDude Im not going to try and downgrade with MAD i was just wondering cause i want to make another lv2diag.self to get out of FSM. I wanted to look into MAD because i wanted to see how they did it with the syscalls. Sent from my iPhone using Tapatalk

I didn't say that you try it just don't go for it, you will not understand nothing and *they* will not explain anything.
That's what i mean.

[euss]

3.56 'mad' / bad idea is just mmap/peek+poke with some more patches.

these are used:

600	0x258	sys_storage_open
601	0x259	sys_storage_close
602	0x25A	sys_storage_read
603	0x25B	sys_storage_write

for the downgrader...

[JustThatDude]

Originally Posted by hellsing9 I didn't say that you try it just don't go for it, you will not understand nothing and *they* will not explain anything. That's what i mean.

Just wanted to learn from their mistake. Im also wondering why no one has tried to find the lv2diag.self because in my opinion it be a lot easier to do that than find a exploit to jailbreak on 4.11. Read my other posts in this thread, i just don't get why we haven't tried to do that.


Sent from my iPhone using Tapatalk

[JustThatDude]

Originally Posted by euss 3.56 'mad' / bad idea is just mmap/peek+poke with some more patches. these are used: 600 0x258 sys_storage_open 601 0x259 sys_storage_close 602 0x25A sys_storage_read 603 0x25B sys_storage_write for the downgrader...

Hey i was trying to get the pre complied fail0verfl0w tools for windows and the download link that is on ps3devwiki does not work

[euss]

Originally Posted by JustThatDude Just wanted to learn from their mistake. Im also wondering why no one has tried to find the lv2diag.self because in my opinion it be a lot easier to do that than find a exploit to jailbreak on 4.11. Read my other posts in this thread, i just don't get why we haven't tried to do that.

maybe, because there is 2^64 possible combinations, and that there might even be secundairy security added since downgrader made such a big hit (and their bundle of joyfull patches since 3.56 to enhance 'system' functions)?

Having 4.11 dumps would make that alot easier, the lot of the needed data is inside lv1 hypervisor.

[hellsing9]

Originally Posted by JustThatDude Just wanted to learn from their mistake. Im also wondering why no one has tried to find the lv2diag.self because in my opinion it be a lot easier to do that than find a exploit to jailbreak on 4.11. Read my other posts in this thread, i just don't get why we haven't tried to do that. Sent from my iPhone using Tapatalk

They were *playing with ice* for so much time and generating bricks by the improper use of the tool.
You are not messing with a simple layer there where you can UNDO any error possible so easy.
And the truth that @euss posted.

[euss]

Originally Posted by JustThatDude Hey i was trying to get the pre complied fail0verfl0w tools for windows and the download link that is on ps3devwiki does not work

http://www.ps3devwiki.com/files/devt...s/precompiled/ ?
************* [ - Post Merged - ] *************

Originally Posted by hellsing9 They were *playing with ice* for so much time and generating bricks by the improper use of the tool.

The lv2diag.self leak goes back into 2.43 firmware era...

Originally Posted by hellsing9 You are not messing with a simple layer there where you can UNDO any error possible so easy.

Service mode is alot more tightened down (laid/paid, dongle authentication, syscon crypto etc) and cut down of functions. Plus it is hard to debug too, e.g. if you have an application in which you would like to read offset 'X' in flash and put that on screen, you normally have lots of lv2 syscalls you can use, but in service mode that is reduced to lets say 1/10th (and no proper debugger, in case your code does not work from scratch or needs 100% confirmation).

So basicly, if you are a proper developper and made your fair share of applications for the PS3 and one day decide to make an lv2diag.self - then you run into a whole new world with alot of sinkholes that makes you wonder why your code does not work (even though it is valid).

[JustThatDude]

Originally Posted by euss maybe, because there is 2^64 possible combinations, and that there might even be secundairy security added since downgrader made such a big hit (and their bundle of joyfull patches since 3.56 to enhance 'system' functions)? Having 4.11 dumps would make that alot easier, the lot of the needed data is inside lv1 hypervisor.

So right now we don't have lv1 hypervisor accessible or are we stuck in the process of trying to decrypt it? Sorry for the little knowledge of the lv1 hypervisor as I said in my other post i'm now starting to read up on the Ps3DevWiki. I need @CrashSerious in here to help out as @Default _DNB said he was the man for FSM but obviously he can't because he is in the hospital recovering from surgery(hope he gets out soon and well).

[JustThatDude]

Originally Posted by euss maybe, because there is 2^64 possible combinations, and that there might even be secundairy security added since downgrader made such a big hit (and their bundle of joyfull patches since 3.56 to enhance 'system' functions)? Having 4.11 dumps would make that alot easier, the lot of the needed data is inside lv1 hypervisor.

Okay to my understanding on the Factory service mode consists of us needing two lv2diag.self, one for going into FSM (I think we have access to this file correct me if I'm wrong) and one for getting out of FSM (we no longer have access to this again correct me if I'm wrong). So why would we need the file to get out of FSM if we do the downgrade process before we use that file? If we have access to the 3.55 lv2diag.self file to get out of FSM isn't that all we need since were downgrading first. If not can you redirect me on how the FSM works (still getting used to the navigation of the wiki). Much help would be appreciated from you guys so i can learn from my own mistakes and learn more in the process