Fire vs Fire - PS3Hax Network

MIDASA · 04-04-2009

I had many thoughts like many people, about how to hack the PS3.

I was sure that the only way to hack the PS3 would be if someone, would find a hole in the Hypervisor, or get somehow the CEX and DEX things leaked, for service mode. (Also there are it is seperated in 2 groups, who are trying to hack the station. PS3-Linux-OS and XMB-OS.)

I thought so until somethins came to my mind.
The Hypervisor blocks specific code, which is on something like list, or he only let's code execute, which stands on a "list". I rather think it would be the first.
But, the Hypervisor is software itself, and is build with low-level code.

So that is the Clue.

There has to be another homebrewed Hypervisor, made on Linux.
And here is how it works:

Normaly:
You run a code, so that the HPV will take it and look at it.
If it has "forbidden code", it blocks it and ends the programm.
If it has "allowed code", it lets the code run.

How it works with 2 HPV:
You run a code, so that a HPV tries to take it,
but in the moment, when the "HPV-activation-code", that is on our new Homebrewed-HPVs-list, is activated, our Homebrew-HPV takes the HPV and blocks it.

BUT:
The only thing, which could be a problem, is, that the Homebrewed-HPV must be coded with code, that isn't blocked by the HPV.

This way of hacking is based on the Firewall vs. Firewall trick, someone told me about some time ago.

I think that would be an exploit.
If anybody would understand something about that, please try it.
If anybody has a question, your welcome.
If you find any false aspects, your welcome
since we only learn from our mistakes.

cheers!

EDIT: Please, say anything or ask anything^^

Nover · 04-16-2009

You can't act with things on the Primary OS

Primary OS rights: Primary
Secondary OS rights: Slave

or i am wrong

And is the Hypervisor software side or hard coded to the hardware?

jaasumbra · 04-16-2009

Originally Posted by MIDASA

The Hypervisor blocks specific code, which is on something like list, or he only let's code execute, which stands on a "list". I rather think it would be the first.

The hypervisor checks for signed files, it doesn't block specific code on a list as such...

So I don't get what you mean, and if you mean what I think you mean. I think you are wrong..

but correct me if im wrong anyone..

also with newer firmwares the security has become more and more secure.. I don't think we will be lucky unless we stay on a low firmware or get an Infectus chip fast.. probably to late as the latest firmware has strengthened the hypervisor even more...

MIDASA · 04-16-2009

@jaasumbra: I think you think what I was thinking, but I am talking about the Linux side, not the GameOS side. And I think that you can run code on the Linux side, so it doesn't matter if it signed.^^
But I read that the Hypervisor is essential to OtherOs, because it gives you access to the Hardware. So In my Theorie the only thing the HB-Hypervisor should block would be the Security, but still has to give access to the Hardware. So it should only block certain progresses but not the whole Hypervisor.

@Nover: I'm talking about the Linux side, that is only a Slave because of the Hypervisor^^
The Hypervisor is Hardcoded, I think. That could make the whhole thing really really complicated.

correct me If I'm wrong

javasucks · 04-16-2009

http://wiki.ps2dev.org/ps3:hypervisor

Well some system calls allow you to access low level hardware.There was even a rsx exploit a while back but was not useful in real hacking as the processor and graphics is not unified so it's not like you can jump code.

What is really interesting is a pdf document I read a while back about the ps3.The document detailed a student that managed to get all the spus to run at the same time.

The hunt is on you just need to experiment,their could be a low level call which boots a different flag for service mode or this could be hard coded into efuses in which case we are screwed.

Nover · 04-16-2009

Originally Posted by jaasumbra

The hypervisor checks for signed files, it doesn't block specific code on a list as such...

So I don't get what you mean, and if you mean what I think you mean. I think you are wrong..

but correct me if im wrong anyone..

also with newer firmwares the security has become more and more secure.. I don't think we will be lucky unless we stay on a low firmware or get an Infectus chip fast.. probably to late as the latest firmware has strengthened the hypervisor even more...

I think on 2.70 the Hypervisor is very buggy i played ratchet & clank futuere tools of descrution and it gave out an error message on the screnn something like

PUT: ffffffff5 something like this
OUT: 00E500 something like this
DEX: Code i don't remeber
CEX: HEX Code wich was to long ot remember
the most of the message was HEX
It gave out an error message with details to the code
Since 2.70 some games are very slow and unstable i think they made something wrong

jaasumbra · 04-17-2009

Originally Posted by MIDASA

@jaasumbra: I think you think what I was thinking, but I am talking about the Linux side, not the GameOS side. And I think that you can run code on the Linux side, so it doesn't matter if it signed.^^
But I read that the Hypervisor is essential to OtherOs, because it gives you access to the Hardware. So In my Theorie the only thing the HB-Hypervisor should block would be the Security, but still has to give access to the Hardware. So it should only block certain progresses but not the whole Hypervisor.

@Nover: I'm talking about the Linux side, that is only a Slave because of the Hypervisor^^
The Hypervisor is Hardcoded, I think. That could make the whhole thing really really complicated.

correct me If I'm wrong

Okay I misunderstood you then.
BUT...
AFAIK, Linux doesen't have full RSX Access and only has limited access to hardware of the ps3. So being able to install any homebrew via linux, wount be possible.. def not any homebrew that you can uses full hardware suport.

Originally Posted by Nover

I think on 2.70 the Hypervisor is very buggy i played ratchet & clank futuere tools of descrution and it gave out an error message on the screnn something like

PUT: ffffffff5 something like this
OUT: 00E500 something like this
DEX: Code i don't remeber
CEX: HEX Code wich was to long ot remember
the most of the message was HEX
It gave out an error message with details to the code
Since 2.70 some games are very slow and unstable i think they made something wrong

I heard that the system was buggy because of the extra security not because of the HV being Buggy, but if that's the case they failed big time, as most games on my friends system doesn't even work.. it's so delayed, even in GH3 it's impossible to play, and its very very laggy in the XMB..

Though if it is because of the HV being buggy it might be a good idea to stay on 2.70 (I doubt it will create any possibilities though)
and if it's true that it's because of the hypervisor

MIDASA · 04-17-2009

Originally Posted by jaasumbra

Okay I misunderstood you then.
BUT...
AFAIK, Linux doesen't have full RSX Access and only has limited access to hardware of the ps3. So being able to install any homebrew via linux, wount be possible.. def not any homebrew that you can uses full hardware suport.

Yes, now you got what I mean, but I also mean, no real Homebrew, like on the PSP to play it from the XMB. I mean a programmed Programm that you can execute from the Linux side, because that is possible and it is possible to programm on the Linux side. So you would be able to execute your own programmed Software, if it doesn't do anything, that the HV doesn't like.

jaasumbra · 04-18-2009

Originally Posted by MIDASA

Yes, now you got what I mean, but I also mean, no real Homebrew, like on the PSP to play it from the XMB. I mean a programmed Programm that you can execute from the Linux side, because that is possible and it is possible to programm on the Linux side. So you would be able to execute your own programmed Software, if it doesn't do anything, that the HV doesn't like.

And what do you wish theese homebrew programs to be able to do?
As long as they don't have full RSX Support (which linux doesn't have) The programs will be more or less useless, and they would be able to run even better on a normal personal computer.

MIDASA · 04-18-2009

I want to have a second Hypervisor, that is programmed, to block every block of the first, if that even is possible.
I wrote it in the very first post

04-04-2009	#1
MIDASA Member Join Date: Dec 2008 Posts: 72 Likes: 34 Liked 6 Times in 6 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	Fire vs Fire I had many thoughts like many people, about how to hack the PS3. I was sure that the only way to hack the PS3 would be if someone, would find a hole in the Hypervisor, or get somehow the CEX and DEX things leaked, for service mode. (Also there are it is seperated in 2 groups, who are trying to hack the station. PS3-Linux-OS and XMB-OS.) I thought so until somethins came to my mind. The Hypervisor blocks specific code, which is on something like list, or he only let's code execute, which stands on a "list". I rather think it would be the first. But, the Hypervisor is software itself, and is build with low-level code. So that is the Clue. There has to be another homebrewed Hypervisor, made on Linux. And here is how it works: Normaly: You run a code, so that the HPV will take it and look at it. If it has "forbidden code", it blocks it and ends the programm. If it has "allowed code", it lets the code run. How it works with 2 HPV: You run a code, so that a HPV tries to take it, but in the moment, when the "HPV-activation-code", that is on our new Homebrewed-HPVs-list, is activated, our Homebrew-HPV takes the HPV and blocks it. BUT: The only thing, which could be a problem, is, that the Homebrewed-HPV must be coded with code, that isn't blocked by the HPV. This way of hacking is based on the Firewall vs. Firewall trick, someone told me about some time ago. I think that would be an exploit. If anybody would understand something about that, please try it. If anybody has a question, your welcome. If you find any false aspects, your welcome since we only learn from our mistakes. cheers! EDIT: Please, say anything or ask anything^^ Last edited by MIDASA; 04-06-2009 at 04:57 AM.

04-16-2009	#2
Nover Apprentice Join Date: Feb 2009 Posts: 6 Likes: 0 Liked 0 Times in 0 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	You can't act with things on the Primary OS Primary OS rights: Primary Secondary OS rights: Slave or i am wrong And is the Hypervisor software side or hard coded to the hardware? Last edited by Nover; 04-16-2009 at 09:53 AM.

		PS3Hax Network - Playstation 3 Hacks and Mods > PS3Hax > PS3 \| Jailbreak & Custom Firmware
Fire vs Fire

04-16-2009	#5
javasucks Member Join Date: Oct 2008 Posts: 38 Likes: 0 Liked 4 Times in 1 Post Mentioned: 0 Post(s) Tagged: 0 Thread(s)	http://wiki.ps2dev.org/ps3:hypervisor Well some system calls allow you to access low level hardware.There was even a rsx exploit a while back but was not useful in real hacking as the processor and graphics is not unified so it's not like you can jump code. What is really interesting is a pdf document I read a while back about the ps3.The document detailed a student that managed to get all the spus to run at the same time. The hunt is on you just need to experiment,their could be a low level call which boots a different flag for service mode or this could be hard coded into efuses in which case we are screwed.

04-18-2009	#10
MIDASA Member Join Date: Dec 2008 Posts: 72 Likes: 34 Liked 6 Times in 6 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	I want to have a second Hypervisor, that is programmed, to block every block of the first, if that even is possible. I wrote it in the very first post

User Name		Remember Me?
Password