graf_chokolo a trouvé un exploit similaire à celui de Geohot, mais celui-ci n'a plus besoin d'Other OS pour fonctionner et permet ainsi de dumper l'Hyperviseur via GameOS, ce qui lui a permis de récupérer la vrai USB Dongle Master Key.L'ancienne clé trouvée qui était utilisée pour downgrader les PS3 ne fonctionnait que pour les dongles ayant l'ID 0xAAAA. Maintenant, on peux générer une clé pour n'importe quel id.
Concrètement, ça ne change pas grand chose pour l'utilisateur final actuellement, mais en cas de révocation de dongle ID, nous sommes maintenant protégés.
Je vous laisse le message original:
I have just exploited and dumped HV 3.15 from GameOS
I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.
I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry
Now we don't need Linux to exploit and dump HV. Furthermore, HV dump from GameOS is a lot better because when GameOS is running more features are activated in HV So, i can reverse now more C++ objects and understand better how HV works
I will make everything public very soon and i plan to dump HV 3.41 in the next days
Happy New Year guys!
Et son deuxième message indiquant qu'il a trouvé la master key via le dump de l'HV:
And now i dumped the real USB Dongle Master Key guys Noone needs it now but here it is. I tested it with HMAC SHA1 and dongle key 0xAAAA and got the same dongle key that was reversed by KaKaRoTo
Just as i said previously, use USB Dongle Authenticator, then dump HV and the decrypted USB Dongle Master Key will be in HV dump I extracted this key from my HV dump after i used USB Dongle Authenticator on GameOS. Then i rebooted GameOS but not HV and the key was still in HV and still decrypted
static u8 master_key[20] =
{
Code:
46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2
};
Source : http://psx-scene.com/forums/f6/graf_chokolo-hv-exploit-dump-gameos-73893/
Flux RSS