What i can say about this guy, this man called Graf_Chokolo has stripped the PS3 even further that it needs to get the ESRB rating before the censorship board does. To be frank, i am not a programmer guy, but i believed that Graf_Chokolo has made a similar attempt such as Geohot back in January although in much better away because Geohot needs the OtherOS for his hacking while Graf_Chokolo doing it right on the GameOS.
Yeah, the GameOS. The operating system that operates the PS3 system where you can play your PS3 games, Blu-ray movies, PSN etc. etc. It much better hacking this way because you don’t have to boot the Linux OtherOS to attempt any hacking. Unfortunately, we might expect this from Sony especially after what happened to OtherOS.
Quite scary huh? Well if CFW (or we can say a permanent jailbreak) on PS3 is possible, then i think we don’t have to worry about it since it is PERMANENT. Quite similar to the CFW hacking in the PSP community..Well..yeah, raise your hand if you think that Graf_Chokolo is the next Dark-Alex!
I have just exploited and dumped HV 3.15 from GameOS
I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.
I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry
Now we don’t need Linux to exploit and dump HV. Furthermore, HV dump from GameOS is a lot better because when GameOS is running more features are activated in HV So, i can reverse now more C++ objects and understand better how HV works
I will make everything public very soon and i plan to dump HV 3.41 in the next days
Happy New Year guys!
Finally i will get access to SYSCON, EPROM, ENCDEC device and more
And now i dumped the real USB Dongle Master Key guys Noone needs it now but here it is. I tested it with HMAC SHA1 and dongle key 0xAAAA and got the same dongle key that was reversed by KaKaRoTo
Just as i said previously, use USB Dongle Authenticator, then dump HV and the decrypted USB Dongle Master Key will be in HV dump I extracted this key from my HV dump after i used USB Dongle Authenticator on GameOS. Then i rebooted GameOS but not HV and the key was still in HV and still decrypted
static u8 master_key =
0×46, 0xDC, 0xEA, 0xD3, 0×17, 0xFE, 0×45, 0xD8, 0×09, 0×23,
0xEB, 0×97, 0xE4, 0×95, 0×64, 0×10, 0xD4, 0xCD, 0xB2, 0xC2,
Above, are what Graf_Chokolo has posted at PSX-Scene.