Ps 3 Jailbreak

[sadar 0]

DARTH047 +1 полностью с тобой солидарен. Ребят, что вот это значит, инфа обновилась на сайте: http://ps3hvdoc.wikispaces.com/

26/02/2010 : Added PUP files link

Изменено 27 февраля 2010 пользователем sadar

[RJocker 0]

Прошившу ждут не бомжи а здравомыслящие люди которые понимают что платить по 2 тыщи за пластмассу это маразм. Да и большинству тех кто будет играть пиратки- псн нахрен не нужен.

+1

Уже раза 3-4 с ПС3 себя обманывал (покупал и не выдерживал стоимости дисков)

[XKane 0]

Ну там что взломают когда-нибудь ? Или опять пустой треп ?

[CAH4E3 0]

XKane, взломали уже, беги прошивай :gamer4:

[Puhlic 4]

Хватит уже оффтопить! :mad: Задолбался за вами чистить...

[creker 0]

Поэтому следующего шанса не будет. Тему просто закроют.

[100 0]

Today we have some news from Spanish PS3 developer DemonHades (linked above) of their ongoing PS3 Hypervisor and Bootstrap lv0/lv1 examination, and news of http://www.codeplay.com/en/news/press-subm...e-devices's Offload: Community Edition which is now available free for Cell Broadband Engine devices.

 

Download: http://offload.codeplay.com/downloads/linu...floadv1.0.1.exe

 

Раскрыть спойлер

To quote: "The Offload tool suite provides the Offload tool as well as a full Windows based GCC SDK, enabling the easy offloading code to the SPUs on the Cell Broadband Engine.

 

It also includes integration with a Cell Broadband Engine enhanced Eclipse CDT, and the Offload Player Debugger, for executing and debugging code on the target Cell Broadband Engine hardware. Offload: Community Edition is free to use for academic research and commercial projects, subject to licensing conditions."

 

Below is DemonHades PS3 Hypervisor and Bootstrap Dump lv0/lv1 examination findings thus far, roughly translated via Google. If anyone who is fluent in Spanish can add to it feel free to do so below!

 

For those who bear on our community and this study shall know the hypervisor and bootstrap, but for new and newcomers who want to know about the safety features on ps3, and is protected as it manages the hypervisor (hardware manager) believe that interesting reading this list.

 

Then I leave it here hypervisor dump that I have gone and published it to all make a good background paper on the hypervisor and the bootstrap

 

Here you will be added all the features you get in a list, if you see that are already discussed here, and exposed them to not only need to copy them from your valleys and fast

 

TerminosBE Dictionary ---> Broadband Engine (Cell Processor)

RSX-->Grafica NVIDIA Playstation 3

SB-->SouthBritdge

SS2-->StarShip 2 Northbridge

LPAR-->Particion Logica

flh--->Memoria Flash

lx-->Linux OS

xmb-->Frontend del Game_OS

Otheros-->Particion para el GUEST OS

spu-->Procesadores de apoyo para el procesador Central

ppu-->Unidad de Procesamiento Central.

lv--->Level o Nivel.

ldr-->Loader o Cargador

pkg-->Package o Contenedor de datos.

 

Layout Ram Privilege

 

TABLE OF PARTITIONS

 

 

 

Colors representing the number of the partition

 

1.A lack of defined (temporary)

 

2.--->LPAR_PS3

10200000030000010000000000000001

 

3.A lack of defined (temporary)

 

4.A falta de definir(temporal)

 

5.--->LPAR_Linux

10800000040000010000000000000003

 

6.A falta de definir(temporal)

 

FROM A COPY OF CORE_OS internal NANDFLASHEste ram content belongs to a copy of the partition you, which is on the nand flash, seems to be encrypted is copied to ram and decryption ayi same.

 

Description of the Binary

 

asecure_loader

 

Better known as METLDR, is the first loader in the chain of decoded, this loader is loaded into the SPU isolated, it decrypts the master key to decrypt the keys by removing the following loaders (ldr1, lv1, ldr2, LV2)

 

spu_pkg_rvk_verifier.self

 

Verifier Certificate Revocation List

 

spu_token_processor.self

 

Even without defining

 

spu_utoken_processor.self

 

Even without defenir

 

sc_iso.self

 

This seems to be the system calls of Lv0.

 

aim_spu_module.self

 

Even without defining

 

spp_verifier.self

 

Verifier spp, allegedly responsible for verifying and validating that not been tampered with.

 

mc_iso_spu_module.self

 

Even without defining

 

me_iso_spu_module.self

 

Even without defining

 

sv_iso_spu_module.self

 

Even without defining

 

sb_iso_spu_module.self

 

Code southbridge image

 

default.spp

 

Default factory settings, reset factory settings.

 

lv1.self

 

Known as a hypervisor, is the manager of the hardware and LPAR, controls all access to the hardware from different LPAR.

 

lv2_kernel.self

 

Known as the Supervisor, is the kernel and software manager, is working on PS3_LPAR, is responsible for managing all

 

software, firmware and communications with the hypervisor.

 

eurus_fw.bin

 

Firmware version and configuration data related to this region.

 

emer_init.self

 

This would be like the beginning of emergency, we may think that is the recovery ... but it is early to give it for granted.

 

creserved_0

 

Even without defining

 

Position of Internal Self Belonging to Core_OS

 

0x20000 [E03D1478BEEF49B2020EA7687E15C4068EBF9866]

0x37000 [35BC85F1AFD3FCD0C7A70E602C82E49F594DAA31]

0x55000 [00B84C6ECC4A9374588A710D527F07794263C659]

0xA19A0 [without hash and decryption]

0xAA410 [without hash and decryption]

0x1624BC [46CFAE517AB1ADD239E705ACBB663CF6E551A194]

0x35E100 [hash but this does not bring this figure]

0x369720 [without hash and decryption]

0x6C25B4 [46CFAE517AB1ADD239E705ACBB663CF6E551A194]

0x6C5ED4 [encryption but without hash]

0x6D5470 [encryption but without hash]

 

REFERENCES TO FACTORY SIGNED ELF

 

ss_init.fself

ss_server1.fself

ss_server2.fself

ss_server3.fself

sysmgr_ss.fself

updater_frontend.fself

factory.fself

 

COMMUNICATION WITH THE KERNEL LV2

 

load_lv2:

load_gos

load_profile

load_additional_policy:

load_internal_policy:

 

gsboot: load_lv2: filename:% s

gsboot: load_lv2: lpar_id: laid% d:% d

SLL: Failde fileloader load:% d

SLL: mmap orig size:% lu

SLL: mmap start address:% lu

SLL: mmap size:% lu

SLL: mmap Failde:% d

SLL: mmap to% p

SLL: auth_lv2 called

SLL: auth_lv2 fail:% d

SLL: unmmap EA:% p munmap:% d

SLL: deleting laid lpar_auth_id remove node: status =% d error

SLL: setting ss lpar_auth_id create node: status =% d error

FL: release_buffer for allocate_memory

FL: munmap:% d

FL: Release:% d addr:% p

SLL: main memory size:% lu:% lu memory segment construct: error status =% d allocated lpar:% d address:% p

FL: mmap size:% lu

FL: mmap Failde:% d

FL: mmap to% p / rmt / local_sys0 / flh .. / / / /.

FL: vfs open error:% d: toolong

FL: vfs open error:% d: errno:% d

FL: vfs size error:% d

FL: lseek fail, and close fail: fd:% d SL: allocate fail: size (% d)

FL: close fail: fd:% d

FL: vfs seek error:% d

FL: vfs size error:% d

FL: size error:% d% d

FL: file loaded:% d

FL: init err conf_mgr

offset:% d size:% d

FL: read error:% d / flh / os / SL: signal: stop and signal problem area:% p SPU state:% lu stop code =% u SL: signal: handler_end *

 

map data buffer: / proc / partitions /% d / mem could not open file ...(% s) mapped address:% p mmap failed: errno =% d close error:% d

 

SL: signal: spu timeout signal has arrived ----- ----- SL: timeout_handler: disable

 

auth_lv2

auth_sv

auth_disc_hdd

 

REFERENCES TO SPU

 

spu_filename:% s

spu_fir (0x

spu_fir_error_mask (0x

spu_fir_checkstop_enable (0x

 

Spu dump regs fir *** ***

spu_fir 0x

spu_fir_error_mask 0x

spu_fir_checkstop_enable 0x

 

*** [DETECT] unit: spu

 

*** [DETECT HW Error] unit: global fir, cause: CheckStop ***

ras_checkstop_fir 0x

 

*** [DETECT HW Error] unit: global fir, cause: recoverable ***

ras_recoverable_fir 0x

ras_fir_enable_mask 0x

 

Global dump regs fir *** ***

ras_lerr_counter_stat 0x

 

*** *** Dump regs fir biu

biu_fir 0x

biu_fir_error_mask 0x

biu_fir_checkstop_enable 0x

 

*** [DETECT] unit: biu ***

 

L2 dump regs fir *** ***

 

l2_fir 0xl2

fir_error_mask 0xl2

fir_checkstop_enable 0xl2

mode_setup1 0x

 

*** [DETECT] unit: l2 ***

 

*** *** Dump regs fir ioc

 

ioc_fir 0x

ioc_fir_error_mask 0x

ioc_fir_checkstop_enable 0x

bic_if0thr 0x

bic_if1thr 0x

bic_if0ccnt 0x

bic_if1ccnt 0x

 

*** [DETECT] unit: ioc ***

bic_if0rcnt 0x

bic_if1rcnt 0x

 

*** Dump regs fir mic ***

mic_fir0 0x

mic_fir1 0x

 

*** [DETECT] unit: mic ***

 

Fir city dump regs *** ***

 

ciu_fir 0x

ciu_fir_error_mask 0x

ciu_fir_checkstop_enable (0x

 

*** [DETECT] unit: city ***

sys.lv1.be_ras

 

[HVL]

 

sys.hvlog.size

 

SPE hang is detected: GUID UNKNOWN construction of SPU NPC VPU management failed

pmi_set_guest_os_mode (): already called

pmi_set_guest_os_mode (): wrong gos_mode

 

sys.lv1.dump_mmioplat.id

 

[PANIC]

Can not get loader parameter =

sys.flash.fmt

sys.tmp_storage.size

spider.gbe0.macaddr.1

spider.gbe0.macaddr.2

spider.gbe0.macaddr.3

sys.debug.device

rsx.rdcy.3

rsx.rdcy.4

rsx.rdcy.5

rsx.rdcy.6

rsx.rdcy.7

rsx.rdcy.8

sys.lv1.iosysenableios.net.eurus.lpar

sys.hw.config_version

sys.hw.model_emulate

be.0.nclk

be.0.ioif0.addrlv1.heap.check

 

[Warnig]

 

The allocation size from the heap () Exceeds bytes: 0x [lp = lc.allow.large_id [lc =, lp =):

sys.dbgcard.dgbe

sys.lc.polling.time

physical_console_0

hypervisor_console

EIC driver initialization failed

FAIL: construction of a SPU objs

FAIL: Loader parameter 'be.0.spu.faultbm' is required.sys.cellos.spu.configure

FAIL: Lv-1 does not support system more than SPEs 2.SPE = (unit_id =, = resv_id, normal, system

 

BROADBAND ENGINE

 

be.0.lpm.lpar

be .. clock.

be .. ioifn.

be .. ioif.addr

be.0.bp_base

be.0.fir.l2_ee

be.0.fir.l2_em

be.0.fir.biu_ee

be.0.fir.biu_em

be.0.fir.ciu_ee

be.0.fir.ciu_em

be.0.fir.mic_f0

be.0.fir.mic_f1

be.0.fir.ioc_em

be.0.fir.ioc_ee

be.0.fir.ras_ee

be.0.fir.spu0_ee

be.0.fir.spu0_em

be.0.fir.spu1_ee

be.0.fir.spu1_em

be.0.fir.spu2_ee

be.0.fir.spu2_em

be.0.fir.spu3_em

be.0.fir.spu3_ee

be.0.fir.spu4_em

be.0.fir.spu4_ee

be.0.fir.spu5_em

be.0.fir.spu5_ee

be.0.fir.spu6_em

be.0.fir.spu6_ee

be.0.fir.spu7_em

be.0.fir.spu7_ee

be.0.ioif1.addr

be.0.ioif0.addr.lv1.heap.check

be.0.lpm.priv

be.0.nclk

be.0.ref_clk

be.0.spu.faultbm

be.0.tb_clk

betb_clk

beclock

benclk

beioifn

beioifaddr

beioifaddr

 

REFERENCES TO SPP

 

 

 

REFERENCES TO BUS DATOS

 

busnum_dev

busdevregtype

busdevregdata

busdevintr

BusID

busnum_dev

BusID

Bustype

busdevintr

busdevmeddling

busdevregion

busdevn_regs

busdevtype

busdevintr

busdevblk_size

busdevn_blocks

busdevport

busdevmeddling

busdevregionid

busdevregionstart

busdevregionsize

busdevregioncrypto

busdevn_regs

 

REFERENCES SYSTEM CALLS

 

sc_iso.self

sc_iso_factory.self

sc_binary_patch:

sc_core:

sc_sendrecv:

sc_proxy_if: sendrecv

sc_proxy_if: sendrecv:

sc_proxy:: open

sc_proxy:: write

sc_proxy_if: sendrecv:

sc_proxy:: close

sc_proxy:: read

sc_proxy:: close

sc_proxy:: write:

sc_proxy:: open:

sc_manager

sc_timer

sc_tc

sc_rc

sc0

sc1

sc_version

sc_status

sc

sc_updater::

sc_type

sc_decrypt

sc_encrypt

sc_manager_if: restore_root_info

sc_manager_if: backup_root_info

sc_get_srh

sc_set_srh

sc_is_init_vtrm

sc_init_for_vtrm

sc_manager: init_for_vtrm

 

REFERENCES SYSTEM MANAGER CALLS

 

scm_correct_rtc_factory:

scm_set_rtc_factory:

scm_sc_binary_patch:

scm_set_sc_status:

scm_init_for_updater:

scm_set_rtc:

scm_init_for_vtrm:

scm_set_srh:

scm_restore_root_info:

scm_backup_root_info:

scm_correct_rtc_factory:

scm_set_rtc_factory:

scm_sc_binary_patch:

scm_set_sc_status:

scm_get_sc_status:

scm_get_property:

scm_init_for_updater:

scm_set_rtc:

scm_set_time:

scm_get_time:

scm_set_region_data:

scm_get_region_data:

scm_init_for_vtrm:

scm_backup_root_info:

scm_set_time:

scm_set_region_data:

scm_get_region_data:

scm_get_srh:

scm_decrypt:

scm_encrypt:

scm_get_sc_status:

scm_get_property:

 

REFERENCES TO SYSTEM SETTINGS

 

ss_dispatcher:: terminate

ss_dispatcher:: loop

ss_dispatcher: loop_once

ss_dispatcher:: initialize

ss_packet: send_receive

ss_packet: process_async

ss_packet: process_received

ss_packet: accept_reply

ss_init_repository: get_node_value:

ss_init_repository: create_node:

 

ss_init.fself

ss_server1.fself

ss_server2.fself

ss_server3.fself

ss_init_if: notify_failure

ss_init_if: notify_ready

ss_responder:: terminate

ss_responder:: initialize (this in Spanish!)

ss_responder: loop_once

ss_packet: send_receive

ss_packet: process_async

ss_packet: process_received

 

ss_packet: accept_reply

ss_init_repository: get_node_value:

ss_init_repository: create_node:

 

REFERENCES TO CERTIFICATE REVOCATION LIST

 

spu_pkg_rvk_verifier.self

certified_file_verifier: SIGSPUMB caught (not dísir)

certified_file_verifier: plain_src_addr = 0x% llx, plain_size = 0x% llx, 0x% llx enc_size =

certified_file_verifier: prepare_args failure

certified_file_verifier:: load_module () failure:% d

certified_file_verifier: request_loading_spu_module () failure

cerfified_file_verifier: request_loading_spu_module () success

certified_file_verifier: SIGSPUTIMEOUT caught (not dísir)

certified_file_verifier: SIGSPUERR caught (not dísir)

certified_file_verifier: SIGSPUDMA caught (not dísir)

certified_file_verifier: SIGSPUMB msg = 0x% x

certified_file_verifier: SIGSPUMB read PUINTMB failure

certified_file_verifier: SIGSPUSTOP_SL received

certified_file_verifier:: status = 0x% x

certified_file_verifier: stop_code = 0x% x

certified_file_verifier: SIGSPUSTOP received

 

REFERENCES TO THE READER BLURAY

 

Identificadores the BluRay disc in the player

 

HW: auth sv ret:% d

HW: emu disc auth:% d

HW: disc auth API emu

HW: param error:% d

HW: disc mode% d

HW: test unit ready ret:% d code:% lx

HW: test unit 0x% 08x req sense

HW: read disc structure ret:% d code:% lx

HW: inquiry ret% d result% d

HW: inquiry:% s:% s

HW: FW not supported failed Success

HW: sendign security command for check drive auth retry: ret =% d

HW: get vesion

HW: I dec block: index% size% llu llu

HW: I auth header: size% llu

HW: mc: ret% d

HW: mc:% p% p% p

HW: ps3 disc new API change

HW: ps3 disc profile param% d:% 08X

HW: not ps3 disc

HW: size:% d mode:% d

HW: hdd ps3 game new auth API

HW: not ps3 disc, set policy HDD auth fail: recover ..

HW: save disc id for HDD

HW: ps3 disc new auth API

HW: single layer bd ps3

HW: multi layer ps3 bd

HW: ps3 dvd

HW: save disc id

HW: ps2 disc auth

HW: not ps2 disc

HW: drive auth:% d

HW: Check device file:

HW: drive interface is busy.drive interface open failed

HW: not ready, clean key

HW: ret% d

HW: not ready for auth key clean

HW: encdec / param ata: 0x% lx

HW: set key for disable ata encdec ret:% d

HW: set key for enable ata encdec ret:% d

SB: atagpest% lx

HW: send clear ret:% d result:% p

PS-SYSTEM

PS-SPECIAL

incorrect header

check unknown compression method

invalid window size

unknown header flags in September

header crc mismatch

invalid block type

invalid stored block lengths

too many length or distance symbols

invalid code lengths in September

invalid bit length repeat

invalid literal / lengths in September

September invalid distances

invalid literal / length code

invalid distance code

invalid distance too far back

incorrect data check

incorrect length check

 

Physical integrity checks on the reader

 

bd_updater: check_cmd_result ()

bd_updater: check_cmd_result (): result_code = 0x% llx

bd_updater: detect_need_eject (): type =% d, revision =% d, need_eject = true

BDVD: Drive Not Ready Timeout

Initiation BluRay Reader

BDVD result: 0x drive: request complete tag:

device:: encdec. start device ID:

SYSTEM CLOCK Fail: Set: Encdec device ERROR:: initialize end: Seqence KSET Encdec ioctl cmd:

ENCDEC TransLparAddrToSbAddr invalid address

usrbuf request lpar

dscbuf request lpar

req size: 0x

invalid addr ba?:

invalid addr ba?:

ENCDEC EdecXTS3 TransLparAddrToSbAddr invalid address

EdecSS start.

EdecSS end. Kicked DMA

EdecKgen1 start.

EdecKgen1 end.

EdecKset start.

EdecKset end.

EdecKgen2 start.

EdecKgen2 end.

EdecKgenFlash.

Encdec decsec.

EdecKset OK.

EdecKset NG.

 

Found EncDec Test Mode Interrupt Reason:

Encdec timeout

handler called

OR SetStgSsDbufEncdec ENC DEC:

SetStgReadDesc lbn:

OR SetStgSsEncdec ENC DEC:

InitializeENCDEC Start.

Fail address ENCDEC TransSbAddrToPhyAddr search

Fail TransSbAddrToPhyAddr get ENCDEC address 0x:

 

References to BluRay Reader Spansion flash

 

TP Spansion memory shortage

TEST: End.

TEST: Read lsn: 0x SS2 status: 0x

TEST: Current Read: 0x

FLASH Memory complete: lsn: 0x

TEST: Start.

 

Starship Reset Error: ERROR StarShip

unknown scenario:

stage:

exec proto:

SWResetPtcl

SS2 HW Reset ERROR: 0x

SSTransfer Start. Protcol:

IN PIO SSTransfer

PIO SSTransfer OUT

DMA SSTransfer

SSTransfer End.

SSOperation cmd:

Flash Chip Not Found

 

REFERENCES TO INTERRUPTS

 

# # # Dump interrupts # # #

 

TIRCS 0x

Tirdad 0x

TIREMSKA 0x

TIREMSKB 0x

TIRPIEN 0x

TIRPNDA 0x

TIRPNDB 0x

TIRPPNDA 0x

TIRPPNDB 0x

TIRCFGA [] 0x

 

TIRCFGB [can not get GBUSC forward region 3]

 

PIO registers Dump

Piodão's 0x

piodi 0x

Pioda 0x

piood 0x

pioaen 0x

pioactl 0x

pioco 0x

 

sys.hw.config

 

REFERENCES TO SOUTHBRIDGE

 

# # # # SB DEVICE # # # #

# Controller_id:

# Ioid: 0x

# Bus_master_id: 0x

# Base_io_segment: 0x

# Sb_master_transaction_base_address_: 0x

 

SYSTEM

 

sys.lv0.address

sys.lv0.revision

sys.lv0.size

sys.lv0.version

sys.lv1.large_pciex

sys.lv1.rsxenable

sys.lv1log.size

sys.lv11.ahcr

sys.tmp_storage.size

sys.lv1.be_ras

sys.lv1console.mode

sys.lv1.dump_mmio

sys.lv1.emuioif0irq

sys.lv1.iosys.errorhandler

sys.lv1.iosys.network

sys.lv1.iosys.pci.d.thread

sys.lv1.iosys.pci.retry

sys.lv1.iosys.pciex

sys.lv1.iosys.storage

sys.lv1.iosysenable

sys.lv1.iofaultmsg

sys.lv1.rsxdebug

sys.lv1.rsxmemcheck

sys.ac.sd

sys.ac.misc

sys.ac.misc2

sys.be.. spursvsl

sys.be.. ausrspun

sys.be.. asysspun

sys.cellos.spu.configure

sys.cellos.flags

sys.dbgcard.dgbe

sys.debug.device

sys.sata.param

sys.pci.share

sys.load.image.in_rom

sys.flash.fmt

sys.flash.boot

sys.flash.ext

sys.hw.config

sys.hvlog.size

sys.hw.config_version

sys.hw.model_emulate

sys.lc.polling.time

sys.mmio.map_allow

sys.platform.mode

sys.qaf.qafen

sys.rom.addr

sys.syscon.protocol_version

sys.wake_source

sys.param.load.rom1st

sys.syscon.pversion.

sys.flash.fmt.

sys.flash.boot.

sys.flash.ext.

sys.lv1.large

interrupt handler does not add internal

interrupt handler does not connect internal

 

sys.syscon.protocol

message header from syscon is not correct.

message from SYSCON is checksum error.

syscon other port sends interrupt

sysparamloadrom1st

syssysconpversion

sysflashfmt

sysflashboot

sysflashext

syshwconfigversion

syshwconfig

syshwmodelemulate

sysacsd

sysbespursvsl

sysbeausrspun

sysbeasysspun

sys.pci.share

sys.lv1.iofaultmsg

sys.lv1.dump_mmioplat.id

sys.lv1.be_ras

sys.hvlog.size

 

Level1-Hypervisor

 

lv1.iosys.enable.

lv1_ioctl:

lv1_result

lv1_runtime.tcl

lv1.heap.check

lv1.self

lv1.buildid

lv1.heap.afill

lv1.heap.rfill

lv1.iosys

lv1.maxplgid

lv1.rsx

lv1.specver

lv1.ts

lv1.ram.biu_modesetup1

lv1.ram.biu_modesetup2

lv1.ram.enable

lv1.ram.ioc_ioif0_quethshld

lv1.ram.ioc_ioif1_quethshld

lv1.ram.mic_tm_threshold_0

lv1.ram.mic_tm_threshold_1

lv1.ram.tkm_ioif0_ar

lv1.ram.tkm_ioif1_ar

lv1.ram.tkm_cr

lv1.ram.tkm_pr

lv1.ram.tkm_mbar

lv1.ts.size.

lv1.ts.start.

lv1.rsx.enable.

lv1.ram.spe_ragid

lv1.ram.ppe_ragid

lv1.ram.mic

lv1tssize

lv1tsstart

lv1iosysenable

 

BROADBAND DEBUG ENGINE

 

dbe.0.fir.l2_em

 

NVIDIA RSX

 

rsx t: close

rsx t: open

rsx.rdcy ..

rsx.rdcy.1

rsx.rdcy.2

rsx.rdcy.3

rsx.rdcy.4

rsx.rdcy.5

rsx.rdcy.6

rsx.rdcy.7

rsx.rdcy.8

rsx ioif0 bus

 

REFERENCES TO THE RSX DRIVERS

 

rsx driver failed assert

rsx: invalid context attrib:

EIC RSX driver initialization failed

rsx driver assert failed: / space / aoki / svn / tmp / sys / trunk / cellos.nv / .. / cellos / src / implementation / driver / rsx / core / device.h

rsx driver failed assert: core / device.cc

rsx driver failed assert: core / memory.cc

rsx driver failed assert: core / context.cc

rsx driver assert failed: utils / bitmap.cc

rsx driver assert failed: bus/ioif0.cc

rsx driver assert failed: device / eic.cc

rsx driver assert failed: device / master.cc

rsx driver assert failed: device / fb.cc

rsx driver assert failed: device / fifo.cc

rsx driver assert failed: device / graph.cc

ctxsw rsx driver timeout! please report

assert failed rsx driver: device / graph

assert failed rsx driver: device / clock

geom clkshader memory clk clk clk display

rsx driver assert failed: device / audio.cc

rsx driver assert failed: object / context

rsx driver assert failed: object / nv

rsx driver assert failed: object / sw

rsx driver assert failed: object / channel.cc

rsx driver assert failed: object / hash

rsx driver assert failed: object / vfb.cc

rsx driver assert failed: object / video

rsx driver failed assert: post / post

rom rsx abort!

rsx memory check failed. errors:

rsx t: post

 

INITIATION

 

HashTable

 

object_entry: get_rule_entry_list_head

object_hashtable: get_first_object_entry

object_hashtable: get_next_object_entry

object_hashtable: get_object_entry

object_entry: match_rule_entry

object_hashtable: remove_object_entry

object_entry: add_rule_entry

object_hashtable: add_object_entry

object_hashtable:: initialize

object_entry: get_rule_entry

object_entry: get_rule_entry_list_head:

object_entry: add_rule_entry:

object_hashtable: get_first_object_entry:

object_hashtable: get_object_entry:

object_hashtable:: initialize:

object_hashtable: remove_object_entry:

object_entry

object_hashtable: get_next_object_entry:

object_hashtable: add_object_entry:

 

REFERENCE TO THE ROM DIRECTORIES

 

CORE>

 

device.cc

memory.cc

context.cc

 

UTILS>

 

bitmap.cc

 

OBJECT>

 

context

context_dma.cc

nv_class.cc

sw_class.cc

channel.cc

hash_table.cc

sw_driver.cc

vfb.cc

video_rsx.cc

nv

sw

channel.cc

hash

vfb.cc

video

 

POST>

post

DEVICE>

 

eic.cc

master.cc

fb.cc

fifo.cc

graph.cc

audio.cc

 

BUS>

 

ioif0.cc

 

FLASH DEV

 

/ dev/sc3

/ dev / flash_num

/ dev/sc0

/ dev / rflash_lx

/ dev/net0

/ dev/rbd0

/ dev / sd_detector

/ dev/sc1

/ dev/hvlog0

/ dev / rflash_lxp

/ dev/cp0

/ dev / rflash

/ dev / eflash

/ dev / flash

/ dev / eflash

/ dev/ioif0

 

USER TOKEN

 

user_token m_magic = 0x% x

user_token m_format_version = 0x% x

user_token m_size = 0x% llx

user_token m_capability = 0x% llx

user_token m_expire_date = 0x% llx

user_token m_idps = 0x% 02x

user_token m_attribute

m_type user_token attr = 0x% x

user_token attr = 0x% x m_size

attr user_token m_data

user_token m_digest

user_token_manager decrypt_user_token () decrypt_and_verify format invalid user token () failure = 0x% x get_time ()

 

failure = 0x% x status = 0x% llx rtc value = status = 0x% llx 0x% llx user token has been expired

user_token_manager encrypt_user_token () sign_and_decrypt () failure = 0x% x

spu_utoken_processor.self

user_token_processor SIGSPUMB caught (not desired)

user_token_processor SIGSTIMEOUT caught (not desired)

user_token_processor SIGSPUERR caught (not desired)

user_token_processor SIGSPUDMA caught (not desired)

user_token_processor SIGSPUMB msg = 0x% x

SIGSPUSTOP_SL received user_token_processor

user_token_processor status = 0x% x

user_token_processor stop_code = 0x% x

SIGSPUSTOP received user_token_processor

user_token_processor read_idps () read size ID0 failure (% d)

user_token_processor read_idps () size =% d EID0

user_token_processor read_idps () malloc failure

user_token_processor read_idps () EID0 read failure (% d)

user_token_processor read_idps () EID0

user_token_processor read_idps () failure (% d)

user_token_processor create_command () failure (% d)

user_token_processor load module () failure

user_token_processor request_loading_spu_module () failure

user_token_processor request_loading_spu_module () success

 

ASSISTANT / MANAGER FOR UPDATING AND FIRMWARE

 

sys0/sys/internal/eurus

Manager:: reset failed eurus

manager:: read firmware invaild jump command: command = 0x% 08x, new current size =% d offset =% d, offset =% d data

manager:: Error: eurus F / W download failed.

manager:: read firmware invaild data: command = 0x% 08x, new current size =% d offset =% d, offset =% d data

manager:: read firmware data:% d, firm offset:% d

manager:: put firmware firmware read fails.

manager:: put firmware ioctl fails% d

Manager:: open firmware can not open file

Manager:: open firmware open file

Manager:: open firmware open file

manager:: on received ioctl

manager:: on received Error: eurus F / W download failed.

manager:: on received firmware downloaded.

manager:: start download get value failed. % d

manager:: start

Manager:: initialize ...

Manager:: initialize could not open the file% s.

Manager:: initialize mac addr = 0x% 016lx

Manager:: initialize ioctl fails% d

Manager:: initialize ... completed.

manager: delete key success

manager: key failed

manager: skip delete

manager: read size error% d! =% d

manager: event =% llu, bus id =% llu, dev id =% llu, port =% lld, dev type =% llx

manager: unknown event type

manager: fatal error. Can not open device file no response from syscon. waiting reply for transaction:

manager: from syscon

manager: to syscon

manager: set source% x LED: p =% x, s =% x result =% d led: b =% x, h =% x result =% d press: timer failed

manager: receive packet from unknown syscon. cmd id:% x timer: invalid state

manager:%% d event smask

manager: read header error

manager: body read error% d byte header: body% d byte:

manager: from syscon event =% x size =% d

manager: fatal error. Can not open device file syscon

manager: wake source:% x Other OS mode: wake source:% x

manager: set source% x->% x I switch: Wake source:% x pages failed: this =% p, area

pages =% d syscon write data: command write failed. shutdown handler invoked

shutdown unknown interrupt% d

 

timer: expired

timer: set alarm% d us

 

INTEGRITY AND CHECK OS

 

lv0 and lv1 have passed integrity check

Lv0 has been altered. integrity check failure.

lv1 has been altered. integrity check failure

 

INTEGRITY AND CHECK THE CORE_OS

 

check_core_os_hash () config_manager failure

recover encrypted master key failed

filename =% s, file_loc = 0x% llx, file_size = 0x% llx

verify_util:: SHA-1 hash

0x% x update_manager:: check_core_os_hash ()

in product mode, check is skipped.

update_manager: check_core_os_hash () get_version_and_hash () failure

update_manager: check_core_os_hash () SC not initialized. skipped integrity check.

update_manager: check_core_os_hash () config_manager failure

update_manager: check_core_os_hash () calc hash Lv0 failure (% d)

update_manager: check_core_os_hash () calc hash lv1 failure (% d)

updater_frontend.fself

update_manager:: write

update_manager: swap_bank ()

update_manager: get_package_info (% d)

update_manager: get_secure_product_mode ()

update_manager: get_sc_status (% d)

update_manager: get_secure_product_mode ()

update_manager: set_secure_product_mode (0x% x)

update_manager: set_sc_status (% d)

update_manager: decompress_and_write_target ()

update_manager: write_target ()

update_manager: read_revoke_list (% d)

update_manager: initialize_revoke_list_info (% d)

update_manager: applicable_version_info (% d)

update_manager: check_revoke_list_hash ()

update_manager: check_revoke_list_all ()

update_manager:: set

update_manager:: bank

update_manager:: data

update_manager: calc_os_hash

update_manager: calc_os_hash

update_manager:: force

update_manager: update_package_tophalf ()

update_manager: common_tophalf::

update_manager: inspect_package_tophalf (0x% x,

update_manager: extract_package_tophalf (0x% x,

update_manager: update_package_tophalf (0x% x,

update_manager: update_package_tophalf ()

update_package (% d)

update_manager: set_token ()

update_manager: read_eprom (0x% x)

update_manager: get_token_seed ()

update_manager: inspect_package_bottomhalf ()

update_manager: get_extract_package ()

update_manager:: illegal

update_manager: no

update_manager:: invalid

update_manager:: copy

update_manager: update_package_bottomhalf ()

update_manager: get_fix_instruction ()

update_manager: erase_core_os_standby_bank ()

update_manager: erase_hash_standby_bank (% d)

update_manager: set_debug_support_repository ()

update_manager: init_ss_params_repositories ()

update_manager: set_recover_mode_repository ()

update_manager: init_ss_params_repositories ()

update_manager: set_fself_control_repository ()

update_manager: init_device_type ()

update_manager: set_update_status_repository ()

update_manager: write_eprom (0x% x,

update_manager: set_qa_flag_repository ()

update_manager: init_qa_flag ()

update_manager: do_fix_regions ()

update_status

update_manager: do_fix_trm_regions ()

update_manager:: sc

update_manager: init_for_updater (% d)

update_manager: initialize_revoke_list_info (% d)

update_manager: init_device_type ()

update_token_processor: read_idps ()

update_srh,

update_table_icv,

 

Checks security policies

 

security_policy_manager:: request:

security_policy_manager:: initialize

security_policy_manager:: request:

security_policy_manager:: request:

security_policy_manager: register_rule:

security_policy_manager: load_additional_policy:

security_policy_manager:: initialize

security_policy_manager: load_additional_policy:

security_policy_manager: security_hardware_framework_if: get_random_number

 

REFERENCES TO CELL_OS

 

SCE_CELLOS_SS_SPM

SCE_CELLOS_SS_INDI_INFO_EID

SCE_CELLOS_SS_SECURE_RTC

SCE_CELLOS_SYSTEM_MGR

SCE_CELLOS_SYSTEM_MGR_PS2_SW

SCE_CELLOS_SYSTEM_MGR_LINUX

SCE_CELLOS_SYSTEM_MGR_PS2

SCE_CELLOS_SYSTEM_MGR_PS2_GX

SCE_CELLOS_PME

 

REFERENCES TO LPAR

 

if: notify lpar shutdown start to BSC

if: notify lpar shutdown start to av set% d

if: notify lpar boot done to BSC

if: notify done to lpar boot AV Set

if: notify lpar done to kill BSC

if: notify shutdown done to lpar AV Set

if: shutdown done to lpar notify BSC

if: notify lpar boot start to BSC

if: boot param from SC eeprom

if: notify lpar boot start to av set% d

if: notify system boot done to BSC

if: notify system boot done to AV Set

if: notify system shutdown start to BSC

if: notify system shutdown start to av set% d

if: notify BSC start to kill lpar

if: shutdown does not activate current lpar refused lpar

if: Killing not activate current lpar refused lpar

event: inter-lpar parameter length =% d size parameter over inter lpar

event: boot parameter% d. param =% lx, st =% d

boot parameter% d. % s privilege not receive unknown response. type =% d failed to send packet to lpar% d

event: to lpar sid =% d, size =% d

event: send inter-lpar parameter: bytes =% d

event: from lpar sid =% d, size =% d

lparmgr: boot failed reason =% d

lparmgr: give up booting% s

lparmgr: initialize default repository failed% d

lparmgr: construct pu failed =% x

lparmgr: boot parameter =% 08x

lparmgr: construct repositories failed

lparmgr: activate logical pu failed% x

lparmgr: boot completed

------------------------------------------

lparmgr:% s partition booting ...

lparmgr: ability =% x

lparmgr: construct logical parition failed% x

lparmgr: allocate memory failed% x

lparmgr: delete key success

lparmgr: key failed

lparmgr: set key success

lparmgr: key failed

lparmgr: setup bd drive ...

lparmgr: load Guest ...

lparmgr: load you image guest failed% d

lparmgr: registering signal handler shutdown failed% x

lparmgr: skip size ata get contents failed. status =% d, prof =% s / file =% s / type =% d

get contents failed. status =% d, prof =% s / file =% s / type =% d cellos memory size =% ldb

lparmgr: construct event port receive failed% x

lparmgr: get lpar size parameter failed. status =% d, prof =% s

lparmgr: get lpar parameter failed. status =% d, prof =% s

lparmgr: lpar unmatch size parameter. buf size =% d, acm size =% d, buf using

lparmgr: shutdown% s partition ...

lparmgr: shutdown% s failed% x

lparmgr: unload guest ... Failed to get info for% s. status =% d

lparmgr: destructing partition ... Failed to destruct partition for% s. result =% d

lparmgr: reset bd drive ... bd drive reset failed% d

lparmgr: kill% s partition ... id =% d

lparmgr: shutdown% s partition ...

lparmgr:% s failed% x

lparmgr: shutdown% s rejected lpar invalid state% d

lparmgr: start shutdown partition. id =% d

lparmgr: send shutdown command to% s

lparmgr: start destructing partition. id =% d

entry: auth drive success

entry: bd drive ready

entry: auth drive time-outed

entry: auth failed drive

/ rmt /% s.dat

/ dev / rflash

/ proc / partitions /% d / mem

LPAR file address space could not be opened ...

mmap failed: errno =% d

entry: copy

size! = file

entry: boot additional data% ld,% d

create node: status =% d error

 

pci bus power off failed.

power on pci bus failed.

 

remove node: error status =% d scheduling table entry in table scheduling construct spp file failed% d slot scheduling

 

looking up table failed% d slot% d: index =% d, name =% s, ts =% dus failed% d slot scheduling

 

sysmgr.boot.ps2.1st

sysmgr.boot.linux.1st

sysmgr.debug.level

sysmgr: available number of spus for lpar =% d

sysmgr: spu condition info =% p

sysmgr: tb frequency =% d config: total memory size =% d

sysmgr: number of system spus =% d

 

PS3_LPAR

/ flh/os/lv2_kernel.self

PS2_SW_LPAR

/ local_sys0/ps2emu/ps2_softemu.self

LINUX_LPAR

/ flh / lx / linux

 

REFERENCES TO NEOS SONY CELL GAP OS KERNEL

 

NEOS kernel for OS Cell Sony bpa BPA Team .. / src / Core / common / Thread.cc

Thread:: terminate: the thread is inheriting the priority.

Thread:

Thread: Thread The target object is not in dormant state.

a system exception% d,% 08x is raised in the exception handling daemon

Thread:: releaseTypeFlag: invalid type flag.

Thread:: releaseTypeFlag: releasing un-assigned type bit.

Thread:: terminate: The target Thread Mutex object holds any locks.

Thread:: restart: Thread The target object is not in stopped state.

Thread:: start: Thread The target object is not in dormant state.

Thread:: start: Thread The target object has not been configured.

Thread:: start: The specified RelayPoint is used by another Thread object.

Thread:: configure: The target thread object is not in dormant state.

Thread:: configure: Thread The target object has been configured with invalid argument.

Thread:: configure: Thread The target object has been configured as executing user mode, but not been specified.

Thread:: setBasePrioriry: The specified prioriry is not in the proper prioriry range.

Timer:: wait: This member function is called when the scheduler is locked.

Timer:: setPeriodic: The specified period less than or equals to zero.

Timer::

Timer: deleting a timer while some threads are waiting on the timer.

% p% d.% 09d

 

WeakLock::

WeakLock: The WeakLock target object has been locked by any threads.

WeakLock:: Lock: The caller thread of this function is WeakLock holding another object.

WeakLock: tryLock: The caller thread of this function is WeakLock holding another object.

WeakLock:: lock: This member function is called when the scheduler is locked.

dummy initial thread thread fmt null null There are some threads waiting on a MessageQueue destructing.

/ proc / partitions

 

ERROR>

.. / src / PMPI / construct logical partition.cc

could not create / proc / partitions /

/ proc / partitions /

.. / src / PMPI / destruct logical partition.cc

namei could not "% s" to inode

 

/ vuart /

.. / src / PMPI / vuart.cc

proc num =

proc ids =

 

REFERENCES USB DONGLE

 

init

if:: notify failed failure: init

if:: notify ready failed: usb dongle authenticator: authenticator initialize usbdongle: verify responses given response

body =% 02x challenge

body = id =% u dongle dongle dongle key error ID revoked.get calc. response

body = usb dongle authenticator:: generate challenge hardware security framework

if:: get random number sanity check error: r =% d

 

recover encrypted master key succeeded.

recover encrypted master key failed -> use dummy key.

 

REFERENCES ATA

 

set_ata_key success

delete_ata_key failed

delete_ata_key success

set_ata_key

skip ata_key

 

REFERENCES TO GUEST OS

 

gosldr: inflateInit:% s

gosldr: read error you ext

gosldr: inflate:% s

gosldr: overflow:% d

gosldr: unknown error

gosldr: inflateEnd:% s

gosldr: found valid image gos

gosldr: mmap failed: errno =% d

gosldr: inflating gos image

gosldr: load complete picture gos

 

load GuestOS

failed guest OS image load

unload GuestOS

pmi_set_guest_os_mode (): already called

pmi_set_guest_os_mode (): wrong gos_mode

 

OTHER DOCUMENT NO DATA

 

physical_console_0

hypervisor_console

_USB_DONGLE_AUTH_USB_DONGLE_

ÈAÀmu.1.size???

plat.id

CokC12

pme.memory.size

iosneteuruslpar

musize

biboot_datsize

bipurm_addr

bipun

ssparambankos

ssparambankrvkpkg

sslaidp

bipumui

bipurm_size

acpchannelbitmap

 

Read more: http://www.ps3news.com/forums/ps3-hacks/ps...l#ixzz0h0I2KpOC

новое во взломе пс3

Изменено 2 марта 2010 пользователем Puhlic

[Yura-Novikov 0]

100, в спойлер ставь Изменено 2 марта 2010 пользователем Yura-Novikov

[veRozan 0]

когда они перестанут мозги пудрить - взлом = запуск пиратки - нету запуска = нету взлома

 

на остальное пофиг

[kirill_kilkenny 0]

спойлеры рулят,да?

[DARTH047 0]

Все что выходит в последнее время- это тулзы и наборы для разработки. Левел 2 до сих пор не взломан. Вот когда будет новость что взломали и вышел исо лоадер тогда и постить надо. Для нас эти промежуточные новости от программеров ничего не стоят

[creker 0]

когда они перестанут мозги пудрить - взлом = запуск пиратки - нету запуска = нету взлома

 

на остальное пофиг

Когда же вы поймете, что взлом и запуск пираток совершенно разные вещи. В данном случае это так. Никто не гонится за "isoloader'ом".

[100 0]

новое во взломе

http://www.ps3news.com/forums/ps3-hacks/xo...ble-110033.html

http://s001.radikal.ru/i193/1003/70/6b79a8e20f24.jpg

Изменено 4 марта 2010 пользователем 100

[sadar 0]

Такой вопрос свколько степеней (уровней) защиты у приставки, если первый сломан, то сколько их всего? И второй, вопрос что означает написанное тут, просто удобную тулзу сделал чел: КЛАЦАЙ!!! Изменено 4 марта 2010 пользователем sadar

[creker 0]

Человек ответственный в SCEI за сопровождение и поддержку Linux в PS3 Geoffrey Levand опроверг слухи о прекращении поддержки функции OtherOS в будущих прошивках.

http://www.gamemag.ru/news/50344/

[sadar 0]

Реят разбодяжте тему, какими нито чтоль новыми новостями о взломе, что то грустно.

[CAH4E3 0]

sadar, PS3 взломали, прошивают на Совке. Доволен?

[sadar 0]

CAH4E3 балагур тот есче :biggrin: ваше модерское око, незаставляет долго ждать. Нет, я имел ввиду че нить там ну далекое от радости, ну последние посты программеров\хакеров в переводе, с пс3неус,хакс.

P/S/ не призываю к флуду, а по существу.

Изменено 8 марта 2010 пользователем sadar

[100 0]

sadar, PS3 взломали, прошивают на Совке. Доволен?

а можно фотки (я не в москве живу) это потверждающие

[CAH4E3 0]

100, это был едкий сарказм, можешь успокоиться.

[WhySoSerious 0]

«Взлом» PlayStation 3 – это не больше чем «городская легенда».

 

Собственно, знатоки уже сделали вывод – никто PS3 так и не взломал. Главная преграда в виде SPU не преодолена. Да и преодолеть ее вроде как нельзя в принципе – выкиньте из цепочки изолированный SPU и консоль, увы, больше никогда не запустится. Такие вот дела. «Городская легенда» продолжает свой жизненный путь.

[sadar 0]

WhySoSerious красиво написал, если не скопипастил, прям респект! Да у меня бокс сгорел, и на прошлой недели хотел вместо него ПС уже брать, в последний момент решил все таки повременить с плойкой и отдал бокс на реболл, а пс3 возьмем погодя думаю к лету или к началу зиме 2010 какраз и ситуация прояснится с Геохотом, и шумом вокруг всего и вся. Изменено 8 марта 2010 пользователем sadar

[100 0]

WhySoSerious красиво написал, если не скопипастил, прям респект! Да у меня бокс сгорел, и на прошлой недели хотел вместо него ПС уже брать, в последний момент решил все таки повременить с плойкой и отдал бокс на реболл, а пс3 возьмем погодя думаю к лету или к началу зиме 2010 какраз и ситуация прояснится с Геохотом, и шумом вокруг всего и вся.

до 3.20 ждём если ничего не обьявят то тему с гео можно будет закрыть

[sadar 0]

100 не понял твоего намека!?

[100 0]

100 не понял твоего намека!?

если до проши

ничего не скажут мол не обновляйте ваши пс3 то хак в утиль можно отправлять