Post: [BREAKING NEWS:]►HV Exploit and Dump from lv2 GameOS
Options
12-28-2010, 12:36 AM
#1
NextGenTactics
Banned
That is it guys!! almost full control of the Ps3 now! Hacker Extraordinaire Graf_Chokolo announced minutes ago that he successfully exploited the hypervisor through gameOS here is what he had to say on the matter:
Originally posted by another user
have just exploited and dumped HV 3.15 from GameOS
I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.
I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry
I will make everything public very soon and i plan to dump HV 3.41 in the next days
Happy new year guys
I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.
I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry
I will make everything public very soon and i plan to dump HV 3.41 in the next days
Happy new year guys
Originally posted by jo2305
Guys, this basically means that soon, if all the hv's and gameos's work the same on all systems (and firmwares) that everyone will be able to hack into their consoles and host modded lobbies for every game out there.
Everyone will have full control of the ps3's RAM, meaning that you can call a function, or run a program, probably just basically whenever you want.
That means that, just like on the PC, there will be cheaters, aimbotters and wallhackers, ppl who are 100th prestige with no skill, and a whole lot of piracy. Worse than it is now.
Other than that, THIS IS AWESOME!!!!
Everyone will have full control of the ps3's RAM, meaning that you can call a function, or run a program, probably just basically whenever you want.
That means that, just like on the PC, there will be cheaters, aimbotters and wallhackers, ppl who are 100th prestige with no skill, and a whole lot of piracy. Worse than it is now.
Other than that, THIS IS AWESOME!!!!
The following 12 users say thank you to NextGenTactics for this useful post:
12-28-2010, 05:06 PM
#21
manster
League Champion
Originally posted by NiTeMaRe
What does this do exactly?? sorry for nooby question 
we have to wait for the release from graf_chocolo
quote by graf_chokolo:
Originally posted by another user
Yeah, guys, that would mean $ONY press conference and GameOS removal in the next days :-)
Originally posted by another user
Finally i will get access to SYSCON, EPROM, ENCDEC device and more :-)
Originally posted by another user
And now i dumped the real USB Dongle Master Key guys :-) Noone needs it now but here it is. I tested it with HMAC SHA1 and dongle key 0xAAAA and got the same dongle key that was reversed by KaKaRoTo :-)
Just as i said previously, use USB Dongle Authenticator, then dump HV and the decrypted USB Dongle Master Key will be in HV dump :-) I extracted this key from my HV dump after i used USB Dongle Authenticator on GameOS. Then i rebooted GameOS but not HV and the key was still in HV and still decrypted :-)
static u8 master_key[20] =
{
0x46, 0xDC, 0xEA, 0xD3, 0x17, 0xFE, 0x45, 0xD8, 0x09, 0x23,
0xEB, 0x97, 0xE4, 0x95, 0x64, 0x10, 0xD4, 0xCD, 0xB2, 0xC2,
};
Originally posted by another user
Guys, it's just a beginning :-) I have now so many stuff to do with my PS3 :-)
I think i will just start with dumping all HVs <= 3.41 :-)
I think i will just start with dumping all HVs <= 3.41 :-)
Originally posted by another user
Originally Posted by graf_chokolo You must login or register to view this content.
You still need to do memory glitching like it did Geohot. I used sx28 devboard for this. But software exploit is totally different. I used my HV knowledge and exploited HV quite differently, i didn't use a second VAS like Geohot did.
I did my exploit from exploited GameOS. I used a FAT PS3 but it doesn't matter anymore, you could use a Slim PS3 even. Once exploited, the HV remains exploited as long as PS3 is not powered off, that means you can reboot GameOS as much as you want, HV still remains exploited :-) And you have full read/write access to all RAM and peripheral devices from GameOS except isolated SPUs :-) That means full access to SYSCON, ENCDEC device (which is responsible e.g. for HDD encryption/decryption) and other very interesting stuff :-)
That means, with an exploited GameOS every HV can be dumped and reversed.
If GameOS >= 3.42 could be exploited then we could dump the new HV again and reverse SELF decryption again and decrypt new games :-)
And i will dump HV 3.41 soon :-) And look for pure software exploits in it.
Does somebody have a nice picture of PS3 Slim motherboard where i should solder a wire to RAM control line ? Thanks.
You still need to do memory glitching like it did Geohot. I used sx28 devboard for this. But software exploit is totally different. I used my HV knowledge and exploited HV quite differently, i didn't use a second VAS like Geohot did.
I did my exploit from exploited GameOS. I used a FAT PS3 but it doesn't matter anymore, you could use a Slim PS3 even. Once exploited, the HV remains exploited as long as PS3 is not powered off, that means you can reboot GameOS as much as you want, HV still remains exploited :-) And you have full read/write access to all RAM and peripheral devices from GameOS except isolated SPUs :-) That means full access to SYSCON, ENCDEC device (which is responsible e.g. for HDD encryption/decryption) and other very interesting stuff :-)
That means, with an exploited GameOS every HV can be dumped and reversed.
If GameOS >= 3.42 could be exploited then we could dump the new HV again and reverse SELF decryption again and decrypt new games :-)
And i will dump HV 3.41 soon :-) And look for pure software exploits in it.
Does somebody have a nice picture of PS3 Slim motherboard where i should solder a wire to RAM control line ? Thanks.
Originally posted by chokolo
I just patched Dispatcher Manager and enabled access to all HV services :-)
Dumped SYSCON EPROM :-)
Decrypted USB Dongle Master Key with Virtual TRM Manager and guess what, it's the same i posted yesterday :-)
Dumped SYSCON EPROM :-)
Decrypted USB Dongle Master Key with Virtual TRM Manager and guess what, it's the same i posted yesterday :-)
dont know what this exactly mean but looks good :y:
12-28-2010, 05:38 PM
#24
jo2305
▲ ▲ №Өβ ▲ ▲
Guys, this basically means that soon, if all the hv's and gameos's work the same on all systems (and firmwares) that everyone will be able to hack into their consoles and host modded lobbies for every game out there. Everyone will have full control of the ps3's RAM, meaning that you can call a function, or run a program, probably just basically whenever you want. That means that, just like on the PC, there will be cheaters, aimbotters and wallhackers, ppl who are 100th prestige with no skill, and a whole lot of piracy. Worse than it is now.
Other than that, THIS IS AWESOME!!!!
Other than that, THIS IS AWESOME!!!!
The following 5 users say thank you to jo2305 for this useful post:
12-28-2010, 06:11 PM
#25
Ix Benere xI
At least I can fight
The following 3 users say thank you to Ix Benere xI for this useful post:
12-28-2010, 11:55 PM
#28
Mr. Aimbot
¯\_(ツ
_/¯
_/¯
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
