Post: Darkhacker's "awesome" CPU exploit!
Options
03-07-2011, 06:14 PM
#1
jeffers07
Climbing up the ladder
Darkhacker's awesome cpu exploit (very hard)
You must login or register to view this content.
original exploit by darkhacker's..
CPU Exploit – one step closer to METLDR
this is a release of the hidden Cell Exploit found a while ago and one of the step taken to the metldr exploit im going to release the because i fell people should have the right to do as they wish and the information should be free to the public
i know by releasing this exploit ill probably be taken to court or sued but **** sony they can go to hell all i care for what there doing to us hackers ill fight until the last min i got of my life if i have to for the right of the people
for this exploit your going need a leaked service pdf which is below
time to explain this now listen up
i know you all remember the exploit with ram and so on back in 3.15
well your going look for the ‘CELL RESET LINE’ and that going be where the exploit is
you know how the small 60ms or ns i dont remember thing sent to ps3 for the read and write of the ram ?
well use line send that and connect it to the cell reset line. ( FIND IT IN DOC )
and ground on outside of case and the example of what can be done with this is a cold reset which still has acess to the memory from gameos – dont let this die out people im taking a big risk by giving you all this information
- thanks to mitchy my personal hard drive Tongue – note i did not upload the documents and if requested ill remove the links
Example of what can be done with this –
untouched memory on cold boot full access to lv2 and all game os memory
this is a release of the hidden Cell Exploit found a while ago and one of the step taken to the metldr exploit im going to release the because i fell people should have the right to do as they wish and the information should be free to the public
i know by releasing this exploit ill probably be taken to court or sued but **** sony they can go to hell all i care for what there doing to us hackers ill fight until the last min i got of my life if i have to for the right of the people
for this exploit your going need a leaked service pdf which is below
time to explain this now listen up
i know you all remember the exploit with ram and so on back in 3.15
well your going look for the ‘CELL RESET LINE’ and that going be where the exploit is
you know how the small 60ms or ns i dont remember thing sent to ps3 for the read and write of the ram ?
well use line send that and connect it to the cell reset line. ( FIND IT IN DOC )
and ground on outside of case and the example of what can be done with this is a cold reset which still has acess to the memory from gameos – dont let this die out people im taking a big risk by giving you all this information
- thanks to mitchy my personal hard drive Tongue – note i did not upload the documents and if requested ill remove the links
Example of what can be done with this –
untouched memory on cold boot full access to lv2 and all game os memory
RMS take on the exploit..
Uhm, the thing is, you have to have access to that RAM, and you need OtherOS or another kernel that has access to that area of RAM. You also have to make sure nothing writes to that region, which will surely almost never happen. You also need enough luck to get the geohot dangling HTAB exploit working. See, a hash page table, has the page table entries (PTEs) which provide Virtual Address to Physical Address (VA-to-PA or VA-to-RA), which is a mapping for virtual addresses such as 0×8000000000000001 to a physical address such as 0×40000000000. The dangling HTAB exploit is known to work in firmware 3.41 and 3.15. One needs to glitch the RAM bus when the page table write occurs, then create a new virtual page entry and hope it lies in that region you want. Then, you can dump your data. This requires some good luck though, and some good button pressing skills! Also, this is very very very far from metldr. asecure_loader or metldr is decrypted inside the isolated SPU, or synergistic processing unit (/me shakes fist at Sony’s lawyers for calling it a “Stable Processing Unit”
, which is not accessible by any other SPU or PowerPC unit. The only thing that has access to that SPU is the program inside the isolated SPU.
Also, I also don’t trust this guy because… he confused nanosecond RAM timing with millisecond RAM timing. There’s a huge difference! 1 millisecond is about 1 million nanoseconds.
Also, this is not the exploit Mathieulh tweeted about. This is far from it, it’s sort of like as far as the South Pole to the North Pole xD
., which is not accessible by any other SPU or PowerPC unit. The only thing that has access to that SPU is the program inside the isolated SPU.Also, I also don’t trust this guy because… he confused nanosecond RAM timing with millisecond RAM timing. There’s a huge difference! 1 millisecond is about 1 million nanoseconds.
Also, this is not the exploit Mathieulh tweeted about. This is far from it, it’s sort of like as far as the South Pole to the North Pole xD
03-07-2011, 06:38 PM
#6
Platinum G
I’m too L33T
Originally posted by jeffers07
ITS a CPU exploit mainly dunt matter to use just the dev's
---------- Post added at 06:23 PM ---------- Previous post was at 06:21 PM ----------
the first bit as not the guy's opinion MINI MOD! read before u flame
---------- Post added at 06:23 PM ---------- Previous post was at 06:21 PM ----------
the first bit as not the guy's opinion MINI MOD! read before u flame
lol. mini mod..
he was only stating that it was already posted.. no need to get your knickers in a twist..
The following user thanked Platinum G for this useful post:
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
