We Could Boot Linux From HDD And It Would Have GameOS Rights – Graf_Chokolo

Thommo

Hates everyone equally!
Joined
Dec 4, 2004
Messages
3,128
Reaction score
851
Location
Woodlands Cemetery,Scarborough overlooking the sea
When we write about Graf_Chokolo we expect some great things and he does that again. Recently, we heard news about Sony DMCA take down notices to Graf_Chokolo’s github pages and other developers but it does not Graf from reversing things further in PS3 when he share the story of his adventure in Xorloser’s blog.

The difference is that i do not use LV2 at all to decrypt/encrypt storage devices. Storage device encryption/decryption is done by HV and peripheral devices like ENCDEC or RBD. I’m trying to understand how the storage subsystem of HV works currently, it’s by far the most complex part of HV i have seen so far.

And recently i figured out that the VFLASH region, where Linux boot loader (otheros.bld) is stored, is still there on 3.41 firmware. I’m trying now to boot Linux bootloader from this region. OtherOs.self writes otheros.bld image to this VFLASH region and creates cekk_ext_os_area where several parameters are stored. On 3.15 firmware, when Linux was booted, the Linux System Manager (in HV process 9) loads Linux bootloader from the VFLASH region, decompresses it and boots it. The problem with 3.4.1 firmware is, that SONY removed Linux System Manager from HV process 9. It’s no problem for me to store Linux bootloader on this VFLASH partition. But there are 2 problems, first the VFLASH region where Linux is stored is 0×40000 bytes large, so there is not much place for Linux bootloader on VFLASH, so it should be compressed to make it smaller. Second problem is, i have to patch HV process, insert my code which loads it from VFLASH and decompresses Linux bootloader. And after that we could boot Linux from HDD and it would have GameOS rights, e.g. has access to Dispatcher Manager e.g.
or run isolated SPUs.

And more, HV has a nice feature to boot Linux bootloader with System Debugger Too bad i don’t have a debugger for HV

I dumped now both decrypted and encrypted sectors of UFS2. And the same plaintext is encrypted to the same ciphertext Encryption is independent of sector position.

And SONY uses 128-bit block cipher to encrypt the blocks within a sector.

What’s so great about Graf_Chokolo is that he did that for fun, and knowledge. Heck, he did not even release anything for end user even with months of reversing things in PS3 securities although he did played a role in helping Flukes1 with his tools.
 
Back
Top