• PS3 3.55 CFW WITH PEEK/POKE! - BACKUP MANAGERS CAN NOW WORK!



    Netkas and flukes1 have successfully managed to patch the lv2_kernel in v3.55 to allow peek & poke syscalls.

    v3.55 Patcher!

    http://www.megaupload.com/?d=MET2GNMY

    v3.55 CFW UPDATE WITH PEEK/POKE (ALREADY MADE - READY TO FLASH!) -> DOWLOAD NOW!

    Quote:
    Originally Posted by README
    Patch to add peek and poke syscalls to PS3 firmware v3.55
    by flukes1 and netkas (irc.efnet.net #ps3test)

    To create the patched PS3UPDAT.PUP:

    1. Use bspatch to apply PS3UPDAT.PUP.bsdiff to Sony's official 3.55 PUP, which is available from their website.
    2. Run this from command line: "bspatch PS3UPDAT.PUP PS3UPDAT-NEW.PUP PS3UPDAT.PUP.bsdiff"
    2. Ensure that the md5sum of the resulting PS3UPDAT.PUP is:

    337831fac6a9b05074f73710c4bb7c86

    Simply install the patched PS3UPDAT.PUP onto your PS3, then install geohot's jailbreak.

    Our PUP can be installed over any firmware version, including 3.55-geohot. If you install over 3.55-geohot, you must reinstall geohot's jailbreak afterwards.

    For developers: peek is syscall 6, poke is syscall 7 (same as PL3 dev payload)

    Props to mastag22, lastExile, Killer_In - our testers with balls of steel.

    Enjoy!

    - flukes1, netkas
    NOTE: Current backup managers may not work correctly in their current state, but now with these important syscalls added the backup manager authors will be able to change their code once the right offsets are figured out for the ram patching of the other needed functions from the original dongle payloads!


    IMO I think this is where C4E (XBOX360 Firmware) will step in

    Thanks to sorrowuk for informing us of the great peek & poke news!


    http://psx-scene.com/forums/f6/ps3-3...ow-work-75196/

    ^ For the one who said that we don't have any idea what's going on and Sony can block this, I'm afraid not, they keys are leaked, so whatever ever fiirmware they release when can use the leaked key (PSP to) and just make our own
    Comments 5 Comments
    1. keltz's Avatar
      keltz -
      Beware , this isn't working fully yet.
    1. SonsOfLiberty's Avatar
      SonsOfLiberty -
      Yeah it says that above...

      It doesn't have backup manager support yet...but everything else does, you can install home brews etc....

      Also Multiman is working (maybe) and some positive results on "discless" boots...

      Like I said above: IMO I think this is where C4E (XBOX360 Firmware) will step in
    1. rdtphd's Avatar
      rdtphd -
      install android on it
    1. bobbintb's Avatar
      bobbintb -
      that one is outdated. there is an updated found here:

      http://www.ps3-hacks.com/2011/01/10/...firmware-3-55/

      its got an md5 of cd72d63f1a616ecf786ff382bfae671a
    1. SonsOfLiberty's Avatar
      SonsOfLiberty -
      it's out dated by a day, that just came out...today even.



      It seems that efforts of Flukes1 patching of lv2 to add a working "peek and poke" to allow backups, has been partly blocked by an "anti-lv2-hacking" protection that seems to been recently added by Sony in their v3.55 firmware, so developers will have to find another way around these checks, and they are looking now at patching lv1 so end-users will be able to enjoy all the features that people are whining for like "backup managers", that they had so much enjoyed via the Jailbroken v3.41 systems using the lv2 patching Dongle payloads!

      UPDATE: The info below is little wrong, Geohot had nothing to do with anti-lv2 checking, in fact it is SONY themselves that added more checks to make sure lv2 is not PATCHED starting with their new v3.55 firmware!

      So all those flaming Geohot, they should not be, they should be flaming Sony!

      Originally Posted by Dukio
      Yesterday was a rollercoaster. First, we have been terribly shot with the release news of Flukes1 patching of lv2 with the peek/poke on the 3.55 CFW only to find out that the backups, peek poke in the patch are bugged with some issues. Some serious issues that is which they working for it last night with Dean of multiMAN fame.

      Then, they found out about geohot’s anti lv2 patching which disrupted whatever they are doing on the lv2 of PS3 security. It is quite expected after what Geohot has mentioned about the lv2 all this time. Afterward, Mathieulh came to help to share some info about the PS3 security, then we had to bear a needless drama from him that makes him leaving without further help. Moment later, we heard about Hermes wanting to help. Nothing heard about that since then. In the end, Flukes1 ends the game unsuccessfully and promised to look on the lv1 next.

      Well, what we can conclude from this is that, the previous patched PUP that is reportedly should be working with backups and the homebrews with peek poke syscalls are useless after all. So, i had to take a hard lesson from all of this and had to confirm myself if Flukes1 & Co. ever come up with the new PUP. Which they possibly should considering the situation they are facing. Let’s just hope that will be the final one.

      Code:
      < @geohot> if you have a good reason…
      < @geohot> my anti lv2 patching isn’t just anti piracy
      < @flukes1> 08000000000332980 -> 0x8000000000464d60 loaded as rw
      < @flukes1> if thats enforced, it makes things more difficult
      < +Mathieulh> so yeah the best sc to use are 200/201
      < +Mathieulh> though I have to check if they didn’t somehow implement them in 3.55
      < +Mathieulh> if you have him though, you could add some peek and poke hypercalls to lv1 while you are at it xD
      < +Mathieulh> yes dev_usb000 would work but that’s just one restriction, now I am going to stop talking about it cause it’ll piss flukes1 otherwise
      < +Mathieulh> and it’s not like it’s my chan (or many people talk in it right now xD)
      < @flukes1> i’m not saying it to be a dick, just want to keep this channel focused on 1 thing at a time
      < +Mathieulh> they wouldn’t want some lamer at sony to actually encrypt a lv2 with control flags allowing hackers like us to pwn it eh ? xD
      < +BazGee> #1446598 - Pastie
      < +Mathieulh> BazGee
      < +Mathieulh> here is the whole thing
      < +Mathieulh> #1446610 - Pastie
      < @flukes1> shut the fuck up please
      < @flukes1> take the drama elsewhere
      < +Mathieulh> he started it and he is pissing me off
      < +Mathieulh> I am half hesitating to leave that chan already because he has voice on it
      < +Mathieulh> well niak as long as this douchebag can speak here I am off that chan, later…
      < @evilsperm> krosk Hermes wants to help flukes1, but he won’t get in on the chan. https://github.com/hermesEOL < - his web, he's asking to flukes1 to leave a comment
      <@netkas> flukes1, there could be some help on peek/poke https://github.com/hermesEOL
      < @flukes1> ive been getting spammed about hermes for the past hour
      < @flukes1> its not lv1_shutdown_logical_partition
      < @flukes1> we just need to figure out which one is causing the shutdown
      < +ps3sx> flukes1 try to send me LV2 kernel i will add all jailbreak patch correctely and send you back the files
      < +c0de90e7> flukes1: this maybe obvious but it cannot be comparing original self file data to the in mem
      < @flukes1> well no
      < @flukes1> it must compute the hash when the self is loaded
      < @flukes1> it must hash itself on startup
      < @flukes1> that or lv1 is responsible
      < @flukes1> i think we should be looking at hvcalls
      < @flukes1> we know any shutdown has to go through hv
      < @flukes1> i am pretty sure that lv1_write_virtual_uart is whats causing the shutdown
      < @flukes1> 16bd8 = hvsc instruction which causes shutdown
      < @flukes1> time for sleep
      < @flukes1> tomorrow we patch peek/poke into lv1