Advertising (This ad goes away for registered users. You can Login or Register)

Search found 13 matches

by 43tklj3n_43kj
Sun Apr 15, 2012 6:24 pm
Forum: Programming and Security
Topic: Fuel For The Fire (Outside Prospective)
Replies: 15
Views: 3581

Re: Fuel For The Fire (Outside Prospective)

just an FYI: If it wasn't for the RNG padding in ps3 ECDSA implementation, the PS3 would still be unhacked. Geohot's exploit and the dongle didn't compromise their chain of trust. In fact it still isn't compromised, fa1loverflow couldn't even get a persistent root because of hardware crypto and isol...
by 43tklj3n_43kj
Wed Apr 11, 2012 3:17 pm
Forum: Programming and Security
Topic: Fuel For The Fire (Outside Prospective)
Replies: 15
Views: 3581

Re: Fuel For The Fire (Outside Prospective)

Yep you can't downclock and sniff busses where it's POP or internal clock. I've seen people suggesting that here, but I just assume they don't know what they're talking about. I have seen RAM written to storage by overclocking, but that's very unlikely and depends on a web of factors. P.S. there has...
by 43tklj3n_43kj
Tue Apr 10, 2012 5:40 am
Forum: Programming and Security
Topic: Finding the memory layout of the vita?
Replies: 112
Views: 28844

Re: Finding the memory layout of the vita?

They do it through kernel exploits. Exploiting a low-privileged processes just yields virtual allocation and some HV and API calls. Vita is the same arch as Apple products, it uses ARM lpar and tz bits. PS3 is more complex cause good stuff is in SPE LS loaded by a ROM chain of other hardware isolate...
by 43tklj3n_43kj
Mon Apr 09, 2012 11:22 am
Forum: Programming and Security
Topic: Fuel For The Fire (Outside Prospective)
Replies: 15
Views: 3581

Re: Fuel For The Fire (Outside Prospective)

They used the same ROM based chain-of-trust design as the PS3, except here they don't have true hardware isolation(SPE LS). It means any non-emu code execution leads to complete compromise, provided the person who gets it is talented enough to RE and find a way to leverage execution on the privilege...
by 43tklj3n_43kj
Sat Mar 31, 2012 9:46 pm
Forum: Programming & security
Topic: Anyone fuzzing lv0.2 in 3.7x?
Replies: 6
Views: 2611

Re: Anyone fuzzing lv0.2 in 3.7x?

The lv0.2 is usless. It does not effect older consoles, only new one's, no reason to mess with. And of course there is lv1 and lv2 exucuted. Actually it does on older consoles, identical HV->LPAR. There has been code execution through vuze service that leverages dumps off the geohot glitch method. ...
by 43tklj3n_43kj
Tue Feb 28, 2012 6:55 pm
Forum: Programming & security
Topic: Anyone fuzzing lv0.2 in 3.7x?
Replies: 6
Views: 2611

Re: Anyone fuzzing lv0.2 in 3.7x?

It's not packed, it's a partial SELF, which even if it was complete would be useless unless it uses -3.55 AES keys.. in which case it'd still be useless on many levels.. I'm too poor to spend much time on the PS3, but I do know the one part that matters in a persistent pwnage(bootldr) isn't a SELF. ...
by 43tklj3n_43kj
Sat Oct 01, 2011 4:42 pm
Forum: Programming & security
Topic: Geohot
Replies: 14
Views: 3778

Re: Geohot

That's only rumor milling though..why hire an exceptional RCE+Programming person to do management and hardening on a web cluster? Most half-talent morons can do that proficiently believe it or not, it's just patching and configuration with a little network management. They probably even contract th...
by 43tklj3n_43kj
Mon Sep 26, 2011 7:24 am
Forum: Programming and Security
Topic: I found another game crash.
Replies: 67
Views: 8861

Re: I found another game crash.

@43tklj3n_43kj: you came a bit late, he should have code execution already if he found the value that overwrites $RA register ;) The problem with the payload-in-save file method is that it takes a significant amount of code to get the pointer or scan for a token. Also if you rely solely on overwrit...
by 43tklj3n_43kj
Sun Sep 25, 2011 10:20 am
Forum: Programming & security
Topic: Anyone fuzzing lv0.2 in 3.7x?
Replies: 6
Views: 2611

Anyone fuzzing lv0.2 in 3.7x?

Anyone looking for corruption like the revoke overflow? I'm interested in seeing results. FYI: You have to cycle the low range of NAND/NOR with data with a flasher to do this. Also SPU shellcode wraps around so overflows in isolation are easy to exploit. Also I read in one mode the CELL ROM is mappe...
by 43tklj3n_43kj
Sun Sep 25, 2011 10:15 am
Forum: Games
Topic: GTA 5 release date set as January 15th 2012
Replies: 11
Views: 5937

Re: GTA 5 release date set as January 15th 2012

No data for this game exists. I know people who can get pretty close to devs for RN, there isn't even hints that's it's in any stage of development..

Go to advanced search