Today, he informs our PSX-SCENE viewers that he is able to dump the Hypervisor v3.15 via the GameOS and plans to do the same for v3.41 and make all the technical details public in a few days!
Quote:
| Originally Posted by graf_chokolo  I have just exploited and dumped HV 3.15 from GameOS  I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3. I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry Now we don't need Linux to exploit and dump HV. Furthermore, HV dump from GameOS is a lot better because when GameOS is running more features are activated in HV  So, i can reverse now more C++ objects and understand better how HV works I will make everything public very soon and i plan to dump HV 3.41 in the next days Happy New Year guys! |
Quote:
| Originally Posted by graf_chokolo And now i dumped the real USB Dongle Master Key guys Noone needs it now but here it is. I tested it with HMAC SHA1 and dongle key 0xAAAA and got the same dongle key that was reversed by KaKaRoTo Just as i said previously, use USB Dongle Authenticator, then dump HV and the decrypted USB Dongle Master Key will be in HV dump I extracted this key from my HV dump after i used USB Dongle Authenticator on GameOS. Then i rebooted GameOS but not HV and the key was still in HV and still decrypted static u8 master_key[20] = { Code: 46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2 |
No comments:
Post a Comment