Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Sep 25th, 2011  |  syntax: None  |  size: 4.07 KB  |  views: 1,644  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. [03:45:37]      <Mathieulh>     QA flag's a bitch xD
  2. [03:45:57]      <Mathieulh>     they actually protected it better than EID0 itself
  3. [03:46:09]      <Mathieulh>     which is utterly stupid but that's sony
  4. [03:46:12]      <PsHellcat>     q': would access to a QA'ed DEH help? (I know someone who *might* get one - and no, not me)
  5. [03:46:29]      <Mathieulh>     npt ?
  6. [03:46:34]      <PsHellcat>     yop :D
  7. [03:46:39]      <Mathieulh>     yah it'd help
  8. [03:46:43]      <PsHellcat>     cewl
  9. [03:46:46]      <Mathieulh>     get me his token seed xD
  10. [03:47:02]      <PsHellcat>     'cause he'd be glad to help out if it turned out it's QA'ed
  11. [03:47:33]      <Mathieulh>     the main problem with QA right now is that we dunno what value to set to the token seed
  12. [03:47:59]      <Mathieulh>     we have the keys and most of the algo
  13. [03:48:19]      <PsHellcat>     that sounds nice already
  14. [03:48:27]      <Mathieulh>     yah
  15. [03:54:37]      <rms>   god, this hexdump is huge
  16. [04:43:25]      <Mathieulh>     sorry for the highlight npt xD
  17. [04:43:42]      <rms>   im sure he doesnt mind
  18. [04:44:02]      <rms>   oh, Mathieulh
  19. [04:44:03]      <rms>   did those elfs work for you?
  20. [04:44:37]      <Mathieulh>     didn't try them yet
  21. [04:44:43]      <rms>   ok
  22. [04:44:45]      <Mathieulh>     but they have no reason to fail afaik
  23. [04:45:00]      <Mathieulh>     should be all set to dump metldr (again) Xd
  24. [04:45:06]      <Mathieulh>     xD *
  25. [04:45:13]      <rms>   unless they infinite loop by mistake
  26. [04:45:14]      <rms>   <_<
  27. [04:45:14]      <rms>   then again, it was anergistic
  28. [04:45:31]      <Mathieulh>     well, they work in anergistic
  29. [04:45:38]      <rms>   P
  30. [04:45:38]      <rms>   :P
  31. [04:45:56]      <rms>   how do you lead something into the anergistic spuls is my question
  32. [04:46:01]      <Mathieulh>     now we just have to load them and fetch the data from the shared LS or the mailbox
  33. [04:46:05]      <rms>   or how do you put things in memory
  34. [04:46:06]      <Mathieulh>     depending on the self we use
  35. [04:46:06]      <rms>   yeah
  36. [04:46:21]      <Mathieulh>     you mean how to dma ?
  37. [04:46:24]      <rms>   yeah
  38. [04:46:31]      <rms>   how do i put data initially into the spe
  39. [04:46:31]      <Mathieulh>     not sure anergistic emulates that
  40. [04:46:36]      <Mathieulh>     though I think it does
  41. [04:46:46]      <rms>   like
  42. [04:46:52]      <Mathieulh>     well data is sent to the mailbox or shared LS
  43. [04:47:03]      <Mathieulh>     it's the loader that asks the mmu to open the dma channel
  44. [04:47:06]      <rms>   data already in the isolated LS
  45. [04:47:13]      <Mathieulh>     yeah
  46. [04:47:23]      <Mathieulh>     well there is also the protocol to take into account
  47. [04:47:42]      <Mathieulh>     openning a dma channel requires more than a few instructions afaik
  48. [04:47:43]      <rms>   like, say i want to push over a decrypted elf in ls, it lies in isolated ls
  49. [04:47:43]      <rms>   how do i emulate that in anergistic
  50. [04:47:54]      <rms>   it's like 25
  51. [04:48:13]      <rms>   those elfs just have about 10 instructions
  52. [04:48:27]      <Mathieulh>     well, afaik you just run that elf in anergistic
  53. [04:48:42]      <Mathieulh>     it doesn't matter for the spu process wether the LS is isolated or not
  54. [04:48:51]      <Mathieulh>     the spu process is gonna access the LS as a whole
  55. [04:48:54]      <rms>   ok
  56. [04:49:02]      <Mathieulh>     just by supplying the proper address
  57. [04:49:09]      <Mathieulh>     it is the outside that cannot reach the isolated area
  58. [04:49:10]      <rms>   go tell me when you get those decrypted elfs
  59. [04:49:15]      <rms>   i'd love to take a look at them
  60. [04:49:16]      <Mathieulh>     by outside I mean anything not running on the spu
  61. [04:49:37]      <Mathieulh>     which ones?
  62. [04:50:11]      <rms>   whatever you can get into the isolated SPU :)
  63. [04:50:22]      <npt>   Mathieulh, no worry about the highlight : )
  64. [04:50:27]      <Mathieulh>     well, you just have to sign a loader, it'll run isolated
  65. [04:50:31]      <Mathieulh>     I mean on real hardware
  66. [04:50:38]      <Mathieulh>     ok npt
  67. [04:50:49]      <Mathieulh>     on anergistic the loader has to be in elf format
  68. [04:51:01]      <Mathieulh>     cause I doubt anergistic likes encrypted selfs xD
  69. [04:51:15]      <Mathieulh>     although you can run metldr in anergistic
  70. [04:51:25]      <Mathieulh>     and use its protocol to decrypt and load your loaders
  71. [04:51:28]      <Mathieulh>     just as it's done on ps3
  72. [04:52:23]      <Mathieulh>     rms ah! you mean using that bug we found ? (about the elfs)
  73. [04:52:49]      <rms>   yeah
  74. [04:52:58]      <Mathieulh>     yeah, certainly
  75. [04:53:25]      <Mathieulh>     we just grab metldr first though, just for the sake of it
clone this paste RAW Paste Data