Originally Posted by graf_chokolo
I have just exploited and dumped HV 3.15 from GameOS
I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.
I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry
Now we don't need Linux to exploit and dump HV. Furthermore, HV dump from GameOS is a lot better because when GameOS is running more features are activated in HV So, i can reverse now more C++ objects and understand better how HV works
I will make everything public very soon and i plan to dump HV 3.41 in the next days
Happy New Year guys!
BREAKING NEWS UPDATE: -- FINALLY THE REAL KEY! -- Thanks Graf!
Quote:
Originally Posted by graf_chokolo
And now i dumped the real USB Dongle Master Key guys Noone needs it now but here it is. I tested it with HMAC SHA1 and dongle key 0xAAAA and got the same dongle key that was reversed by KaKaRoTo
Just as i said previously, use USB Dongle Authenticator, then dump HV and the decrypted USB Dongle Master Key will be in HV dump I extracted this key from my HV dump after i used USB Dongle Authenticator on GameOS. Then i rebooted GameOS but not HV and the key was still in HV and still decrypted
static u8 master_key[20] =
{
Code:
46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2
};
[via: Psx-scene]
Published with Blogger-droid v1.6.5