Posts tagged as:

hacking

George Hotz continues the PS3, updates another post

January 26, 2010 · 0 comments

We’ll, should be no surpise here, George Hotz just updated his blog again, this time, going more into detail about the code he’s using. To download the snipped used by George Hotz, click the following link. http://pastie.org/795371

He starts his post of by saying “A level playing field.”

Right now, I’m playing with the isolated SPEs, trying to get metldr to load from OtherOS. Interesting thing, I am not using the exploit. I always assumed the enable isolation mode register was hypervisor privileged. It’s not, it’s kernel privileged, which means using hypervisor calls you can all get to it. So, get to hacking. Here is the code I am playing with.

Read his full post here. http://geohotps3.blogspot.com/2010/01/level-playing-field.html

volatile int init_module() {
unsigned long priv2_addr, problem_phys, local_store_phys, context_addr, shadow_addr, spe_id, vas;

lv1_get_virtual_address_space_id_of_ppe(0, &vas);

printk(KERN_ERR "die kernel %d\n", lv1_destruct_logical_spe(0xb));

printk(KERN_ERR "construct SPE: %d\n", lv1_construct_logical_spe(0x10,0x10,0x10,0x10,0x10, vas, 0, &priv2_addr, &problem_phys, &local_store_phys, &context_addr, &shadow_addr, &spe_id));
boom_lpar(shadow_addr);
printk(KERN_ERR "make SPE id: %d\n", spe_id);
printk(KERN_ERR "enable SPE: %d\n", lv1_enable_logical_spe(spe_id, 0));

unsigned long *problem_mapped, *privileged_mapped, *local_mapped;

problem_mapped =__ioremap((unsigned long)problem_phys, 0x20000, PAGE_SHARED_X);
privileged_mapped =__ioremap((unsigned long)priv2_addr, 0x20000, PAGE_SHARED_X);
local_mapped =__ioremap((unsigned long)local_store_phys, 0x40000, PAGE_SHARED_X);

printk(KERN_ERR "status: %lx\n", problem_mapped[0x4020/8]);
printk(KERN_ERR "privileged control: %lx\n", privileged_mapped[0x4040/8]);
privileged_mapped[0x4040/8] |= 4;
printk(KERN_ERR "privileged control: %lx\n", privileged_mapped[0x4040/8]);

struct file* fd;
mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
fd = filp_open("/work/pwned/metldr", O_RDONLY, 0);
if(!IS_ERR(fd)) {
printk(KERN_ERR "file is open\n");
printk(KERN_ERR "read %d\n", fd->f_op->read(fd, local_mapped, 0x40000, &fd->f_pos));
filp_close(fd, NULL);
} else {
printk(KERN_ERR "file open failed!!!!\n");
}
set_fs(old_fs);
printk(KERN_ERR "read in metldr\n");

problem_mapped[0x4018/8] |= 3;

int i;
for(i=0;i<0x20;i++) {
printk(KERN_ERR "status: %lx\n", problem_mapped[0x4020/8]);
}
printk(KERN_ERR "destruct SPE: %d\n", lv1_destruct_logical_spe(spe_id));

return 0;
}

{ 0 comments }

George Hotz still hacking the Sony PS3

January 25, 2010 · 0 comments

George Hotz is still hard at it, hacking the Sony Playstation 3, this time, he goes a little more into detail as to what he has done, and where this is going. The beginning of the post, he stresses the against the use of piracy, and what to and what not to expect. [Read More]

{ 0 comments }

The only reason why I got a Xbox 360

February 17, 2009 · 0 comments

iXtreme 1.5 Firmware

{ 0 comments }

Rooting a linux box via MySQL Injection Video Tutorial

February 12, 2009 · 1 comment

Here’s an awesome video tutorial I’ve found on Milw0rm.com showing how to get root access to a Linux box via the Mysql Injection method.

Credits go to Lidloses_Auge

Get the Flash Player to see this content.

{ 1 comment }

Xbox 360 iXtreme 1.51 Firmware hack with Liteon DG-16D2S

January 22, 2009 · 57 comments

So I just purchased my first Xbox 360 last week, and decided it’s already time to flash the drive. However, after finding out, that almost all the new Xbox 360’s come with the Liteon DG-16D2s drive, which is Microsoft’s move to stop the firmware flashing and make it more difficult, it still is possible, but just take’s some extra hardware.

I already ordered the necessary hardware to flash the drive. Here’s what I’ve ordered so far.

  • 360 Connectivity Kit V3 Lite CK3
  • VIA 6421a Sata PCI card, (however, after ordering it, found out I really don’t need it, oh well)

I’ll update this thread, after successfully updating the hacked firmware (hopefully).

If you’re looking at doing the same, here are some links that are a good place to start.

http://www.ixtreme.net/

Here is a list of tools you’ll need to hack the Xbox 360 drive.

  • 10 TORX Screwdriver
  • CK3 Connectivity Kit
  • CK3 Probe

Update:

Also, if you’re planning on flashing any of the Xbox 360 drives, such as the Samsung, Hitachi, BenQ, LiteOn, etc, you should also download Xbins. This software will connect  you to the software repository, which will allow you to download all the hacked firmware, and tools to flash the Xbox 360 drive.

Download Xbinx here.

Here’s the latest JungleFlasher Tutorial for iXtreme 1.51 and soon to be released 1.6, that works for all drives. Jungle Flasher Tutorial

So it’s done! I successfully flashed the Liteon DG-16D2s drive, and I also flashed my friends BenQ drive. Each was fairly easy, thus I used the Connectivity kit for each of the drives. I do say that for the Liteon drive, you have to solder a connection on the board. If you feel comfortable soldering, then feel free, and take your chances like I did. If not, I recommend buying the Team Xecuter CK3 with the additional probe. For noobs, it’s completely worth the investment.

Flashing the Liteon drives, I used Jungleflasher. For the tutorial that I used, check out this link. http://team-xecuter.com/ck3/liteon_windows.htm

Now, flashing the Benq was just as easy, but I used two programs for this. First, for reading and erasing the firmware on the drive, I used a software program called Dosflash32, which can also be downloaded from either 360mods.net or team-xecuter.com. However, once you dump the firmware from he Benq, I did revert back to Jungleflasher, loaded the original firmware, and loaded the hacked firmware. Created the new firmware, saved it, then used Dosflash32 to write it to the drive. Was pretty dang easy.

The following is a link for the Benq tutorial over at Team Xecuter, I do however, do not recommend this method. I personally could not get it to work, which is why I used the Jungleflasher method. http://team-xecuter.com/ck3/benq.htm

Now, apparently, you can use Jungleflasher to do all the reading, and erasing of the drive, for the Benq. My problem, is that it wouldn’t locate the drive. Not sure why this was happening, but using Dosflash32, had no problems. So my advice to you, do whatever works. And remember, to dump the firmware a couple of times, to make sure the key is valid. Once you erase the drive, there’s no going back.

Flashing the Hitachi was extremely easy, I just flashed an Hitachi drive that my friend brought over. Here’s a simple tutorial, thanks again, to Team Xecuter. http://team-xecuter.com/ck3/hitachi_pre07.htm

You can download all the needed iXtreme 1.4 and 1.5 firmware either at Team Xecuter, or using Xbins, which is from 360mods. Download the updated iXtreme 1.51 firmware at http://www.adploits.com/2009/03/06/ixtreme-151-xbox-360-firmware-released

Click Here, this site sells all the Xecuter tools you’ll need.

{ 57 comments }

EVE Online Hacks – What Not To Do

January 16, 2009 · 0 comments

Hacks, on EVE Online, are clear violations of the terms of service for using the game and maintaining an account. If you’re considering doing an EVE Online hack, understand that everything you’re doing can, and ultimately will, result in your account being shut down. You won’t get a refund of funds played, the account will get shut down, no questions asked or answered. That little “I agree” button you clicked when you set up the account came at the end of a license agreement that spells out the penalties in full measure.That being said, if you think you can get away with it (you can’t), there are a few EVE Online hacks that work for short periods of time, and can be used to close the gap on other players.

The first hack is using database analysis tools whenever a new patch comes out to go sniffing for universe database exploits. You need a hex editor and some decent technical knowhow to make this work, but you’re basically trying to use the database files downloaded to your computer to “sniff” for new sectors or changes to existing sectors, to find the resources before everyone else does. This requires that you be one of the very first people out there to download a patch, and requires enough additional work that the benefit is probably pretty minimal. Related to this is trying to find malformed tables in the download for exploits – sometimes, these can be treated as invisible gates to new regions. Beware – sometimes those gates are one-way gates and you may get stuck in a place with no way home.

The second hack is trying to compromise another player’s account, to steal in game resources. This is definitely risky in terms of account deletion. It’s also risky in terms of actual, honest to god fraud. Doing this EVE Online hack can actually put you behind bars, because it’s considered electronic funds fraud, even by proxy or remove. So before you try doing EVE Online hacks, think very carefully about the consequences of getting caught.

All in all, trying to do EVE Online hacks is a great way to get your account nuked and lose all the fun of playing this great game with 500,000 of your fiercest competitors on a 5,000 star galaxy. You won’t enjoy the rewards if you cheated to get them, so do it honest. EVE Online hacks are cheating, and cheaters never prosper.

{ 0 comments }