Talk:Hypervisor Reverse Engineering: Difference between revisions
Jump to navigation
Jump to search
Line 10: | Line 10: | ||
| 0x200000 || 0x400000 || || LV1 Code Region || || | | 0x200000 || 0x400000 || || LV1 Code Region || || | ||
|- | |- | ||
| 0x8000000 || 0x800000 || || LV2 Region || || The region you get when you dump lv2 | | 0x8000000 / 0x1000000(DECR) || 0x800000 || || LV2 Region || || The region you get when you dump lv2 | ||
|- | |- | ||
| 0x20000000000 || 0x80000 || || SPE0 MMIO Memory Region || || (be.0.bp_base) | | 0x20000000000 || 0x80000 || || SPE0 MMIO Memory Region || || (be.0.bp_base) |
Revision as of 15:41, 17 March 2019
Merge needed (?) : https://webcache.googleusercontent.com/search?q=cache:http%3A%2F%2Fwiki.gitbrew.org%2Fwikibrew%2FPS3%3AHvReverseEngineering
MMIO / Memorymap
Physical Address | Size | ID | Usage | Address in HV dump (3.15) |
Notes |
---|---|---|---|---|---|
0x800000 | 0x20000 | LV0 Code Region | |||
0x200000 | 0x400000 | LV1 Code Region | |||
0x8000000 / 0x1000000(DECR) | 0x800000 | LV2 Region | The region you get when you dump lv2 | ||
0x20000000000 | 0x80000 | SPE0 MMIO Memory Region | (be.0.bp_base) | ||
0x20000080000 | 0x80000 | SPE1 MMIO Memory Region | 0x003ABC20 | ||
0x20000100000 | 0x80000 | SPE2 MMIO Memory Region | 0x003AAD70 | ||
0x20000180000 | 0x80000 | SPE3 MMIO Memory Region | 0x003A8880 | panic on read | |
0x20000200000 | 0x80000 | SPE4 MMIO Memory Region | 0x003B4F70 | ||
0x20000280000 | 0x80000 | SPE5 MMIO Memory Region | 0x003AB700 | ||
0x20000300000 | 0x80000 | SPE6 MMIO Memory Region | 0x003B5BE0 | ||
0x20000509000 | 0x1000 | Pervasive Memory | Contains 48 bit Serial Number at position 0xC80 size 0x08 | ||
0x1000 | SPE1 Shadow Registers Memory Region | 0x003ABDA0 | |||
0x1000 | SPE2 Shadow Registers Memory Region | 0x003B4290 | |||
0x1000 | SPE3 Shadow Registers Memory Region | 0x003A8A00 | |||
0x1000 | SPE4 Shadow Registers Memory Region | 0x003B50F0 | |||
0x1000 | SPE5 Shadow Registers Memory Region | 0x001FFC90 | |||
0x1000 | SPE6 Shadow Registers Memory Region | 0x003AE5B0 | |||
0x2000050A0C8 | 0x4 | XDR Memory Channel Size (Type 1) | Shift right 49 and add 0x20 for size. | ||
0x2000050A188 | 0x4 | XDR Memory Channel Size (Type 0) | Shift right 49 and add 0x20 for size. | ||
0x2000050A210 | 0x4 | XDR Memory Channel Type | For use with above memory locations | ||
0x24000000000 | SB bus subsystem | (be.0.ioif1.addr) | |||
0x24000002000 | 0x200 | 1 | SATA Controller 1 | ||
0x24000002200 | 0x200 | 2 | SATA Controller 2 | ||
0x24000002400 | 0x200 | 3 | USB Controller 1 | ||
0x24000002600 | 0x200 | 4 | USB Controller 2 | ||
0x24000002800 | 0x200 | 0 | Gelic Device | ||
0x24000002C00 | 0x200 | 7 | ENCDEC Device | ||
0x24000008000 | 0x1000 | SB bus External interrupt controller | Found while looking at linux kernel src. (spider-pic.c) | ||
0x24000008100 | SB bus interrupt handler | 0x002B9CC4 | |||
0x24000008104 | SB bus interrupt handler | ||||
0x24000087000 | SB status/info | ||||
0x2400008C000 | SYSCON (receive packetheader) | ||||
0x2400008C010 | SYSCON (receive packetbody) | ||||
0x2400008CFF0 | SYSCON (receive ?) | ||||
0x2400008CFF4 | SYSCON (send ?) | ||||
0x2400008D000 | SYSCON (send packetheader) | ||||
0x2400008D010 | SYSCON (send packetbody) | ||||
0x2400008DFF0 | SYSCON (send ?) | ||||
0x2400008DFF4 | SYSCON (receive ?) | ||||
0x2400008E000 | SYSCON (receive ?) | ||||
0x2400008E004 | SYSCON (receive test bit 0x2) | ||||
0x2400008E100 | SYSCON (send notify) | ||||
0x24003000000 | 0x1000 | 1 | SATA Controller 1 | ||
0x24003001000 | 0x1000 | 2 | SATA Controller 2 | ||
0x24003004000 | 0x1000 | 0 | Gelic Device | ||
0x24003005000 | 0x1000 | 7 | ENCDEC Device | ||
0x24003005200 | 0x4 | 7 | ENCDEC Device | 0 != ENCDEC Test Mode | |
0x24003006000 | 0x1000 | 7 | ENCDEC Device | ||
0x240030060A0 | 0x4 | 7 | ENCDEC Device | EdecKgenFlash Command (0x84) | |
0x24003010000 | 0x10000 | 3 | USB Controller 1 | 0x001FDF00 | |
0x24003020000 | 0x10000 | 4 | USB Controller 2 | 0x003B3850 | |
0x24003800000 | 0x1000 | 1 | SATA Controller 1 | ||
0x24003801000 | 0x1000 | 2 | SATA Controller 2 | ||
0x24003802000 | 0x1000 | 1 | SATA Controller 1 | ||
0x24003803000 | 0x1000 | 2 | SATA Controller 2 | ||
0x24003810000 | 0x10000 | 3 | USB Controller 1 | 0x003B6E50 | |
0x24003820000 | 0x10000 | 4 | USB Controller 2 | 0x003B9950 | |
0x2401F000000 | 0x1000000 | NOR Flash | |||
0x2401FC00000 | 0x40000 | SYS ROM | lv0ldr/bootldr | ||
0x28000000000 | 0x2000 | AV Manager (/dev/ioif0) | (be.0.ioif0.addr) only mmap system call | ||
0x28001800000 | 0x1000 | AV Manager (/dev/ioif0) | only mmap system call | ||
0x28000600000 | 0x4000 | AV Manager (/dev/ioif0) - Output Control Registers | only mmap system call. First 0x2000 for head 0. Next 0x2000 for head 1. | ||
0x28000680000 | 0x4000 | AV Manager (/dev/ioif0) - PLL Control Registers | only mmap system call. First 0x2000 for head 0. Next 0x2000 for head 1. | ||
0x28000080000 | 0x8000 | AV Manager (/dev/ioif0) | only mmap system call | ||
0x28000088000 | 0x1000 | AV Manager (/dev/ioif0) | only mmap system call | ||
0x2800000C000 | 0x1000 | AV Manager (/dev/ioif0) | only mmap system call | ||
0x2800008A000 | 0x1000 | AV Manager (/dev/ioif0) | only mmap system call | ||
0x2800008C000 | 0x1000 | AV Manager (/dev/ioif0) | only mmap system call | ||
0x28080000000 | 0xFE00000 | 1 | GPU Device Memory Region | 0x003AF380 | |
0x3C0000 | 0xC000 | 2 | GPU Device Memory Region | 0x003AF500 | |
0x2808FE00000 | 0x40000 | 3 | GPU Device Memory Region | 0x003AF680 | |
0x28000C00000 | 0x20000 | 4 | GPU Device Memory Region | 0x003AFC30 | |
0x28000080100 | 0x8000 | 5 | GPU Device Memory Region | 0x003BB420 | |
0x2808FC00000 | 0x400000 | RSX Internal State Memory Area (All) | |||
0x2808FF80000 | 0x80000 | RAMIN (Encompasses RAMHT,RAMFC,DMA Objects, Graphic Objects and GRAPH) | |||
0x2808FF90000 | 0x4000 | RAM Hash Table | |||
0x2808FFA0000 | 0x1000 | RAM FIFO Context | |||
0x2808FFC0000 | 0x10000 | DMA Objects | |||
0x2808FFD0000 | 0x10000 | Graphic Objects | |||
0x2808FFE0000 | 0x10000 | Graphic Context | |||
9 | FLASH Controller device (StarShip - SS) | FLASH controller doesn't have MMIO regions | |||
0x000000000000 | 0x1000000 | GameOS | |||
0x700020000000 | 0xA0000 | GameOS | |||
0x700020000000 | 0xE900000 | GameOS | |||
0x800000000F000000 | 0x40000 | GameOS HTAB |
- Linux driver for playing with BE MMIO: http://pastie.org/private/zkzpmj5j6hixacxppk9waq mirror
PS3 ea memory map
0xFFFF_FFFF +-------------------------------+ | SPU Thread Mapping Area | 0xF000_0000 +-------------------------------+ | Raw SPU Mapping Area | 0xE000_0000 +-------------------------------+ | User Area | 0xD000_0000 +-------------------------------+ | RSX Frame Buffer Mapping Area | 0xC000_0000 +-------------------------------+ | MMapper Fixed Area | 0xB000_0000 +-------------------------------+ | | | User Area (heap, ...) | | | | | | | 0x5000_0000 +-------------------------------+ | PPU/SPU Local Segment | | (.ppu_data) | 0x4001_0000 +-------------------------------+ | PPU/SPU Local Segment | | (.ppu_rodata) | 0x4000_0000 +-------------------------------+ | PPU/SPU/RSX Shared Segment | | (.sdata, .rsx_image) | 0x3001_0000 +-------------------------------+ | PPU/SPU/RSX Shared Segment | | (.srodata, .rsx_image) | 0x3000_0000 +-------------------------------+ | PPU/SPU Shared Segment | | (.text, .data, .bss, ...) | 0x0001_0000 +-------------------------------+ | Unmapped Area | 0x0000_0000 +-------------------------------+
http://pastie.org/private/bfqqa2cpadolns9bm0eqa
History of Packet ID Entries
- 0x18000 <- Dispatcher_Manager
- 0x8000 <- ???
- 0x17000 <- Indi_Info_Manager
- 0x10000 <- SB_Manager
- 0x9000 <- SC_Manager
- 0x14000 <- Secure_LPAR_Loader
- 0x15000 <- Secure_Profile_Loader
- 0x3000 <- Secure_RTC_Manager
- 0x5000 <- Storage_Manager
- 0x11000 <- Security_Policy_Manager
- 0x6000 <- Update_Manager
- 0x2000 <- Virtual_TRM_Manager
- 0x19000 <- AIM_Manager
- 0x22000 <- Factory_Data_Manager
- 0x24000 <- USB_Dongle_Authenticator
- 0x25000 <- User_Token_Manager
- 0x84000 <- http://paste.ubuntu.com/25395752/
from SPM
possible process names[1] possible process / packet ids 1[2] possible process / packet ids 2[3]
coolstuf
Graf_Chokolo's HV BIBLE .rar 163 MB
Torrent InfoHash (Base16): 8E0FC6B483D8439BC7E1D6148632022DC390CE19 Torrent InfoHash (Base32): RYH4NNED3BBZXR7B2YKIMMQCFXBZBTQZ
coolstuff.rar (172474327 Bytes)
SHA1: F8DF8A5D6ABEFD20CE02EFE883D22FE90CC11845 MD5: C0976820D0F4DA9D0C8674083E7F8B36 CRC32: 7CAECB85 / CRC16: 69BB
Repositories:
- https://www.sendspace.com/file/klddg3
- http://www.sendspace.com/file/qlkzkd
- http://www.mirrorcreator.com/files/0NFBM0PC/coolstuff_0.rar_links
- http://www.mirrorcreator.com/files/0ROETOUP/coolstuff.rar_links
- http://fileape.com/index.php?act=download&id=aG4VzHXWKqwXbi50
Content
dump_lv2_reversing/dev_rflash1/dev1_reg0_16MB.bin 16 MB dump_lv2_reversing/dev_rflash1/dump_files.sh 0.3 KB dump_lv2_reversing/dev_rflash1/dump_flash_315.bin 16 MB dump_lv2_reversing/dev_rflash1/files/asecure_loader 0.2 MB dump_lv2_reversing/dev_rflash1/files/cCSD 2 KB dump_lv2_reversing/dev_rflash1/files/cISD 2 KB dump_lv2_reversing/dev_rflash1/files/eEID 64 KB dump_lv2_reversing/dev_rflash1/files/EID/EID0 2.1 KB dump_lv2_reversing/dev_rflash1/files/EID/EID1 0.7 KB dump_lv2_reversing/dev_rflash1/files/EID/EID2 1.8 KB dump_lv2_reversing/dev_rflash1/files/EID/EID3 0.3 KB dump_lv2_reversing/dev_rflash1/files/EID/EID4 0 KB dump_lv2_reversing/dev_rflash1/files/EID/EID5 2.5 KB dump_lv2_reversing/dev_rflash1/files/metldr 58.3 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/aim_spu_module.self 17.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/appldr 0.1 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/default.spp 8.7 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/emer_init.self 0.5 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/eurus_fw.bin 0.4 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/hdd_copy.self 0.4 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/isoldr 75.7 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/lv0 0.2 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/lv1.self 1.2 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/lv1ldr 0.1 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/lv2ldr 91.5 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/lv2_kernel.self 1.4 MB dump_lv2_reversing/dev_rflash1/files/sdk_330/mc_iso_spu_module.self 32.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/me_iso_spu_module.self 34.2 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/sb_iso_spu_module.self 23.4 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/sc_iso.self 84.8 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/sdk_version 0 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/spp_verifier.self 54 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_pkg_rvk_verifier.self 62.7 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_token_processor.self 23.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_utoken_processor.self 25.5 KB dump_lv2_reversing/dev_rflash1/files/sdk_330/sv_iso_spu_module.self 48.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/aim_spu_module.self 17.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/appldr 0.1 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/default.spp 8.7 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/emer_init.self 0.5 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/eurus_fw.bin 0.4 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/hdd_copy.self 0.4 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/isoldr 76.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/lv0 0.2 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/lv1.self 1.2 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/lv1ldr 0.1 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/lv2ldr 92 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/lv2_kernel.self 1.4 MB dump_lv2_reversing/dev_rflash1/files/sdk_341/mc_iso_spu_module.self 32.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/me_iso_spu_module.self 34.2 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/sb_iso_spu_module.self 23.4 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/sc_iso.self 84.8 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/sdk_version 0 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/spp_verifier.self 54 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_pkg_rvk_verifier.self 62.7 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_token_processor.self 23.1 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_utoken_processor.self 25.5 KB dump_lv2_reversing/dev_rflash1/files/sdk_341/sv_iso_spu_module.self 48.1 KB dump_lv2_reversing/dev_rflash1/files/trvk_pkg0 0.1 MB dump_lv2_reversing/dev_rflash1/files/trvk_pkg1 0.1 MB dump_lv2_reversing/dev_rflash1/files/trvk_prg0 0.1 MB dump_lv2_reversing/dev_rflash1/files/trvk_prg1 0.1 MB dump_lv2_reversing/dev_rflash1/toc.txt 4 KB dump_lv2_reversing/dump_lv2.bin 8 MB dump_lv2_reversing/dump_lv2.idb 50 MB dump_lv2_reversing/dump_lv2_315.bin 8 MB dump_lv2_reversing/dump_lv2_315.idb 38 MB dump_lv2_reversing/htab/dump_htab.bin 0.3 MB dump_lv2_reversing/htab/dump_htab.c 1.7 KB dump_lv2_reversing/htab/dump_htab.exe 18.4 KB dump_lv2_reversing/htab/dump_htab.txt 2.2 MB dump_lv2_reversing/lv2_dump3.41debug.bin 8 MB dump_lv2_reversing/lv2_kernel_341_decrypted.elf 3.3 MB dump_lv2_reversing/lv2_kernel_service_jig_self.bin 3.5 MB dump_lv2_reversing/lv2_kernel_service_jig_self.idb 23 MB dump_lv2_reversing/mem/dump_lpar_ra.bin 1 MB dump_lv2_reversing/mem/memory_regions.txt 0.4 KB dump_lv2_reversing/sce/sce.txt 0.9 KB dump_lv2_reversing/slb/dump_lv2_slb.bin 1 KB dump_lv2_reversing/slb/dump_lv2_slb.txt 2.4 KB dump_lv2_reversing/spp/default_decrypted.spp 8.7 KB dump_lv2_reversing/update_manager/EID0_0x0.bin 2.1 KB hvdump315_reversing/dump_proc.sh 0.3 KB hvdump315_reversing/eeprom/offsets.txt 0.1 KB hvdump315_reversing/files/EID0 2.1 KB hvdump315_reversing/files/ss_server1.fself 0.5 MB hvdump315_reversing/files/ss_server2.fself 0.3 MB hvdump315_reversing/files/ss_server3.fself 0.2 MB hvdump315_reversing/files/sysmgr_ss.fself 0.4 MB hvdump315_reversing/htab/dump_htab.c 1.7 KB hvdump315_reversing/htab/dump_htab.exe 18.4 KB hvdump315_reversing/htab/lpar1_vas2_htab.txt 2.2 MB hvdump315_reversing/htab/lpar2_vas3_htab.txt 8.8 MB hvdump315_reversing/htab/lpar2_vas48_htab.txt 8.8 MB hvdump315_reversing/hvcall/99.txt 0.2 KB hvdump315_reversing/hvdump315 16 MB hvdump315_reversing/hvdump315.idb 79 MB hvdump315_reversing/misc/tbfreq.txt 0 KB hvdump315_reversing/otheros/build-petitboot.txt 2.3 KB hvdump315_reversing/otheros/debian_netboot/initrd.gz 5.4 MB hvdump315_reversing/otheros/debian_netboot/vmlinux 11 MB hvdump315_reversing/otheros/debian_netboot/yaboot.conf 0.6 KB hvdump315_reversing/otheros/dev_rflash_lx/exoboot 5.2 MB hvdump315_reversing/otheros/dev_rflash_lx/lv2_kernel_service_jig_self.bin 3.5 MB hvdump315_reversing/otheros/dev_rflash_lx/petitboot_network_zImage.ps3.bin 7.7 MB hvdump315_reversing/otheros/dev_rflash_lx/petitboot_zImage.ps3.bin 7.6 MB hvdump315_reversing/otheros/exoboot 5.2 MB hvdump315_reversing/otheros/exoboot.idb 30 MB hvdump315_reversing/otheros/otheros.bld 3.1 MB hvdump315_reversing/otheros/otheros.elf 14 MB hvdump315_reversing/otheros/otheros.i64 63 MB hvdump315_reversing/otheros/petitboot-compile-howto.txt 0.8 KB hvdump315_reversing/otheros/petitboot.bld 3.4 MB hvdump315_reversing/otheros/petitboot_network.bld 3.5 MB hvdump315_reversing/otheros/petitboot_network_zImage.ps3.bin 7.7 MB hvdump315_reversing/otheros/petitboot_network_zImage.ps3.idb 40 MB hvdump315_reversing/otheros/petitboot_zImage.ps3.bin 7.6 MB hvdump315_reversing/otheros/petitboot_zImage.ps3.idb 33 MB hvdump315_reversing/otheros/ps3-boot-recovery-howto.txt 4.5 KB hvdump315_reversing/otheros/ps3-bootloader-install-howto.txt 3.6 KB hvdump315_reversing/otheros/ps3-debian-install-howto.txt 5.3 KB hvdump315_reversing/otheros/ps3-debian-install.pdf 90.6 KB hvdump315_reversing/otheros/ps3-petitboot-09.11.30-cui 8 MB hvdump315_reversing/otheros/ps3-petitboot-09.11.30-cui.bld 3.2 MB hvdump315_reversing/proc_3/code_seg.addr 0.6 KB hvdump315_reversing/proc_3/code_seg.bin 0.1 MB hvdump315_reversing/proc_3/code_seg.idb 1.8 MB hvdump315_reversing/proc_3/data_seg.addr 0.2 KB hvdump315_reversing/proc_3/data_seg.bin 36 KB hvdump315_reversing/proc_3/stack_seg.addr 0.1 KB hvdump315_reversing/proc_3/stack_seg.bin 12 KB hvdump315_reversing/proc_3/unknown_seg.addr 0.1 KB hvdump315_reversing/proc_3/unknown_seg.bin 28 KB hvdump315_reversing/proc_5/code_seg.addr 0.9 KB hvdump315_reversing/proc_5/code_seg.bin 0.2 MB hvdump315_reversing/proc_5/code_seg.idb 2.8 MB hvdump315_reversing/proc_5/data_seg.addr 0.2 KB hvdump315_reversing/proc_5/data_seg.bin 44 KB hvdump315_reversing/proc_5/stack_seg.addr 0.1 KB hvdump315_reversing/proc_5/stack_seg.bin 12 KB hvdump315_reversing/proc_5/unknown_seg.addr 0 KB hvdump315_reversing/proc_5/unknown_seg.bin 8 KB hvdump315_reversing/proc_6/code_seg.addr 1.8 KB hvdump315_reversing/proc_6/code_seg.bin 0.3 MB hvdump315_reversing/proc_6/code_seg.idb 5.1 MB hvdump315_reversing/proc_6/data_seg.addr 0.3 KB hvdump315_reversing/proc_6/data_seg.bin 68 KB hvdump315_reversing/proc_6/stack_seg.addr 0.1 KB hvdump315_reversing/proc_6/stack_seg.bin 12 KB hvdump315_reversing/proc_6/unknown_seg_1.addr 0 KB hvdump315_reversing/proc_6/unknown_seg_1.bin 4 KB hvdump315_reversing/proc_6/unknown_seg_2.addr 0 KB hvdump315_reversing/proc_6/unknown_seg_2.bin 4 KB hvdump315_reversing/proc_9/.unknown_seg_2.addr.swp 12 KB hvdump315_reversing/proc_9/code_seg.addr 1.4 KB hvdump315_reversing/proc_9/code_seg.bin 0.3 MB hvdump315_reversing/proc_9/code_seg.idb 3.6 MB hvdump315_reversing/proc_9/data_seg.addr 0.4 KB hvdump315_reversing/proc_9/data_seg.bin 72 KB hvdump315_reversing/proc_9/stack_seg.addr 0.1 KB hvdump315_reversing/proc_9/stack_seg.bin 12 KB hvdump315_reversing/proc_9/unknown_seg_1.addr 0.1 KB hvdump315_reversing/proc_9/unknown_seg_1.bin 16 KB hvdump315_reversing/proc_9/unknown_seg_2.addr 0.6 KB hvdump315_reversing/proc_9/unknown_seg_3.addr 0 KB hvdump315_reversing/proc_9/unknown_seg_3.bin 8 KB hvdump315_reversing/repo_nodes/dump_repo_nodes.c 1.7 KB hvdump315_reversing/repo_nodes/dump_repo_nodes.exe 17.9 KB hvdump315_reversing/repo_nodes/hash_repo_node.c 1.5 KB hvdump315_reversing/repo_nodes/hash_repo_node.exe 17.2 KB hvdump315_reversing/repo_nodes/repo_nodes.txt 77.8 KB hvdump315_reversing/repo_nodes/repo_nodes_storage_disk.txt 8.1 KB hvdump315_reversing/repo_nodes/repo_nodes_storage_rbd.txt 8.1 KB hvdump315_reversing/ss/.packet_and_function_ids.txt.swp 12 KB hvdump315_reversing/ss/laid_and_paid.txt 3.3 KB hvdump315_reversing/ss/packet_and_function_ids.txt 0.5 KB hvdump341_reversing/dev_rflash1/metldr 58.2 KB hvdump341_reversing/dump_flash_fat.bin 16 MB hvdump341_reversing/dump_lv1_latest.bin 16 MB hvdump341_reversing/dump_proc.sh 0.3 KB hvdump341_reversing/hv_mmap_exploit_341.bin 16 MB hvdump341_reversing/hv_mmap_exploit_341.idb 68 MB hvdump341_reversing/lv1_341_decrypted.elf 3.8 MB hvdump341_reversing/lv1_341_decrypted.i64 22 MB hvdump341_reversing/proc_3/code_seg.addr 0.6 KB hvdump341_reversing/proc_3/code_seg.bin 0.1 MB hvdump341_reversing/proc_3/code_seg.idb 1.2 MB hvdump341_reversing/proc_3/data_seg.addr 0.2 KB hvdump341_reversing/proc_3/data_seg.bin 36 KB hvdump341_reversing/proc_3/stack_seg.addr 0.1 KB hvdump341_reversing/proc_3/unknown_seg_1.addr 0.1 KB hvdump341_reversing/proc_3/unknown_seg_1.bin 28 KB hvdump341_reversing/proc_3/unknown_seg_2.addr 0 KB hvdump341_reversing/proc_3/unknown_seg_2.bin 4 KB hvdump341_reversing/proc_5/code_seg.addr 0.9 KB hvdump341_reversing/proc_5/code_seg.bin 0.2 MB hvdump341_reversing/proc_5/code_seg.idb 1.8 MB hvdump341_reversing/proc_5/data_seg.addr 0.2 KB hvdump341_reversing/proc_5/data_seg.bin 44 KB hvdump341_reversing/proc_5/stack_seg.addr 0.1 KB hvdump341_reversing/proc_5/stack_seg.bin 12 KB hvdump341_reversing/proc_5/unknown_seg.addr 0 KB hvdump341_reversing/proc_5/unknown_seg.bin 8 KB hvdump341_reversing/proc_6/code_seg.addr 1.8 KB hvdump341_reversing/proc_6/code_seg.bin 0.3 MB hvdump341_reversing/proc_6/code_seg.idb 3 MB hvdump341_reversing/proc_6/data_seg.addr 0.3 KB hvdump341_reversing/proc_6/data_seg.bin 68 KB hvdump341_reversing/proc_6/stack_seg.addr 0.1 KB hvdump341_reversing/proc_6/stack_seg.bin 12 KB hvdump341_reversing/proc_6/unknown_seg_1.addr 0 KB hvdump341_reversing/proc_6/unknown_seg_1.bin 4 KB hvdump341_reversing/proc_6/unknown_seg_2.addr 0 KB hvdump341_reversing/proc_6/unknown_seg_2.bin 4 KB hvdump341_reversing/proc_9/code_seg.addr 1.3 KB hvdump341_reversing/proc_9/code_seg.bin 0.2 MB hvdump341_reversing/proc_9/code_seg.idb 2.4 MB hvdump341_reversing/proc_9/data_seg.addr 0.3 KB hvdump341_reversing/proc_9/data_seg.bin 56 KB hvdump341_reversing/proc_9/stack_seg.addr 0.1 KB hvdump341_reversing/proc_9/stack_seg.bin 12 KB hvdump341_reversing/proc_9/unknown_seg_1.addr 0.1 KB hvdump341_reversing/proc_9/unknown_seg_1.bin 16 KB hvdump341_reversing/proc_9/unknown_seg_2.addr 0 KB hvdump341_reversing/proc_9/unknown_seg_2.bin 8 KB hvdump341_reversing/proc_elfs/pme_init 0.1 MB hvdump341_reversing/proc_elfs/pme_init.i64 0.5 MB hvdump341_reversing/repo_nodes/dump_repo_nodes.c 1.8 KB hvdump341_reversing/repo_nodes/dump_repo_nodes.exe 17.9 KB hvdump341_reversing/repo_nodes/repo_nodes.txt 77.4 KB hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x02F00_0x02FFF.bin 0.3 KB hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x03000_0x030FF.bin 0.3 KB hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48000_0x480FF.bin 0.3 KB hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48800_0x488FF.bin 0.3 KB hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48C00_0x48CFF.bin 0.3 KB hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48D00_0x48DFF.bin 0.3 KB hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x02F00_0x02FFF.bin 0.3 KB hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x03000_0x030FF.bin 0.3 KB hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48000_0x480FF.bin 0.3 KB hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48800_0x488FF.bin 0.3 KB hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48C00_0x48CFF.bin 0.3 KB hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48D00_0x48DFF.bin 0.3 KB hvdump341_reversing/spus/isoldr_341.elf 75.6 KB hvdump341_reversing/spus/isoldr_341_objdump.asm 0.7 MB hvdump341_reversing/spus/sb_iso_spu_module.elf 62.5 KB hvdump341_reversing/spus/sb_iso_spu_module_ida.asm 0.2 MB hvdump341_reversing/spus/sb_iso_spu_module_objdump.asm 0.5 MB hvdump341_reversing/spus/sc_iso.elf 81.7 KB hvdump341_reversing/spus/sc_iso_ida.asm 0.4 MB hvdump341_reversing/spus/sc_iso_objdump.asm 0.8 MB hvdump341_reversing/spus/spu_token_processor.elf 22.3 KB hvdump341_reversing/spus/spu_token_processor_ida.asm 0.1 MB hvdump341_reversing/spus/spu_token_processor_objdump.asm 0.2 MB hvdump355_reversing/dump_proc.sh 0.3 KB hvdump355_reversing/dump_protpages/dump_protpages.c 2.1 KB hvdump355_reversing/dump_protpages/dump_protpages.exe 11.5 KB hvdump355_reversing/dump_protpages/dump_protpages.exe.stackdump 0.8 KB hvdump355_reversing/hvdump_355.bin 16 MB hvdump355_reversing/hvdump_355.idb 67 MB hvdump355_reversing/proc_3/code_seg.addr 0.7 KB hvdump355_reversing/proc_3/code_seg.bin 0.1 MB hvdump355_reversing/proc_3/code_seg.idb 1.3 MB hvdump355_reversing/proc_3/data_seg.addr 0.2 KB hvdump355_reversing/proc_3/data_seg.bin 36 KB hvdump355_reversing/proc_3/pages 1.1 KB hvdump355_reversing/proc_3/stack_seg.addr 0.1 KB hvdump355_reversing/proc_3/stack_seg.bin 12 KB hvdump355_reversing/proc_3/unknown_seg.addr 0.2 KB hvdump355_reversing/proc_3/unknown_seg.bin 32 KB hvdump355_reversing/proc_5/code_seg.addr 1 KB hvdump355_reversing/proc_5/code_seg.bin 0.2 MB hvdump355_reversing/proc_5/code_seg.idb 1.6 MB hvdump355_reversing/proc_5/data_seg.addr 0.2 KB hvdump355_reversing/proc_5/data_seg.bin 44 KB hvdump355_reversing/proc_5/pages 1.3 KB hvdump355_reversing/proc_5/stack_seg.addr 0.1 KB hvdump355_reversing/proc_5/stack_seg.bin 12 KB hvdump355_reversing/proc_5/unknown_seg.addr 0 KB hvdump355_reversing/proc_5/unknown_seg.bin 8 KB hvdump355_reversing/proc_6/code_seg.addr 2 KB hvdump355_reversing/proc_6/code_seg.bin 0.3 MB hvdump355_reversing/proc_6/code_seg.idb 3.3 MB hvdump355_reversing/proc_6/data_seg.addr 0.4 KB hvdump355_reversing/proc_6/data_seg.bin 68 KB hvdump355_reversing/proc_6/pages 2.4 KB hvdump355_reversing/proc_6/stack_seg.addr 0.1 KB hvdump355_reversing/proc_6/stack_seg.bin 12 KB hvdump355_reversing/proc_6/unknown_seg1.addr 0 KB hvdump355_reversing/proc_6/unknown_seg1.bin 4 KB hvdump355_reversing/proc_6/unknown_seg2.addr 0 KB hvdump355_reversing/proc_6/unknown_seg2.bin 4 KB hvdump355_reversing/proc_9/code_seg.addr 1.4 KB hvdump355_reversing/proc_9/code_seg.bin 0.2 MB hvdump355_reversing/proc_9/code_seg.idb 2.1 MB hvdump355_reversing/proc_9/data_seg.addr 0.3 KB hvdump355_reversing/proc_9/data_seg.bin 56 KB hvdump355_reversing/proc_9/pages 2.5 KB hvdump355_reversing/proc_9/stack_seg.addr 0.1 KB hvdump355_reversing/proc_9/stack_seg.bin 12 KB hvdump355_reversing/proc_9/unknown_seg1.addr 0.1 KB hvdump355_reversing/proc_9/unknown_seg1.bin 16 KB hvdump355_reversing/proc_9/unknown_seg2.addr 0 KB hvdump355_reversing/proc_9/unknown_seg2.bin 8 KB payload.tar.gz 96.2 KB ps3wiki/Basic Bluray disc authentication procedure.htm 13.3 KB ps3wiki/Booting Linux from internal HDD.htm 8.4 KB ps3wiki/Booting Linux from internal HDD_2.htm 9.2 KB ps3wiki/Booting Linux on 3.41 PS3 with petitboot from internal HDD.htm 9.1 KB ps3wiki/Booting Linux on 3.41 PS3 with petitboot from internal HDD2.htm 10 KB ps3wiki/Booting petitboot from VFLASH.htm 20.2 KB ps3wiki/Booting_Linux_2.6_kernel_on_running_PS3_Linux_with_kexec.htm 1 KB ps3wiki/Cell Programming Tutorial – IBM.htm 10.7 KB ps3wiki/Drk notes.htm 13.8 KB ps3wiki/Dump_of_all_repository_nodes_from_HV_3.15.htm 1 KB ps3wiki/Dump_of_all_repository_nodes_from_HV_3.41_dump_made_from_GameOS.htm 84.5 KB ps3wiki/Error_codes.htm 0.8 KB ps3wiki/Hardware flashing.htm 7.9 KB ps3wiki/Hypervisor Reverse Engineering.htm 0.3 MB ps3wiki/Installing Linux on internal HDD.htm 14.7 KB ps3wiki/Lv-2 syscalls.htm 26.4 KB ps3wiki/Lv-2_functions.htm 0.8 KB ps3wiki/Main Page.htm 14.9 KB ps3wiki/PDB file format.htm 14.8 KB ps3wiki/PS3 Payload Developement.htm 29.5 KB ps3wiki/PSGroove.htm 15 KB ps3wiki/PSJailbreak Exploit Payload Reverse Engineering.htm 14.7 KB ps3wiki/PSJailbreak Exploit Reverse Engineering.htm 22.4 KB ps3wiki/PSJailbreak Payload Reverse Engineering.htm 52.4 KB ps3wiki/PUP File Format.htm 11.4 KB ps3wiki/Self Crypto.htm 8.3 KB ps3wiki/SELF File Format and Decryption.htm 17.3 KB ps3wiki/Self file format.htm 12.4 KB ps3wiki/Self file format_2.htm 13.1 KB ps3wiki/Talk.Lv-2 functions.htm 7.8 KB ps3wiki/Talk.SELF File Format and Decryption.htm 18.4 KB ps3wiki/XRegistry File Format.htm 51.9 KB ps3wiki/XRegistry File Format_2.htm 52.7 KB
emer init.self
Program 1
Crossreference: gitbrew.org::emer_init.self:Program_1
0x40000 # bind object to subchannel 0 0x31337000 0x3C0180 0x66604200 0xFEED0000 0xFEED0001 0xFEED0000 0x0 0xFEED0000 0xFEED0000 0xFEED0000 0xFEED0001 0x66606660 0x66626660 0x0 0x0 0xFEED0000 0xFEED0000 0x40060 0x66616661 0x340200 0x0 0x0 0x121 0x40 0x0 0x0 0x0 0x40 0x1 0x80 0x100 0x40 0x0 0x100280 0x40 0x40 0x0 0x0 0x41D80 0x3 0x4802B8 0x0 0x0 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0xFFF0000 0x81D98 0xFFF0000 0xFFF0000 0x41DA4 0x0 0x403B0 0x10 0x41454 0x0 0x41FF4 0x3FFFFF 0x181FC0 0x0 0x6144321 0xEDCBA987 0x6F 0x171615 0x1B1A19 0x280B40 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x40A0C 0x0 0xC0A60 0x0 0x0 0x0 0x80A78 0x0 0x0 0x41428 0x1 0x41D88 0x1000 0x41E94 0x11 0x41450 0x80003 0x41FE0 0x2000000 0x400B00 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x2DC8 0x1008CC 0x800 0x0 0x0 0x0 0x100240 0xFFFF 0x0 0x0 0x0 0x0 0xC003C0 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x10101 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x7421 0x9AABAA98 0x66666789 0x98766666 0x89AABAA9 0x99999999 0x88888889 0x98888888 0x99999999 0x56676654 0x33333345 0x54333333 0x45667665 0xAABBBA99 0x66667899 0x99876666 0x99ABBBAA 0x81738 0x0 0x0 0x4E000 # bind object to subchannel 7 0xCAFEBABE
Program 2
Crossreference: gitbrew.org::emer_init.self:Program_2
0x80308 0x207 0x0 0x40304 0x0 0xC0350 0x207 0x0 0xFF 0x4034C 0xFF 0xC035C 0x1E00 0x1E00 0x1E00 0x4031C 0x0 0x4037C 0x0 0x40310 0x0 0x4036C 0x0 0x40320 0x80068006 0x80314 0x10001 0x0 0x41D8C 0xFFFFFF00 0x41D94 0x0 0x40100 0x0 0x40324 0x1010101 0x4183C 0x0 0x41830 0x405 0x80384 0x0 0x3F800000 0x40380 0x0 0x40A6C 0x201 0x40A70 0x1 0x40A74 0x0 0x40300 0x1 0x41FEC 0x0 0x41FC0 0x0 0x41834 0x901 0x403B8 0x8 0x40374 0x0 0x40378 0x1503 0x41EE0 0x3F800000 0x40A68 0x0 0x80A78 0x0 0x0 0x41DAC 0x0 0x41DB0 0xFFFFFFFF 0x808C0 0x10000000 0x10000000 0x40368 0x1D01 0xC0330 0x207 0x0 0xFF 0x4032C 0xFF 0xC033C 0x1E00 0x1E00 0x1E00 0x40328 0x0 for (x = 0; x < 16; x++) { 0x41A08 + (x * 0x20) 0x30101 0x41A1C + (x * 0x20) 0x0 0x41A0C + (x * 0x20) 0x60000 0x41A14 + (x * 0x20) 0x2052000 } 0x40348 0x0 for (x = 0; x < 16; x++) { 0x41740 + (x * 0x4) 0x2 0x41680 + (x * 0x4) 0x0 } 0x80A00 0x10000000 0x10000000 0x80394 0x0 0x3F800000 0x200A20 2048.0 2048.0 0.5 0x0 2048.0 2048.0 0.5 0x0 0x200A20 2048.0 2048.0 0.5 0x0 2048.0 2048.0 0.5 0x0 0x41D7C 0xFFFF0000 0x4182C 0x1B02 0x41D90 0x0 0x40370 0x0 0x41828 0x1B02 0x403BC 0x0 0x41DB4 0x0 0x41EE4 0x0 0x41EE8 0x0 0x41838 0x0 0x4147C 0x0 0x41E98 0x1000000 0x41478 0x0 0x41FF0 0xFFFF 0x417CC 0x0 for (x = 0; x < 16; x++) { 0x40908 + (x * 0x20) 0x101 0x4091C + (x * 0x20) 0x0 0x4090C + (x * 0x20) 0x60000 0x40914 + (x * 0x20) 0x0 } 0x40238 0x0 0x41D78 0x1 0x4142C 0x0 0x41FF8 0x0 0x41FE8 0x0
Program 3
Crossreference: gitbrew.org::emer_init.self:Program_2
0x42000 # bind object to subchannel 1 0x31337303 0xC2180 # method of subchannel 1 0x66604200 0xFEED0001 0xFEED0000 0x46000 # bind object to subchannel 3 0x313371C3 0xC6180 # method of subchannel 3 0x66604200 0xFEED0000 0xFEED0000 0x4A000 # bind object to subchannel 5 0x31337808 0x20A180 # method of subchannel 5 0x66604200 0x0 0x0 0x0 0x0 0x0 0x0 0x313371C3 0x8A2FC # method of subchannel 5 0x3 0x4 0x48000 # bind object to subchannel 4 0x31337A73 0x88180 # method of subchannel 4 0x66604200 0xFEED0000 0x4C000 # bind object to subchannel 6 0x3137AF00 0x4C180 # method of subchannel 6 0x66604200
about RSX
RAMIN is on VRAM. 0x28002010000 contains the same as 0x2808FF90000 0x28002050000 contains the same as 0x2808FFD0000 you can prove that by writing in one offset and reading the other 0x2808XXXXXXX is BAR1 (i.e. VRAM on Nvidia GPUs) 0x28002XXXXXX is BAR2 (i.e. PRAMIN on Nvidia GPUs)