a ca j'aime bien !!! cette faille tout le monde la connait depuis 2002 ? et personne a rien fait lol
regarder ci dessous
*================================================= *
|ps2unpack - by IceWater (
icewatus@yahoo.com) 2002|
*================================================= *
What is this?
=============
Well, since som ppl was wondering what's going on
while the PS2 boots with an upgraded DVD-driver I
decided to cast some light on that matter.
This package contains a tool and some information
on the bootup procedure of the PS2.
The tool
========
What does the tool do? Sony have packed the menu
system contained in BIOS. The file OSDSYS contains
a data section that is packed with a rather simple
algorithm. The tool does what the loader does at
runtime - unpacks the data in the data segment and
stores it to a file.
This file can then be used in a disassembler to
clear up some things.
How to test it your self
========================
1.Set up a dev enviroment and download pukko's bios
dump util (
PS2DEV.ORG: Playstation Programming - ;).
2.Dump your BIOS to a file on the host file system.
3.Download a splitter tool called romdir written by Alex Lau
from his homepage (
Alex's Random Thought of Technology) and split the
BIOS file.
4.Run ps2unpack tool to unpack the file OSDSYS created
in step 3.
5.Download the excellent disassembler ps2dis written
by hanimar (
PS2DIS - GETTING STARTED)
and start it up.
6.Open the unpacked file from step 4 and when the ps2dis
ask you for for a address offset, type 00200000.
Now you will be able to follow the boot procedure thank's
to Sonys nice debug prints.
Findings
========
One interresting thing that could give som light on the
MagicGate boot procedure involved when your PS2 has been
upgraded to version 2.10 that resides on the memory card,
is that you can se how the strings are built that calls
the Syscall7 (LoadExecPS2) for executing from the mc. A
-x flag is also given as a argument that tells the undelying
code to first decrypt the elf before executing it.
So here is your proof of that you probably will have to use
some brute force method to be able to get the encryption keys
( could be 128-bit or more
)
More of the decryption code can be found in the IOP-module
SECRMAN also found in the BIOS-dump.
Keep the information comin' or we'll never be able to
release the power of PS2
/IceWater
Mode linéaire
