Powerslave wrote:

There may not be an actual ROM in the CPU Die, but there is code, now, if you want to call it ROM, then by all means anyone can.  AS I stated before, these systems do not POST like a PC does, not at all.  Each important device has a static memory address and location that is expected on boot.  Anything that changes, the system doesn't post.  There is no PnP, no self configuration, just boot with the assumption the device is where it is supposed to be.  This is with exception to the BR-D and HDD, and USB devices.   AS far as CPU, RAM, and GPU - they MUST be where they are supposed to be as far as addressing.   Some idiot even said they got to the XB360 through post, because it is like a PC, and has CMOS, and what not; no, it doesn't...

This new generation of consoles, are the best in digital security, with the blunder of M$s use of a standard SATA DVD drive for it's game booting and reading.  Sony did not go that route, but if the weak point is anywhere, it starts with the optical portion.  They don't put this much security into some of our government mainframes, you can take that to the bank.  The Chinese and some other countrys cyber attack us on a daily basis, but most of those are out of OUR country based.  The USAF systems in Germany are attacked pretty often, by the Chinese.

Anyhow, as I stated, these consoles won't be hacked like the original XB1 was.  The PS3 will, more than likely, not be hacked to play backups at all, or, IF it does?  There won't be any interest in it, as the next one will be out.. With XB360, you got the backups through DVD firmware mod, that's it.   It starts at the front door, or shall I say Slot.   If they can get to the optical firmware, and get the keys from it, they can get started.  Too many people are trying to attack the console directly, and as I stated several times , that is THE WRONG approach.

Yeah I figured everything except modular components where static addressed. I was referring to the first code that is loaded to the PPU when the power circuit is closed, whatever it may be. The PPU is the only application processor there, I'm sure the south bridge has non-volatile code storage that it loads off of too, but the bus suggest the CELL is the first initialized chip; although I can't say for sure of course because of the middle pcb layer, but the south bridge goes to the other public market chips and directly under the cell.

I've also found it idiotic since the beginning that people where attacking such a system from it's strongest point. The XB1 had part of it's initialization outside of the CPU and there was a place to put custom code. The X360 has it all on CPU die which is why the DMA/syscall or a return to lib attack are literally the only vectors. I think the lib attacks fail because of real time hashing in RAM though; it hangs the system like other simpler attacks did.

Through the process of elimination it's clear DMA attacks are the only option. Which only worked on the X360 because shaders weren't encrypted on some game images. Interesting thing is I've never seen a platform where shaders wher not low level instructions that had to be loaded faster; they might haven't done it in the PS3 SDK, or even patched it in firmware after seeing the X360 exploit.

I actually still look over all the x360 research and exploits. The most intriguing part is how they found out about the upper bit flags.

Trash Talk: Also regarding all the crack team garbage and idiot approaches. If you go look at their releases(paradox etc..) you'll notice none of them had decent protection, and those crack teams are pretty much sitting on side lines now because they're too busy on 4chan looking at porn to learn how to reverse a VM and code obfuscation.

Last edited by 0m1kr0n (2009-06-20 17:47:08)