Talk:Hypervisor Reverse Engineering

From PS3 Developer wiki
Jump to: navigation, search

Merge needed (?) : https://webcache.googleusercontent.com/search?q=cache:http%3A%2F%2Fwiki.gitbrew.org%2Fwikibrew%2FPS3%3AHvReverseEngineering

MMIO / Memorymap[edit]

Physical Address Size ID Usage Address
in HV dump
(3.15)
Notes
0x800000 0x20000 LV0 Code Region
0x200000 0x400000 LV1 Code Region
0x8000000 / 0x1000000(DECR) 0x800000 LV2 Region The region you get when you dump lv2
0x20000000000 0x80000 SPE0 MMIO Memory Region (be.0.bp_base)
0x20000080000 0x80000 SPE1 MMIO Memory Region 0x003ABC20
0x20000100000 0x80000 SPE2 MMIO Memory Region 0x003AAD70
0x20000180000 0x80000 SPE3 MMIO Memory Region 0x003A8880 panic on read
0x20000200000 0x80000 SPE4 MMIO Memory Region 0x003B4F70
0x20000280000 0x80000 SPE5 MMIO Memory Region 0x003AB700
0x20000300000 0x80000 SPE6 MMIO Memory Region 0x003B5BE0
0x20000509000 0x1000 Pervasive Memory Contains 48 bit Serial Number at position 0xC80 size 0x08
0x1000 SPE1 Shadow Registers Memory Region 0x003ABDA0
0x1000 SPE2 Shadow Registers Memory Region 0x003B4290
0x1000 SPE3 Shadow Registers Memory Region 0x003A8A00
0x1000 SPE4 Shadow Registers Memory Region 0x003B50F0
0x1000 SPE5 Shadow Registers Memory Region 0x001FFC90
0x1000 SPE6 Shadow Registers Memory Region 0x003AE5B0
0x2000050A0C8 0x4 XDR Memory Channel Size (Type 1) Shift right 49 and add 0x20 for size.
0x2000050A188 0x4 XDR Memory Channel Size (Type 0) Shift right 49 and add 0x20 for size.
0x2000050A210 0x4 XDR Memory Channel Type For use with above memory locations
0x24000000000 SB bus subsystem (be.0.ioif1.addr)
0x24000002000 0x200 1 SATA Controller 1
0x24000002200 0x200 2 SATA Controller 2
0x24000002400 0x200 3 USB Controller 1
0x24000002600 0x200 4 USB Controller 2
0x24000002800 0x200 0 Gelic Device
0x24000002C00 0x200 7 ENCDEC Device
0x24000008000 0x1000 SB bus External interrupt controller Found while looking at linux kernel src. (spider-pic.c)
0x24000008100 SB bus interrupt handler 0x002B9CC4
0x24000008104 SB bus interrupt handler
0x24000087000 SB status/info
0x2400008C000 SYSCON (receive packetheader)
0x2400008C010 SYSCON (receive packetbody)
0x2400008CFF0 SYSCON (receive ?)
0x2400008CFF4 SYSCON (send ?)
0x2400008D000 SYSCON (send packetheader)
0x2400008D010 SYSCON (send packetbody)
0x2400008DFF0 SYSCON (send ?)
0x2400008DFF4 SYSCON (receive ?)
0x2400008E000 SYSCON (receive ?)
0x2400008E004 SYSCON (receive test bit 0x2)
0x2400008E100 SYSCON (send notify)
0x24003000000 0x1000 1 SATA Controller 1
0x24003001000 0x1000 2 SATA Controller 2
0x24003004000 0x1000 0 Gelic Device
0x24003005000 0x1000 7 ENCDEC Device
0x24003005200 0x4 7 ENCDEC Device 0 != ENCDEC Test Mode
0x24003006000 0x1000 7 ENCDEC Device
0x240030060A0 0x4 7 ENCDEC Device EdecKgenFlash Command (0x84)
0x24003010000 0x10000 3 USB Controller 1 0x001FDF00
0x24003020000 0x10000 4 USB Controller 2 0x003B3850
0x24003800000 0x1000 1 SATA Controller 1
0x24003801000 0x1000 2 SATA Controller 2
0x24003802000 0x1000 1 SATA Controller 1
0x24003803000 0x1000 2 SATA Controller 2
0x24003810000 0x10000 3 USB Controller 1 0x003B6E50
0x24003820000 0x10000 4 USB Controller 2 0x003B9950
0x2401F000000 0x1000000 NOR Flash
0x2401FC00000 0x40000 SYS ROM lv0ldr/bootldr
0x28000000000 0x2000 AV Manager (/dev/ioif0) (be.0.ioif0.addr) only mmap system call
0x28001800000 0x1000 AV Manager (/dev/ioif0) only mmap system call
0x28000600000 0x4000 AV Manager (/dev/ioif0) - Output Control Registers only mmap system call. First 0x2000 for head 0. Next 0x2000 for head 1.
0x28000680000 0x4000 AV Manager (/dev/ioif0) - PLL Control Registers only mmap system call. First 0x2000 for head 0. Next 0x2000 for head 1.
0x28000080000 0x8000 AV Manager (/dev/ioif0) only mmap system call
0x28000088000 0x1000 AV Manager (/dev/ioif0) only mmap system call
0x2800000C000 0x1000 AV Manager (/dev/ioif0) only mmap system call
0x2800008A000 0x1000 AV Manager (/dev/ioif0) only mmap system call
0x2800008C000 0x1000 AV Manager (/dev/ioif0) only mmap system call
0x28080000000 0xFE00000 1 GPU Device Memory Region 0x003AF380
0x3C0000 0xC000 2 GPU Device Memory Region 0x003AF500
0x2808FE00000 0x40000 3 GPU Device Memory Region 0x003AF680
0x28000C00000 0x20000 4 GPU Device Memory Region 0x003AFC30
0x28000080100 0x8000 5 GPU Device Memory Region 0x003BB420
0x2808FC00000 0x400000 RSX Internal State Memory Area (All)
0x2808FF80000 0x80000 RAMIN (Encompasses RAMHT,RAMFC,DMA Objects, Graphic Objects and GRAPH)
0x2808FF90000 0x4000 RAM Hash Table
0x2808FFA0000 0x1000 RAM FIFO Context
0x2808FFC0000 0x10000 DMA Objects
0x2808FFD0000 0x10000 Graphic Objects
0x2808FFE0000 0x10000 Graphic Context
9 FLASH Controller device (StarShip - SS) FLASH controller doesn't have MMIO regions
0x000000000000 0x1000000 GameOS
0x700020000000 0xA0000 GameOS
0x700020000000 0xE900000 GameOS
0x800000000F000000 0x40000 GameOS HTAB

PS3 ea memory map[edit]

  0xFFFF_FFFF  +-------------------------------+
               | SPU Thread Mapping Area       |   
  0xF000_0000  +-------------------------------+
               | Raw SPU Mapping Area          |   
  0xE000_0000  +-------------------------------+
               | User Area                     |   
  0xD000_0000  +-------------------------------+
               | RSX Frame Buffer Mapping Area |   
  0xC000_0000  +-------------------------------+
               | MMapper Fixed Area            |   
  0xB000_0000  +-------------------------------+
               |                               |   
               | User Area (heap, ...)         |   
               |                               |   
               |                               |   
               |                               |   
  0x5000_0000  +-------------------------------+
               | PPU/SPU Local Segment         |   
               | (.ppu_data)                   |   
  0x4001_0000  +-------------------------------+ 
               | PPU/SPU Local Segment         |   
               | (.ppu_rodata)                 |   
  0x4000_0000  +-------------------------------+
               | PPU/SPU/RSX Shared Segment    |   
               | (.sdata, .rsx_image)          |   
  0x3001_0000  +-------------------------------+ 
               | PPU/SPU/RSX Shared Segment    |   
               | (.srodata, .rsx_image)        |   
  0x3000_0000  +-------------------------------+ 
               | PPU/SPU Shared Segment        |   
               | (.text, .data, .bss, ...)     |   
  0x0001_0000  +-------------------------------+
               | Unmapped Area                 |   
  0x0000_0000  +-------------------------------+

http://pastie.org/private/bfqqa2cpadolns9bm0eqa

History of Packet ID Entries[edit]

from SPM

possible process names[1] possible process / packet ids 1[2] possible process / packet ids 2[3]

coolstuf[edit]

Graf_Chokolo's HV BIBLE .rar 163 MB

Torrent InfoHash (Base16): 8E0FC6B483D8439BC7E1D6148632022DC390CE19
Torrent InfoHash (Base32): RYH4NNED3BBZXR7B2YKIMMQCFXBZBTQZ

coolstuff.rar (172474327 Bytes)

SHA1: F8DF8A5D6ABEFD20CE02EFE883D22FE90CC11845
MD5: C0976820D0F4DA9D0C8674083E7F8B36
CRC32: 7CAECB85  /  CRC16: 69BB

Repositories:

Content[edit]

dump_lv2_reversing/dev_rflash1/dev1_reg0_16MB.bin 16 MB
dump_lv2_reversing/dev_rflash1/dump_files.sh 0.3 KB
dump_lv2_reversing/dev_rflash1/dump_flash_315.bin 16 MB
dump_lv2_reversing/dev_rflash1/files/asecure_loader 0.2 MB
dump_lv2_reversing/dev_rflash1/files/cCSD 2 KB
dump_lv2_reversing/dev_rflash1/files/cISD 2 KB
dump_lv2_reversing/dev_rflash1/files/eEID 64 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID0 2.1 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID1 0.7 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID2 1.8 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID3 0.3 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID4 0 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID5 2.5 KB
dump_lv2_reversing/dev_rflash1/files/metldr 58.3 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/aim_spu_module.self 17.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/appldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/default.spp 8.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/emer_init.self 0.5 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/eurus_fw.bin 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/hdd_copy.self 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/isoldr 75.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv0 0.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv1.self 1.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv1ldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv2ldr 91.5 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv2_kernel.self 1.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/mc_iso_spu_module.self 32.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/me_iso_spu_module.self 34.2 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sb_iso_spu_module.self 23.4 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sc_iso.self 84.8 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sdk_version 0 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spp_verifier.self 54 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_pkg_rvk_verifier.self 62.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_token_processor.self 23.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_utoken_processor.self 25.5 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sv_iso_spu_module.self 48.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/aim_spu_module.self 17.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/appldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/default.spp 8.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/emer_init.self 0.5 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/eurus_fw.bin 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/hdd_copy.self 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/isoldr 76.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv0 0.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv1.self 1.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv1ldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv2ldr 92 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv2_kernel.self 1.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/mc_iso_spu_module.self 32.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/me_iso_spu_module.self 34.2 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sb_iso_spu_module.self 23.4 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sc_iso.self 84.8 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sdk_version 0 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spp_verifier.self 54 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_pkg_rvk_verifier.self 62.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_token_processor.self 23.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_utoken_processor.self 25.5 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sv_iso_spu_module.self 48.1 KB
dump_lv2_reversing/dev_rflash1/files/trvk_pkg0 0.1 MB
dump_lv2_reversing/dev_rflash1/files/trvk_pkg1 0.1 MB
dump_lv2_reversing/dev_rflash1/files/trvk_prg0 0.1 MB
dump_lv2_reversing/dev_rflash1/files/trvk_prg1 0.1 MB
dump_lv2_reversing/dev_rflash1/toc.txt 4 KB
dump_lv2_reversing/dump_lv2.bin 8 MB
dump_lv2_reversing/dump_lv2.idb 50 MB
dump_lv2_reversing/dump_lv2_315.bin 8 MB
dump_lv2_reversing/dump_lv2_315.idb 38 MB
dump_lv2_reversing/htab/dump_htab.bin 0.3 MB
dump_lv2_reversing/htab/dump_htab.c 1.7 KB
dump_lv2_reversing/htab/dump_htab.exe 18.4 KB
dump_lv2_reversing/htab/dump_htab.txt 2.2 MB
dump_lv2_reversing/lv2_dump3.41debug.bin 8 MB
dump_lv2_reversing/lv2_kernel_341_decrypted.elf 3.3 MB
dump_lv2_reversing/lv2_kernel_service_jig_self.bin 3.5 MB
dump_lv2_reversing/lv2_kernel_service_jig_self.idb 23 MB
dump_lv2_reversing/mem/dump_lpar_ra.bin 1 MB
dump_lv2_reversing/mem/memory_regions.txt 0.4 KB
dump_lv2_reversing/sce/sce.txt 0.9 KB
dump_lv2_reversing/slb/dump_lv2_slb.bin 1 KB
dump_lv2_reversing/slb/dump_lv2_slb.txt 2.4 KB
dump_lv2_reversing/spp/default_decrypted.spp 8.7 KB
dump_lv2_reversing/update_manager/EID0_0x0.bin 2.1 KB
hvdump315_reversing/dump_proc.sh 0.3 KB
hvdump315_reversing/eeprom/offsets.txt 0.1 KB
hvdump315_reversing/files/EID0 2.1 KB
hvdump315_reversing/files/ss_server1.fself 0.5 MB
hvdump315_reversing/files/ss_server2.fself 0.3 MB
hvdump315_reversing/files/ss_server3.fself 0.2 MB
hvdump315_reversing/files/sysmgr_ss.fself 0.4 MB
hvdump315_reversing/htab/dump_htab.c 1.7 KB
hvdump315_reversing/htab/dump_htab.exe 18.4 KB
hvdump315_reversing/htab/lpar1_vas2_htab.txt 2.2 MB
hvdump315_reversing/htab/lpar2_vas3_htab.txt 8.8 MB
hvdump315_reversing/htab/lpar2_vas48_htab.txt 8.8 MB
hvdump315_reversing/hvcall/99.txt 0.2 KB
hvdump315_reversing/hvdump315 16 MB
hvdump315_reversing/hvdump315.idb 79 MB
hvdump315_reversing/misc/tbfreq.txt 0 KB
hvdump315_reversing/otheros/build-petitboot.txt 2.3 KB
hvdump315_reversing/otheros/debian_netboot/initrd.gz 5.4 MB
hvdump315_reversing/otheros/debian_netboot/vmlinux 11 MB
hvdump315_reversing/otheros/debian_netboot/yaboot.conf 0.6 KB
hvdump315_reversing/otheros/dev_rflash_lx/exoboot 5.2 MB
hvdump315_reversing/otheros/dev_rflash_lx/lv2_kernel_service_jig_self.bin 3.5 MB
hvdump315_reversing/otheros/dev_rflash_lx/petitboot_network_zImage.ps3.bin 7.7 MB
hvdump315_reversing/otheros/dev_rflash_lx/petitboot_zImage.ps3.bin 7.6 MB
hvdump315_reversing/otheros/exoboot 5.2 MB
hvdump315_reversing/otheros/exoboot.idb 30 MB
hvdump315_reversing/otheros/otheros.bld 3.1 MB
hvdump315_reversing/otheros/otheros.elf 14 MB
hvdump315_reversing/otheros/otheros.i64 63 MB
hvdump315_reversing/otheros/petitboot-compile-howto.txt 0.8 KB
hvdump315_reversing/otheros/petitboot.bld 3.4 MB
hvdump315_reversing/otheros/petitboot_network.bld 3.5 MB
hvdump315_reversing/otheros/petitboot_network_zImage.ps3.bin 7.7 MB
hvdump315_reversing/otheros/petitboot_network_zImage.ps3.idb 40 MB
hvdump315_reversing/otheros/petitboot_zImage.ps3.bin 7.6 MB
hvdump315_reversing/otheros/petitboot_zImage.ps3.idb 33 MB
hvdump315_reversing/otheros/ps3-boot-recovery-howto.txt 4.5 KB
hvdump315_reversing/otheros/ps3-bootloader-install-howto.txt 3.6 KB
hvdump315_reversing/otheros/ps3-debian-install-howto.txt 5.3 KB
hvdump315_reversing/otheros/ps3-debian-install.pdf 90.6 KB
hvdump315_reversing/otheros/ps3-petitboot-09.11.30-cui 8 MB
hvdump315_reversing/otheros/ps3-petitboot-09.11.30-cui.bld 3.2 MB
hvdump315_reversing/proc_3/code_seg.addr 0.6 KB
hvdump315_reversing/proc_3/code_seg.bin 0.1 MB
hvdump315_reversing/proc_3/code_seg.idb 1.8 MB
hvdump315_reversing/proc_3/data_seg.addr 0.2 KB
hvdump315_reversing/proc_3/data_seg.bin 36 KB
hvdump315_reversing/proc_3/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_3/stack_seg.bin 12 KB
hvdump315_reversing/proc_3/unknown_seg.addr 0.1 KB
hvdump315_reversing/proc_3/unknown_seg.bin 28 KB
hvdump315_reversing/proc_5/code_seg.addr 0.9 KB
hvdump315_reversing/proc_5/code_seg.bin 0.2 MB
hvdump315_reversing/proc_5/code_seg.idb 2.8 MB
hvdump315_reversing/proc_5/data_seg.addr 0.2 KB
hvdump315_reversing/proc_5/data_seg.bin 44 KB
hvdump315_reversing/proc_5/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_5/stack_seg.bin 12 KB
hvdump315_reversing/proc_5/unknown_seg.addr 0 KB
hvdump315_reversing/proc_5/unknown_seg.bin 8 KB
hvdump315_reversing/proc_6/code_seg.addr 1.8 KB
hvdump315_reversing/proc_6/code_seg.bin 0.3 MB
hvdump315_reversing/proc_6/code_seg.idb 5.1 MB
hvdump315_reversing/proc_6/data_seg.addr 0.3 KB
hvdump315_reversing/proc_6/data_seg.bin 68 KB
hvdump315_reversing/proc_6/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_6/stack_seg.bin 12 KB
hvdump315_reversing/proc_6/unknown_seg_1.addr 0 KB
hvdump315_reversing/proc_6/unknown_seg_1.bin 4 KB
hvdump315_reversing/proc_6/unknown_seg_2.addr 0 KB
hvdump315_reversing/proc_6/unknown_seg_2.bin 4 KB
hvdump315_reversing/proc_9/.unknown_seg_2.addr.swp 12 KB
hvdump315_reversing/proc_9/code_seg.addr 1.4 KB
hvdump315_reversing/proc_9/code_seg.bin 0.3 MB
hvdump315_reversing/proc_9/code_seg.idb 3.6 MB
hvdump315_reversing/proc_9/data_seg.addr 0.4 KB
hvdump315_reversing/proc_9/data_seg.bin 72 KB
hvdump315_reversing/proc_9/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_9/stack_seg.bin 12 KB
hvdump315_reversing/proc_9/unknown_seg_1.addr 0.1 KB
hvdump315_reversing/proc_9/unknown_seg_1.bin 16 KB
hvdump315_reversing/proc_9/unknown_seg_2.addr 0.6 KB
hvdump315_reversing/proc_9/unknown_seg_3.addr 0 KB
hvdump315_reversing/proc_9/unknown_seg_3.bin 8 KB
hvdump315_reversing/repo_nodes/dump_repo_nodes.c 1.7 KB
hvdump315_reversing/repo_nodes/dump_repo_nodes.exe 17.9 KB
hvdump315_reversing/repo_nodes/hash_repo_node.c 1.5 KB
hvdump315_reversing/repo_nodes/hash_repo_node.exe 17.2 KB
hvdump315_reversing/repo_nodes/repo_nodes.txt 77.8 KB
hvdump315_reversing/repo_nodes/repo_nodes_storage_disk.txt 8.1 KB
hvdump315_reversing/repo_nodes/repo_nodes_storage_rbd.txt 8.1 KB
hvdump315_reversing/ss/.packet_and_function_ids.txt.swp 12 KB
hvdump315_reversing/ss/laid_and_paid.txt 3.3 KB
hvdump315_reversing/ss/packet_and_function_ids.txt 0.5 KB
hvdump341_reversing/dev_rflash1/metldr 58.2 KB
hvdump341_reversing/dump_flash_fat.bin 16 MB
hvdump341_reversing/dump_lv1_latest.bin 16 MB
hvdump341_reversing/dump_proc.sh 0.3 KB
hvdump341_reversing/hv_mmap_exploit_341.bin 16 MB
hvdump341_reversing/hv_mmap_exploit_341.idb 68 MB
hvdump341_reversing/lv1_341_decrypted.elf 3.8 MB
hvdump341_reversing/lv1_341_decrypted.i64 22 MB
hvdump341_reversing/proc_3/code_seg.addr 0.6 KB
hvdump341_reversing/proc_3/code_seg.bin 0.1 MB
hvdump341_reversing/proc_3/code_seg.idb 1.2 MB
hvdump341_reversing/proc_3/data_seg.addr 0.2 KB
hvdump341_reversing/proc_3/data_seg.bin 36 KB
hvdump341_reversing/proc_3/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_3/unknown_seg_1.addr 0.1 KB
hvdump341_reversing/proc_3/unknown_seg_1.bin 28 KB
hvdump341_reversing/proc_3/unknown_seg_2.addr 0 KB
hvdump341_reversing/proc_3/unknown_seg_2.bin 4 KB
hvdump341_reversing/proc_5/code_seg.addr 0.9 KB
hvdump341_reversing/proc_5/code_seg.bin 0.2 MB
hvdump341_reversing/proc_5/code_seg.idb 1.8 MB
hvdump341_reversing/proc_5/data_seg.addr 0.2 KB
hvdump341_reversing/proc_5/data_seg.bin 44 KB
hvdump341_reversing/proc_5/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_5/stack_seg.bin 12 KB
hvdump341_reversing/proc_5/unknown_seg.addr 0 KB
hvdump341_reversing/proc_5/unknown_seg.bin 8 KB
hvdump341_reversing/proc_6/code_seg.addr 1.8 KB
hvdump341_reversing/proc_6/code_seg.bin 0.3 MB
hvdump341_reversing/proc_6/code_seg.idb 3 MB
hvdump341_reversing/proc_6/data_seg.addr 0.3 KB
hvdump341_reversing/proc_6/data_seg.bin 68 KB
hvdump341_reversing/proc_6/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_6/stack_seg.bin 12 KB
hvdump341_reversing/proc_6/unknown_seg_1.addr 0 KB
hvdump341_reversing/proc_6/unknown_seg_1.bin 4 KB
hvdump341_reversing/proc_6/unknown_seg_2.addr 0 KB
hvdump341_reversing/proc_6/unknown_seg_2.bin 4 KB
hvdump341_reversing/proc_9/code_seg.addr 1.3 KB
hvdump341_reversing/proc_9/code_seg.bin 0.2 MB
hvdump341_reversing/proc_9/code_seg.idb 2.4 MB
hvdump341_reversing/proc_9/data_seg.addr 0.3 KB
hvdump341_reversing/proc_9/data_seg.bin 56 KB
hvdump341_reversing/proc_9/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_9/stack_seg.bin 12 KB
hvdump341_reversing/proc_9/unknown_seg_1.addr 0.1 KB
hvdump341_reversing/proc_9/unknown_seg_1.bin 16 KB
hvdump341_reversing/proc_9/unknown_seg_2.addr 0 KB
hvdump341_reversing/proc_9/unknown_seg_2.bin 8 KB
hvdump341_reversing/proc_elfs/pme_init 0.1 MB
hvdump341_reversing/proc_elfs/pme_init.i64 0.5 MB
hvdump341_reversing/repo_nodes/dump_repo_nodes.c 1.8 KB
hvdump341_reversing/repo_nodes/dump_repo_nodes.exe 17.9 KB
hvdump341_reversing/repo_nodes/repo_nodes.txt 77.4 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x02F00_0x02FFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x03000_0x030FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48000_0x480FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48800_0x488FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48C00_0x48CFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48D00_0x48DFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x02F00_0x02FFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x03000_0x030FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48000_0x480FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48800_0x488FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48C00_0x48CFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48D00_0x48DFF.bin 0.3 KB
hvdump341_reversing/spus/isoldr_341.elf 75.6 KB
hvdump341_reversing/spus/isoldr_341_objdump.asm 0.7 MB
hvdump341_reversing/spus/sb_iso_spu_module.elf 62.5 KB
hvdump341_reversing/spus/sb_iso_spu_module_ida.asm 0.2 MB
hvdump341_reversing/spus/sb_iso_spu_module_objdump.asm 0.5 MB
hvdump341_reversing/spus/sc_iso.elf 81.7 KB
hvdump341_reversing/spus/sc_iso_ida.asm 0.4 MB
hvdump341_reversing/spus/sc_iso_objdump.asm 0.8 MB
hvdump341_reversing/spus/spu_token_processor.elf 22.3 KB
hvdump341_reversing/spus/spu_token_processor_ida.asm 0.1 MB
hvdump341_reversing/spus/spu_token_processor_objdump.asm 0.2 MB
hvdump355_reversing/dump_proc.sh 0.3 KB
hvdump355_reversing/dump_protpages/dump_protpages.c 2.1 KB
hvdump355_reversing/dump_protpages/dump_protpages.exe 11.5 KB
hvdump355_reversing/dump_protpages/dump_protpages.exe.stackdump 0.8 KB
hvdump355_reversing/hvdump_355.bin 16 MB
hvdump355_reversing/hvdump_355.idb 67 MB
hvdump355_reversing/proc_3/code_seg.addr 0.7 KB
hvdump355_reversing/proc_3/code_seg.bin 0.1 MB
hvdump355_reversing/proc_3/code_seg.idb 1.3 MB
hvdump355_reversing/proc_3/data_seg.addr 0.2 KB
hvdump355_reversing/proc_3/data_seg.bin 36 KB
hvdump355_reversing/proc_3/pages 1.1 KB
hvdump355_reversing/proc_3/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_3/stack_seg.bin 12 KB
hvdump355_reversing/proc_3/unknown_seg.addr 0.2 KB
hvdump355_reversing/proc_3/unknown_seg.bin 32 KB
hvdump355_reversing/proc_5/code_seg.addr 1 KB
hvdump355_reversing/proc_5/code_seg.bin 0.2 MB
hvdump355_reversing/proc_5/code_seg.idb 1.6 MB
hvdump355_reversing/proc_5/data_seg.addr 0.2 KB
hvdump355_reversing/proc_5/data_seg.bin 44 KB
hvdump355_reversing/proc_5/pages 1.3 KB
hvdump355_reversing/proc_5/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_5/stack_seg.bin 12 KB
hvdump355_reversing/proc_5/unknown_seg.addr 0 KB
hvdump355_reversing/proc_5/unknown_seg.bin 8 KB
hvdump355_reversing/proc_6/code_seg.addr 2 KB
hvdump355_reversing/proc_6/code_seg.bin 0.3 MB
hvdump355_reversing/proc_6/code_seg.idb 3.3 MB
hvdump355_reversing/proc_6/data_seg.addr 0.4 KB
hvdump355_reversing/proc_6/data_seg.bin 68 KB
hvdump355_reversing/proc_6/pages 2.4 KB
hvdump355_reversing/proc_6/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_6/stack_seg.bin 12 KB
hvdump355_reversing/proc_6/unknown_seg1.addr 0 KB
hvdump355_reversing/proc_6/unknown_seg1.bin 4 KB
hvdump355_reversing/proc_6/unknown_seg2.addr 0 KB
hvdump355_reversing/proc_6/unknown_seg2.bin 4 KB
hvdump355_reversing/proc_9/code_seg.addr 1.4 KB
hvdump355_reversing/proc_9/code_seg.bin 0.2 MB
hvdump355_reversing/proc_9/code_seg.idb 2.1 MB
hvdump355_reversing/proc_9/data_seg.addr 0.3 KB
hvdump355_reversing/proc_9/data_seg.bin 56 KB
hvdump355_reversing/proc_9/pages 2.5 KB
hvdump355_reversing/proc_9/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_9/stack_seg.bin 12 KB
hvdump355_reversing/proc_9/unknown_seg1.addr 0.1 KB
hvdump355_reversing/proc_9/unknown_seg1.bin 16 KB
hvdump355_reversing/proc_9/unknown_seg2.addr 0 KB
hvdump355_reversing/proc_9/unknown_seg2.bin 8 KB
payload.tar.gz 96.2 KB
ps3wiki/Basic Bluray disc authentication procedure.htm 13.3 KB
ps3wiki/Booting Linux from internal HDD.htm 8.4 KB
ps3wiki/Booting Linux from internal HDD_2.htm 9.2 KB
ps3wiki/Booting Linux on 3.41 PS3 with petitboot from internal HDD.htm 9.1 KB
ps3wiki/Booting Linux on 3.41 PS3 with petitboot from internal HDD2.htm 10 KB
ps3wiki/Booting petitboot from VFLASH.htm 20.2 KB
ps3wiki/Booting_Linux_2.6_kernel_on_running_PS3_Linux_with_kexec.htm 1 KB
ps3wiki/Cell Programming Tutorial – IBM.htm 10.7 KB
ps3wiki/Drk notes.htm 13.8 KB
ps3wiki/Dump_of_all_repository_nodes_from_HV_3.15.htm 1 KB
ps3wiki/Dump_of_all_repository_nodes_from_HV_3.41_dump_made_from_GameOS.htm 84.5 KB
ps3wiki/Error_codes.htm 0.8 KB
ps3wiki/Hardware flashing.htm 7.9 KB
ps3wiki/Hypervisor Reverse Engineering.htm 0.3 MB
ps3wiki/Installing Linux on internal HDD.htm 14.7 KB
ps3wiki/Lv-2 syscalls.htm 26.4 KB
ps3wiki/Lv-2_functions.htm 0.8 KB
ps3wiki/Main Page.htm 14.9 KB
ps3wiki/PDB file format.htm 14.8 KB
ps3wiki/PS3 Payload Developement.htm 29.5 KB
ps3wiki/PSGroove.htm 15 KB
ps3wiki/PSJailbreak Exploit Payload Reverse Engineering.htm 14.7 KB
ps3wiki/PSJailbreak Exploit Reverse Engineering.htm 22.4 KB
ps3wiki/PSJailbreak Payload Reverse Engineering.htm 52.4 KB
ps3wiki/PUP File Format.htm 11.4 KB
ps3wiki/Self Crypto.htm 8.3 KB
ps3wiki/SELF File Format and Decryption.htm 17.3 KB
ps3wiki/Self file format.htm 12.4 KB
ps3wiki/Self file format_2.htm 13.1 KB
ps3wiki/Talk.Lv-2 functions.htm 7.8 KB
ps3wiki/Talk.SELF File Format and Decryption.htm 18.4 KB
ps3wiki/XRegistry File Format.htm 51.9 KB
ps3wiki/XRegistry File Format_2.htm 52.7 KB

emer init.self[edit]

Program 1[edit]

Crossreference: gitbrew.org::emer_init.self:Program_1

0x40000                          # bind object to subchannel 0
0x31337000

0x3C0180
0x66604200
0xFEED0000
0xFEED0001
0xFEED0000
0x0
0xFEED0000
0xFEED0000
0xFEED0000
0xFEED0001
0x66606660
0x66626660
0x0
0x0
0xFEED0000
0xFEED0000

0x40060
0x66616661

0x340200
0x0
0x0
0x121
0x40
0x0
0x0
0x0
0x40
0x1
0x80
0x100
0x40
0x0

0x100280
0x40
0x40
0x0
0x0

0x41D80
0x3

0x4802B8
0x0
0x0
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000
0xFFF0000

0x81D98
0xFFF0000
0xFFF0000

0x41DA4
0x0

0x403B0
0x10

0x41454
0x0

0x41FF4
0x3FFFFF

0x181FC0
0x0
0x6144321
0xEDCBA987
0x6F
0x171615
0x1B1A19

0x280B40
0x0
0x0
0x0
0x0
0x0
0x0
0x0
0x0
0x0
0x0

0x40A0C
0x0

0xC0A60
0x0
0x0
0x0

0x80A78
0x0
0x0

0x41428
0x1

0x41D88
0x1000

0x41E94
0x11

0x41450
0x80003

0x41FE0
0x2000000

0x400B00
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8
0x2DC8

0x1008CC
0x800
0x0
0x0
0x0

0x100240
0xFFFF
0x0
0x0
0x0
0x0

0xC003C0
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x10101
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x7421
0x9AABAA98
0x66666789
0x98766666
0x89AABAA9
0x99999999
0x88888889
0x98888888
0x99999999
0x56676654
0x33333345
0x54333333
0x45667665
0xAABBBA99
0x66667899
0x99876666
0x99ABBBAA

0x81738
0x0
0x0

0x4E000                          # bind object to subchannel 7
0xCAFEBABE

Program 2[edit]

Crossreference: gitbrew.org::emer_init.self:Program_2

0x80308
0x207
0x0

0x40304
0x0

0xC0350
0x207
0x0
0xFF

0x4034C
0xFF

0xC035C
0x1E00
0x1E00
0x1E00

0x4031C
0x0

0x4037C
0x0

0x40310
0x0

0x4036C
0x0

0x40320
0x80068006

0x80314
0x10001
0x0

0x41D8C
0xFFFFFF00

0x41D94
0x0

0x40100
0x0

0x40324
0x1010101

0x4183C
0x0

0x41830
0x405

0x80384
0x0
0x3F800000

0x40380
0x0

0x40A6C
0x201

0x40A70
0x1

0x40A74
0x0

0x40300
0x1

0x41FEC
0x0

0x41FC0
0x0

0x41834
0x901

0x403B8
0x8

0x40374
0x0

0x40378
0x1503

0x41EE0
0x3F800000

0x40A68
0x0

0x80A78
0x0
0x0

0x41DAC
0x0

0x41DB0
0xFFFFFFFF

0x808C0
0x10000000
0x10000000

0x40368
0x1D01

0xC0330
0x207
0x0
0xFF

0x4032C
0xFF

0xC033C
0x1E00
0x1E00
0x1E00

0x40328
0x0

for (x = 0; x < 16; x++)
{
    0x41A08 + (x * 0x20)
    0x30101

    0x41A1C + (x * 0x20)
    0x0

    0x41A0C + (x * 0x20)
    0x60000

    0x41A14 + (x * 0x20)
    0x2052000
}

0x40348
0x0

for (x = 0; x < 16; x++)
{
    0x41740 + (x * 0x4)
    0x2

    0x41680 + (x * 0x4)
    0x0
}

0x80A00
0x10000000
0x10000000

0x80394
0x0
0x3F800000

0x200A20
2048.0
2048.0
0.5
0x0
2048.0
2048.0
0.5
0x0

0x200A20
2048.0
2048.0
0.5
0x0
2048.0
2048.0
0.5
0x0

0x41D7C
0xFFFF0000

0x4182C
0x1B02

0x41D90
0x0

0x40370
0x0

0x41828
0x1B02

0x403BC
0x0

0x41DB4
0x0

0x41EE4
0x0

0x41EE8
0x0

0x41838
0x0

0x4147C
0x0

0x41E98
0x1000000

0x41478
0x0

0x41FF0
0xFFFF

0x417CC
0x0

for (x = 0; x < 16; x++)
{
    0x40908 + (x * 0x20)
    0x101

    0x4091C + (x * 0x20)
    0x0

    0x4090C + (x * 0x20)
    0x60000

    0x40914 + (x * 0x20)
    0x0
}

0x40238
0x0

0x41D78
0x1

0x4142C
0x0

0x41FF8
0x0

0x41FE8
0x0

Program 3[edit]

Crossreference: gitbrew.org::emer_init.self:Program_2

0x42000                       # bind object to subchannel 1
0x31337303

0xC2180                       # method of subchannel 1
0x66604200
0xFEED0001
0xFEED0000

0x46000                       # bind object to subchannel 3
0x313371C3

0xC6180                       # method of subchannel 3
0x66604200
0xFEED0000
0xFEED0000

0x4A000                       # bind object to subchannel 5
0x31337808

0x20A180                      # method of subchannel 5
0x66604200
0x0
0x0
0x0
0x0
0x0
0x0
0x313371C3

0x8A2FC                       # method of subchannel 5
0x3
0x4

0x48000                       # bind object to subchannel 4
0x31337A73

0x88180                       # method of subchannel 4
0x66604200
0xFEED0000

0x4C000                       # bind object to subchannel 6
0x3137AF00

0x4C180                       # method of subchannel 6
0x66604200



about RSX[edit]

RAMIN is on VRAM.
0x28002010000 contains the same as 0x2808FF90000
0x28002050000 contains the same as 0x2808FFD0000
you can prove that by writing in one offset and reading the other
0x2808XXXXXXX is BAR1 (i.e. VRAM on Nvidia GPUs)
0x28002XXXXXX is BAR2 (i.e. PRAMIN on Nvidia GPUs)