Editing Talk:Hypervisor Reverse Engineering

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
Merge needed of info from:
=emer init.self=
[https://web.archive.org/web/20130623170001/https://webcache.googleusercontent.com/search?q=cache:http%3A%2F%2Fwiki.gitbrew.org%2Fwikibrew%2FPS3%3AHvReverseEngineering wiki.gitbrew.org]
and
[https://web.archive.org/web/20111217183835/http://www.ps3devwiki.com/index.php?title=Talk:Hypervisor_Reverse_Engineering]


== MMIO / Memorymap ==
===Program 1===
{| class="wikitable sortable"
Crossreference: [http://portal.gitbrew.org/wikibrew/PS3:HvReverseEngineering:emer_init.self:Program_1 gitbrew.org::emer_init.self:Program_1] <br />
|-
! Physical Address !! Size !! <abbr title="DeviceID">ID</abbr> !! Usage !! Address<br />in HV dump<br />(3.15) !! Notes
|-
| 0x800000 || 0x20000 ||  || LV0 Code Region || ||
|-
| 0x200000 || 0x400000 ||  || LV1 Code Region || ||
|-
| 0x8000000 / 0x1000000(DECR) || 0x800000 || || LV2 Region || || The region you get when you dump lv2
|-
| 0x20000000000 || 0x80000 ||  || SPE0 MMIO Memory Region || || (be.0.bp_base)
|-
| 0x20000080000 || 0x80000 ||  || SPE1 MMIO Memory Region || 0x003ABC20 ||
|-
| 0x20000100000 || 0x80000 ||  || SPE2 MMIO Memory Region || 0x003AAD70 ||
|-
| 0x20000180000 || 0x80000 ||  || SPE3 MMIO Memory Region || 0x003A8880 || panic on read
|-
| 0x20000200000 || 0x80000 ||  || SPE4 MMIO Memory Region || 0x003B4F70 ||
|-
| 0x20000280000 || 0x80000 ||  || SPE5 MMIO Memory Region || 0x003AB700 ||
|-
| 0x20000300000 || 0x80000 ||  || SPE6 MMIO Memory Region || 0x003B5BE0 ||
|-
| 0x20000509000 || 0x1000 ||  || Pervasive Memory ||  || Contains 48 bit Serial Number at position 0xC80 size 0x08
|-
|  || 0x1000 ||  || SPE1 Shadow Registers Memory Region || 0x003ABDA0 ||
|-
|  || 0x1000 ||  || SPE2 Shadow Registers Memory Region || 0x003B4290 ||
|-
|  || 0x1000 ||  || SPE3 Shadow Registers Memory Region || 0x003A8A00 ||
|-
|  || 0x1000 ||  || SPE4 Shadow Registers Memory Region || 0x003B50F0 ||
|-
|  || 0x1000 ||  || SPE5 Shadow Registers Memory Region || 0x001FFC90 ||
|-
|  || 0x1000 ||  || SPE6 Shadow Registers Memory Region || 0x003AE5B0 ||
|-
| 0x2000050A0C8 || 0x4 || || XDR Memory Channel Size (Type 1) || || Shift right 49 and add 0x20 for size.
|-
| 0x2000050A188 || 0x4 || || XDR Memory Channel Size (Type 0) || || Shift right 49 and add 0x20 for size.
|-
| 0x2000050A210 || 0x4 || || XDR Memory Channel Type || || For use with above memory locations
|-
| 0x24000000000 ||  ||  || SB bus subsystem ||  || (be.0.ioif1.addr)
|-
| 0x24000002000 || 0x200 || 1 || SATA Controller 1 ||  ||
|-
| 0x24000002200 || 0x200 || 2 || SATA Controller 2 ||  ||
|-
| 0x24000002400 || 0x200 || 3 || USB Controller 1 ||  ||
|-
| 0x24000002600 || 0x200 || 4 || USB Controller 2 ||  ||
|-
| 0x24000002800 || 0x200 || 0 || Gelic Device ||  ||
|-
| 0x24000002C00 || 0x200 || 7 || ENCDEC Device ||  ||
|-
| 0x24000008000 || 0x1000 ||  || SB bus External interrupt controller ||  || Found while looking at linux kernel src. (spider-pic.c)
|-
| 0x24000008100 ||  ||  || SB bus interrupt handler || 0x002B9CC4 ||
|-
| 0x24000008104 ||  ||  || SB bus interrupt handler ||  ||
|-
| 0x24000087000 || || || SB status/info || ||
|-
| 0x2400008C000 || || || SYSCON (receive packetheader) ||  ||
|-
| 0x2400008C010 || || || SYSCON (receive packetbody) ||  ||
|-
| 0x2400008CFF0 || || || SYSCON (receive ?) ||  ||
|-
| 0x2400008CFF4 || || || SYSCON (send ?) ||  ||
|-
| 0x2400008D000 || || || SYSCON (send  packetheader)||  ||
|-
| 0x2400008D010 || || || SYSCON (send packetbody) ||  ||
|-
| 0x2400008DFF0 || || || SYSCON (send ?) ||  ||
|-
| 0x2400008DFF4 || || || SYSCON (receive ?) ||  ||
|-
| 0x2400008E000 || || || SYSCON (receive ?) ||  ||
|-
| 0x2400008E004 || || || SYSCON (receive test bit 0x2) ||  ||
|-
| 0x2400008E100 || || || SYSCON (send notify) ||  ||
|-
| 0x24003000000 || 0x1000 || 1 || SATA Controller 1 ||  ||
|-
| 0x24003001000 || 0x1000 || 2 || SATA Controller 2 ||  ||
|-
| 0x24003004000 || 0x1000 || 0 || Gelic Device ||  ||
|-
| 0x24003005000 || 0x1000 || 7 || ENCDEC Device ||  ||
|-
| 0x24003005200 || 0x4 || 7 || ENCDEC Device ||  || 0 != ENCDEC Test Mode
|-
| 0x24003006000 || 0x1000 || 7 || ENCDEC Device ||  ||
|-
| 0x240030060A0 || 0x4 || 7 || ENCDEC Device ||  || EdecKgenFlash Command (0x84)
|-
| 0x24003010000 || 0x10000 || 3 || USB Controller 1 || 0x001FDF00 ||
|-
| 0x24003020000 || 0x10000 || 4 || USB Controller 2 || 0x003B3850 ||
|-
| 0x24003800000 || 0x1000 || 1 || SATA Controller 1 ||  ||
|-
| 0x24003801000 || 0x1000 || 2 || SATA Controller 2 ||  ||
|-
| 0x24003802000 || 0x1000 || 1 || SATA Controller 1 ||  ||
|-
| 0x24003803000 || 0x1000 || 2 || SATA Controller 2 ||  ||
|-
| 0x24003810000 || 0x10000 || 3 || USB Controller 1 || 0x003B6E50 ||
|-
| 0x24003820000 || 0x10000 || 4 || USB Controller 2 || 0x003B9950 ||
|-
| 0x2401F000000 || 0x1000000 || || NOR Flash || ||
|-
| 0x2401FC00000 || 0x40000 || || SYS ROM || || lv0ldr/bootldr
|-
| 0x28000000000 || 0x2000 ||  || AV Manager (/dev/ioif0) ||  || (be.0.ioif0.addr) only mmap system call
|-
| 0x28001800000 || 0x1000 ||  || AV Manager (/dev/ioif0) ||  || only mmap system call
|-
| 0x28000600000 || 0x4000 ||  || AV Manager (/dev/ioif0) - Output Control Registers ||  || only mmap system call. First 0x2000 for head 0. Next 0x2000 for head 1.
|-
| 0x28000680000 || 0x4000 ||  || AV Manager (/dev/ioif0) - PLL Control Registers ||  || only mmap system call. First 0x2000 for head 0. Next 0x2000 for head 1.
|-
| 0x28000080000 || 0x8000 ||  || AV Manager (/dev/ioif0) ||  || only mmap system call
|-
| 0x28000088000 || 0x1000 ||  || AV Manager (/dev/ioif0) ||  || only mmap system call
|-
| 0x2800000C000 || 0x1000 ||  || AV Manager (/dev/ioif0) ||  || only mmap system call
|-
| 0x2800008A000 || 0x1000 ||  || AV Manager (/dev/ioif0) ||  || only mmap system call
|-
| 0x2800008C000 || 0x1000 ||  || AV Manager (/dev/ioif0) ||  || only mmap system call
|-
| 0x28080000000 || 0xFE00000 || 1 || GPU Device Memory Region || 0x003AF380 ||
|-
| 0x3C0000 || 0xC000 || 2 || GPU Device Memory Region || 0x003AF500 ||
|-
| 0x2808FE00000 || 0x40000 || 3 || GPU Device Memory Region || 0x003AF680 ||
|-
| 0x28000C00000 || 0x20000 || 4 || GPU Device Memory Region || 0x003AFC30 ||
|-
| 0x28000080100 || 0x8000 || 5 || GPU Device Memory Region || 0x003BB420 ||
|-
| 0x2808FC00000 || 0x400000 || || RSX Internal State Memory Area (All) || ||
|-
| 0x2808FF80000 || 0x80000 || || RAMIN (Encompasses RAMHT,RAMFC,DMA Objects, Graphic Objects and GRAPH) || ||
|-
| 0x2808FF90000 || 0x4000 || || RAM Hash Table || ||
|-
| 0x2808FFA0000 || 0x1000 || || RAM FIFO Context || ||
|-
| 0x2808FFC0000 || 0x10000 || || DMA Objects || ||
|-
| 0x2808FFD0000 || 0x10000 || || Graphic Objects || ||
|-
| 0x2808FFE0000 || 0x10000 || || Graphic Context || ||
|-
|  ||  || 9 || FLASH Controller device (StarShip - SS) ||  || FLASH controller doesn't have MMIO regions
|-
| 0x000000000000 || 0x1000000 ||  || GameOS ||  ||
|-
| 0x700020000000 || 0xA0000 ||  || GameOS ||  ||
|-
| 0x700020000000 || 0xE900000 ||  || GameOS ||  ||
|-
| 0x800000000F000000 || 0x40000 ||  || GameOS HTAB ||  ||
|-
|}
 
* Linux driver for playing with BE MMIO: http://pastie.org/private/zkzpmj5j6hixacxppk9waq [https://pastebin.com/Y6ZEDdi3 mirror]
 
== PS3 ea memory map ==
<pre>
  0xFFFF_FFFF  +-------------------------------+
              | SPU Thread Mapping Area      | 
  0xF000_0000  +-------------------------------+
              | Raw SPU Mapping Area          | 
  0xE000_0000  +-------------------------------+
              | User Area                    | 
  0xD000_0000  +-------------------------------+
              | RSX Frame Buffer Mapping Area | 
  0xC000_0000  +-------------------------------+
              | MMapper Fixed Area            | 
  0xB000_0000  +-------------------------------+
              |                              | 
              | User Area (heap, ...)        | 
              |                              | 
              |                              | 
              |                              | 
  0x5000_0000  +-------------------------------+
              | PPU/SPU Local Segment        | 
              | (.ppu_data)                  | 
  0x4001_0000  +-------------------------------+
              | PPU/SPU Local Segment        | 
              | (.ppu_rodata)                | 
  0x4000_0000  +-------------------------------+
              | PPU/SPU/RSX Shared Segment    | 
              | (.sdata, .rsx_image)          | 
  0x3001_0000  +-------------------------------+
              | PPU/SPU/RSX Shared Segment    | 
              | (.srodata, .rsx_image)        | 
  0x3000_0000  +-------------------------------+
              | PPU/SPU Shared Segment        | 
              | (.text, .data, .bss, ...)    | 
  0x0001_0000  +-------------------------------+
              | Unmapped Area                | 
  0x0000_0000  +-------------------------------+
</pre>
 
https://web.archive.org/web/20141119024023/http://pastie.org/private/bfqqa2cpadolns9bm0eqa
 
== History of Packet ID Entries ==
 
* 0x18000 <- [[Dispatcher_Manager]]
* 0x8000  <- ???
* 0x17000 <- [[Indi_Info_Manager]]
* 0x10000 <- [[SB_Manager]]
* 0x9000  <- [[SC_Manager]]
* 0x14000 <- [[Secure_LPAR_Loader]]
* 0x15000 <- [[Secure_Profile_Loader]]
* 0x3000  <- [[Secure_RTC_Manager]]
* 0x5000  <- [[Storage_Manager]]
* 0x11000 <- [[Security_Policy_Manager]]
* 0x6000  <- [[Update_Manager]]
* 0x2000  <- [[Virtual_TRM_Manager]]
* 0x19000 <- [[AIM_Manager]]
* 0x22000 <- [[Factory_Data_Manager]]
* 0x24000 <- [[USB_Dongle_Authenticator]]
* 0x25000 <- [[User_Token_Manager]]
* 0x84000 <- http://paste.ubuntu.com/25395752/
 
from SPM
 
[http://pastie.org/private/mdw6lcgcp6sby1qvlipog possible process names][https://pastebin.com/1Z1vG23V]
[http://pastie.org/private/guigb77nctwvsq50tkaeq possible process / packet ids 1][https://pastebin.com/D8VeZ02B]
[http://pastie.org/private/j7cv141bu5jw2acundzla possible process / packet ids 2][https://pastebin.com/fy4KZfmJ]
 
==coolstuf==
Graf_Chokolo's HV BIBLE .rar    163 MB
Torrent InfoHash (Base16): 8E0FC6B483D8439BC7E1D6148632022DC390CE19
Torrent InfoHash (Base32): RYH4NNED3BBZXR7B2YKIMMQCFXBZBTQZ
coolstuff.rar (172474327 Bytes)
SHA1: F8DF8A5D6ABEFD20CE02EFE883D22FE90CC11845
MD5: C0976820D0F4DA9D0C8674083E7F8B36
CRC32: 7CAECB85  /  CRC16: 69BB
 
Repositories:
* https://www.sendspace.com/file/klddg3
* http://www.sendspace.com/file/qlkzkd
* http://www.mirrorcreator.com/files/0NFBM0PC/coolstuff_0.rar_links
* http://www.mirrorcreator.com/files/0ROETOUP/coolstuff.rar_links
* http://fileape.com/index.php?act=download&id=aG4VzHXWKqwXbi50
 
* https://web.archive.org/web/*/http://ps3devwiki.com/files/coolstuf/
 
===Content===
<pre>
dump_lv2_reversing/dev_rflash1/dev1_reg0_16MB.bin 16 MB
dump_lv2_reversing/dev_rflash1/dump_files.sh 0.3 KB
dump_lv2_reversing/dev_rflash1/dump_flash_315.bin 16 MB
dump_lv2_reversing/dev_rflash1/files/asecure_loader 0.2 MB
dump_lv2_reversing/dev_rflash1/files/cCSD 2 KB
dump_lv2_reversing/dev_rflash1/files/cISD 2 KB
dump_lv2_reversing/dev_rflash1/files/eEID 64 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID0 2.1 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID1 0.7 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID2 1.8 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID3 0.3 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID4 0 KB
dump_lv2_reversing/dev_rflash1/files/EID/EID5 2.5 KB
dump_lv2_reversing/dev_rflash1/files/metldr 58.3 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/aim_spu_module.self 17.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/appldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/default.spp 8.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/emer_init.self 0.5 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/eurus_fw.bin 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/hdd_copy.self 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/isoldr 75.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv0 0.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv1.self 1.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv1ldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv2ldr 91.5 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/lv2_kernel.self 1.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_330/mc_iso_spu_module.self 32.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/me_iso_spu_module.self 34.2 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sb_iso_spu_module.self 23.4 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sc_iso.self 84.8 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sdk_version 0 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spp_verifier.self 54 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_pkg_rvk_verifier.self 62.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_token_processor.self 23.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/spu_utoken_processor.self 25.5 KB
dump_lv2_reversing/dev_rflash1/files/sdk_330/sv_iso_spu_module.self 48.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/aim_spu_module.self 17.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/appldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/default.spp 8.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/emer_init.self 0.5 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/eurus_fw.bin 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/hdd_copy.self 0.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/isoldr 76.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv0 0.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv1.self 1.2 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv1ldr 0.1 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv2ldr 92 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/lv2_kernel.self 1.4 MB
dump_lv2_reversing/dev_rflash1/files/sdk_341/mc_iso_spu_module.self 32.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/me_iso_spu_module.self 34.2 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sb_iso_spu_module.self 23.4 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sc_iso.self 84.8 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sdk_version 0 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spp_verifier.self 54 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_pkg_rvk_verifier.self 62.7 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_token_processor.self 23.1 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/spu_utoken_processor.self 25.5 KB
dump_lv2_reversing/dev_rflash1/files/sdk_341/sv_iso_spu_module.self 48.1 KB
dump_lv2_reversing/dev_rflash1/files/trvk_pkg0 0.1 MB
dump_lv2_reversing/dev_rflash1/files/trvk_pkg1 0.1 MB
dump_lv2_reversing/dev_rflash1/files/trvk_prg0 0.1 MB
dump_lv2_reversing/dev_rflash1/files/trvk_prg1 0.1 MB
dump_lv2_reversing/dev_rflash1/toc.txt 4 KB
dump_lv2_reversing/dump_lv2.bin 8 MB
dump_lv2_reversing/dump_lv2.idb 50 MB
dump_lv2_reversing/dump_lv2_315.bin 8 MB
dump_lv2_reversing/dump_lv2_315.idb 38 MB
dump_lv2_reversing/htab/dump_htab.bin 0.3 MB
dump_lv2_reversing/htab/dump_htab.c 1.7 KB
dump_lv2_reversing/htab/dump_htab.exe 18.4 KB
dump_lv2_reversing/htab/dump_htab.txt 2.2 MB
dump_lv2_reversing/lv2_dump3.41debug.bin 8 MB
dump_lv2_reversing/lv2_kernel_341_decrypted.elf 3.3 MB
dump_lv2_reversing/lv2_kernel_service_jig_self.bin 3.5 MB
dump_lv2_reversing/lv2_kernel_service_jig_self.idb 23 MB
dump_lv2_reversing/mem/dump_lpar_ra.bin 1 MB
dump_lv2_reversing/mem/memory_regions.txt 0.4 KB
dump_lv2_reversing/sce/sce.txt 0.9 KB
dump_lv2_reversing/slb/dump_lv2_slb.bin 1 KB
dump_lv2_reversing/slb/dump_lv2_slb.txt 2.4 KB
dump_lv2_reversing/spp/default_decrypted.spp 8.7 KB
dump_lv2_reversing/update_manager/EID0_0x0.bin 2.1 KB
hvdump315_reversing/dump_proc.sh 0.3 KB
hvdump315_reversing/eeprom/offsets.txt 0.1 KB
hvdump315_reversing/files/EID0 2.1 KB
hvdump315_reversing/files/ss_server1.fself 0.5 MB
hvdump315_reversing/files/ss_server2.fself 0.3 MB
hvdump315_reversing/files/ss_server3.fself 0.2 MB
hvdump315_reversing/files/sysmgr_ss.fself 0.4 MB
hvdump315_reversing/htab/dump_htab.c 1.7 KB
hvdump315_reversing/htab/dump_htab.exe 18.4 KB
hvdump315_reversing/htab/lpar1_vas2_htab.txt 2.2 MB
hvdump315_reversing/htab/lpar2_vas3_htab.txt 8.8 MB
hvdump315_reversing/htab/lpar2_vas48_htab.txt 8.8 MB
hvdump315_reversing/hvcall/99.txt 0.2 KB
hvdump315_reversing/hvdump315 16 MB
hvdump315_reversing/hvdump315.idb 79 MB
hvdump315_reversing/misc/tbfreq.txt 0 KB
hvdump315_reversing/otheros/build-petitboot.txt 2.3 KB
hvdump315_reversing/otheros/debian_netboot/initrd.gz 5.4 MB
hvdump315_reversing/otheros/debian_netboot/vmlinux 11 MB
hvdump315_reversing/otheros/debian_netboot/yaboot.conf 0.6 KB
hvdump315_reversing/otheros/dev_rflash_lx/exoboot 5.2 MB
hvdump315_reversing/otheros/dev_rflash_lx/lv2_kernel_service_jig_self.bin 3.5 MB
hvdump315_reversing/otheros/dev_rflash_lx/petitboot_network_zImage.ps3.bin 7.7 MB
hvdump315_reversing/otheros/dev_rflash_lx/petitboot_zImage.ps3.bin 7.6 MB
hvdump315_reversing/otheros/exoboot 5.2 MB
hvdump315_reversing/otheros/exoboot.idb 30 MB
hvdump315_reversing/otheros/otheros.bld 3.1 MB
hvdump315_reversing/otheros/otheros.elf 14 MB
hvdump315_reversing/otheros/otheros.i64 63 MB
hvdump315_reversing/otheros/petitboot-compile-howto.txt 0.8 KB
hvdump315_reversing/otheros/petitboot.bld 3.4 MB
hvdump315_reversing/otheros/petitboot_network.bld 3.5 MB
hvdump315_reversing/otheros/petitboot_network_zImage.ps3.bin 7.7 MB
hvdump315_reversing/otheros/petitboot_network_zImage.ps3.idb 40 MB
hvdump315_reversing/otheros/petitboot_zImage.ps3.bin 7.6 MB
hvdump315_reversing/otheros/petitboot_zImage.ps3.idb 33 MB
hvdump315_reversing/otheros/ps3-boot-recovery-howto.txt 4.5 KB
hvdump315_reversing/otheros/ps3-bootloader-install-howto.txt 3.6 KB
hvdump315_reversing/otheros/ps3-debian-install-howto.txt 5.3 KB
hvdump315_reversing/otheros/ps3-debian-install.pdf 90.6 KB
hvdump315_reversing/otheros/ps3-petitboot-09.11.30-cui 8 MB
hvdump315_reversing/otheros/ps3-petitboot-09.11.30-cui.bld 3.2 MB
hvdump315_reversing/proc_3/code_seg.addr 0.6 KB
hvdump315_reversing/proc_3/code_seg.bin 0.1 MB
hvdump315_reversing/proc_3/code_seg.idb 1.8 MB
hvdump315_reversing/proc_3/data_seg.addr 0.2 KB
hvdump315_reversing/proc_3/data_seg.bin 36 KB
hvdump315_reversing/proc_3/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_3/stack_seg.bin 12 KB
hvdump315_reversing/proc_3/unknown_seg.addr 0.1 KB
hvdump315_reversing/proc_3/unknown_seg.bin 28 KB
hvdump315_reversing/proc_5/code_seg.addr 0.9 KB
hvdump315_reversing/proc_5/code_seg.bin 0.2 MB
hvdump315_reversing/proc_5/code_seg.idb 2.8 MB
hvdump315_reversing/proc_5/data_seg.addr 0.2 KB
hvdump315_reversing/proc_5/data_seg.bin 44 KB
hvdump315_reversing/proc_5/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_5/stack_seg.bin 12 KB
hvdump315_reversing/proc_5/unknown_seg.addr 0 KB
hvdump315_reversing/proc_5/unknown_seg.bin 8 KB
hvdump315_reversing/proc_6/code_seg.addr 1.8 KB
hvdump315_reversing/proc_6/code_seg.bin 0.3 MB
hvdump315_reversing/proc_6/code_seg.idb 5.1 MB
hvdump315_reversing/proc_6/data_seg.addr 0.3 KB
hvdump315_reversing/proc_6/data_seg.bin 68 KB
hvdump315_reversing/proc_6/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_6/stack_seg.bin 12 KB
hvdump315_reversing/proc_6/unknown_seg_1.addr 0 KB
hvdump315_reversing/proc_6/unknown_seg_1.bin 4 KB
hvdump315_reversing/proc_6/unknown_seg_2.addr 0 KB
hvdump315_reversing/proc_6/unknown_seg_2.bin 4 KB
hvdump315_reversing/proc_9/.unknown_seg_2.addr.swp 12 KB
hvdump315_reversing/proc_9/code_seg.addr 1.4 KB
hvdump315_reversing/proc_9/code_seg.bin 0.3 MB
hvdump315_reversing/proc_9/code_seg.idb 3.6 MB
hvdump315_reversing/proc_9/data_seg.addr 0.4 KB
hvdump315_reversing/proc_9/data_seg.bin 72 KB
hvdump315_reversing/proc_9/stack_seg.addr 0.1 KB
hvdump315_reversing/proc_9/stack_seg.bin 12 KB
hvdump315_reversing/proc_9/unknown_seg_1.addr 0.1 KB
hvdump315_reversing/proc_9/unknown_seg_1.bin 16 KB
hvdump315_reversing/proc_9/unknown_seg_2.addr 0.6 KB
hvdump315_reversing/proc_9/unknown_seg_3.addr 0 KB
hvdump315_reversing/proc_9/unknown_seg_3.bin 8 KB
hvdump315_reversing/repo_nodes/dump_repo_nodes.c 1.7 KB
hvdump315_reversing/repo_nodes/dump_repo_nodes.exe 17.9 KB
hvdump315_reversing/repo_nodes/hash_repo_node.c 1.5 KB
hvdump315_reversing/repo_nodes/hash_repo_node.exe 17.2 KB
hvdump315_reversing/repo_nodes/repo_nodes.txt 77.8 KB
hvdump315_reversing/repo_nodes/repo_nodes_storage_disk.txt 8.1 KB
hvdump315_reversing/repo_nodes/repo_nodes_storage_rbd.txt 8.1 KB
hvdump315_reversing/ss/.packet_and_function_ids.txt.swp 12 KB
hvdump315_reversing/ss/laid_and_paid.txt 3.3 KB
hvdump315_reversing/ss/packet_and_function_ids.txt 0.5 KB
hvdump341_reversing/dev_rflash1/metldr 58.2 KB
hvdump341_reversing/dump_flash_fat.bin 16 MB
hvdump341_reversing/dump_lv1_latest.bin 16 MB
hvdump341_reversing/dump_proc.sh 0.3 KB
hvdump341_reversing/hv_mmap_exploit_341.bin 16 MB
hvdump341_reversing/hv_mmap_exploit_341.idb 68 MB
hvdump341_reversing/lv1_341_decrypted.elf 3.8 MB
hvdump341_reversing/lv1_341_decrypted.i64 22 MB
hvdump341_reversing/proc_3/code_seg.addr 0.6 KB
hvdump341_reversing/proc_3/code_seg.bin 0.1 MB
hvdump341_reversing/proc_3/code_seg.idb 1.2 MB
hvdump341_reversing/proc_3/data_seg.addr 0.2 KB
hvdump341_reversing/proc_3/data_seg.bin 36 KB
hvdump341_reversing/proc_3/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_3/unknown_seg_1.addr 0.1 KB
hvdump341_reversing/proc_3/unknown_seg_1.bin 28 KB
hvdump341_reversing/proc_3/unknown_seg_2.addr 0 KB
hvdump341_reversing/proc_3/unknown_seg_2.bin 4 KB
hvdump341_reversing/proc_5/code_seg.addr 0.9 KB
hvdump341_reversing/proc_5/code_seg.bin 0.2 MB
hvdump341_reversing/proc_5/code_seg.idb 1.8 MB
hvdump341_reversing/proc_5/data_seg.addr 0.2 KB
hvdump341_reversing/proc_5/data_seg.bin 44 KB
hvdump341_reversing/proc_5/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_5/stack_seg.bin 12 KB
hvdump341_reversing/proc_5/unknown_seg.addr 0 KB
hvdump341_reversing/proc_5/unknown_seg.bin 8 KB
hvdump341_reversing/proc_6/code_seg.addr 1.8 KB
hvdump341_reversing/proc_6/code_seg.bin 0.3 MB
hvdump341_reversing/proc_6/code_seg.idb 3 MB
hvdump341_reversing/proc_6/data_seg.addr 0.3 KB
hvdump341_reversing/proc_6/data_seg.bin 68 KB
hvdump341_reversing/proc_6/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_6/stack_seg.bin 12 KB
hvdump341_reversing/proc_6/unknown_seg_1.addr 0 KB
hvdump341_reversing/proc_6/unknown_seg_1.bin 4 KB
hvdump341_reversing/proc_6/unknown_seg_2.addr 0 KB
hvdump341_reversing/proc_6/unknown_seg_2.bin 4 KB
hvdump341_reversing/proc_9/code_seg.addr 1.3 KB
hvdump341_reversing/proc_9/code_seg.bin 0.2 MB
hvdump341_reversing/proc_9/code_seg.idb 2.4 MB
hvdump341_reversing/proc_9/data_seg.addr 0.3 KB
hvdump341_reversing/proc_9/data_seg.bin 56 KB
hvdump341_reversing/proc_9/stack_seg.addr 0.1 KB
hvdump341_reversing/proc_9/stack_seg.bin 12 KB
hvdump341_reversing/proc_9/unknown_seg_1.addr 0.1 KB
hvdump341_reversing/proc_9/unknown_seg_1.bin 16 KB
hvdump341_reversing/proc_9/unknown_seg_2.addr 0 KB
hvdump341_reversing/proc_9/unknown_seg_2.bin 8 KB
hvdump341_reversing/proc_elfs/pme_init 0.1 MB
hvdump341_reversing/proc_elfs/pme_init.i64 0.5 MB
hvdump341_reversing/repo_nodes/dump_repo_nodes.c 1.8 KB
hvdump341_reversing/repo_nodes/dump_repo_nodes.exe 17.9 KB
hvdump341_reversing/repo_nodes/repo_nodes.txt 77.4 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x02F00_0x02FFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x03000_0x030FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48000_0x480FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48800_0x488FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48C00_0x48CFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_after_set_token/sc_eprom_dump_0x48D00_0x48DFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x02F00_0x02FFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x03000_0x030FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48000_0x480FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48800_0x488FF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48C00_0x48CFF.bin 0.3 KB
hvdump341_reversing/sc_eprom_before_set_token/sc_eprom_dump_0x48D00_0x48DFF.bin 0.3 KB
hvdump341_reversing/spus/isoldr_341.elf 75.6 KB
hvdump341_reversing/spus/isoldr_341_objdump.asm 0.7 MB
hvdump341_reversing/spus/sb_iso_spu_module.elf 62.5 KB
hvdump341_reversing/spus/sb_iso_spu_module_ida.asm 0.2 MB
hvdump341_reversing/spus/sb_iso_spu_module_objdump.asm 0.5 MB
hvdump341_reversing/spus/sc_iso.elf 81.7 KB
hvdump341_reversing/spus/sc_iso_ida.asm 0.4 MB
hvdump341_reversing/spus/sc_iso_objdump.asm 0.8 MB
hvdump341_reversing/spus/spu_token_processor.elf 22.3 KB
hvdump341_reversing/spus/spu_token_processor_ida.asm 0.1 MB
hvdump341_reversing/spus/spu_token_processor_objdump.asm 0.2 MB
hvdump355_reversing/dump_proc.sh 0.3 KB
hvdump355_reversing/dump_protpages/dump_protpages.c 2.1 KB
hvdump355_reversing/dump_protpages/dump_protpages.exe 11.5 KB
hvdump355_reversing/dump_protpages/dump_protpages.exe.stackdump 0.8 KB
hvdump355_reversing/hvdump_355.bin 16 MB
hvdump355_reversing/hvdump_355.idb 67 MB
hvdump355_reversing/proc_3/code_seg.addr 0.7 KB
hvdump355_reversing/proc_3/code_seg.bin 0.1 MB
hvdump355_reversing/proc_3/code_seg.idb 1.3 MB
hvdump355_reversing/proc_3/data_seg.addr 0.2 KB
hvdump355_reversing/proc_3/data_seg.bin 36 KB
hvdump355_reversing/proc_3/pages 1.1 KB
hvdump355_reversing/proc_3/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_3/stack_seg.bin 12 KB
hvdump355_reversing/proc_3/unknown_seg.addr 0.2 KB
hvdump355_reversing/proc_3/unknown_seg.bin 32 KB
hvdump355_reversing/proc_5/code_seg.addr 1 KB
hvdump355_reversing/proc_5/code_seg.bin 0.2 MB
hvdump355_reversing/proc_5/code_seg.idb 1.6 MB
hvdump355_reversing/proc_5/data_seg.addr 0.2 KB
hvdump355_reversing/proc_5/data_seg.bin 44 KB
hvdump355_reversing/proc_5/pages 1.3 KB
hvdump355_reversing/proc_5/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_5/stack_seg.bin 12 KB
hvdump355_reversing/proc_5/unknown_seg.addr 0 KB
hvdump355_reversing/proc_5/unknown_seg.bin 8 KB
hvdump355_reversing/proc_6/code_seg.addr 2 KB
hvdump355_reversing/proc_6/code_seg.bin 0.3 MB
hvdump355_reversing/proc_6/code_seg.idb 3.3 MB
hvdump355_reversing/proc_6/data_seg.addr 0.4 KB
hvdump355_reversing/proc_6/data_seg.bin 68 KB
hvdump355_reversing/proc_6/pages 2.4 KB
hvdump355_reversing/proc_6/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_6/stack_seg.bin 12 KB
hvdump355_reversing/proc_6/unknown_seg1.addr 0 KB
hvdump355_reversing/proc_6/unknown_seg1.bin 4 KB
hvdump355_reversing/proc_6/unknown_seg2.addr 0 KB
hvdump355_reversing/proc_6/unknown_seg2.bin 4 KB
hvdump355_reversing/proc_9/code_seg.addr 1.4 KB
hvdump355_reversing/proc_9/code_seg.bin 0.2 MB
hvdump355_reversing/proc_9/code_seg.idb 2.1 MB
hvdump355_reversing/proc_9/data_seg.addr 0.3 KB
hvdump355_reversing/proc_9/data_seg.bin 56 KB
hvdump355_reversing/proc_9/pages 2.5 KB
hvdump355_reversing/proc_9/stack_seg.addr 0.1 KB
hvdump355_reversing/proc_9/stack_seg.bin 12 KB
hvdump355_reversing/proc_9/unknown_seg1.addr 0.1 KB
hvdump355_reversing/proc_9/unknown_seg1.bin 16 KB
hvdump355_reversing/proc_9/unknown_seg2.addr 0 KB
hvdump355_reversing/proc_9/unknown_seg2.bin 8 KB
payload.tar.gz 96.2 KB
ps3wiki/Basic Bluray disc authentication procedure.htm 13.3 KB
ps3wiki/Booting Linux from internal HDD.htm 8.4 KB
ps3wiki/Booting Linux from internal HDD_2.htm 9.2 KB
ps3wiki/Booting Linux on 3.41 PS3 with petitboot from internal HDD.htm 9.1 KB
ps3wiki/Booting Linux on 3.41 PS3 with petitboot from internal HDD2.htm 10 KB
ps3wiki/Booting petitboot from VFLASH.htm 20.2 KB
ps3wiki/Booting_Linux_2.6_kernel_on_running_PS3_Linux_with_kexec.htm 1 KB
ps3wiki/Cell Programming Tutorial – IBM.htm 10.7 KB
ps3wiki/Drk notes.htm 13.8 KB
ps3wiki/Dump_of_all_repository_nodes_from_HV_3.15.htm 1 KB
ps3wiki/Dump_of_all_repository_nodes_from_HV_3.41_dump_made_from_GameOS.htm 84.5 KB
ps3wiki/Error_codes.htm 0.8 KB
ps3wiki/Hardware flashing.htm 7.9 KB
ps3wiki/Hypervisor Reverse Engineering.htm 0.3 MB
ps3wiki/Installing Linux on internal HDD.htm 14.7 KB
ps3wiki/Lv-2 syscalls.htm 26.4 KB
ps3wiki/Lv-2_functions.htm 0.8 KB
ps3wiki/Main Page.htm 14.9 KB
ps3wiki/PDB file format.htm 14.8 KB
ps3wiki/PS3 Payload Developement.htm 29.5 KB
ps3wiki/PSGroove.htm 15 KB
ps3wiki/PSJailbreak Exploit Payload Reverse Engineering.htm 14.7 KB
ps3wiki/PSJailbreak Exploit Reverse Engineering.htm 22.4 KB
ps3wiki/PSJailbreak Payload Reverse Engineering.htm 52.4 KB
ps3wiki/PUP File Format.htm 11.4 KB
ps3wiki/Self Crypto.htm 8.3 KB
ps3wiki/SELF File Format and Decryption.htm 17.3 KB
ps3wiki/Self file format.htm 12.4 KB
ps3wiki/Self file format_2.htm 13.1 KB
ps3wiki/Talk.Lv-2 functions.htm 7.8 KB
ps3wiki/Talk.SELF File Format and Decryption.htm 18.4 KB
ps3wiki/XRegistry File Format.htm 51.9 KB
ps3wiki/XRegistry File Format_2.htm 52.7 KB
</pre>
 
==emer init.self==
 
=== Program 1 ===
 
Crossreference: [https://web.archive.org/web/20110927024647/http://portal.gitbrew.org/wikibrew/PS3:HvReverseEngineering:emer_init.self:Program_1 gitbrew.org::emer_init.self:Program_1] <br />


<pre>
<pre>
Line 835: Line 223:
</pre>
</pre>


=== Program 2 ===
===Program 2===
 
Crossreference: [http://portal.gitbrew.org/wikibrew/PS3:HvReverseEngineering:emer_init.self:Program_2 gitbrew.org::emer_init.self:Program_2] <br />
Crossreference: [https://web.archive.org/web/20110927023704/http://portal.gitbrew.org/wikibrew/PS3:HvReverseEngineering:emer_init.self:Program_2 gitbrew.org::emer_init.self:Program_2] <br />
<pre>
<pre>
0x80308
0x80308
0x207
0x207
0x0
0x40304
0x0
0xC0350
0x207
0x0
0xFF
0x4034C
0xFF
0xC035C
0x1E00
0x1E00
0x1E00
0x4031C
0x0
0x4037C
0x0
0x40310
0x0
0x4036C
0x0
0x40320
0x80068006
0x80314
0x10001
0x0
0x41D8C
0xFFFFFF00
0x41D94
0x0
0x40100
0x0
0x40324
0x1010101
0x4183C
0x0
0x41830
0x405
0x80384
0x0
0x3F800000
0x40380
0x0
0x40A6C
0x201
0x40A70
0x1
0x40A74
0x0
0x40300
0x1
0x41FEC
0x0
0x41FC0
0x0
0x41834
0x901
0x403B8
0x8
0x40374
0x0
0x40378
0x1503
0x41EE0
0x3F800000
0x40A68
0x0
0x80A78
0x0
0x0
0x41DAC
0x0
0x41DB0
0xFFFFFFFF
0x808C0
0x10000000
0x10000000
0x40368
0x1D01
0xC0330
0x207
0x0
0xFF
0x4032C
0xFF
0xC033C
0x1E00
0x1E00
0x1E00
0x40328
0x0
for (x = 0; x < 16; x++)
{
    0x41A08 + (x * 0x20)
    0x30101
    0x41A1C + (x * 0x20)
    0x0
    0x41A0C + (x * 0x20)
    0x60000
    0x41A14 + (x * 0x20)
    0x2052000
}
0x40348
0x0
for (x = 0; x < 16; x++)
{
    0x41740 + (x * 0x4)
    0x2
    0x41680 + (x * 0x4)
    0x0
}
0x80A00
0x10000000
0x10000000
0x80394
0x0
0x3F800000
0x200A20
2048.0
2048.0
0.5
0x0
2048.0
2048.0
0.5
0x0
0x200A20
2048.0
2048.0
0.5
0x0
2048.0
2048.0
0.5
0x0
0x41D7C
0xFFFF0000
0x4182C
0x1B02
0x41D90
0x0
0x40370
0x0
0x41828
0x1B02
0x403BC
0x0
0x41DB4
0x0
0x41EE4
0x0
0x41EE8
0x0
0x41838
0x0
0x4147C
0x0
0x41E98
0x1000000
0x41478
0x0
0x41FF0
0xFFFF
0x417CC
0x0
for (x = 0; x < 16; x++)
{
    0x40908 + (x * 0x20)
    0x101
    0x4091C + (x * 0x20)
    0x0
    0x4090C + (x * 0x20)
    0x60000
    0x40914 + (x * 0x20)
    0x0
}
0x40238
0x0
0x41D78
0x1
0x4142C
0x0
0x41FF8
0x0
0x41FE8
0x0
0x0
</pre>
</pre>


===Program 3===
===Program 3===
Crossreference: [http://portal.gitbrew.org/wikibrew/PS3:HvReverseEngineering:emer_init.self:Program_2 gitbrew.org::emer_init.self:Program_2] <br />
<pre>
<pre>
0x42000                      # bind object to subchannel 1
0x42000                      # bind object to subchannel 1
Line 1,152: Line 279:
0x66604200
0x66604200
</pre>
</pre>


----
----


== About RSX ==
=RSXFIFOCommands=
Crossreference: [http://portal.gitbrew.org/wikibrew/PS3:HvReverseEngineering:RSXFIFOCommands gitbrew.org::RSXFIFOCommands] <br />
 
=Commands=
 
==NOP (0x00000100)==
 
* Nop
 
<pre>
0x00000100
</pre>
 
==CALL (0x00000002)==
 
* Calls a function at the specified offset.
* Command size is '''0'''.
* The parameter is offset in FIFO buffer.
 
<pre>
<offset> | 0x00000002
</pre>
 
==RET (0x00020000)==
 
* Returns from a function.
* Command size is '''0'''.
 
<pre>
0x00020000
</pre>
 
==JMP (0x20000000)==
 
* Jumps to the specified offset.
* Command size is '''0'''.
* The parameter is offset in FIFO buffer.
 
<pre>
0x20000000 | <offset>
</pre>
 
==COLOR MASK (0x00040324)==
 
* Sets color mask.
* Command size is '''1'''.
* The parameter is color mask.
 
<pre>
0x00040324
<color mask>
</pre>
 
==FRONT POLYGON MODE (0x00041828)==
 
* Sets front polygon mode.
* Command size is '''1'''.
* The parameter is front polygon mode.


<pre>
<pre>
RAMIN is on VRAM.
0x00041828
0x28002010000 contains the same as 0x2808FF90000
<front polygon mode>
0x28002050000 contains the same as 0x2808FFD0000
you can prove that by writing in one offset and reading the other
0x2808XXXXXXX is BAR1 (i.e. VRAM on Nvidia GPUs)
0x28002XXXXXX is BAR2 (i.e. PRAMIN on Nvidia GPUs)
</pre>
</pre>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps3/Talk:Hypervisor_Reverse_Engineering"