PS3 [Update: SSL issue Resolved} BG Toolset SSL Issues (80710A06 Error) (July 2024)

[esc0rtd3w]

So according to aldostools you can replace webrender_plugin.sprx with 4.82 OFW would that expose hypervisor access potentially on a superslim model etc or does the file manager do the exploiting capability? @bguerville @esc0rtd3w
just curious as i believe maybe it can be done on 4.91 OFW?

Where did you see this at?

As far as I remember, the webrender sprx is silk. Replacing that wouldn't do anything, as I think its the same on 4.82+, maybe earlier.

Getting hypervisor access (lv1) is already achieved with PS3HEN, with the ability to call lv1, but not modify currently.

The current exploits do not rely on silk, as PS3HEN relies on 4.82 and lower WebKit, and BG Toolset relies on flash.

Now, is there a way to exploit silk? The answer is yes, but would that allow hypervisor access? I guess the answer would be that it would be another entry point for PS3HEN and other userland and lv2 exploits, but beyond that, I dont think it would have any further benefit on its own.

The model differences affected between phat, slim, and superslim would not change as far as exploitation, unless some RSX or other hardware flaw is discovered on models that differ in some way for exploiting.

Someone feel free to correct me if I am wrong.

 

[RoboKing's Cosmos]

Where did you see this at?

As far as I remember, the webrender sprx is silk. Replacing that wouldn't do anything, as I think its the same on 4.82+, maybe earlier.

Getting hypervisor access (lv1) is already achieved with PS3HEN, with the ability to call lv1, but not modify currently.

The current exploits do not rely on silk, as PS3HEN relies on 4.82 and lower WebKit, and BG Toolset relies on flash.

Now, is there a way to exploit silk? The answer is yes, but would that allow hypervisor access? I guess the answer would be that it would be another entry point for PS3HEN and other userland and lv2 exploits, but beyond that, I dont think it would have any further benefit on its own.

The model differences affected between phat, slim, and superslim would not change as far as exploitation, unless some RSX or other hardware flaw is discovered on models that differ in some way for exploiting.

Someone feel free to correct me if I am wrong.

That was on one of my threads about feature requests to bguerville but yeah I suppose this makes it way easier to install HEN according to aldos than using the file manager which is complicated according to him anyways

 

[aldostools]

That was on one of my threads about feature requests to bguerville but yeah I suppose this makes it way easier to install HEN according to aldos than using the file manager which is complicated according to him anyways

The file manager in bgtoolset hasn't been made public yet, so I cannot tell if it's complicated or not.

An option that mount /dev_blind and replace the webKit plugin automatically or by clicking a button from OFW should be easier than browse paths in a general purpose file manager. Something similar to sprx-replacer but using bgtoolset's exploit.

 

[esc0rtd3w]

The file manager in bgtoolset hasn't been made public yet, so I cannot tell if it's complicated or not.

An option that mount /dev_blind and replace the webKit plugin automatically or by clicking a button from OFW should be easier than browse paths in a general purpose file manager. Something similar to sprx-replacer but using bgtoolset's exploit.

He basically added that functionality already privately, kind of like an OFW to HFW converter. I think @RoboKing's Cosmos was mistaken about the file, as its silk_webkit.sprx that gets replaced.

 

[bguerville]

I don't quite see a real need for a one button - one step file replacer.
One should not need to change that sprx every 2mn, not even on every boot as keeping the old WebKit is not exactly dangerous.

In any case, short of looking for new exploits, I think the best way forward for tools like a file replacer or for HEN might be to use one of my Flash exploits in faust_widget_plugin.sprx, the standalone Flash 9 player used by the XMB and there would be no need to start a browser at all.
I have been meaning to work on this for months but life kept me far too busy..

Regarding the hypervisor memory space read/write access, you should lower your expectations. The Toolset file manager will in no way help you get there.
The hypervisor target is meant to be the next step of my project, in other words, I have not started to work on it.

 

[NiQ]

The hypervisor target is meant to be the next step of my project, in other words, I have not started to work on it.

Isn't that like the holy grail of super-slims? If you gain access to lv1 you might be able to dump the ERK on non-CFW capable systems.

 

[bguerville]

Isn't that like the holy grail of super-slims? If you gain access to lv1 you might be able to dump the ERK on non-CFW capable systems.

To achieve that, it requires a lv1 exploit, it could be through a vulnerable hypervisor system call exposed to lv2, through the RSX or other.

But it is not exactly the holy grail though, it would allow full CFW capabilities at runtime but it would be activated like HEN.

The holy grail is a full fledged CFW and that requires more than just a lv1 exploit.
Still a lv1 exploit might help bring us closer to that goal.