Hey :)

I am curious, does anyone know (at least a way of getting) the blockdevice names of the PS3's devices?

I mean like ms0:/ get mounted from msstor0: on the PSP, what are the device names for the HDD and BD drive on the PS3?
Or even the flash?

I am not talking about /dev_hdd0 and the such, those are only the mount points.... (like the ms0:/ on the PSP).

:)

You may be able to figure this out by using the web browser on the ps3... That's how the ones on the psp were found out... (well, sorta... they used the web browser in wipeout pure...)

Sort of in the same vein I've attempted to use a web based fuzzer to fuzz the url bar for things like 'file://' 'view-source' as well as iterations of unusual characters(null bytes and the like). It's still a work in progress but the ps3 browser seems to be a variation of the NetFront browser which is usually used in embedded devices.

Browsers are never the most secure of things. If I can get netfront emulated and under a VM I'll be able to get more efficient fuzzing leverage.

NetFront has been attacked using various vectors (JavaScript included) and has stood up to all.... at least on the PSP.

NetFront has been attacked using various vectors (JavaScript included) and has stood up to all.... at least on the PSP.

You're right, it is pretty damn robust. Still there's nothing quite like doing things for yourself to learn how a system works.

I was working on the angle that Flash, with it's many failings, would be an exploitable vector for an oveflow. It would still be userspace privileged but there's no telling what kind of foothold/information could be gleaned. (
I'm very much in the 'stick a spanner in it and see how it changes things' school of hacking).

As a small note, for reference the one things the Flash plugin does reveal is it's version and path location.

Shockwave Flash 9.0 r151 - /dev_flash/vsh/module/silk_npflashplayer.sprx

I include this for reference only.

I can't speak for the PS3, however I've explored various possibilities in netfront on the PSP, including heap spraying and all the standard stuff... it's solid (which is annoying).

Although I did learn a great deal about the PNG format while on the same project, managed to crash the PSP with a combination of two PNG files, again... unfortunately it was useless.

I can't speak for the PS3, however I've explored various possibilities in netfront on the PSP, including heap spraying and all the standard stuff... it's solid (which is annoying).

Although I did learn a great deal about the PNG format while on the same project, managed to crash the PSP with a combination of two PNG files, again... unfortunately it was useless.

Yep. If I remember correctly there was a .tiff exploit (I think it may have been the standard tiff library exploit) which allowed for various exploits(it was way before I got my ps3) on the ps3.

I'm sure you have tried it but it is worth mentioning the image meta data overflows/script injection tricks.

I'm mostly playing with the ps3 HDD these days. I've backed it up and am looking at the structures. Mathieulh has mentioned it's partitioned as a UFS2 file system with AES encryption.
There's no real hope of me making head way with decryption of any sort but I'm altering things byte by byte trying to enumerate locations.

Currently playing with the master boot record(a lot of it can be altered without obvious detriment).

If I can find a cache area then hopefully I can figure out a way to shunt data in the place of something waiting to be signed(the OtherOS method is sadly unusable as I'm on FW3.30).

It's fun and I'm glad to be on here, the guys on other 'scene' sites are a nightmare.