PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

+ Reply to Thread
Page 1 of 6 123 ... LastLast
Results 1 to 10 of 56



  1. #1
    Newbie is0mick's Avatar
    Join Date
    Jan 2010
    Posts
    27




    Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz

    Hi guys, I used an Atmega8 running at 16Mhz (I had a couple lying about from the BT Vision project I was working on) and knocked up a small prog to do the same as the other chips and dump out the PS3 Hypervisor and Bootloader.

    I was quite surprised, It actually worked fairly straight away! I only had one pulse going everytime I pressed the button at first but not a lot was happening.

    So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

    After about 30-40 seconds... I got a hit with the exploit code posted here. Then I used the dumper (posted here) to dump the 10mb bin.

    Just having a look through the dump, lots of strings in there.. I haven't dropped it into IDA yet tho...

    This is the source and hex (for those who dont want to compile it) for the Atmega8 which I glitched my PS3 with. The Chip I used was the Atmega8-16pu. You will also need a 16mhz Crystal, and 2 x 22pf Capacitors.

    Grounding pin 14 on the chip will produce a pulse on Pins 2 of the chip (infact it does all of PORTD) This should then go to the memory bus point on the ps3. See Circuit diagram (below).

    I used ponyprog to program my chip, with CKOPT ticked in the fuse settings, everything else was unticked.

    Code Below..

    [Register or Login to view code]

    Part of the result

    [Register or Login to view code]

    Mick

    Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz

    More PlayStation 3 News...
    Attached Files Attached Files

  2. #2
    Moderator CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174




    Awesome work and +Rep!

    Great job on reusing the Atmega to send the pulse. Just proves there is yet another (cheaper) way to get it done! I take it there was still quite a bit of trial and error to get the exploit triggered?

    Did you end up making your own app to dump the memory out, or did you use kakarotoks kernel module to take care of it?

  3. #3
    Moderator PS4 News's Avatar
    Join Date
    Apr 2005
    Posts
    29,511




    Very nice job is0mick and THANKS for sharing. +Rep also!

    It's refreshing to know that there are people beyond the small group of "Site Devs" who are willing to invest their time and money into projects like this to help out the community.

    I truly hope you will inspire others as well, and I may move this thread to the Site News shortly just so others can check it out... as it's easy to miss when it is in the Forums alone.

  4. #4
    Newbie is0mick's Avatar
    Join Date
    Jan 2010
    Posts
    27




    I was quite suprised, It actually worked fairly straight away!

    I only had one pulse going everytime I pressed the button at first but not a lot was happening.

    So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

    After about 30-40 seconds... I got a hit with the exploit code posted here.
    Then I used the dumper (posted here) to dump the 10mb bin.

    Just having a look through the dump, lots of strings in there..
    I haven't dropped it into IDA yet tho...

    Mick

  5. #5

    Thumbs Up

    Good job on this!

    How cheap is the hardware you're using?

  6. #6
    Awesome stuff coming out.. Hopefully we get something out of it all

    +REP also

  7. #7
    Newbie is0mick's Avatar
    Join Date
    Jan 2010
    Posts
    27




    Attached in the first post HERE is the code, compiled hex, circuit diagram I quickly chucked together, and a small readme.

    Hope I didnt miss anything.. (apologies if I have, its Waaaay past my bedtime )

    Mick

    Edited By Admin: Moved Attachment to First Post for Site News and linked it.

  8. #8
    hey mick fancy seeing you here

    great work on the coding mate, nice to see the btvision project is still helping ;D

  9. #9
    Member aries2k6's Avatar
    Join Date
    Mar 2006
    Posts
    338




    Great Job.

    Im glad more ways are popping up for achieving this and more people are looking into the dumps. The ps3 scene is starting to look hopeful.

  10. #10

    Smile

    Cool, I was going to buy an Arduino anyway. Now I have another reason to get one.

 



Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
  • Register, Login or Activate Your Account to post on the forums.