  1. #221
    TUHTA Guest
    Thanks a lot CJPC!!! But can you show your one? What did you use?

    how many times you press Button to get exploited?

  2. #222
    CJPC Guest
    Quote Originally Posted by TUHTA View Post
    Thanks a lot CJPC!!! But can you show ur one? What did you use?

    how many time you press Button to get exploited?
    Mine has still yet to fully work, but umm - A LOT, by that, i mean a TON, over the course of about an hour of hitting the button and rebooting, i got it to trigger twice - not very useful yet. The 555 might be too slow to do the trick often enough (not too sure yet).

    But, mine was like the diagram, except I hard wired pin 2 to VCC, vs the switch - will try the switch method a bit later - pretty much what I posted (noting Pin2 to VCC vs the switch) HERE and HERE.

  3. #223
    semitope Guest


    I'm sure somebody can write a simple program to send whatever that button does at a much higher frequency that the human hand can. "Just do it"!

  4. #224
    TUHTA Guest
    ok CJPC i will try your diagram so IT WiLL WORK i believe! i will write later some progress!

  5. #225
    Join Date
    Apr 2005


    No surprise here since it was released before the exploit, but to quote: http://twitter.com/Mathieulh/status/8643140668
    I just wanted to confirm to anyone willing to try geohot's hack on the ps3 that it does work on 3.15 (it has been tested)
    10 minutes ago from web
    Mathieu Hervais

  6. #226
    mushy409 Guest
    I don't know if this has already been asked, but can the 50ns low pulse be achieved by using a pic chip (12F629 or similar) and a bit of code to trigger the pulse instead of using a switch?

    As mentioned earlier, transistors are much faster than tactile buttons. Could this be done?

    For example: PIC 12F629 that pulls an output low for 50ns, but does this say 4 times a second? Surely this would result in more 'hits' for the exploit?

    Correct me if I'm wrong.

  7. #227
    CJPC Guest
    Well - in theory yes it would work, assuming you can find a PIC that can handle the job fast enough (and, make up some code to whip on there).

  8. #228
    conee Guest
    Quote Originally Posted by Mdiv View Post
    PSPICE sims with that very circuit gave a high pulse for 30-35 nS then rolled off down to 0V at 45-50 nS. If you want to replace the bilateral switch for a transistor it might work a little bit better and be more accurate timing wise. Base to pin 3, Collector to PS3, Emitter to ground. Also, talking to my tutor the smaller the capacitor the more defined the pulse will be with less roll off.

    So if you can, try C = 10pF, R = 3k6 Ohms (40nS)
    If no luck try C = 10pF, R = 3k1 Ohms (to allow for 5 nS delay).
    you know what i think is the problem, i don't think the people using your circuit understand that the 555 triggers on a negative pulse. what i think the problem CJPC and others are having is that with the way your 555 is wired (especially with the reset held high), it'll switch only ONCE, and that's when your button is let go.

    for whoever is using his circuit, you have to keep the trigger held at 5V UNTIL you want the pulse to go through, and then let go of the button (if you're using a momentary switch / pushbutton). quite frankly i feel like the pulse width may not be the deciding factor as to why everyone is having issues with the glitch working. if CJPC was able to get it to work twice, i feel like a difference of +-5ns isn't significant, but rather it's the fact that when people think it SHOULD be triggering, it isn't.

  9. #229
    yellowsnow Guest
    I believe you are right at far as the way the 555 is wired I think it should be wired in astable mode http://en.wikipedia.org/wiki/555_timer_IC it uses two resistors and continually pulses on a specified frequency also I dont think that you need HEF4016 also the wiki page provides a formula to calculate the time of the pulse LOW=ln(2)*R2*C(in Frads (F) im not firmiliar with the ln value but if someone with better electronic knowledge wants to comment I think we could figure a smaller easier to source (all Radioshack parts) pulse "generator".

  10. #230
    CJPC Guest
    Well - Gave the altered diagram a try (2+6 to the switch) - also had no luck. Open to suggestions on some modifications, if not we are going to have to get a bit more creative.

    If I had to guess, it seems like conee might be onto something, as in the switch not totally triggering properly - however the PDF does not seem to agree - says to pull the lines high for a low pulse, then again - nothing seems to agree!

