Page 10 of 12 FirstFirst ... 91011 ... LastLast
Results 91 to 100 of 114

Thread: PS JailBreak Mod Code Sniffed via USB, Logged and Examined

  1. #91
    whinis Guest
    Could we possibly use the ps3 to generate custom pups after we flash it?

  2. #92
    itsmonkey Guest
    Quote Originally Posted by daveribz View Post
    No, because of read-protection on the microcontroller. A 'simple' Atmega chip is still pretty secure.
    Maybe we need to sticky this information because all threads everywhere on the internet are getting cluttered with people thinking that this is possible. Everyone who has heard of programming chips through the grapevine thinks this is possible but everyone who has programmed a chip or wrote their own code knows how simple it is to put read-protection on.

    Someone who has the chip and the right kit could take the surface of the chip casing off and read direct - but it takes a little bit more skill and effort. I don't have access to this tech any more but I am sure someone out of the scene does. Get some of the old boys involved with decent equipment!

  3. #93
    mushy409 Guest
    In regards to the Atmel AVR, wouldn't acid de-capping be an option for this, or do these AVRs have protection from this aswell? (security mesh etc)

  4. #94
    tripellex Guest
    Quote Originally Posted by mushy409 View Post
    In regards to the Atmel AVR, wouldn't acid de-capping be an option for this, or do these AVRs have protection from this aswell? (security mesh etc)
    Decapping with a 70-pct solution of NFNA heated to 150 degrees C with a blowtorch has worked for me in the past, but you run a major risk of destroying the die's integrity, rendering reading useless. It's a risky venture. If I can get my hands on a few older Atmegas for trial-and-error runs, I'll try testing to see if I can get a read off them after decapping.

  5. #95
    mushy409 Guest
    Quote Originally Posted by whinis View Post
    Could we possibly use the ps3 to generate custom pups after we flash it?
    No. Where in this topic do you see the mentioning of FLASHING? This is different to your typical ad-mag / Ebay "I'll flash your xbox for 20.." jobby.

    I've done this a few times with PICs and a few older atmels, but to be honest it's been a while since I did anything like this (4-5 years+)

    I've turned my attention to other areas nowadays. Although I do have a few friends who study electronics at grad level so may have access to the kind of equipment required.

    I would imagine once (if) we have decapped the atmel & dumped the contents we can start to disassemble the code PROPERLY to understand how it communicates to the host (ps3) and what timings etc are used.

  6. #96
    tripellex Guest
    On a related note, I have a feeling that we're all working way too hard here to disassemble this thing, when the solution must be extraordinairily simple. How else would so many generic clones start popping up so quickly? We're overcomplicating the process, and just need to find the same solution the clone makers came up with.

  7. #97
    mushy409 Guest
    Sorry forgot to mention:

    I used 95% nitric to decap them. I know some people prefer different strengths depending on how keen you are to get at the die

    Best method I found was to go at it slowly, check after each acid bath & be VERY VERY gentle when/if you need to scrape.

  8. #98
    Bulldogzz Guest
    As i stated previously, if not acknowledged, the most simplistic it could be, is overflowing the buffer, which we have code for (Even if the code is a little, 'damaged'), then overwriting return address to execute user provided code which changes a je to a jmp asm wise, I mean I doubt it's that simple but hell, that's simplistic for you.

  9. #99
    mushy409 Guest
    Ah, but if they all come on the same bill then they are 1! (Damn Sky advert)

    Anyways, yes the solution is probably staring us straight in the mush (no pun intended) The code for this JB dongle may have been leaked by someone involved/in contact with the JB device.

    I'm sure many of the chinese companies have access to people/equipment who can duplicate pretty much ANYTHING electronics wise. For example:

    Mobile phones - Ripped off by the Chinese
    Modchips - Ripped off by the Chinese
    Ipods - Ripped off by the chinese

    Do I need to continue?

    The main objective here is to get the code from the atmel - decapping/glitching/begging whatever.

    For now I'm off to do some research and dig out my old AVR programmer...

    @tripellex - good luck with the decapping

  10. #100
    tripellex Guest
    Thanks Mush, I'll keep you all posted after I the materials I need. I have some old Atmegas sitting in a box somewhere, gotta dig those out first.

    @mush: The 95% solution seems pretty heavy, especially on the die's filaments. Hopefully working directly off the die surface will be a last resort, and someone will come forward with the missing puzzle pieces before we have to progress that far. Not saying that to be lazy, just saying its a risky risky move.

Page 10 of 12 FirstFirst ... 91011 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts