Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: PS3 Glitch Finder v1.0 VHDL Design for Spartan-3 FPGAs Arrives

  1. #1
    Join Date
    Apr 2005

    PS3 Glitch Finder v1.0 VHDL Design for Spartan-3 FPGAs Arrives

    Today modrobert has released PS3 Glitch Finder v1.0, which is a VHDL design for Spartan-3 (eg. xc3s400) FPGAs with the purpose of easily creating a custom pulse which can be used to glitch various hardware like the PS3 memory bus.

    Download: PS3 Glitch Finder v1.0 VHDL Design for Spartan-3 FPGAs

    From the ReadMe file: The pulse LOW and HIGH multipliers have a resolution of 255 (X"FF") and can be set independently.


    - Cycle exact pulse generator process tested with logic analyzer
    - Digital Clock Manager (DCM) primitive @ 200MHz (5ns) with lock handling
    - Continuous pulse or one-shot mode selectable via switch
    - Debounce handling for push buttons to prevent erratic behavior
    - Set the LOW and HIGH pulse length multipliers via buttons
    - 7-seg LED display support showing HIGH and LOW pulse multipliers
    - Open source release under GPL v2


    The target device is a Spartan-3 fitted on an FPGA board (eg. Spartan-3 Starter Kit, Basys, Nexys, or similar). You need 5 push buttons (3 is ok also), a four digit "seven-segment" LED display, a dip switch, two regular LEDs, an external crystal/clock at 25MHz or 50Mhz, and a free I/O port.

    Notes: This design is probably overkill for the purpose intended, but I had fun creating it, so one thing led to another. After the pulses are sent the output port drives "Z" (instead if HIGH), thought that might be a good idea to keep the PS3 linux kernel from crashing.

    I've only tested PS3 Glitch Finder with a logic analyzer, not a scope yet, so the tri-state function has not been properly tested. By driving the pulse low and switch to "Z" I did notice that there can sometimes be roughly 300ns delay before high impedance occur, so to prevent the pulse generator from sending an invalid long low pulse I made sure the output is high before driving "Z".

    If you want to start out in the footsteps of geohot, switch to one-shot mode and then set the low pulse multiplier to 8 (8 x 5ns = 40ns) and the high can be 8 as well (don't think it matter much since only one pulse is sent).

    [imglink=|PS3 Glitch Finder v1.0 VHDL Design for Spartan-3 FPGAs Arrives][/imglink]
    [imglink=|PS3 Glitch Finder v1.0 VHDL Design for Spartan-3 FPGAs Arrives][/imglink]
    [imglink=|PS3 Glitch Finder v1.0 VHDL Design for Spartan-3 FPGAs Arrives][/imglink]
    More PlayStation 3 News...

  2. #2
    Dreamcatcher Guest
    Good looks bro! Wish I had the engineering skills to do this when i'm bored!!

  3. #3
    SCE Guest
    //Off Topic

    The pinned "Ps3 hack status" topic can now be updated

  4. #4
    Join Date
    Apr 2005
    Quote Originally Posted by SCE View Post
    //Off Topic

    The pinned "Ps3 hack status" topic can now be updated
    Nah, mainly as most users come here seeking to play PS3 game back-ups and until that is possible all we can do is refer them to that thread saying it isn't yet basically. When it is possible and we have a guide on doing it, then I will update it and link to the guide of course!

    Anyway, let's keep this thread on topic now.

  5. #5
    SwordOfWar Guest
    No disrespect intended, but why are we wasting time reinventing the wheel here?

    I'm not a developer or hacker (wish I had the skills) but it seems rather obvious that since we already have the pulse exploit and it does work, why are we wasting time improving the method to be easier? It seems we should move on from this and come up with more information or a more useful exploit.

    Now there may be something worth it that I'm missing, but hey from what I can piece together this is my basic opinion on the matter.

    But other than that, I suppose it does look like a "suped-up" version of the already-available exploit. It just seems unnecessary.

  6. #6
    JesusFMA Guest
    Quote Originally Posted by SwordOfWar View Post
    It just seems unnecessary ...
    Yep, I kind of agree with you...

    I guess the only thing happening here is that the glitching method is getting "professionalized", 'cause it seems that this thing does the same stuff that the other "rudimentaries" devices also do, but in a fancier, easier and more controled way.

    I wouldn't call it a real progress, but it sure is a very nice form of doing the glitching, and it's nice to see that some people are still working in that matter. I think this guy deserves some credit for doing this.

  7. #7
    Join Date
    Apr 2005
    Pretty much this is what modrobert has been spending his time working on that he wanted to share with the community... it just happened that a few other others made their own prior to him releasing his, but it's definitely still handy for some I imagine.

  8. #8
    sorceror Guest

    Lightbulb Real hardware hacking

    Now, what would be really interesting is applying this kind of hack to finding the PS3's root key:

    Seems someone who understands FPGA programming might have the chops to tackle that...

  9. #9
    tuomi Guest

    Thumbs Up

    This will at least help developers to use another type of device to activate the exploit. As I've understood, the several methods presented require some expensive hardware and if there is other hardware being able to do the same thing I guess some are happy to be pointed to what HW you're able to use.

  10. #10
    hunterrr Guest
    Ok i got a complete noob question for you guys.. What exacly are you guys trying to do with all this hardware stuff or trying to find? Is anything being tested with software or what? i don't understand anything that has been going on since George released the exploit.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts