Page 3 of 3 FirstFirst ... 23
Results 21 to 22 of 22

Thread: PS3 USB Keyboard LED Exploit and Source Code Released

  1. #21
    CodeKiller Guest


    WARNING! Stability issue found! But there is a solution: YOU SHOULD CONNECT THE 'AVCC' TO 'VCC' PIN!

    I have overlooked that pin before, sorry!

    With this workaround the ps3 will be playable again

  2. #22
    CodeKiller Guest

    Installation tips and clarification

    These are not the only, but one good way to install.
    • use some thick insulation below the atmega
    • the USB wires are not sensitive, i used wires from an old ribbon-cable (as in old mobo-headers or old 40-wire IDE-cables)
    • but the attack wire is sensitive, make it's way away from the psu's prongs; for wire i used an extracted wire from a broken 80-wire IDE-cable, and use the hole more away from the psu-connector in the shielding to connect to the uC
      (you can see connectors on my pictures, but these was for developing purpose)

    How to use:
    first, arm the device with the program supplied (without it, it won't react to scroll-lock)
    2nd, start the ps3exploit with a suitable parameter
    3rd, during the prg run, press the scroll-lock button on a real keyboard attached to the ps3
    4th, if the program finished, press the scroll-lock again to unlock the console messages
    repeat 2 to 4 until the ps3 successfully exploited

    after successfully exploited, you can disarm the device
    - you need to switch scroll-lock off to reset the device's counter
    /if the program runs several times without any issue (freeze, any program-malfunction, ..etc) nor successful exploit, check the attacking wire may be disconnected/ if the ps3 is unstable, you can't play games, then the wire maybe too close to the prongs, put it further away from it (drive the wire to the hole(s) in the side of the resistor where the connection have been made)/

    The device sends 1clk pulses after an initial delay, with programmed spacing, till a programmed count is reached.
    (you can use some other crystals as well, but you need to modify the code)

    During programming, don't forget to set the fuses: external crystal (cksel= 1111) and I've enabled the brown-out detector.
    /<- scroll-lock on ->\
    ~~~~~\_/~~~~~~\_/~....~~~~~\_/~~~~....~~~~ <- atck line (~ = high-Z)
    | | | |
    | | | |- last pulse
    | <---->|<--------->|
    pre_dly pls_ms
    The default values are 100ms pre delay, 100ms pulse gap, and sends only 7 pulse in one session (while the scroll-lock led lit).
    It's highly recommended to change these values with the programs included. (if you installed open-ssh, you can copy with scp/winscp, or you can paste in putty..)

    If your PS3 have only 2 USB port and scared by the fact you will lose one of them: don't worry, you can use standard usb hubs to mutiplicate the working one. (for utilities which require 2 usb ports, one for data and one for additional power, the occupied port (by the exploiter) still can be used for power source)

    (to mods: the ascii-image got misaligned :s ... i think you want use 'code' tag instead of 'quote' tag, i fixed the alignment also to be correct for code tag .. please replace)

    /<- scroll-lock on                         ->\
    ~~~~~~~~\_/~~~~~~~\_/~....~~~~~\_/~~~~....~~~~ <- atck line
    |       |         |            |
    |       |         |            |- last pulse
    pre_dly   pls_ms 
    (~ = high-Z)

Page 3 of 3 FirstFirst ... 23

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts