Sponsored Links

Sponsored Links

Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz


Sponsored Links
263w ago - Hi guys, I used an Atmega8 running at 16Mhz (I had a couple lying about from the BT Vision project I was working on) and knocked up a small prog to do the same as the other chips and dump out the PS3 Hypervisor and Bootloader.

I was quite surprised, It actually worked fairly straight away! I only had one pulse going everytime I pressed the button at first but not a lot was happening.

So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

After about 30-40 seconds... I got a hit with the exploit code posted here. Then I used the dumper (posted here) to dump the 10mb bin.

Just having a look through the dump, lots of strings in there.. I haven't dropped it into IDA yet tho...

This is the source and hex (for those who dont want to compile it) for the Atmega8 which I glitched my PS3 with. The Chip I used was the Atmega8-16pu. You will also need a 16mhz Crystal, and 2 x 22pf Capacitors.

Grounding pin 14 on the chip will produce a pulse on Pins 2 of the chip (infact it does all of PORTD) This should then go to the memory bus point on the ps3. See Circuit diagram (below).

I used ponyprog to program my chip, with CKOPT ticked in the fuse settings, everything else was unticked.

Mick



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!
Sponsored Links
Sponsored Links

Comments 55 Comments - Go to Forum Thread »

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#25 - crazydogg08 - 262w ago
crazydogg08's Avatar
I've rebuilded xorloser hardware with a Attiny2313 at 25MHz at the past Weekend. But I could not test it yet. maybe next weekend

You can download the package here: http://crazydogg08.blogspot.com/ Sorry, all in german

The Download link is at the bottom of the Page. Source Code + Circuit are included.

http://rs347.rapidshare.com/files/351043281/ps3Glitch_attiny2313.rar

Costs about 3,50 Euro. Your opinions would be nice.

#24 - tridentsx - 262w ago
tridentsx's Avatar
I wounder if I could do this by connecting a Signal generator that generates square waves at a frequency of 25MHz. I will do a quick test tonight with some SMT clips.

Does anybody know if there is a difference in f/w between the different regions ?

My PS3 is a Hong Kong version with REG A blueray and reg 2 dvd.

#23 - adrian6184 - 262w ago
adrian6184's Avatar
Mmm.. interesting job

#22 - nannou - 262w ago
nannou's Avatar
I have an arduino, will i finally use it?

#21 - geohot - 262w ago
geohot's Avatar
Told y'all the hardware was really simple. Nice job

#20 - angelbemine3 - 262w ago
angelbemine3's Avatar
Is this the chip you used? http://www.sparkfun.com/commerce/product_info.php?products_id=210

something about the arduino to consider. Pin I/O performance: http://news.jeelabs.org/2010/01/06/pin-io-performance/

#19 - mckarlsson - 262w ago
mckarlsson's Avatar
i hope everything like that will bring us a lot of homebrew !!! nice work guys

#18 - DarkOgr - 262w ago
DarkOgr's Avatar
very cool!!! waiting homebrew)

#17 - is0mick - 262w ago
is0mick's Avatar
Quote Originally Posted by Descrambler View Post
@is0mick:

Ground and +3.3V are bricked on your cicuit - there's something wrong and you should correct that btw.


Well spotted!.. I'll fix that shortly, it was 2am after all!

Mick

#16 - Descrambler - 262w ago
Descrambler's Avatar
@is0mick:

Ground and +3.3V are bricked on your cicuit - there's something wrong and you should correct that btw.

 

Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News