February 14, 2010 // 11:32 pm - Hi guys, I used an Atmega8 running at 16Mhz (I had a couple lying about from the BT Vision project I was working on) and knocked up a small prog to do the same as the other chips and dump out the PS3 Hypervisor and Bootloader.

I was quite surprised, It actually worked fairly straight away! I only had one pulse going everytime I pressed the button at first but not a lot was happening.

So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

After about 30-40 seconds... I got a hit with the exploit code posted here. Then I used the dumper (posted here) to dump the 10mb bin.

Just having a look through the dump, lots of strings in there.. I haven't dropped it into IDA yet tho...

This is the source and hex (for those who dont want to compile it) for the Atmega8 which I glitched my PS3 with. The Chip I used was the Atmega8-16pu. You will also need a 16mhz Crystal, and 2 x 22pf Capacitors.

Grounding pin 14 on the chip will produce a pulse on Pins 2 of the chip (infact it does all of PORTD) This should then go to the memory bus point on the ps3. See Circuit diagram (below).

I used ponyprog to program my chip, with CKOPT ticked in the fuse settings, everything else was unticked.


Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz

#25 - crazydogg08 - February 15, 2010 // 8:43 pm
I've rebuilded xorloser hardware with a Attiny2313 at 25MHz at the past Weekend. But I could not test it yet. maybe next weekend

You can download the package here: Sorry, all in german

The Download link is at the bottom of the Page. Source Code + Circuit are included.

Costs about 3,50 Euro. Your opinions would be nice.

#24 - tridentsx - February 15, 2010 // 8:21 pm
I wounder if I could do this by connecting a Signal generator that generates square waves at a frequency of 25MHz. I will do a quick test tonight with some SMT clips.

Does anybody know if there is a difference in f/w between the different regions ?

My PS3 is a Hong Kong version with REG A blueray and reg 2 dvd.

#23 - adrian6184 - February 15, 2010 // 7:13 pm
Mmm.. interesting job

#22 - nannou - February 15, 2010 // 6:51 pm
I have an arduino, will i finally use it?

#21 - geohot - February 15, 2010 // 6:29 pm
Told y'all the hardware was really simple. Nice job

#20 - angelbemine3 - February 15, 2010 // 5:48 pm
Is this the chip you used?

something about the arduino to consider. Pin I/O performance:

#19 - mckarlsson - February 15, 2010 // 5:31 pm
i hope everything like that will bring us a lot of homebrew !!! nice work guys

#18 - DarkOgr - February 15, 2010 // 5:15 pm
very cool!!! waiting homebrew)

#17 - is0mick - February 15, 2010 // 2:44 pm
Quote Originally Posted by Descrambler View Post

Ground and +3.3V are bricked on your cicuit - there's something wrong and you should correct that btw.

Well spotted!.. I'll fix that shortly, it was 2am after all!


#16 - Descrambler - February 15, 2010 // 1:30 pm
Ground and +3.3V are bricked on your cicuit - there's something wrong and you should correct that btw.