PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

276w ago - Hi guys, I used an Atmega8 running at 16Mhz (I had a couple lying about from the BT Vision project I was working on) and knocked up a small prog to do the same as the other chips and dump out the PS3 Hypervisor and Bootloader.

I was quite surprised, It actually worked fairly straight away! I only had one pulse going everytime I pressed the button at first but not a lot was happening.

So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

After about 30-40 seconds... I got a hit with the exploit code posted here. Then I used the dumper (posted here) to dump the 10mb bin.

Just having a look through the dump, lots of strings in there.. I haven't dropped it into IDA yet tho...

This is the source and hex (for those who dont want to compile it) for the Atmega8 which I glitched my PS3 with. The Chip I used was the Atmega8-16pu. You will also need a 16mhz Crystal, and 2 x 22pf Capacitors.

Grounding pin 14 on the chip will produce a pulse on Pins 2 of the chip (infact it does all of PORTD) This should then go to the memory bus point on the ps3. See Circuit diagram (below).

I used ponyprog to program my chip, with CKOPT ticked in the fuse settings, everything else was unticked.

Mick

Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.




#5 - gtxboyracer - 276w ago
gtxboyracer's Avatar
Awesome stuff coming out.. Hopefully we get something out of it all

+REP also

#4 - Ihatecompvir - 276w ago
Ihatecompvir's Avatar
Good job on this!

How cheap is the hardware you're using?

#3 - is0mick - 276w ago
is0mick's Avatar
I was quite suprised, It actually worked fairly straight away!

I only had one pulse going everytime I pressed the button at first but not a lot was happening.

So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

After about 30-40 seconds... I got a hit with the exploit code posted here.
Then I used the dumper (posted here) to dump the 10mb bin.

Just having a look through the dump, lots of strings in there..
I haven't dropped it into IDA yet tho...

Mick

#2 - PS4 News - 276w ago
PS4 News's Avatar
Very nice job is0mick and THANKS for sharing. +Rep also!

It's refreshing to know that there are people beyond the small group of "Site Devs" who are willing to invest their time and money into projects like this to help out the community.

I truly hope you will inspire others as well, and I may move this thread to the Site News shortly just so others can check it out... as it's easy to miss when it is in the Forums alone.

#1 - CJPC - 276w ago
CJPC's Avatar
Awesome work and +Rep!

Great job on reusing the Atmega to send the pulse. Just proves there is yet another (cheaper) way to get it done! I take it there was still quite a bit of trial and error to get the exploit triggered?

Did you end up making your own app to dump the memory out, or did you use kakarotoks kernel module to take care of it?