Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz

Category: PS3 Hacks & JailBreak By: is0mick - (ps3news.com)
Tags: dumping ps3 hypervisor dumping ps3 bootloader atmega8 16mhz

174w ago - Hi guys, I used an Atmega8 running at 16Mhz (I had a couple lying about from the BT Vision project I was working on) and knocked up a small prog to do the same as the other chips and dump out the PS3 Hypervisor and Bootloader.

I was quite surprised, It actually worked fairly straight away! I only had one pulse going everytime I pressed the button at first but not a lot was happening.

So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

After about 30-40 seconds... I got a hit with the exploit code posted here. Then I used the dumper (posted here) to dump the 10mb bin.

Just having a look through the dump, lots of strings in there.. I haven't dropped it into IDA yet tho...

This is the source and hex (for those who dont want to compile it) for the Atmega8 which I glitched my PS3 with. The Chip I used was the Atmega8-16pu. You will also need a 16mhz Crystal, and 2 x 22pf Capacitors.

Grounding pin 14 on the chip will produce a pulse on Pins 2 of the chip (infact it does all of PORTD) This should then go to the memory bus point on the ps3. See Circuit diagram (below).

I used ponyprog to program my chip, with CKOPT ticked in the fuse settings, everything else was unticked.

Mick

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

55 Comments - Go to Forum Thread »

#55 - sapperlott - 167w ago

You could take 5V from the USB port and add a resistor. AFAIK the AVR can operate at 5V, too - check the data sheet.

And yes - the connection between Vcc and GND shouldn't be there. That mistake was pointed out to the author on the first two pages but it looks like he didn't provide a fixed schematic afterwards.

#54 - khetzal - 167w ago

In my opinion, the 3.3V is not send to the ps3, it only feed the avr (there is normally no power send to the ps3, only a link between the xdr and the ground is made)

#53 - moneymaker - 167w ago

I've seen someone talking about a MAC modded keyboard, I've already told about a modded keyborad (not a MAC one indeed) to speed up things but seemed no one had the wish to wreck a 5$ keyboard to perform the hack with a bit more ease...

Furthermore, rereading I've seen now many ones talking about 3,3V... but... XDR of PS3 works on 1,8V, it's not that feeding it a 3,3V pulse could set up a big mess into it ?

#52 - khetzal - 167w ago

I hadn't see that there is a new method Thanks you for the information !

But now i've order the atmega8, i will be happy if i can make it working too.

#51 - SCE - 167w ago

Originally Posted by khetzal

Hello, sorry for upping this old thread.

I've just order all I need to make this assembly, but i've two questions:
- Is it normal that the ground and the +3V are linked ?
- Where do you take +3.3V ?

Thanks you a lot.

There is a new method that uses LPT which is way more cheaper and easier. Why don't you use it?

Page 1 of 11 12 3 4 5 6 7 8 9 ›LAST »

Related PS3 News and PS3 CFW Hacks or JailBreak Articles

• PS3 EDAT Devklic Bruteforcer v1.0 / v1.1 By JjKkYu is Released
• MAME 0125 (Multiple Arcade Machine Emulator) for PS3 Release 1 Out
• PS3 Game List by Nullptr PlayStation 3 Homebrew App is Released
• MultiMAN v04.40.00 PS3 Server and Showtime Edition Updates Out
• ScummVM 1.6.0 PlayStation 3 Emulator Updated, +4 to Engines
• PSN Tool v1.0 and PSN Tool Creator v1.0 to Combat PSN Bans Arrive

PlayStation 3 Links
• Contact Us E-Mail
• PS3 Affiliates
• PS3 CFW & MFW
• PS3 Debug Firmware
• PS3 Decrypted PSN Links for CFW
• PS3 Downloads
• PS3 EBOOT.BIN Original File Links
• PS3 Firmware
• PS3 Game Releases List
• PS3 Guides & Tutorials
• PS3 Hacking Guides and Tutorials
• PS3 Hacks & JailBreak
• PS3 Help & Support
• PS3 JailBreak Game Compatibility List
• PS3 JB2 / True Blue (TB) Game Links
• PS3 multiMAN Updates
• PS3 News Forums
• PS3 News Site FAQ
• PS3 News Site Advertising FAQ
• PS3 News Site Posting FAQ
• PS3 News Site Privacy FAQ
• PS3 News Site Rules
• PS3 News Site Tag Cloud
• PS3 News Site Terms
• PS3 Resources
• PS3 Reviews
• PS3 Save Files Repository
• PS3 Themes
• PS3 Trophies List
• PS3 Videos
• PS Vita Trophies List

PlayStation 3 News Discussions

PS3 OFW 4.45 is out -- be warned -- mass bricking - 10m ago

After swapping back in my original 160GB HDD, I was still getting the 8002F281 error. I ended up having to do a full PS3 Reset and reformat of the 160...

By Transient with

9 Comments »

PS3 OFW 4.45 is out -- be warned -- mass bricking - 56m ago

poor bugger. at least you got ps3 back i guess. i dont want my ps3 much anymore so ill wait n see what sony offers before updating to a brick.lol...

By elser1 with

9 Comments »

PS3 OFW 4.45 is out -- be warned -- mass bricking - 1h ago

Well, here's what I've tried: - choosing System Update menu item from Safe Mode causes PS3 to lock up. Doesn't even change screens, it just locks up. ...

By Transient with

9 Comments »

PS3 OFW 4.45 is out -- be warned -- mass bricking - 1h ago