This is the type of progress i'm always referring to. not videos on youtube with fictitious claims of success. I wish geohot all the best in his REAL effort in cracking the ps3. If he finds an opening, i'm sure the devs will have a field day providing the community with full access to the ps3's full potential.
FPGA today is used in a lot of products from Digital Video Technologies, Industrial/Scientific & Medical, Wireless Communications to Satellites project in orbit. Satellites and cars typically uses CAN for communication between Microprocessors.
It's good to see that he's going where no one else has tried. i'm not sure if thats true or not but it sure seems that way. it's good to read his progress every step of the way to. loving his work, the guys a legend and i have complete faith in what he's doing. i know hes going to accomplish something amazing.
For anyone who doesnt read Geohotz's PS3 Blog comments:
I would have put a write only protect bit in there... config only once after reset.
Did you get a trace of the registers written through the SPI and decode it yet? Sure would be interesting if all it takes is to flip a few bits in the stream on the fly... a mod chip would be trivial just using a CPLD if so.
George Hotz said...
Yep, I have a full dump and that would make a mod chip super simple. The only possibly exploitable thing is the configuration ring, and I've looked over that a bunch of times, don't see anything that quickly leads to unsigned. And the config ring is only once after reset.
But theres a whole set of MMIO you can R/W too, which is why I built this injection rig. Just watched two episodes of Jersey Shore, we'll know in like an hour if the MMIO is locked down or not.
MMIO over SPI doesn't appear to work
I have control over the BIC(Bus Interface Controller) through the FlexIO interface though. Now I just have to figure out what these things are.