No, because of read-protection on the microcontroller. A 'simple' Atmega chip is still pretty secure.
Maybe we need to sticky this information because all threads everywhere on the internet are getting cluttered with people thinking that this is possible. Everyone who has heard of programming chips through the grapevine thinks this is possible but everyone who has programmed a chip or wrote their own code knows how simple it is to put read-protection on.
Someone who has the chip and the right kit could take the surface of the chip casing off and read direct - but it takes a little bit more skill and effort. I don't have access to this tech any more but I am sure someone out of the scene does. Get some of the old boys involved with decent equipment!
In regards to the Atmel AVR, wouldn't acid de-capping be an option for this, or do these AVRs have protection from this aswell? (security mesh etc)
Decapping with a 70-pct solution of NFNA heated to 150 degrees C with a blowtorch has worked for me in the past, but you run a major risk of destroying the die's integrity, rendering reading useless. It's a risky venture. If I can get my hands on a few older Atmegas for trial-and-error runs, I'll try testing to see if I can get a read off them after decapping.
Could we possibly use the ps3 to generate custom pups after we flash it?
No. Where in this topic do you see the mentioning of FLASHING? This is different to your typical ad-mag / Ebay "I'll flash your xbox for £20.." jobby.
I've done this a few times with PICs and a few older atmels, but to be honest it's been a while since I did anything like this (4-5 years+)
I've turned my attention to other areas nowadays. Although I do have a few friends who study electronics at grad level so may have access to the kind of equipment required.
I would imagine once (if) we have decapped the atmel & dumped the contents we can start to disassemble the code PROPERLY to understand how it communicates to the host (ps3) and what timings etc are used.
Last edited by mushy409; 08-30-2010 at 12:45 AMReason: Automerged Doublepost
On a related note, I have a feeling that we're all working way too hard here to disassemble this thing, when the solution must be extraordinairily simple. How else would so many generic clones start popping up so quickly? We're overcomplicating the process, and just need to find the same solution the clone makers came up with.
Last edited by tripellex; 08-30-2010 at 12:51 AMReason: Automerged Doublepost
As i stated previously, if not acknowledged, the most simplistic it could be, is overflowing the buffer, which we have code for (Even if the code is a little, 'damaged'), then overwriting return address to execute user provided code which changes a je to a jmp asm wise, I mean I doubt it's that simple but hell, that's simplistic for you.
Thanks Mush, I'll keep you all posted after I the materials I need. I have some old Atmegas sitting in a box somewhere, gotta dig those out first.
@mush: The 95% solution seems pretty heavy, especially on the die's filaments. Hopefully working directly off the die surface will be a last resort, and someone will come forward with the missing puzzle pieces before we have to progress that far. Not saying that to be lazy, just saying its a risky risky move.