Here is a translation of an ongoing project from Spanish developer DemonHades
(linked above) courtesy of idone
, detailing the PS3 BiOS chip being pulled and starting to be traced as follows:
For some time, we have been talking about the PlayStation 3 BiOS, and up to date there is no public info about the IC which does this job and the way it stores the information.
Here is a quick briefing of what we have done so far (pictures in sequence with the below text, spread across the three images below): Pic #1:
The reference of this IC is CXR713120-202GB. Pics #2 & #3:
Thanks to KnightSolidus
we have these photos with the ways of this IC and some notes of connections references with colors. Pic #4:
The PLAYSTATION 3 BIOS is also known as SYSTEM CONTROLLER (SysCon) Pic #5:
As we can see in the image, SYSTEM CONTROLLER uses an SPI interface to communicate with the CELL eeprom, on which possibly it will know how to behave. We think it *might* be something interesting to work with. Pic #6:
Using this SPI interface, we can try to cause a livelock that would get us the checkstop. Pic #7:
Here we can see the CXR SYSTEM CONTROLLER, internal diagram. We believe that the UART port can be used for service operations, but we are still trying to get it to work. Pics #8 & #9:
Privileged mode - Here we can see the different types of priviledged modes. More PlayStation 3 News...