Sponsored Links

Sponsored Links

Page 1 of 3 123 LastLast
Results 1 to 10 of 26



  1. #1
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    28,623
    Sponsored Links

    Post PS3 CXD4302GB Chip Test Points

    Sponsored Links
    Here are some PS3 CXD4302GB Test Points from knightsolidus via xorloser's blog. Today xorloser also mentioned it's possible to use an MCU to read the PS3's flash but hasn't revealed the process yet.

    knightsolidus says:
    Hi xorloser!!! geohot its playing modifiying the flash, but him can have a brick, first of all we need a hardware for create a backup of the real flash (cxd4302gb chip) i have identified all tests points of that chip, that chip its 2Gbits (256MB), and the samsung are 1Gbits (128MB)x 2 chips are 2Gbits (256MB), thats chips in the past with infectus can be downgrade, but now not work, because now run from the cxd4302gb chip and use the samsung flash for backup, understand? you can add me to msn for pins…. thanks!!!
    knightsolidus says:
    sorry for my english, i want to say you, the real flash its the cxd chip on ps3 and i have identified the testpoints for read and program that, but i dont know any programmer for read and write understand? i have identified all point for read and program, that have 16 pins for data, 18 pins for address, chip enable 1 and 2, clk, mode select, reset, write enable… understand? sorry for my english
    knightsolidus says:
    i create that picture with the test points
    the numbers in the picture correspond at the next points:
    12 —-> /SB_EBUS_RESET
    54 —-> /SB_MOD0 –>H MODE SELECT
    41 —-> SB_EBUS_CLKD0
    17 —-> /SB_EBUS_BE
    25 —-> /SB_EBUS_SWE
    34 —-> /SB_EBUS_0E
    50 —-> /SB_EBUS_CE2
    45 —-> /SB_EBUS_CE0
    52 —-> SB_EBUS_RDY
    0 —-> SS2_BRDY
    53 —-> /SB_EBUS_INT
    24 —-> EBUS_ADDR17
    30 —-> EBUS_ADDR16
    29 —-> EBUS_ADDR15
    16 —-> EBUS_ADDR14
    28 —-> EBUS_ADDR13
    15 —-> EBUS_ADDR12
    27 —-> EBUS_ADDR11
    14 —-> EBUS_ADDR10
    26 —-> EBUS_ADDR9
    13 —-> EBUS_ADDR8
    11 —-> EBUS_ADDR7
    23 —-> EBUS_ADDR6
    10 —-> EBUS_ADDR5
    22 —-> EBUS_ADDR4
    9 —-> EBUS_ADDR3
    21 —-> EBUS_ADDR2
    20 —-> EBUS_ADDR1
    19 —-> EBUS_ADDR0
    42 —-> EBUS_DATA15
    32 —-> EBUS_DATA14
    31 —-> EBUS_DATA13
    33 —-> EBUS_DATA12
    48 —-> EBUS_DATA11
    47 —-> EBUS_DATA10
    46 —-> EBUS_DATA9
    51 —-> EBUS_DATA8
    5 —-> EBUS_DATA7
    4 —-> EBUS_DATA6
    3 —-> EBUS_DATA5
    2 —-> EBUS_DATA4
    38 —-> EBUS_DATA3
    36 —-> EBUS_DATA2
    35 —-> EBUS_DATA1
    37 —-> EBUS_DATA0
    Attached Thumbnails<br><br> Attached Thumbnails

    testspointscxd.jpg   nandpinouts.jpg  

  2. #2
    Senior Member cfwprophet's Avatar
    Join Date
    Jul 2008
    Posts
    1,815
    Sponsored Links
    Sponsored Links
    That sounds really interesting and if im not wrong this also means that we now know where the new Bit flag to prevent downgrading will be stored for and for that we now should be again able to downgrade our retail ps3 consoles.

    Or not?

  3. #3
    Senior Member iCEQB's Avatar
    Join Date
    Jul 2007
    Posts
    88
    Sponsored Links
    Sponsored Links
    No, if it would be stored in Flash, we would have figured it out 2 years ago.

  4. #4
    Senior Member cfwprophet's Avatar
    Join Date
    Jul 2008
    Posts
    1,815
    He dont talk about the normal NAND Flash.If i have understood right than he talks of a other flash chip present on the ps3 MB.
    thats chips in the past with infectus can be downgrade, but now not work, because now run from the cxd4302gb chip and use the samsung flash for backup, understand?
    So he talks about two flash chips.One will be the chip where the fw runs off and the other is NOW used for backup and thats why you cant downgrade because we have downgraded the backup and not the new real flash chip where the os is running from.

  5. #5
    Senior Member TUHTA's Avatar
    Join Date
    Sep 2008
    Posts
    323
    well... another moment... so do we need to modify hypervisor... to do this tricks?? or we can do it without mod it?

  6. #6
    Contributor lavatar's Avatar
    Join Date
    Dec 2009
    Posts
    35
    if it is only hardware protection no modifing of the hypervisor is needed, but i don΄t believe sony is so stupid...

  7. #7
    Senior Member cfwprophet's Avatar
    Join Date
    Jul 2008
    Posts
    1,815
    Quote Originally Posted by lavatar View Post
    if it is only hardware protection no modifing of the hypervisor is needed, but i don΄t believe sony is so stupid...
    You can nearly every chip read/write with the correct hardware.The Normal NAND Flash to time used for the backup of os can be flashed. And if there is a other chip where the os is also stored and runs of then its Easy (i think).

    The ps3 do a comparison between both chips and in case that the backup will be a other FW then in chip where the real os runs of the ps3 dont start.

    But its also possible that sony have implemented a additional hardware protection.Time will tell...

  8. #8
    Senior Member itwong's Avatar
    Join Date
    Mar 2006
    Posts
    93
    This is only true for the old models with 2x128MB NAND chip. What about the new models with only 16MB NAND flash? Part of the files are on HDD.

  9. #9
    Contributor letix's Avatar
    Join Date
    May 2010
    Posts
    3

    Question

    so if we have an old unit we can do this?

  10. #10
    Contributor sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    AFAIK the CXD4302GB is only the NAND controller. This chip makes the 2x 128MiB NAND flashes look like a single coherent NOR flash to the southbridge (SCC).

    Notice how the southbridge didn't change (at least its part number) from the last model with 2x 128 MiB NAND to the first model with 16 MiB NOR flash?

    So in theory it should have a somewhat similar pinout to the 16 MiB NOR flashes used in the newer models (Spansion S29GL128N90TFIR2 / Samsung K8Q2815UQB-P14B).

    This chip handles all the crazy interleaving and shuffling around of the NAND pages. It is necessary so the SB sees a coherent NOR flash since you can't boot a system from NAND flash (because it doesn't support random access at a byte level). This is the reason why most embedded devices carry a small (expensive) NOR flash for the boot code and a large (inexpensive) NAND flash for data and applications.

    So yes - it would make it far easier to tap into this chip with a microcontroller compared to tapping into the NANDs directly because one wouldn't have to mess around with all the interleaving and shuffling (the byte swap will stay, of course). But it's quite unlikely that this chip is another separate flash.

    The most elegant solution would be to use the exploit to access the flash from Linux, though (what GeoHot appears to have done). That way you could just access the flash from Linux like any other block device.

 
Sponsored Links

Page 1 of 3 123 LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News