Sponsored Links

Sponsored Links

Page 11 of 11 FirstFirst ... 91011
Results 101 to 108 of 108



  1. #101
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by Karl69 View Post
    Why is it necessary to use an SX28? There is a device quite well known in the smartcard hacking scene called the T911 which can be bought on many internet sites. It uses an easily programmable AVR Atmel 2313 which can probably be overclocked to 25 Mhz to produce the necessary 40ns glitches.
    Yeah, namely xorloser made some nice easy to use code to flash right to the SX28 - it works, why mess with what works? I'm SURE it can be done much cheaper, much easier. Can probably be done on a 18F PIC (if I recall it may be fast enough). But, xorloser made code, and it works!

  2. #102
    Registered User netpredakonn's Avatar
    Join Date
    May 2005
    Posts
    35
    Sponsored Links
    Sponsored Links
    Great to see some progress on ps3 scene, again. Hope this time something like homebrew can be achieved.

  3. #103
    Registered User DarkOgr's Avatar
    Join Date
    Feb 2010
    Posts
    8
    Sponsored Links

    Thumbs Up

    Sponsored Links
    great news! keep fighting for freedom on ps3 guys

  4. #104
    Senior Member ekrboi's Avatar
    Join Date
    Oct 2009
    Posts
    78
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by CJPC View Post
    We are hoping to have something "user friendly" for the weekend, although there is still the whole hardware issue - it's still a pain to trigger the exploit, even with the SX28.

    Needless to say, this is a bit better eh, nice and proper!
    ah hah! now thats more like it! Good work! can't wait to see some more!

    so i'm assuming what we are hoping to do here is find a way to use those set calls to set say recovery to maybe 1 instead of 0 and hope that when it reboots the bootloader boots to recovery.. vs. needing the "jig" to set that flag?

    sorry.. further thought.. i would assume thats all the jig does.. supposedly when used the ps3 boots picks up the jig.. then it reboots again.. so i would assume thats what the jig is doing.. using hopefully the same set call to set the recovery flag then making it reboot and the ps3 system takes over from there.
    Last edited by ekrboi; 02-12-2010 at 07:48 PM Reason: Automerged Doublepost

  5. #105
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Quote Originally Posted by ekrboi View Post
    ah hah! now thats more like it! Good work! can't wait to see some more!

    so i'm assuming what we are hoping to do here is find a way to use those set calls to set say recovery to maybe 1 instead of 0 and hope that when it reboots the bootloader boots to recovery.. vs. needing the "jig" to set that flag?

    sorry.. further thought.. i would assume thats all the jig does.. supposedly when used the ps3 boots picks up the jig.. then it reboots again.. so i would assume thats what the jig is doing.. using hopefully the same set call to set the recovery flag then making it reboot and the ps3 system takes over from there.
    Pretty much yeah. You boot the PS3, hit reset and eject with the JIG attached. This sends a signal from the System Controller (where the flags are set) to the Southbridge to do some "magic" and read the USB device. If it all checks out, a flag gets set in the System Controller, and the PS3 is automatically powered off.

    Upon next power up, its in "manufacturing mode", which allows diagnostic tools (encrypted, of course) to be run.

  6. #106
    Senior Member ekrboi's Avatar
    Join Date
    Oct 2009
    Posts
    78
    cool.. obviously we can add our own calls for reading/writing memory using the exploit.. and you may already have done/tried it.. can't you just push one of the set flag calls into memory so that the hypervisor executes it? or not that simple?

  7. #107
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Quote Originally Posted by ekrboi View Post
    cool.. obviously we can add our own calls for reading/writing memory using the exploit.. and you may already have done/tried it.. can't you just push one of the set flag calls into memory so that the hypervisor executes it? or not that simple?
    Alas not that easy, the calls need to be reversed, and they need to be analyzed - namely, you don't want to run the call, then the unit bricks because it's trying to use different crypto keys.

  8. #108
    Senior Member ekrboi's Avatar
    Join Date
    Oct 2009
    Posts
    78
    Quote Originally Posted by CJPC View Post
    Alas not that easy, the calls need to be reversed, and they need to be analyzed - namely, you don't want to run the call, then the unit bricks because it's trying to use different crypto keys.
    damn crypto.. i have not read the available docs on the cell/ps3 security.. i suppose i need to.. but why would it matter? we wouldn't personally be messing with encrypted data? just "using" the hypervisor which as far as it.. or the ps3 is concerned is "allowed" to do it.. so it would pass through appropriate channels..

    but i do understand wanting to know what the call actually does before just trying it..

 

Sponsored Links

Page 11 of 11 FirstFirst ... 91011
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News