Sponsored Links

Sponsored Links

Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz

Sponsored Links
253w ago - Hi guys, I used an Atmega8 running at 16Mhz (I had a couple lying about from the BT Vision project I was working on) and knocked up a small prog to do the same as the other chips and dump out the PS3 Hypervisor and Bootloader.

I was quite surprised, It actually worked fairly straight away! I only had one pulse going everytime I pressed the button at first but not a lot was happening.

So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

After about 30-40 seconds... I got a hit with the exploit code posted [Register or Login to view links]. Then I used the dumper (posted here) to dump the 10mb bin.

Just having a look through the dump, lots of strings in there.. I haven't dropped it into [Register or Login to view links] yet tho...

This is the source and hex (for those who dont want to compile it) for the Atmega8 which I glitched my PS3 with. The Chip I used was the Atmega8-16pu. You will also need a 16mhz Crystal, and 2 x 22pf Capacitors.

Grounding pin 14 on the chip will produce a pulse on Pins 2 of the chip (infact it does all of PORTD) This should then go to the memory bus point on the ps3. See Circuit diagram (below).

I used [Register or Login to view links] to program my chip, with CKOPT ticked in the fuse settings, everything else was unticked.


Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew releases!

Comments 55 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles.
#55 - sapperlott - 246w ago
sapperlott's Avatar
You could take 5V from the USB port and add a resistor. AFAIK the AVR can operate at 5V, too - check the data sheet.

And yes - the connection between Vcc and GND shouldn't be there. That mistake was pointed out to the author on the first two pages but it looks like he didn't provide a fixed schematic afterwards.

#54 - khetzal - 246w ago
khetzal's Avatar
In my opinion, the 3.3V is not send to the ps3, it only feed the avr (there is normally no power send to the ps3, only a link between the xdr and the ground is made)

#53 - moneymaker - 246w ago
moneymaker's Avatar
I've seen someone talking about a MAC modded keyboard, I've already told about a modded keyborad (not a MAC one indeed) to speed up things but seemed no one had the wish to wreck a 5$ keyboard to perform the hack with a bit more ease...

Furthermore, rereading I've seen now many ones talking about 3,3V... but... XDR of PS3 works on 1,8V, it's not that feeding it a 3,3V pulse could set up a big mess into it ?

#52 - khetzal - 246w ago
khetzal's Avatar
I hadn't see that there is a new method Thanks you for the information !

But now i've order the atmega8, i will be happy if i can make it working too.

#51 - SCE - 246w ago
SCE's Avatar
Quote Originally Posted by khetzal View Post
Hello, sorry for upping this old thread.

I've just order all I need to make this assembly, but i've two questions:
- Is it normal that the ground and the +3V are linked ?
- Where do you take +3.3V ?

Thanks you a lot.

There is a new method that uses LPT which is way more cheaper and easier. Why don't you use it?


Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links

Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News