Sponsored Links

Sponsored Links

Dumping PS3 Hypervisor and Bootloader with Atmega8 at 16Mhz


Sponsored Links
254w ago - Hi guys, I used an Atmega8 running at 16Mhz (I had a couple lying about from the BT Vision project I was working on) and knocked up a small prog to do the same as the other chips and dump out the PS3 Hypervisor and Bootloader.

I was quite surprised, It actually worked fairly straight away! I only had one pulse going everytime I pressed the button at first but not a lot was happening.

So I did what xorloser did, and modded it so it pulsed every 100ms while the switch is pressed.

After about 30-40 seconds... I got a hit with the exploit code posted [Register or Login to view links]. Then I used the dumper (posted here) to dump the 10mb bin.

Just having a look through the dump, lots of strings in there.. I haven't dropped it into [Register or Login to view links] yet tho...

This is the source and hex (for those who dont want to compile it) for the Atmega8 which I glitched my PS3 with. The Chip I used was the Atmega8-16pu. You will also need a 16mhz Crystal, and 2 x 22pf Capacitors.

Grounding pin 14 on the chip will produce a pulse on Pins 2 of the chip (infact it does all of PORTD) This should then go to the memory bus point on the ps3. See Circuit diagram (below).

I used [Register or Login to view links] to program my chip, with CKOPT ticked in the fuse settings, everything else was unticked.

Mick



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew releases!

Comments 55 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles.
 
#50 - khetzal - 247w ago
khetzal's Avatar
Hello, sorry for upping this old thread.

I've just order all I need to make this assembly, but i've two questions:
- Is it normal that the ground and the +3V are linked ?
- Where do you take +3.3V ?

Thanks you a lot.

#49 - TDA2002 - 252w ago
TDA2002's Avatar
Quote Originally Posted by ckj1979 View Post
The parts are quite easily found - just basic capacitors and crystals.

Atmega chips are also cheap and available everywhere. Just requires some effort to build and flash.

This is much cheaper and easier solution than using FPGA's like geohot.

personally, i think it would be priceless to use a mac keyboard and exploit, disable one of the led's (oh.. scroll lock num lock caps, take yer pick..] .. have modify the exploit code so that you have to type in glitchitnow [and hit say scroll lock -led you disabled] .. and away goes your 40ns pulses .. until say release key, and, also have the benfit of useing the keyboard on the ps3 to boot' instead of 1 usb connection, be additonal one .. one hack for another..

so.. who's up to do this one.. [personally i think GeoHot should, just to give the finishing touches on what he started] anyone for bets on the ramifications news wise on that one? lol...

#48 - SCE - 253w ago
SCE's Avatar
Hi guys. Just got my 555 and 4025. I know it was said to be impossible to achieve 40 ns but do I have any chance?

#47 - is0mick - 253w ago
is0mick's Avatar
I routed the wire the same as on xorlosers blog (Make sure you are not shorting out the resistor with bare wire over the top of it).

My wire actually comes from the same point (but from the right) then is routed through the gap between the column of components (just underneath the brown capacitor)

The length of the wire would be about 6 inches or so.

Mick

#46 - tridentsx - 253w ago
tridentsx's Avatar
Quote Originally Posted by is0mick View Post
Costs:

  • atmega8 -16pu £2.39 of ebay
  • 16mhz crystal + 2 x caps £0 robbed off an old circuit board.
  • programmer £0 (old printer lead chopped up)
  • Piece of vero board ~50p
  • Dumping the hypervisor - Priceless :P

I make that < £3 How cheap do you want?

IsoMick, How did you route the connection from the system board out of the ps3?

I have tried 3 different routes and everytime I tru to boot I get either a blacnk screen or an alert 0 and then hang.
If I remove the wire from the resistor it boots just fine. This drives me nut !!!
A picture wouldn't hurt if you have one.

Thanks

 

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News