171w ago - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!
Up to now, both GeoHot and xorloser have successfully performed the PS3 hack while a few others simply obtained GeoHot's PS3 Hypervisor dump to study privately.
Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.
We started by writing a Ubuntu Guide (as did titanmkdHERE) and attempted to use a 555 timer to obtain the 40ns pulse required to trigger the exploit, but like many others who attempted this we too had no such luck!
Luckily xorloser shared some propered code to trigger a 40ns pulse using an SX28 chip. They are a bit harder to find, and a little more expensive (as you need a programmer) but the method is sound.
That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Why is it necessary to use an SX28? There is a device quite well known in the smartcard hacking scene called the T911 which can be bought on many internet sites. It uses an easily programmable AVR Atmel 2313 which can probably be overclocked to 25 Mhz to produce the necessary 40ns glitches.
Isn't CJPC working towards turning a debug unit into retail and the opposite? I suppose it isn't the same , going from retail to debug must be be harder (If even possible, as you said) since Retail is basically quite locked down (at least for now).
I'm very far from an expert about Ps3's internal behavior, but I read these forums quite often, and I thought too that it was only a matter of flags.
We really have a security beast here, am I wrong? ^^