171w ago - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!
Up to now, both
GeoHot and
xorloser have successfully performed the PS3 hack while
a few others simply obtained
GeoHot's PS3 Hypervisor dump to study privately.
Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.
We started by writing a
Ubuntu Guide (as did
titanmkd HERE) and attempted to use a
555 timer to obtain the 40ns pulse required to trigger the exploit, but like many others who attempted this we too had no such luck!
Luckily
xorloser shared some
propered code to trigger a 40ns pulse using an SX28 chip. They are a bit harder to find, and a little more expensive (as you need a programmer) but the method is sound.
That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!
107 Comments - Go to Forum Thread »
Why is it necessary to use an SX28?
The system without the correct keys into the SPE would NOT behave as a dedug unit neither if you start crying in japaneese...
If there is something that can reach the insulated SPE is for sure into some kind of device in $ony service labs, surely not on the lv2 neither in a standard or even debug firmware updater's driver...
We can find the channel for that software to work but we dont have the code, we can compile the same code or a code able to do the same things (in theory) but without the root-key it could go nowhere...
What do you want to find into lv2 ? Do you really think that the project engineer of the CBE security hint the staff to put those files into the consumer updater module to have them could change the SPE certificates at the user will ? Maybe writing them onto lv2 somewhere furthermore ?
I'm not so optimistic...