Sponsored Links

Sponsored Links

PS3 Hack Exploit SX28 Hardware Arrives, Bring on the Hypervisor!

Sponsored Links
254w ago - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!

Up to now, both GeoHot and xorloser have successfully performed the PS3 hack while a few others simply obtained GeoHot's PS3 Hypervisor dump to study privately.

Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.

We started by writing a Ubuntu Guide (as did titanmkd HERE) and attempted to use a 555 timer to obtain the 40ns pulse required to trigger the exploit, but like many others who attempted this we too had no such luck!

Luckily xorloser shared some propered code to trigger a 40ns pulse using an SX28 chip. They are a bit harder to find, and a little more expensive (as you need a programmer) but the method is sound.

That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew releases!

Comments 107 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles.
#97 - mabraham - 253w ago
mabraham's Avatar
Quote Originally Posted by moneymaker View Post
You do not understand, there is no point into going to harvest anything of lv2 in absence of the root key, that's the target, without it you can only build an alternate OS able to run whatever you want if only you compile it by yourself in a proper language...

The system without the correct keys into the SPE would NOT behave as a dedug unit neither if you start crying in japaneese...

If there is something that can reach the insulated SPE is for sure into some kind of device in $ony service labs, surely not on the lv2 neither in a standard or even debug firmware updater's driver...

We can find the channel for that software to work but we dont have the code, we can compile the same code or a code able to do the same things (in theory) but without the root-key it could go nowhere...

What do you want to find into lv2 ? Do you really think that the project engineer of the CBE security hint the staff to put those files into the consumer updater module to have them could change the SPE certificates at the user will ? Maybe writing them onto lv2 somewhere furthermore ?

I'm not so optimistic...

You are too narrowminded and do not think outside the box. You are hung up on the way IBM/SCE describes security and not showing any hacker mentality.

You will soon be amazed - I promise you. Maybe not with lv2 exploits leading to loaders and such but other things that will surface. Rest assured - progress is being made as I write this.

#96 - PS3 News - 253w ago
PS3 News's Avatar
Quote Originally Posted by Karl69 View Post
Why is it necessary to use an SX28?

It's not necessary, the SX28 way just happened to be the next attempt used after the 555 timer didn't work out as planned.

#95 - Karl69 - 253w ago
Karl69's Avatar
Quote Originally Posted by CJPC View Post
That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!

Why is it necessary to use an SX28? There is a device quite well known in the smartcard hacking scene called the T911 which can be bought on many internet sites. It uses an easily programmable AVR Atmel 2313 which can probably be overclocked to 25 Mhz to produce the necessary 40ns glitches.



#94 - Wonderkik - 253w ago
Wonderkik's Avatar
Isn't CJPC working towards turning a debug unit into retail and the opposite? I suppose it isn't the same , going from retail to debug must be be harder (If even possible, as you said) since Retail is basically quite locked down (at least for now).

I'm very far from an expert about Ps3's internal behavior, but I read these forums quite often, and I thought too that it was only a matter of flags.

We really have a security beast here, am I wrong? ^^

#93 - moneymaker - 253w ago
moneymaker's Avatar
Quote Originally Posted by Raze1988 View Post
Moneymaker you make valid points, but you think too official about those things.
The hackers will find a way.

The point is the processor inner code is different and at the actual point there is no light on how to change things..

..and to have pointed out that in lv2 there shouldn't be pieces of code able to harvest nothing into the processor ...

That's all about "points"...


Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links

Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News