Sponsored Links

Sponsored Links

PS3 Hack Exploit SX28 Hardware Arrives, Bring on the Hypervisor!


Sponsored Links
232w ago - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!

Up to now, both GeoHot and xorloser have successfully performed the PS3 hack while a few others simply obtained GeoHot's PS3 Hypervisor dump to study privately.

Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.

We started by writing a Ubuntu Guide (as did titanmkd HERE) and attempted to use a 555 timer to obtain the 40ns pulse required to trigger the exploit, but like many others who attempted this we too had no such luck!

Luckily xorloser shared some propered code to trigger a 40ns pulse using an SX28 chip. They are a bit harder to find, and a little more expensive (as you need a programmer) but the method is sound.

That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 107 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

Raze1988's Avatar
#92 - Raze1988 - 232w ago
Moneymaker you make valid points, but you think too official about those things.

The hackers will find a way.

moneymaker's Avatar
#91 - moneymaker - 232w ago
It is not about making a debug unit from retail - it is about making the system behave just about enough as a debug unit. There is a major difference between these two.

And for your second statement - you are wrong. This exploit maybe is for lv0/lv1 only but using this exploit and the things we no have access to we might (or I would say will) be able to dig deeper into lv2 and the secrets and mistakes embedded in that code...

You do not understand, there is no point into going to harvest anything of lv2 in absence of the root key, that's the target, without it you can only build an alternate OS able to run whatever you want if only you compile it by yourself in a proper language...

The system without the correct keys into the SPE would NOT behave as a dedug unit neither if you start crying in japaneese...

If there is something that can reach the insulated SPE is for sure into some kind of device in $ony service labs, surely not on the lv2 neither in a standard or even debug firmware updater's driver...

We can find the channel for that software to work but we dont have the code, we can compile the same code or a code able to do the same things (in theory) but without the root-key it could go nowhere...

What do you want to find into lv2 ? Do you really think that the project engineer of the CBE security hint the staff to put those files into the consumer updater module to have them could change the SPE certificates at the user will ? Maybe writing them onto lv2 somewhere furthermore ?

I'm not so optimistic...

mabraham's Avatar
#90 - mabraham - 232w ago
For the question retail/debug ...forget it..the keys embedded into the SPE which is into the CPU itself are different among the two versions...no way to mess with them, no chance to make a retail unit a debug one..

For all others occurrencies, maybe there is a chance to open the system so some skillfull team of coders could make an alternate OS capable to run alternate (privately coded) games that's not so exciting as a landscape....

For sure it could also lead to something more, but's all to be thrown to light ...
It is not about making a debug unit from retail - it is about making the system behave just about enough as a debug unit. There is a major difference between these two.

And for your second statement - you are wrong. This exploit maybe is for lv0/lv1 only but using this exploit and the things we no have access to we might (or I would say will) be able to dig deeper into lv2 and the secrets and mistakes embedded in that code...

AKmania's Avatar
#89 - AKmania - 232w ago
you guys are really awesome man, we are one step closer now. great job dev team!

moneymaker's Avatar
#88 - moneymaker - 232w ago
Please correct me if im wrong, but this hack also allows one to write to the HV?

I presume it should be a matter of mapping certain flags and just marking them as true etc to go from retail to debug etc?
For the question retail/debug... forget it.. the keys embedded into the SPE which is into the CPU itself are different among the two versions... no way to mess with them, no chance to make a retail unit a debug one.

For all others occurrencies, maybe there is a chance to open the system so some skillfull team of coders could make an alternate OS capable to run alternate (privately coded) games that's not so exciting as a landscape....

For sure it could also lead to something more, but's all to be thrown to light ...

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News