PS3 Hack Exploit SX28 Hardware Arrives, Bring on the Hypervisor!

Category: PS3 Hacks & JailBreak By: CJPC - (ps3news.com)
Tags: ps3 hacks ps3 exploits sx28 hardware arrives bring ps3 hypervisor

171w ago - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!

Up to now, both GeoHot and xorloser have successfully performed the PS3 hack while a few others simply obtained GeoHot's PS3 Hypervisor dump to study privately.

Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.

We started by writing a Ubuntu Guide (as did titanmkd HERE) and attempted to use a 555 timer to obtain the 40ns pulse required to trigger the exploit, but like many others who attempted this we too had no such luck!

Luckily xorloser shared some propered code to trigger a 40ns pulse using an SX28 chip. They are a bit harder to find, and a little more expensive (as you need a programmer) but the method is sound.

That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

107 Comments - Go to Forum Thread »

#87 - Hortlo - 171w ago

Please correct me if im wrong, but this hack also allows one to write to the HV?

I presume it should be a matter of mapping certain flags and just marking them as true etc to go from retail to debug etc?

#86 - gtxboyracer - 171w ago

Congrats on that progress.. looks interesting.. tell me, are you able to change any of those comands coming through... maybe one that any time the debug flag comes through switch it on automated of course..

#85 - zangetsu1 - 171w ago

Nice to see you've made some progress..

#84 - CJPC - 171w ago

Originally Posted by ekrboi

i'm more of a reader than a poster.. but i had been wondering if this was a one time deal or if it had to be redone every time it reboots.. I assumed by the way it works it had to be redone every time... which i'm sure sucks! Good luck though! I can't wait to see the dumps.. doubt i will find anything with my current limited knowledge but i do know how to work ida and i'm sure i'll waste a few nites staring at stuff i don't understand for the heck of it =P

It has to be re-done each time the PS3 reboots - it can be quite the pain!

However, progress was made tonight. After the dumping code was changed from my horrible, horrible way to that of one of our DEV's, things started working (after a bit of debuggery) much, much better!

Basically, the "real" memory gets mapped to a nice file, in which data can be read out, which makes things very convenient - assuming you run over the amount of real memory, crashing the PS3...

We are hoping to have something "user friendly" for the weekend, although there is still the whole hardware issue - it's still a pain to trigger the exploit, even with the SX28.

Needless to say, this is a bit better eh, nice and proper!

7570 6461 7465 5F6D 616E 6167 6572 3A3A
696E 6974 5F64 6576 6963 655F 7479 7065
2829 2072 6561 6420 6570 726F 6D20 6661
696C 7572 6528 2564 290A 6661 6C6C 2062
6163 6B20 746F 2075 7369 6E67 2073 6166
6520 7061 7261 6D65 7465 720A 0000 0000
7570 6461 7465 5F6D 616E 6167 6572 3A3A
696E 6974 5F73 735F 7061 7261 6D73 5F72
6570 6F73 6974 6F72 6965 7328 2920 6673
656C 665F 636F 6E74 726F 6C20 3D20 3078
2578 0A00 0000 0000 7365 745F 6673 656C
665F 636F 6E74 726F 6C5F 7265 706F 7369
746F 7279 2829 2066 6169 6C75 7265 0A00
7570 6461 7465 5F6D 616E 6167 6572 3A3A
696E 6974 5F73 735F 7061 7261 6D73 5F72
6570 6F73 6974 6F72 6965 7328 290A 0000
7365 745F 6673 656C 665F 636F 6E74 726F
6C5F 666C 6167 2829 2066 6169 6C75 7265
203D 2025 640A 0000 7365 745F 7265 636F
7665 725F 6D6F 6465 5F66 6C61 6728 2920
6661 696C 7572 6520 3D20 2564 0A00 0000
7365 745F 6465 6275 675F 7375 7070 6F72
745F 666C 6167 2829 2066 6169 6C75 7265
203D 2025 640A 0000 7570 6461 7465 5F6D
616E 6167 6572 3A3A 7365 745F 7570 6461
7465 5F73 7461 7475 735F 7265 706F 7369
746F 7279 2829 206D 6F64 6966 7920 7265
706F 7369 746F 7279 2066 6169 6C75 7265

For the lazy (note the nice debug/fself/recover stuff):

update_manager::init_device_type() read eprom failure(%d)
fall back to using safe parameter
update_manager::init_ss_params_repositories() fself_control = 0x%x
set_fself_control_repository() failure
update_manager::init_ss_params_repositories()
set_fself_control_flag() failure = %d
set_recover_mode_flag() failure = %d
set_debug_support_flag() failure = %d
update_manager::set_update_status_repository() modify repository failure

#83 - crazydude - 171w ago

Those SX chips seem a little slow at 4MHz... will it be able to make quick enough pulses? That's 250 ns per clock tick.

Xilinx sells some nice Spartan 3E boards for less than $200 that have a 25 Mhz clockbox on the board, so 40ns is exactly 1 tick from that clock. And they have free synthesis tools on their website.

I guess I better take this godforsaken ps3 apart...

Page 5 of 22 «‹1 2 3 456 7 8 9 ›LAST »

Related PS3 News and PS3 CFW Hacks or JailBreak Articles

• Simple PS3Updates v1.6 Build 2 Final PS3 Homebrew App Updated
• Video: Super Pixel Jumper v1.2 PS3 Homebrew Game is Released
• Video: Pointman: The Akkadian Wars PS3 Homebrew Game Arrives
• PSPMinis / PS3Minis / Bite v1.5.1 Update for PS3 is Now Released
• PS3 Fan Control Utility v1.7 for PS3 CFW CEX 3.41 to 4.41 Arrives
• PSPMinis / PS3Minis / Bite v1.5 for PS3 with PSP Homebrew Support

PlayStation 3 Links
• Contact Us E-Mail
• PS3 Affiliates
• PS3 CFW & MFW
• PS3 Debug Firmware
• PS3 Decrypted PSN Links for CFW
• PS3 Downloads
• PS3 EBOOT.BIN Original File Links
• PS3 Firmware
• PS3 Game Releases List
• PS3 Guides & Tutorials
• PS3 Hacking Guides and Tutorials
• PS3 Hacks & JailBreak
• PS3 Help & Support
• PS3 JailBreak Game Compatibility List
• PS3 JB2 / True Blue (TB) Game Links
• PS3 multiMAN Updates
• PS3 News Forums
• PS3 News Site FAQ
• PS3 News Site Advertising FAQ
• PS3 News Site Posting FAQ
• PS3 News Site Privacy FAQ
• PS3 News Site Rules
• PS3 News Site Tag Cloud
• PS3 News Site Terms
• PS3 Resources
• PS3 Reviews
• PS3 Save Files Repository
• PS3 Themes
• PS3 Trophies List
• PS3 Videos
• PS Vita Trophies List

PlayStation 3 News Discussions

PS3 Fan Control Utility v0.3 for 4.31 and 4.40 CFW CEX is Released - 1h ago

Am I doing something wrong or is it not functioning properly on Rebug Rex 4.30.2? I select the automatic payload and exit so then it goes to sleep. I ...

By Neo Cyrus with

21 Comments »

Introductions: Hello Everyone, I'm New at PS3News.com! - 2h ago

Hello everyone I'm a n00b to ps3 and I like games a lot. I'm trying to learn how to fix DEX 2 CEX break,because I broke my ps3. That's all. You...

By Ek2112 with

7007 Comments »

still too hot... - 2h ago

ok. Another question then. Does it have to be glue? Can it be just more as5, or does glue actually have more conductivity to it? I'm also conside...

By 2tailedfox with

2 Comments »

Fixing Tales of Graces F for PS3 CFW 3.55 - 2h ago

has been any progress on localising the JIS characters in the dlc. with the recently released trueancestor edat decryptor it should now be possible to...

By predprey with

896 Comments »

Latest PlayStation 3 Trophies