Sponsored Links

Sponsored Links

PS3 Hack Exploit SX28 Hardware Arrives, Bring on the Hypervisor!


Sponsored Links
242w ago - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!

Up to now, both GeoHot and xorloser have successfully performed the PS3 hack while a few others simply obtained GeoHot's PS3 Hypervisor dump to study privately.

Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.

We started by writing a Ubuntu Guide (as did titanmkd HERE) and attempted to use a 555 timer to obtain the 40ns pulse required to trigger the exploit, but like many others who attempted this we too had no such luck!

Luckily xorloser shared some propered code to trigger a 40ns pulse using an SX28 chip. They are a bit harder to find, and a little more expensive (as you need a programmer) but the method is sound.

That brings us to today, and our SX28 chips and programmer arrived - so we will be recreating the hardware, and giving this a go soon!



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 107 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

ekrboi's Avatar
#77 - ekrboi - 242w ago
Quote Originally Posted by CJPC View Post
As you can see, the data is offset quite a bit, let alone every time I crash the PS3 it takes nearly one hour to get the sploit back!

i'm more of a reader than a poster.. but i had been wondering if this was a one time deal or if it had to be redone every time it reboots.. I assumed by the way it works it had to be redone every time... which i'm sure sucks! Good luck though! I can't wait to see the dumps.. doubt i will find anything with my current limited knowledge but i do know how to work ida and i'm sure i'll waste a few nites staring at stuff i don't understand for the heck of it =P

moneymaker's Avatar
#76 - moneymaker - 242w ago
Like a modded keyboard with a delay cell to synchronyze the input of the signal right after the input of the "disallocate" command ?

CJPC's Avatar
#75 - CJPC - 242w ago
[QUOTE=puppero;284098]Well, it seems to me that, as it's usual for a 64bit architecture, you are just reading 8 bytes at a time. So to fix this it would be enough to change your reading loop from

for(i=0;i

moneymaker's Avatar
#74 - moneymaker - 242w ago
CJPC, how much are you in a mood to try kicking-in a quicker signal to do the sploit ?

Maybe going down near as possible as we can to 1,25ns (that's the initial timing of the XDR set) it could be possible to avoid data corruption...

puppero's Avatar
#73 - puppero - 242w ago
Well, it seems to me that, as it's usual for a 64bit architecture, you are just reading 8 bytes at a time. So to fix this it would be enough to change your reading loop from

for(i=0;i

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News