PS4 Macronix MX25L25635FMI-10G & MX25L1006E NOR Flash Dumped

500°
19w ago - Following up on the recent PlayStation 4 Reballing developments, today Italian PlayStation 4 developer -Criscros- (aka criscros1989) reports he has dumped the Macronix MX25L25635FMI-10G and Macronix MX25L1006E PS4 NOR flash memory ICs (OFW 1.05) using SPIway and a Teensy++ with a ZIF socket.

HERE are some pictures, and to quote, roughly translated: I can communicate with much happiness that I have just dump the NOR flash memory MX25L25635FMI-10G Macronix, Macronix MX25L1006E and the new home console Sony PS4.

Everything was done by unsoldering the 2 memories and read with SPIway the Teensy++ via ZIF for power that I used the Teensy++ using the same controller without problems.

  • Here a picture of the motherboard PS4 SAA-001
  • The 2 Flash memory
  • Teensy++ motato on Flash
  • SPIway action
  • An analysis of NOR-10G Macronix MX25L25635FMI
  • and one of Macronix...

 

XBox One Game Call of Duty: Ghosts Dumped By Hacker C4Eva

650°
22w ago - Following up on the previous update and recent PS4 ISO game dumps, today Microsoft hacker C4Eva announced he dumped the first XBox One game Call of Duty: Ghosts with details below.

To quote, roughly translated: C4eva, the person behind the XBox 360 hacking with iXtreme firmware, has announced that it has managed to dump the first Xbox game One from a Blu-ray disc, the Call of Duty: Ghosts.

No more information given, for example, if it has done with a Blu-ray ordinary or had to modify its firmware, as needed at the time with the XBox 360 DVD.

Obviously this does not mean that the burden of backups on the new console from Microsoft is close or anything like that. But one thing can not live without the other, they pararelos paths, and always arrives before the dumpeo of the games that the possibility of loading.

In fact, as the day came to be uploaded (within three months or within 3 years) this dump is not worth and you have to patch it, for example. But as a curiosity, there it is. He states:

First xbone disc dump completed! Ghosts 47Gb!...
 

PS3 3.60 Slim Flash Dumped, PlayStation 3 3.6x Keys Incoming

1200°
143w ago - Following up on his previous update, PlayStation 3 hacker No_One has now announced that the PS3 3.60 Slim NOR Flash has been dumped via PNM board socket and the 3.6x keys may be coming soon.

To quote: Hi mates, I'm going to be on vacations for 3 weeks. I just wanted to tell you that PNM project will be stopped during this period.

But, i've some great news for you. I successfully dumped a 3.60 NOR flash using one of the socket ! The second socket has been validated too. We are not far from our main goal : "jailbreak again the PS3" !

Here are some snapshots:

  • host console with a new feature (NOR FLASH details...)
  • PNM with a NOR Flash on Socket #1
  • an extract of the 3.60 NOR dump as a proof

Cheers

No_One


 

PS3 LV1 Syscalls Dumped by KaKaroToKS, Payload Incoming

550°
178w ago - Update: KaKaroToKS has now released the PL3 LV1 Hypercall Tracer Payload which can be used by developers to trace PS3 syscalls and hypercalls.

Today Dertyp at PSX-Scene (linked above) reports that KaKaroToKS has dumped the PS3 LV1 syscalls, and plans to update his payload soon to allow other developers to dump the calls.

To quote: For Those Of You Who Are Asking What This Is:

level-1 syscalls are used to call hypervisor functions. On a PS3 the hypervisor is known as as "lv1? (level1) since it is the lowest level that runs directly on top of the hardware. The operating system is executed on top of this and is known as "lv2? (level2).

The two common operating systems are GameOS which PS3 games run on, and OtherOS which is usually used to run linux. Since both OSes run on top of the same lv1 hypervisor, they use the same set of hypercalls which has been partially documented here.

KaKaRoToKS Recent Tweets:

FINALLY able to dump (over eth) all lv1 calls!! Will push it soon!

To everyone misunderstanding: no lv1 access, all I did was be able to dump the "call trace" of lv1 hypercalls. same as payload_dump_syscalls
 

PSJailbreak is Detectable and Bannable on PSN, Dumped Easily

1200°
191w ago - A few days ago we saw the inside pics of PS JailBreak, and today SKFU (linked above) has posted that PSJailbreak is both detectable and bannable on PSN along with Mathieulh confirming confirming that GeoHot's exploit was used and that PS JailBreak can be easily dumped.

He went on to state: "Actually they used the geohot hack to get code with lv1 privileges running on the console, they then used this to 1. Dump lv1 2. dump the spm syscall table (that's after quite a bit of lv1 reversing to even figure the spm exists) 3. Use the actual spm syscalls to trick the spu into calculating the proper response for the dongle id of their choosing.

Without those steps that all require geohot's hack, they could never have gotten their dongle to successfully identify as a jig and they could never have triggered their hack.

The psjailbreak basically exploits the update manager which is the code that does the dongle auth located inside the spm itself inside lv1.

We don't have the payload it sends though because we don't have a dongle to sniff...
 







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News