User talk:Zecoxao: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
Line 31: Line 31:
= To wikify =
= To wikify =


https://mega.co.nz/#F!0klXXCYZ!ik6_Ds_GQdFNcmfTgl96AQ (CEB1000) - 030 -> 040
https://mega.co.nz/#F!0klXXCYZ!ik6_Ds_GQdFNcmfTgl96AQ (CEB1000) - 030 -> 040 <br>
https://mega.co.nz/#F!8kME3YQC!ZBFDxeEnnWe4YN7SwWzi7w (CEB2000) - 030 -> 050
https://mega.co.nz/#F!8kME3YQC!ZBFDxeEnnWe4YN7SwWzi7w (CEB2000) - 030 -> 050 <br>
https://mega.co.nz/#F!191SRT6D!XbN338CGw5-FoJUvY-sD4w (CEB20XX) - 030 -> 050
https://mega.co.nz/#F!191SRT6D!XbN338CGw5-FoJUvY-sD4w (CEB20XX) - 030 -> 050 <br>

Revision as of 13:42, 26 May 2015

The Last Piece of the Puzzle

How

  • By enabling diagnostic mode on the ps3, we can enable the use of JTAG again (it's temporarily disabled when diag mode isn't set)
  • It is possible to dump the syscon firmware using this method (in unencrypted state)
  • The JTAG registers/TAP-controllers need to be bruteforced / reverse engineered
  • The leaked service manuals present information about the pins connected to the JigPin
  • The ObjectiveSuite contains an object (DIAGSERVICE) used to diagnose the ps3 using JTAG
  • Using a DIY JigPin would facilitate the task, but we still need more info about the hardware and software interface used by ObjectiveSuite to handle this.
  • This would probably work on ps4 too (provided that the diag pin and the JTAG pins still exist)

To wikify

https://mega.co.nz/#F!0klXXCYZ!ik6_Ds_GQdFNcmfTgl96AQ (CEB1000) - 030 -> 040
https://mega.co.nz/#F!8kME3YQC!ZBFDxeEnnWe4YN7SwWzi7w (CEB2000) - 030 -> 050
https://mega.co.nz/#F!191SRT6D!XbN338CGw5-FoJUvY-sD4w (CEB20XX) - 030 -> 050