User talk:Zecoxao

From PS3 Developer wiki
Revision as of 17:29, 25 January 2015 by Zecoxao (talk | contribs)
Jump to navigation Jump to search

The Last Piece of the Puzzle

How

  • By enabling diagnostic mode on the ps3, we can enable the use of JTAG again (it's temporarily disabled when diag mode isn't set)
  • It is possible to dump the syscon firmware using this method (in unencrypted state)
  • The JTAG registers/TAP-controllers need to be bruteforced / reverse engineered
  • The leaked service manuals present information about the pins connected to the JigPin
  • The ObjectiveSuite contains an object (DIAGSERVICE) used to diagnose the ps3 using JTAG
  • Using a DIY JigPin would facilitate the task, but we still need more info about the hardware and software interface used by ObjectiveSuite to handle this.
  • This would probably work on ps4 too (provided that the diag pin and the JTAG pins still exist)

Alternative (Through EEPROM, many thanks to ZeroTolerance for the info)

Analyzer settings:

http://pastie.org/private/khwaczthr5j2td9jmdfihq

More info:

http://pastie.org/private/f7siriweadsnrpq6dilq

Read command: 0xA8 0xXX 0xXX (XX XX is block id)

Write command:

0xA4 0xXX 0xXX (XX XX is block id)