Wifi Firmware
Jump to navigation
Jump to search
Software
eCos
eCos is used to provide the Playstation's Wi-Fi support. eCos is an open source real-time operating system (RTOS). It is licensed under a modified version of GPL that allows the use of non GPL licensed code to be linked with eCos.
References:
http://www.ecoscentric.com/ecos/ http://ecos.sourceware.org/
Decompressed firmwares
Here are some dumps of decompressed eurus firmwares: https://mega.co.nz/#!3tZ3EZKY!uty6ESEPXC0JA4zEFpT7te6w-MtNB24Ubrjjlea76SA (0.80, 0.96, 4.50)
GoAhead Webserver
Inside the decompressed firmware is an embedded GoAhead webserver (CVE)
GameOS firmware file
Filename: eurus_fw.bin
Location: /dev_flash/sys/internal and inside CoreOS package
example from FW 2.40
Header:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 01 00 00 00 00 00 F0 D0 B4 05 00 00 E5 63 86 B6 ......ðд...åc†¶ 00000010 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 18 F0 9F E5 .ðŸå.ðŸå.ðŸå.ðŸå 00000020 18 F0 9F E5 00 00 A0 E1 18 F0 9F E5 18 F0 9F E5 .ðŸå.. á.ðŸå.ðŸå 00000030 58 00 F0 D0 40 00 F0 D0 44 00 F0 D0 48 00 F0 D0 X.ðÐ@.ðÐD.ðÐH.ðÐ 00000040 4C 00 F0 D0 00 00 00 00 50 00 F0 D0 54 00 F0 D0 L.ðÐ....P.ðÐT.ðÐ 00000050 FE FF FF EA FE FF FF EA FE FF FF EA FE FF FF EA þÿÿêþÿÿêþÿÿêþÿÿê
only plain readable part:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00001B90 00 00 00 00 60 01 00 00 49 6E 76 61 6C 69 64 20 ....`...Invalid 00001BA0 4F 70 65 72 61 74 69 6F 6E 00 00 00 02 00 00 08 Operation....... 00001BB0 44 69 76 69 64 65 20 42 79 20 5A 65 72 6F 00 00 Divide By Zero.. 00001BC0 4F 76 65 72 66 6C 6F 77 00 00 00 00 55 6E 64 65 Overflow....Unde 00001BD0 72 66 6C 6F 77 00 00 00 49 6E 65 78 61 63 74 20 rflow...Inexact 00001BE0 52 65 73 75 6C 74 00 00 3A 20 48 65 61 70 20 6D Result..: Heap m 00001BF0 65 6D 6F 72 79 20 63 6F 72 72 75 70 74 65 64 00 emory corrupted. 00001C00 55 6E 6B 6E 6F 77 6E 20 73 69 67 6E 61 6C 00 00 Unknown signal.. 00001C10 78 47 00 00 1E FF 2F E1 78 47 00 00 10 40 2D E9 xG...ÿ/áxG...@-é 00001C20 E9 FE FF EB 04 00 80 E2 10 40 BD E8 1E FF 2F E1 éþÿë..€â.@½è.ÿ/á 00001C30 08 B5 00 AB 18 70 03 20 69 46 AB DF 01 B0 08 BC .µ.«.p. iF«ß.°.¼ 00001C40 18 47 00 00 00 C0 9F E5 1C FF 2F E1 21 14 F0 D0 .G...ÀŸå.ÿ/á!.ðÐ 00001C50 78 47 00 00 10 40 2D E9 EF FF FF EB 00 10 A0 E3 xG...@-éïÿÿë.. ã 00001C60 00 10 80 E5 10 40 BD E8 1E FF 2F E1 41 62 6E 6F ..€å.@½è.ÿ/áAbno 00001C70 72 6D 61 6C 20 74 65 72 6D 69 6E 61 74 69 6F 6E rmal termination 00001C80 00 00 00 41 72 69 74 68 6D 65 74 69 63 20 65 78 ...Arithmetic ex 00001C90 63 65 70 74 69 6F 6E 3A 20 00 49 6C 6C 65 67 61 ception: .Illega 00001CA0 6C 20 69 6E 73 74 72 75 63 74 69 6F 6E 00 00 00 l instruction... 00001CB0 00 49 6E 74 65 72 72 75 70 74 20 72 65 63 65 69 .Interrupt recei 00001CC0 76 65 64 00 00 00 00 00 49 6C 6C 65 67 61 6C 20 ved.....Illegal 00001CD0 A3 33 63 EF 01 00 00 00 70 1C F0 D0 B4 05 00 00 £3cï....p.ðд... 00001CE0 05 FC E6 C7 61 64 64 72 65 73 73 00 00 00 00 00 .üæÇaddress..... 00001CF0 00 00 00 54 65 72 6D 69 6E 61 74 69 6F 6E 20 72 ...Termination r 00001D00 65 71 75 65 73 74 00 00 00 00 53 74 61 63 6B 20 equest....Stack 00001D10 6F 76 65 72 66 6C 6F 77 00 00 00 00 00 00 00 00 overflow........ 00001D20 00 52 65 64 69 72 65 63 74 3A 20 63 61 6E 27 74 .Redirect: can't 00001D30 20 6F 70 65 6E 3A 20 00 4F 75 74 20 6F 66 20 68 open: .Out of h 00001D40 65 61 70 20 6D 65 6D 6F 72 79 00 00 00 00 00 55 eap memory.....U 00001D50 73 65 72 2D 64 65 66 69 6E 65 64 20 73 69 67 6E ser-defined sign 00001D60 61 6C 20 31 00 00 55 73 65 72 2D 64 65 66 69 6E al 1..User-defin 00001D70 65 64 20 73 69 67 6E 61 6C 20 32 00 00 50 75 72 ed signal 2..Pur 00001D80 65 20 76 69 72 74 75 61 6C 20 66 6E 20 63 61 6C e virtual fn cal 00001D90 6C 65 64 00 43 2B 2B 20 6C 69 62 72 61 72 79 20 led.C++ library 00001DA0 65 78 63 65 70 74 69 6F 6E 00 00 00 00 00 00 00 exception.......
Tail:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000709A0 3E CA D7 EA C7 4C 7A 6B A7 8F 5A E5 7B 91 BB F8 >Ê×êÇLzk§.Zå{‘»ø 000709B0 58 A7 4D AA E6 7C 72 D0 A4 8B C3 26 05 3F C7 EB X§Mªæ|rФ‹Ã&.?Çë 000709C0 79 BB 09 DE 2E DC E0 A3 8B BC 4D 13 D7 FF 1B 00 y».Þ.Ü࣋¼M.×ÿ.. 000709D0 60 40 00 D0 04 00 00 00 EC 47 9E 14 54 8A ED C0 `@.Ð....ìGž.TŠíÀ 000709E0 04 00 00 00 00 00 F0 D0 00 00 00 00 3C 1A ED 79 ......ðÐ....<.íy
Other References
- http://www.psdevwiki.com/ps3/Hypervisor_Reverse_Engineering#Gelic_device_.28Network_Interface.29
- http://www.psdevwiki.com/ps3/Hypervisor_Reverse_Engineering#WLAN_Gelic_Device
- http://www.psdevwiki.com/ps3/WLAN_PS3_Jupiter_Driver
- http://wiki.gitbrew.org/index.php/PS3:HvReverseEngineering#Gelic_Device
aka: Eurus / Gelic / WLAN / JUPITER-TWO
|