User talk:Zecoxao
Jump to navigation
Jump to search
The Last Piece of the Puzzle
- http://www.psdevwiki.com/ps3/Syscon_Hardware (<SW-301)
- http://www.psdevwiki.com/ps3/Service_Connectors (Diag/Backup Mode, <3rd Generation)
- http://www.psdevwiki.com/ps3/Talk:Syscon_Hardware#Backup_Mode_.2F_Diag
- http://www.psdevwiki.com/ps3/Talk:Service_Connectors
- http://www.ps3devwiki.com/ps3/Cell_Configuration_Ring
- http://www.psdevwiki.com/ps3/SIG_File_Format
- http://i.imgur.com/xQizq0K.png
- http://www.psdevwiki.com/ps3/images/a/ac/TMU-520_1-871-645-11_A_Detail_3_%28SYSCON%29.jpg
- http://www.psdevwiki.com/ps3/File:PS3_Service_Connector_1st_Generation_COK-001.png
- http://en.wikipedia.org/wiki/ARM7#ARM7TDMI
- http://www.fpga4fun.com/images/JTAG_TAP.gif
- http://hsb.wikidot.com/arduino-jtag-finder-workshop
- https://www.youtube.com/watch?v=Up0697E5DGc
- http://urjtag.org/
- http://i.imgur.com/O10hqAK.png
- http://pastie.org/private/grd5u9izjlglkult64rta
How
- By enabling diagnostic mode on the ps3, we can enable the use of JTAG again (it's temporarily disabled when diag mode isn't set)
- It is possible to dump the syscon firmware using this method (in unencrypted state)
- The JTAG registers/TAP-controllers need to be bruteforced / reverse engineered
- The leaked service manuals present information about the pins connected to the JigPin
- The JigPin contains an object used to diagnose the ps3 using JTAG
- Using a DIY JigPin would facilitate the task
- This would probably work on ps4 too (provided that the diag pin and the JTAG pins still exist)