Editing Syscon Hardware

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
The PS4 Syscon is a custom Renesas RL78/G13.
Syscon is, together with [[Southbridge]], one of the main chips responsible for taking care of the functioning of APU, peripherals, etc.


See also [https://wiki.henkaku.xyz/vita/Ernie#Versions PS Vita Syscon Hardware Revisions].
PS4 Syscon is codenamed '''Colwick'''. It is a custom Renesas RL78/G13.


= Hardware revisions =
= Hardware revisions =
Line 604: Line 604:
|}
|}


= Glitching, Dumping and Flashing =
= Glitching, Dumping & Flashing =


By soldering 1 wire directly to the Syscon (can be removed after exploit) and 3 more to an external board, you can:
Based on the attack outlined by Fail0verflow ''fail0verflow.com/blog/2018/ps4-syscon/'' VV1LD had designed the following: ''github.com/VV1LD/SYSGLITCH''
* Downgrade Firmware (CoreOS Swap) if you are also able to write to [[Serial Flash (Hardware)]]
* Repair LoadBios -8 Error
* Repair SU-39176-6 Error
* Repair BlStorageHeader Error
* Repair checkUpdVersion Error
* Repair idpsCert Error
* Manipulate Entire Syscon (Debug Mode)
* Repair Obscure UART Errors
* Store and Revert Syscon EEPROM Images
* Recover from a brick if you keep associated Syscon EEPROM and Serial Flash dumps


== Glitching Syscon ==
Using VV1LD's shellcode you can copy the original Syscon and dump it to a new Renesas chip with relative ease. '''Guide available on BwE's GitHub.'''


By glitching Syscon, it is possible to dump its EEPROM, including NVS.
You can also flash to the original SCE syscon using a different shellcode but this is a commercial product sold by BwE.
 
=== Method 1 ===
 
We are able to make a 1:1 copy of a PS4 Syscon and put it on another chip. This allows to install a dump of a PS4 Syscon to a brand new chip then swap it. This is often used in firmware revert (leading to limited [[System Software Downgrade]]) method to avoid having to flash the same chip each time one wants to revert firmware but instead only have to swap the chips.
 
Based on the attack outlined by Fail0verflow [https://fail0verflow.com/blog/2018/ps4-syscon] '''Wildcard''' designed the following glitch using a Teensy: [https://github.com/VV1LD/SYSGLITCH].
 
Using '''Wildcard''''s shellcode but using a different methodology on his GitHub, you can copy the original Syscon and dump it to a new Renesas chip with comparatively greater ease.
 
See [https://github.com/BetterWayElectronics/sce-syscon-writer-guide] and [https://betterwayelectronics.com.au/sce_syscon.html].
 
[https://github.com/BetterWayElectronics/ps4-syscon-reader-writer].
 
=== Method 2 ===
 
You can also flash to the original Syscon using a different shellcode. See Abkarino's and BwE's publications.
 
== Ressources ==
 
* https://github.com/andy-man/ps4-wee-tools
* https://github.com/AbkarinoMHM/PS4SysconTools
* https://betterwayelectronics.com.au/#hardware
* https://betterwayelectronics.com.au/#uartsyscon
* https://betterwayelectronics.com.au/sce_syscon.html
* https://www.youtube.com/watch?v=SdyxlncxNbk
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "https://www.psdevwiki.com/ps4/Syscon_Hardware"