Wednesday 7 April 2010
JaicraB Blog (English version)
This is the official JaicraB Blog English version. I will be the maintainer of the site and I will try to mantain it updated with the latest news from the JaicraB Blog so the international PS3 scene can collaborate in an easier way with JaicraB and DemonHades.
Thursday 1 April 2010
PS3, Pulse generation software V2
[original version]
Pulse generator V2.
The pulse generation software was poorly debugged and theoretically bad planned. It was wroking for me, but it is true that is was not always working at the first try. Because of this I've developed a second version, more debugged and controlled by the CPU cycles. Why by CPU cycles? Each computer is different, CPU, BUS, etc etc. And because of this each computer has its own cycle so now you can find it starting from the smallest one until you find it ;). In my case it is 3, running over MSDOS in a VMWARE virtual machine.
Usage:
1.- Keep disconnected the LPT! port from the PC. (At system startup it is usually activated).
2.- Now you can generate a pulse giving it from 1 to 9 cycles.
3.- Start always with 1 cycle at least with 25 tries. If you see that it does not influecne the PS3 the ncontinue with the number 2 wit hanother 25 tries, and so on.
4.- Once the exploit works, you can leave the program pushing any key, remember the number os cycles for the next test.
Downloads:
Source code and binaries: http://www.megaupload.com/?d=QKKNKZJJ
Pass: jaicrab.jaicrab
Some photos:
Pulse generator V2.
The pulse generation software was poorly debugged and theoretically bad planned. It was wroking for me, but it is true that is was not always working at the first try. Because of this I've developed a second version, more debugged and controlled by the CPU cycles. Why by CPU cycles? Each computer is different, CPU, BUS, etc etc. And because of this each computer has its own cycle so now you can find it starting from the smallest one until you find it ;). In my case it is 3, running over MSDOS in a VMWARE virtual machine.
Usage:
1.- Keep disconnected the LPT! port from the PC. (At system startup it is usually activated).
2.- Now you can generate a pulse giving it from 1 to 9 cycles.
3.- Start always with 1 cycle at least with 25 tries. If you see that it does not influecne the PS3 the ncontinue with the number 2 wit hanother 25 tries, and so on.
4.- Once the exploit works, you can leave the program pushing any key, remember the number os cycles for the next test.
Downloads:
Source code and binaries: http://www.megaupload.com/?d=QKKNKZJJ
Pass: jaicrab.jaicrab
Some photos:
PS3, Second Dump
[original version]
Good night/early morning.
First of all, I want to point out that you have to be aware if you are going to use the previously described circuit.
The program received some criticism, well, you've seen the source code, you can modify it at your own will! It works for me and I've shared it as is. The same happened with the memory dumps, I haven't checked them out. At the same time I've obtained them, I copied them to a pendrive, I compressed them and I uploaded them with checking its contents.
Also I have to point out that in any of the dumps to date, including this second test, the communitacions board (bluetooh, wifi) was not connected to the main board.
Let's go to the point. I've generated a second dump to compare it with the first one. Just in case we find any data corruption because of the generated pulse or simply because of the HV variables.
The Boot dump is exactly the same and there is nothing comprehensible :S. It is probably cyphered or it does not contain any string.
The HV dump is different, but quite similar to the first one made.
Extract your own conclusions.
HV: http://www.megaupload.com/?d=ZO4K6OYT
BootLoader: It is not needed, its exactly the same.
Pass: jaicrab.jaicrab
I wait for your feedback. Good luck.
Good night/early morning.
First of all, I want to point out that you have to be aware if you are going to use the previously described circuit.
The program received some criticism, well, you've seen the source code, you can modify it at your own will! It works for me and I've shared it as is. The same happened with the memory dumps, I haven't checked them out. At the same time I've obtained them, I copied them to a pendrive, I compressed them and I uploaded them with checking its contents.
Also I have to point out that in any of the dumps to date, including this second test, the communitacions board (bluetooh, wifi) was not connected to the main board.
Let's go to the point. I've generated a second dump to compare it with the first one. Just in case we find any data corruption because of the generated pulse or simply because of the HV variables.
The Boot dump is exactly the same and there is nothing comprehensible :S. It is probably cyphered or it does not contain any string.
The HV dump is different, but quite similar to the first one made.
Extract your own conclusions.
HV: http://www.megaupload.com/?d=ZO4K6OYT
BootLoader: It is not needed, its exactly the same.
Pass: jaicrab.jaicrab
I wait for your feedback. Good luck.
Wednesday 31 March 2010
PS3, Dump... Complete
[original version]
Wellcome.
I've been able to generate the Hyper and BL dumps. :D
Finally I've build the pulse generator using the PC parallel port.
Dumps:
HV: http://megaupload.com/?d=SJ0NX5SQ (descomprimido: 16.777.216 Bytes)
BL: http://www.megaupload.com/?d=X9KX2WSA (descomprimido: 262.144 Bytes)
ZIP password: jaicrab.jaicrab
LPT1 circuit diagram:
Software:
(DO IT AT YOUR OWN RISK, I WON'T BE RESPONSIBLE of any damage made to the device, its a very simple program, and it is not polished. There is very little danger, but you also need to take into account that the LPT1 port is very fragile. Good luck!)
Source code and binary: http://megaupload.com/?d=7EJW43VG
It is recommended to run it under the Windows command line. Download the Windows 98 sartup disk, copy the binary and run it. Do not connect the anything to the LPT1 port until specified by the program. The source code has been developed using Turbo c++.
Pass: jaicrab.jaicrab
The most important thing is to share and to do not save anything for yourself, mainly if it is for the common improvement. Please don't misuse my MAC and my PS3 data ;)
Any question or suggestion is wellcome in the comments. In the next "chapter" I'll disenbowel the dump. See you soon!
Wellcome.
I've been able to generate the Hyper and BL dumps. :D
Finally I've build the pulse generator using the PC parallel port.
Dumps:
HV: http://megaupload.com/?d=SJ0NX5SQ (descomprimido: 16.777.216 Bytes)
BL: http://www.megaupload.com/?d=X9KX2WSA (descomprimido: 262.144 Bytes)
ZIP password: jaicrab.jaicrab
LPT1 circuit diagram:
Software:
(DO IT AT YOUR OWN RISK, I WON'T BE RESPONSIBLE of any damage made to the device, its a very simple program, and it is not polished. There is very little danger, but you also need to take into account that the LPT1 port is very fragile. Good luck!)
Source code and binary: http://megaupload.com/?d=7EJW43VG
It is recommended to run it under the Windows command line. Download the Windows 98 sartup disk, copy the binary and run it. Do not connect the anything to the LPT1 port until specified by the program. The source code has been developed using Turbo c++.
Pass: jaicrab.jaicrab
The most important thing is to share and to do not save anything for yourself, mainly if it is for the common improvement. Please don't misuse my MAC and my PS3 data ;)
Any question or suggestion is wellcome in the comments. In the next "chapter" I'll disenbowel the dump. See you soon!
PS3, Resurrected, back on board
[original version]
As you can read, good news for me. The PS3 is working again.
The problem? it wasn't the power supply, it was due to the two resistors where the exploit wire is connected. Due to finger too much the wire.
I had to change both of them, recicled from a broken PDA
If someone has the same problem, they are 45 Ohms resistors. I tried using two convential 1/2 watt resistors and it didn't work. Anyway, the ones I had used are an SMD 35 Ohms ones.
I'm back on board, let's get the DUMP.
As you can read, good news for me. The PS3 is working again.
The problem? it wasn't the power supply, it was due to the two resistors where the exploit wire is connected. Due to finger too much the wire.
I had to change both of them, recicled from a broken PDA
If someone has the same problem, they are 45 Ohms resistors. I tried using two convential 1/2 watt resistors and it didn't work. Anyway, the ones I had used are an SMD 35 Ohms ones.
I'm back on board, let's get the DUMP.
Tuesday 30 March 2010
PS3, Power Supply K.O.
[original version]
As you can read, it seems that the power supply is broken down.
I'm sure that it's been because I've turned it off too many times using the back button while testing (Maybe the button is broken, who knows).
See you soon!
As you can read, it seems that the power supply is broken down.
I'm sure that it's been because I've turned it off too many times using the back button while testing (Maybe the button is broken, who knows).
See you soon!
Sunday 28 March 2010
PS3, Exploit, Roll-out
[original version]
It seems that to roll-out the exploit and make it success 100% is like the lotery, don't get exasperated.
Once installed as descrived previously I recommend a restart. As it is so "tricky" to success with it, it is recommended to do it just after a restart and without logging in into the graphical interface. I mean, when the system requests our login data we will go to a terminal by pushing Control+Alt+F1. There we login with the user defined during the installation.
Once logged in we can go as root with the following command "sudo -s". WE introduce the root password and we are ready to test the exploit.
The command to run the exploit is "ps3exploit" and it needs a parameter. The amount of times that it will give you the opportunity to cause the failure to the hypervisor and that we will take advantage to generate the memory dumps.
If we run "ps3exploit 100". We will get 100 opportunities to carry out the deed.
It will show a message telling us to push the button of the circuit and the retry count until you to the 100 retries xD. How we will know that it works? If the exploit detects your button push in the circuit you will realize, the RAM dump will begin. And what happens if it is not detected? It will inform you that you got you 100 retries and that's it. If it is not detected don't despair, try again with "ps3exploit 100" until you get it.
In my case, I still haven't been able to make it work. I think that it is because of the circuit, I have not built it in the right way, the 26Mhz crystal as I previously said o the the circuit isn't the right one.
I'll keep you updated...
It seems that to roll-out the exploit and make it success 100% is like the lotery, don't get exasperated.
Once installed as descrived previously I recommend a restart. As it is so "tricky" to success with it, it is recommended to do it just after a restart and without logging in into the graphical interface. I mean, when the system requests our login data we will go to a terminal by pushing Control+Alt+F1. There we login with the user defined during the installation.
Once logged in we can go as root with the following command "sudo -s". WE introduce the root password and we are ready to test the exploit.
The command to run the exploit is "ps3exploit" and it needs a parameter. The amount of times that it will give you the opportunity to cause the failure to the hypervisor and that we will take advantage to generate the memory dumps.
If we run "ps3exploit 100". We will get 100 opportunities to carry out the deed.
It will show a message telling us to push the button of the circuit and the retry count until you to the 100 retries xD. How we will know that it works? If the exploit detects your button push in the circuit you will realize, the RAM dump will begin. And what happens if it is not detected? It will inform you that you got you 100 retries and that's it. If it is not detected don't despair, try again with "ps3exploit 100" until you get it.
In my case, I still haven't been able to make it work. I think that it is because of the circuit, I have not built it in the right way, the 26Mhz crystal as I previously said o the the circuit isn't the right one.
I'll keep you updated...
Subscribe to:
Posts (Atom)