 |
There are currently 176 guest(s) and 66 member(s) online.
Welcome honored guest. You can register for free by clicking here.
|
We received
36706583
page views since June 2002
|
| |
modrobert writes: "I have released PS3 Glitch Finder which is a VHDL design for Spartan-3 (eg. xc3s400) FPGAs with the purpose of easily creating a custom pulse which can be used to glitch various hardware, like the PS3 memory bus. The design should work with most of the Spartan-3 development boards out there (eg. Spartan-3 Starter Kit, Basys, Nexys, Discovery or similar). This small project has been a lot of fun and reminds me of the happy days of phreaking using blue box, the art of finding that working 'break' (tone combo) for an unsuspecting toll-free switch board in a country far away somewhere. Now we can enjoy finding the perfect glitch for PS3 instead. ;) More info regarding the project can be found in the wiki, and if you have suggestions or just want to comment try this forum topic. The VHDL source code is released under GPL v2.
 "
|
Posted on Sunday, March 07, 2010 @ 19:03:32 GMT (275 reads)
(Read More... | 1825 bytes more | 1 comment | Score: 0)
|
|
[source: lt.nfo @ Benq_iXtreme_LT.rar] After a long development and testing process we give you the first official release of the Benq iXtreme LT.
- Supports all BenQ Drives (62430C, 64930C)
- Totally re-written code optimised for minimal patching
- Whole banks of firware now untouched
- New Drive response timing engine accurately mimics original drive timings
- Full disc stealth used by default
- Waveless booting , disc images are assumed to be correct!
- Split-Vid used as default
|
Posted on Saturday, March 06, 2010 @ 14:58:50 GMT (386 reads)
(Read More... | 1283 bytes more | comments? | Score: 5)
|
|
|
[source: xorloser @ xorloser.com] I finally found the time to complete the PS3 exploit toolkit software I mentioned to in my previous posts. I call it XorHack. It allows you to call lv1 syscalls (level 1 system calls) from a normal (userspace) program. It also lets you run the software required when triggering the PS3 exploit from a normal userspace program. To give an example of how it can be used I have included the following example programs: * ps3exploit – Runs the software required to exploit the ps3, it loops a number of times which can be specified as a parameter. (This still must be used along with the "button pressing", it will not exploit the PS3 via software alone). * dumphv – Dumps the hypervisor to a file in the current directory.* dumpbl – Dumps the bootloader to a file in the current directory. * dumprom – Dumps the system rom to a file in the current directory.
|
Posted on Wednesday, March 03, 2010 @ 17:00:47 GMT (585 reads)
(Read More... | 5491 bytes more | comments? | Score: 0)
|
|
[source: wiikey.cn] On Friday evening, beta samples of Wiikey Fusion were sent out to all of our distributors. Assuming that no major issues are reported over the next week, the launch of Wiikey Fusion will be happening very soon!
|
Posted on Sunday, February 28, 2010 @ 07:58:06 GMT (275 reads)
(... | comments? | Score: 0)
|
|
[source: gc-linux.org] The new release of the mainline Linux kernel is out and has now platform support for the Nintendo GameCube and Wii, courtesy of gc-linux.org. Note though that most driver support is still missing in mainline. As of now, you just get Wii SDHCI support which means SD card and WiFi support (already merged in v2.6.32) only. But we are at it <3.
|
Posted on Thursday, February 25, 2010 @ 06:23:26 GMT (206 reads)
(... | comments? | Score: 0)
|
|
|
[source: xorloser @ xorloser.com] I haven’t gotten around to doing an update in a while due to work (and a little relaxation) taking all my time. Rather than wait till I have finished all of the stuff I wanted to before posting again I decided to post some tidbits to tide you over until the rest is ready. Before I do so I’d like to make the following clear as no matter how many times I say it, people believe what they want to believe instead: THIS PS3 EXPLOIT WILL NOT ENABLE PLAYING OF COPIED OR BACKED UP GAMES. THE EXPLOIT IS FOR RESEARCH PURPOSES ONLY. It seems someone took some initiative and made some software themselves to dump the hypervisor once they have the correct hardware and software. So for anyone who has used that and dumped their own hypervisor I present this PS3 HV Dump setup script for IDA.This script will setup function tables including the hypercall (syscall) table, mmcall table, OPD, TOC, GOT. It will find common functions such as puts and printf and very importantly it will fixup all rtoc references which are used to access global variables and strings.
|
Posted on Wednesday, February 24, 2010 @ 18:33:12 GMT (487 reads)
(Read More... | 2337 bytes more | comments? | Score: 0)
|
|
|
[source: wiikey.cn] The feature list for Wiikey Fusion has now been updated in the Wiikey Fusion section. Samples will shortly be sent out to our distributors for testing in preparation for the upcoming launch. Read on for features...
|
Posted on Tuesday, February 23, 2010 @ 05:58:12 GMT (412 reads)
(Read More... | 2168 bytes more | comments? | Score: 5)
|
|
modrobert writes: "I've created a wiki page dedicated to the PS3 Glitch Hack by geohot with info gathered from what geohot and xorloser have released so far. There are now lots of other contributors as well, but this wiki page focus on where it all began, filtered from bullshit and professional doubters. ;)
 "
|
Posted on Tuesday, February 16, 2010 @ 10:34:05 GMT (778 reads)
(... | comments? | Score: 0)
|
|
The EurAsia servers have moved to new faster hardware with more memory and disk space, also with updated supporting software. I have replaced the old phpwiki system with mediawiki and most of the data has been converted, but many pages still needs some cosmetic edits after my crude 'sed' scripts mangled the data dumps. Also, you need to register and login to the wiki system separately to add/edit pages for now. Enjoy!
|
[source: LBGSHI @ ps2dev.org] As members of the video game homebrew/development/reverse-engineering scene, we admittedly spend a considerable amount of time re-inventing the wheel. This is sometimes necessarily so, but much of the time it can be avoided by cohesion and the application of standards. Parasyte and, to varying degrees, other scene members from GSHI, KodeWerx, RHDN, and abroad, are working on a new protocol, known as SRDP - Scalable Remote Debugger Protocol, as the title has already alerted you. Straight from the source's mouth, SRDP is "a remote debugging protocol, applicable to emulators and video game hardware, among other uses.", which "will allow the same debugger user interfaces to be used on any emulator of your choosing, or even on the real deal." This standardization means that any debugger UI upgrade would be a universal one, across any system physically capable of supporting the new features implemented. This would be a huge leap forward in debugger technology and methodology, and would save a lot of time and effort that usually goes to waste with every new debugger for every new system. Whether you're a developer, a regular user of debuggers, or just an interested member of the community, you can help, merely by showing interest and making a post on one of the SRDP threads. Ask questions that spark discussion, contribute example code, and feel free to spread the word to anyone you think might be interested. For a spec sheet in progress, drop by HERE, and for a synopsis of SRDP by Parasyte, check out the threads HERE and HERE.
|
Posted on Tuesday, February 16, 2010 @ 04:32:58 GMT (125 reads)
(... | comments? | Score: 0)
|
|
garyopa writes: "Sounds like Geohot's made real significant progress now, infact it sounds like he may have nailed it:
'On the Isolated SPUs
Today I verified my theories about running the isolated SPUs as crypto engines. I believe that defeats the last technical argument against the PS3 being hacked.
In OtherOS, all 7 SPUs are idle. You can command an SPU(which I'll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from pkgs to selfs. Including those from future versions.
The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.
Ah, but you still didn't get the Cell root key. And I/we never will. But it doesn't matter. For example, we don't have either the iPhone or PSP root key. But I don't think anyone doubts the hackedness of those systems.
I wonder if any systems out there are actually secure?'"
|
Posted on Sunday, February 14, 2010 @ 13:24:11 GMT (396 reads)
(... | comments? | Score: 0)
|
|
|
modrobert writes: "Opium over at gbatemp.net has posted a detailed review of WODE - Wii Optical Drive Emulator. Yes, that's right, the modchip foot stand gets another review. Random quotes from the conclusion: 'It is a powerful, feature rich, unique product for anyone looking for a hardware solution for Wii USB game loading. It performs almost without a hitch. The WODE is however obviously designed for a specific type of audience - the one that doesn’t want to run homebrew or fiddle with the Wii’s firmware. USB game loading is available for free on any Wii by using homebrew and loaders. And sometimes those loaders perform better than the WODE can.'"
|
Posted on Thursday, February 11, 2010 @ 04:39:44 GMT (412 reads)
(... | comments? | Score: 0)
|
|
|
[source: xorloser @ xorloser.com] This post will deal with the hardware required to trigger the PS3 hypervisor memory access exploit. The purpose of the hardware is to stop the PS3 from saving a change to a value that we don’t want changed. The PS3 saves this changed value by writing the value to RAM. Therefore in order to stop it from saving the changed value we need to stop this write from occurring. The PS3 sends the write command to the RAM over some control lines, so we interfere with these control lines when the write command is sent. The result we want is having the PS3 think it has successfully written the value to RAM, but the RAM didn’t receive the write command due to our interference and so it did not perform the write operation. The easiest (and moderately safe) way to interfere with these control lines is to ground them. This is done easily enough by connecting a wire between one of the control lines and ground. The tricky part is timing it just right so that it only interferes with the write we want to stop, and not anything that occurs before or after this write. This might be achievable with costly equipment and a lot of work, however geohot used the simple method of "luck". This involves repeatedly preparing the situation to best favour the chance of overwriting the correct write command and then continually grounding a control line until either something crashes that shouldn’t or the mark is hit stopping the write operation from occurring. At this point the exploit has been successfully triggered! :)
|
Posted on Sunday, February 07, 2010 @ 15:33:42 GMT (1175 reads)
(Read More... | 9484 bytes more | 3 comments | Score: 5)
|
|
|
[source: xorloser @ xorloser.com] As I’m sure everybody heard, the memory access exploit for the PS3 hypervisor was released recently by geohot. I was finally able to replicate his hack so I thought I’d take the time to help out others who may also have trouble due to being linux n00bs like me :) If I were to post everything at once it would be too much work and I’d never get around to it, so I’ll post bits at a time to ensure I actually do post it heh. Today’s post will talk about the software side of the exploit.
|
Posted on Friday, February 05, 2010 @ 10:20:59 GMT (1281 reads)
(Read More... | 5129 bytes more | comments? | Score: 5)
|
|
[source: garyopa @ psx-scene.com] A couple days ago PSPJOKE over at LAN.ST had started a thread, regarding a Game Save Crash, and unlike previous claims to fame of fancy YouTube videos and nothing being released or work on. This one seems to be aimed in the right direction, and hopefully the end result will be a working exploit for the newer PSP firmwares like the v6.20 on the PSP-GO. For now, you can read thru the open discussion over at LAN.ST.
|
Posted on Friday, February 05, 2010 @ 03:25:14 GMT (491 reads)
(... | comments? | Score: 0)
|
|
|
modrobert writes: "GodzIvan has refined his work on the Xbox 360 NAND flash write protection (see previous story) and developed a digital switch called NWP CHIP where you simply use the DVD eject button to toggle protection. The only parts required are a PIC12F629 microcontroller and a bi-color LED. Thanks for sharing!"
|
|
modrobert writes: "I got this tip from carranzafp about an interesting Xbox 360 RROD solution and deal over at dynamodz.com (the site is Dutch but has Google Translate function). The deal includes a custom version of Team Hybrid's Ultimate X-Clamp Fix along with a bonus Xbox360 ToolKit (to open the case). "
|
[source: carranzafp @ 360xtractorpro.com] INTRODUCING THE NEW ACCESSORY FOR XTRACTOR: "VAMPIRE". This device will help professional installers to do the Firmware reading on the latest Liteon drives (83850V2 & 93450). Its based on the MRA concept and 100% compatible with all Xtractor units, it connects directly on the Xtractor pin port. It came with 2 visual indicators, one for polarity check and other for Vendor Mode. This device release could confuse some people because we just released Litekey. But the reason is simple, Litekey is intended for end users who want to install a device on their drives that simplify their lives on future updates without having to re-open the drive, their main worry is about enjoying the console, they should not be bothered about plugging, wiring, switching, every time they update.
|
Posted on Saturday, January 30, 2010 @ 06:56:40 GMT (819 reads)
(Read More... | 1799 bytes more | 3 comments | Score: 0)
|
|
|
modrobert writes: "I stumbled across some info over at wiinewz.com about SNEEK; a software project started by crediar which redirects all NAND flash access on a Nintendo Wii to an SD card and it also brings its own ES module which allows unsigned content to be installed. You can find the source code over at Google Code and there is an interesting forum thread over at gbatemp.net."
|
Posted on Friday, January 29, 2010 @ 07:04:01 GMT (353 reads)
(... | comments? | Score: 0)
|
|
modrobert writes: "After a couple of days of hacking geohot has released his PS3 exploit to the public which includes source code, glitch point diagram and instructions. Quote geohot: 'In the interest of openness, I've decided to release the exploit. Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released. I have a life to get back to and can't keep working on this all day and night.' You can read the whole post and more over at geohot's ps3 blog, but please try to ignore the comments and do something creative instead, like using the exploit to dump interesting stuff. ;)
 "
Note: EurAsia forum topic here.
|
[source: geohotps3.blogspot.com] I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me, as I now have dumps of LV0 and LV1.
3 years, 2 months, 11 days...thats a pretty secure system
Note: EurAsia forum topic here.
|
Posted on Saturday, January 23, 2010 @ 04:07:16 GMT (2076 reads)
(Read More... | 1095 bytes more | 3 comments | Score: 5)
|
|
[source: cygnos360.com] First of all, happy new year to everyone and welcome to 2010. Looks like it’s going to be a good year for Xbox 360 enthusiasts with all those neat applications coming in on almost a daily basis now. We have not held a winter sleep either and continued to further improve the Cygnos360 V2. We have made major improvements to our Cygnos360 v2 Firmware which is now in 1.03 final. (you can get it here) We have significantly increased the flashing speed for 16Mb xbox 360 NANDs.
With the new firmware v1.03, programming takes 24 seconds and reading 28 seconds. That is a full image, not a partial!
|
Posted on Friday, January 22, 2010 @ 06:28:41 GMT (484 reads)
(Read More... | 3113 bytes more | 1 comment | Score: 0)
|
|
[source: lt.nfo @ LiteOn_iXtreme_LT.rar] After a long development and testing process we give you the first official release of the iXtreme LT.
- Supports all Liteon Drives (74850, 83850V1, 83850V2, 93450)
- Totally re-written code optimised for minimal patching
- Whole banks of firware now untouched
- New Drive response timing engine accurately mimics original drive timings
- Full disc stealth used by default
- Waveless booting , disc images are assumed to be correct!
- Split-Vid used as default
|
Posted on Wednesday, January 20, 2010 @ 07:34:37 GMT (1550 reads)
(Read More... | 1306 bytes more | comments? | Score: 5)
|
|
|
Anonymous writes: "June last year, it was announced that the Fatal Frame IV translation team were working on -- you guessed it; A Fatal Frame IV English translation for Wii. The team is happy to announce it has finally been released!"
|
Posted on Monday, January 18, 2010 @ 07:31:21 GMT (411 reads)
(... | comments? | Score: 0)
|
|
modrobert writes: "geohot (aka George Hotz) has been busy setting up a custom SPI interface for the PS3 Cell processor in order to basically remap a region of the hypervisor protected memory to overlap SPU memory in userland using his FPGA setup. You can find more information in his ps3 blog and updates via twitter. I suspect the goal of the hack is to execute his own code in protected memory without interference from the hypervisor.
 "
|
|
modrobert writes: "Team Jungle has found new checks Microsoft can use for banning purposes according to their twitter post which affects all firmwares except LT. I guess we can expect new iXtreme releases shortly."
|
|
modrobert writes: "Brakken over at tehskeen.com has closed down his network of websites due to circumstances out of his control. I don't know if that means the site was hacked and data was lost or something else. This is not the first time the sites goes down, so I for one hope this downtime is just temporary. Read on for Brakken's statement..."
|
Posted on Wednesday, January 13, 2010 @ 05:42:24 GMT (1003 reads)
(Read More... | 1157 bytes more | 5 comments | Score: 0)
|
|
|
[source: wiikey.cn] Wiikey Fusion, as many will know, has been the buzz of the Wii modding community for several months now. This revolutionary new way to mod a Wii to enable backups to be played from SD card has caused a lot of excitement and anticipation. At the same time, a lot of people have emailed us to voice their frustration over how long its taking. When we first announced Wiikey Fusion back in September 2009, we did not think that it would take quite this long to launch. Initially, we had October 2009 as a preliminary launch date. However, introduction of a new protections in the form of a previously unused DI command (BCA read) in a recently released game forced us to reconsider the Wiikey Fusion architecture. While implementing BCA read emulation is quite straightforward there are several other Wii/Gamecube specific commands that potentially could be used in future protections.
|
Posted on Monday, January 11, 2010 @ 17:34:24 GMT (631 reads)
(Read More... | 1507 bytes more | 1 comment | Score: 0)
|
|
|
[source: xbox-scene.com] Trancy released a new version of XBR-Flash. With LFlash it was already possible to update your XBReboot on NAND-16mb consoles directly from your Xbox 360 booted into a Linux Distro like Gentoo (so no need to flash over LPT or USB again). Based on LFlash, XBR-Flash however will now allow you to flash on 256/512mb consoles as well and v0.2 comes with more additional features.
|
Posted on Monday, January 11, 2010 @ 04:04:49 GMT (572 reads)
(Read More... | 1812 bytes more | comments? | Score: 0)
|
|
|
modrobert writes: "Bushing has posted a wrap up of the Chaos Communication Congress (26C3) over at hackmii.com. The majority of Team Twiizers were there including tmbinc (Felix Domke) who also gave a speech on 'Blackbox JTAG Reverse Engineering'."
|
Posted on Saturday, January 09, 2010 @ 08:01:56 GMT (368 reads)
(... | comments? | Score: 0)
|
|
| |
|
Don't have an account yet? You can create one. As registered user you have advantages like access to our download section, member forums, private messages, post stories with your name and more.
|
|
|
