«
»

PS3 JailBreak 留文纪念

The first PS3 modchip has arrived and PSX-SCENE is the FIRST site to CONFIRM it is 100% REAL!!!

PSX-SCENE is the first any ONLY website to CONFIRM that this product is working 100% Not by speculation but by being the only website to actually have testers with actual product in hand! We will have a video courtesy of OzModchips soon so stay tuned!!!

I have been in contact directly with the manufacturer and can confirm some things you have all been asking about…

1. FAT32 is currently supported. They are working on NTFS.

2. They recommend staying on current firmware and not updating until they have deemed it safe. The dongle is fully updatable.

3. Online play does work but they cannot guarantee that it will work with all future titles.

4. Final retail units are ready to ship.

5. Official reseller list will be on their site in the next 48 hours. You can pre-order from any of the official resellers. There are websites out there now claiming to be selling but they are not legitimate. Don’t get ripped off. Wait until the official list is posted.


居然有人贴了代码, 不知道干啥的感觉像是USB通信. 
TALK   MOV     *R11+,R4     
          MOVB   *R4+,R2   
          SRL     R2,8
TALK0 LI       R1,>0003   
          MOV   R1,@TALK2+2 
TALK1 DEC     @TALK2+2   
TALK2 MOVB   @>0000(R4),R3
          MOVB   R3,R1         
          ANDI   R3,>0F00       
          ORI     R3,>4000       
          MOVB   R3,@>9400   
          ABS     @TALK2+2     
          JEQ     TALK3         
          SRL     R1,4         
          ORI     R1,>4000     
          MOVB   R1,@>9400 
          JMP     TALK1       
TALK3 A       @TALK0+2,R4   
          MOVB   @HEX50,@>9400 
          DEC     R2           
          JNE     TALK0         
          RT               
HEX50 BYTE >50   

引用A9VG回复帖子,

This mod is basically a RETAIL TO DEBUG convertor, using a JIGCARD from SONY services.
If you look at VHS, it has some DEBUG things.
This JIG CARD(aka USB DONGLE) is used for devs and technicians from sony to launch BOOT INI from DEV_USB0.
Combining some buttons you can change the SYSCON status, who launch as a primary boot this dongle.

BOOTSTRAP is read and the files from dongle are launched and the RAM is making a false REBOOT.
The whole thing its an SYSCON FIRMWARE EMULATOR.
TRM "thinks" we have a debug unit and KERNEL DEBUG is loaded.

This way a DEBUG VSHMAIN (temporarily) allows unsigned code load.
Now you can launch PKGs from USB (that has an explorer to do that)

To launch BDEMU you need a disc to activate MEDIATYPE BD.
When you launch LOADER(from usb) BDDRIVE CHANNEL is closed(they cant share the same channel).
To eliminate LAYER, it needs a CELLFTP to extract decrypted files(no layer) and to convert those to DEBUG MODE.
Executer files can be created with SDK,and generated by the same loader that extract the LAYER, and using PS3GEN to create signed isos(patched).
Same way a 360 works(using a core debug)

The LOADER is executed via APP.
ELIMINATING the initial USB BOOT, its all SONY has to do to kill this mod, because SYSCON is the boss

• 这个mod实际是一个从“零售机”到“开发机”的转换器,它使用了从SONY售后部门得来的“神卡”。
• 如果你看VSH(原文误为VHS?指PS3 XMB界面),它有些调试功能。
• 这个神卡(也就是那个USB狗)被开发者和Sony的技术人员用来从DEV_USB0(USB设备)上运行BOOT.INI。
• 通过一定按键序列你可以改变SYSCON(系统控制单元,用来控制PS3启动,待机等内务)的状态,把USB狗做为第一启动项。
• BOOTSTRAP(启动代码)和相关文件从USB狗中被读取到内存,并制造了一场假启动
• 整个东西就是一个SYSCON 固件模拟器。
• 让它认为我们是开发机,然后调试版内核被载入了。
• 一个调试版本的VSHMAIN(PS3的XMB主程序)(临时的)允许未签名的代码装载。
• 你就可以从USB上运行PKG文件(有个浏览器来做那事)
• 为了运行BDEMU(BD模拟器)你需要一张盘来激活BD媒体类型。
• 当你(从USB上)运行装载器时,BD光驱通道被关闭了(它们不能分享同一通道)
• 为了消灭LAYER(光驱分层?),需要一个CELLFTP(大概是某种FTP服务器)来提取解密文件(没有分层),并转化它们为调试模式(能用的)。
• 执行文件可以用SDK来创建,并被那个解压分层的装载器生成,并使用PS3GEN(大概是生成PS3光盘的工具)来生成签名后的ISO(补丁过的)。
• 同360的破解一样(使用调试版本的内核)
• 这个装载器是通过APP(应用层?)来运行的。
• Sony要做的事情只有一个,消灭USB启动功能,因为SYSCON是老板。(因为SYSCON总管PS3启动、待机等内务) 

SYSCON 
The System Control microcontroller which handles everything from, controlling power to all devices (including the LCD, UMD drive, memstick, wlan, even the main cpu), keeping the date/time, sleep mode control, controls all external switches including all buttons & the analog nub as well as the headphone remote buttons/switches, LED control, main power & battery control, and even access to the PSP’s Service Mode (SYSCON is the chip responsible for detecting the 0xFFFFFFFF serial of the battery to enable service mode). 
系统控制微控制器,用来控制几乎所有的东西,从控制电源到控制所有的设备(包括LCD屏幕, UMD光驱,存储棒,无线网络,甚至主cpu),保持时间和日期,睡眠模式控制,控制所有的外部开关(包括所有的按键,摇杆,耳机远程控制按钮/开关), LED屏幕控制,主电源和电池控制,甚至能介入psp的服务模式(SYSCON是负责检测电池中芯片的0xFFFFFFFF序列号,从而开启服务模式)
VSH(Visual Shell) (可视化外壳) 
Themain interface of the PSP, a user interface shell which provides the access tothe kernel. Uses Sony’s XMB (Cross Media Bar) for its GUI.
PSP的主要的界面,这个用户界面壳是用来提供核心的接入功能。
使用了sony 的 XMB 模式来作为它的GUI(Graphical User Interface图形用户界面)

cough isnt the syscon on ps3 a mask rom or is it eeprom ? if its mask rom as i said game over it needs a hardware revision to stop this if its eeprom it can be reprogrammed if they enabled the functionality to update the syscon via an update.

现在的问题是不清楚SYSCON到底是位于mask ROM还是eeprom。
如果SYSCON在mask ROM中,SONY将需要更改硬件来阻止一切。
如果SYSCON在eeprom中,SONY便可以通过系统升级来屏蔽USB启动功能。

This entry was posted on August 25, 2010, 5:23 pm and is filed under Entertainment. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. Leave a comment

Leave a comment