XboxHacker BBS
 
*
Welcome, %1$s. Please login or register.
Did you miss your activation email?
February 09, 2016, 04:36:04 AM




Pages: 1 2 3 »

Author Topic: PS3 Blue-ray firmware dump  (Read 49988 times)

ATT

  • Newbie
  • *
  • Posts: 1
    • View Profile
PS3 Blue-ray firmware dump
« on: April 30, 2007, 06:25:27 PM »

just wanted to let ya all know
http://www.ps3news.com/forums/playstation-3-dev-chat/ps3-firmware-64747.html#post179816
that naturesbanthat @ ps3news has manage to remove firmware chips PS3 bios & blue-ray firmware
he's waiting on the adapter to dump the BGA Flash (Chip2) on the PS3 Blu-ray DVD drive.

maybe some xbox dvd-drive experts could lend a hand go by and check it out.  ;D
when the firmware appears.



Logged

Oneohm

  • Master Hacker
  • ****
  • Posts: 100
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #1 on: August 01, 2007, 10:30:11 AM »

They are using two firmware chips. The drive is using the Spansion SDRAM/Firmware chip similar to the PSP. For those of you interested, download datasheets for the MX25L1005 and Spansion S29AL016D. The S29AL016D from all my google researching is the Spansion IC being used on the drive.

I have confirmed that the drives cannot be swapped between consoles so there is a unique ID stored on the drive. I believe it will be on the Serial Eeprom MX25L1005. I have yet to swap this chip to confirm. This has been the least important issue I have had to deal with as far as PS3 failures so I haven't given it priority.
Logged

Oneohm

  • Master Hacker
  • ****
  • Posts: 100
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #2 on: August 01, 2007, 08:30:01 PM »

Just to add an update. We attempted a swap of the 25L1005 IC from one drive to another this evening and unfortunately this does not contain the necessary key to make the drive play a disc in a console other than the original console it came in. So therefore the key must be located in the Spansion IC.

The next move we plan on taking is to load Linux on the drive and try to do a full dump of the drive firmware at attempt to locate a unique key in the drive firmware.
Logged

lasonnette

  • Hacker
  • ***
  • Posts: 92
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #3 on: August 03, 2007, 02:30:24 AM »

why not just dump them? it's a lot easier :)
btw, is there any "recognizable" mcu on it?
Logged
Big party tonight! Where? Your mouth! Who's coming? Everybody!

Oneohm

  • Master Hacker
  • ****
  • Posts: 100
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #4 on: August 06, 2007, 03:06:50 PM »

Recognizeable?? Yes. All things Sony in typical Sony style. Sony has always implemented what they call "the Dragon" mentality in their gaming consoles which basically  means take a bunch of devices normally seperated and swallow them up into one package. I foresee this happening with this console. Here is what I know on the drive:

BMD-001 board
Rohm Motor Driver IC BD7956FS "Rohm 7ch Power Driver for CD-ROM" Datasheet available
Samsung Ram IC K4S641632K-UC75 Samsung 64mbX16 64Mb SDRAM 7.5ns Datasheet Available
Sony RF AMP (optical control) IC CXA2720R <researching test points for laser calibration (this is my field)
Spansion EEPROM IC S99-50111-001 (AKA S29AL016D) Spansion S29AL016DFFI02 16Megabit Flash Datasheet Available <BGA device. Anyone willing to Dump?
Sony  MCU IC CXD5063GG-1
Sony ??? IC CXD5064R < not sure what this does yet
Macronix MX25L1005 Serial eeprom 1mbitx1 Serial Flash
JRC/NJM NJM13403 Quad OpAmp <may be used for laser biasing
Rohm BA5888 motor driver IC
Sony KES-400A Optical Pickup Assembly

I haven't dumped the firmware because it is a BGA device. I was really hoping the serial eeprom would be the key to being able to swap the drives.

The MCU has what appears to be a debug bus on the front edge of the board which may be promising.
Its tough to determine the interface on the drive. It is routed to the board through a flat ribbon cable which heads directly next to the SATA Controller on the mainboard but there is more than just a SATA connection through the cable. There is 60 pins total. It appears that they are routing both to the SATA controller and their DVD decoder on the original builds.
Logged

lasonnette

  • Hacker
  • ***
  • Posts: 92
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #5 on: August 06, 2007, 04:34:18 PM »

BGA, eh? Are there any traces? That way it'll be easier for me to dump...

> Sony Huh IC CXD5064R < not sure what this does yet
  CXD reminds me of the drive controller in the PS2 (back in a day, before the PSTWO appeared)...like when you open eject, it is signaled, etc.

Ahhhhh this is going to be one hell of a bitch, as we don't even know the instruction set...but I'll do my best to dump the firmware
Logged
Big party tonight! Where? Your mouth! Who's coming? Everybody!

Oneohm

  • Master Hacker
  • ****
  • Posts: 100
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #6 on: August 07, 2007, 11:27:03 AM »

The PS3 is following the PSP instructions from what I understand. There may be some decryption techniques from the PSP that might be helpful.
Logged

lasonnette

  • Hacker
  • ***
  • Posts: 92
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #7 on: August 07, 2007, 02:04:34 PM »

I'll have to wait until September until I can get the flash dumped...

I doubt it'll be MIPS, but why not try...
Logged
Big party tonight! Where? Your mouth! Who's coming? Everybody!

jas0nuk

  • Hacker
  • ***
  • Posts: 67
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #8 on: August 07, 2007, 02:17:03 PM »

PSP decryption is via the onboard KIRK hardware which does all sorts of stuff (hash checking, decryption, encryption (though not the same as official PRXs) and more), and is unique to each PSP (signchecked firmware and even savedata for a handful of games). Does the PS3 have anything like this? If so, could be a route to look into.
Logged

agent_z

  • Master Hacker
  • ****
  • Posts: 398
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #9 on: August 08, 2007, 04:51:31 AM »

I was talking to a developer a while ago the ps3 equivelent to the "hypervisor" is actually in the os, not a seperate chip.
Logged

lasonnette

  • Hacker
  • ***
  • Posts: 92
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #10 on: August 08, 2007, 05:10:52 AM »

Just to make one thing clear...
We're talking about hacking the ODD firmware...
Logged
Big party tonight! Where? Your mouth! Who's coming? Everybody!

Oneohm

  • Master Hacker
  • ****
  • Posts: 100
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #11 on: August 08, 2007, 04:15:59 PM »

PSP decryption is via the onboard KIRK hardware which does all sorts of stuff (hash checking, decryption, encryption  Does the PS3 have anything like this? If so, could be a route to look into.

I haven't seen anything that resembles it but I learned from somewhere else that the code was based off of the PSP.

Right now I am concentrating on the cable. An interesting thing to be noted:
If the drive from unit A is switched into unit B. Unit B no longer acknowledges the presence of any media in the drive.
Logged

safety

  • Master Hacker
  • ****
  • Posts: 296
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #12 on: August 16, 2007, 12:07:19 PM »

ookay...
So, how many types of drives are in the ps3? I think only one...
So firmware should be the same.

Drives are not interchangeable, so...
We would need the dump of a few drives, and search them...
Are they encoded per box, or look the same?
If they are the same expect the key, than the location of the key CAN be found...
Anyone can have linux on ps3, so why not try to dump the drive fw with it...
Would be verry intresting.

Only for now, anyone who can, dump Fw...
Logged

lasonnette

  • Hacker
  • ***
  • Posts: 92
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #13 on: August 16, 2007, 12:58:32 PM »

Wait until September, I know some guys who are going to dump my PS3's BD firmware
Logged
Big party tonight! Where? Your mouth! Who's coming? Everybody!

safety

  • Master Hacker
  • ****
  • Posts: 296
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #14 on: August 18, 2007, 12:28:31 PM »

AA that is nice :)
I found no info on..  dumping the drive fw with linux.
I suppose at the moment it is not possible. YET.
So lets just stick to good old hard style..
I can't wait to compare them to other dumps.
Logged

Oneohm

  • Master Hacker
  • ****
  • Posts: 100
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #15 on: August 27, 2007, 08:20:11 AM »

A lot of the Linux code is new and with some bugs so I haven't truly tried it myself but this would be the easy way about it. We would need to find what address the drive is on and do a mem dump. I would work more with the hardware side but right now I'm inundated with 360 reflows.
Logged

uberfry

  • Xbox Hacker
  • *****
  • Posts: 862
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #16 on: August 27, 2007, 08:32:43 AM »

If you can do 360 reflows, you should be able to desolder the eeprom, dump, reball and resolder it on again in less than an hour...
Logged

warpjavier

  • Master Hacker
  • ****
  • Posts: 108
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #17 on: August 27, 2007, 09:51:02 PM »

PS3 scene needs people like Xboxhacker community to succeed  on hacking the ps3. We can see the results obtained on hacking the 360.
Would be great to have ps3hacker.net

just my 2 cents.

warpjavier
Logged
Internet Explorer is only useful to download Firefox.

gigabite

  • Xbox Hacker
  • *****
  • Posts: 3089
  • .: Xplode Mods :.
    • View Profile
    • Xplode Mods
Re: PS3 Blue-ray firmware dump
« Reply #18 on: August 27, 2007, 09:58:23 PM »

There is a PS3 scene - http://www.ps3scene.com/ by same people who did xboxscene etc, it has some hacking going on but I do agree that a ps3hacker.net would be good

gigabite
Logged


.ISO  - he's a wannabe ... feel part of "t3h sc33n" yet ? QQ

coming 2009

Geremia

  • Xbox Hacker
  • *****
  • Posts: 600
    • View Profile
Re: PS3 Blue-ray firmware dump
« Reply #19 on: August 28, 2007, 07:39:17 AM »

Excuse me, i just want to point out that the topic is about a bddrive firmware (spansion BGA flashrom), which seems no one has already dumped, so what are we talking about? nothing
Logged
Pages: 1 2 3 »
 
 

Powered by MySQL Powered by PHP SMF 2.0.11 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM