Connexion

[EXPLOIT]NORway 0.5 - Teensy++ 2.0 Flasher Software : Exploit PS3 - PS3-Infos

[EXPLOIT]NORway 0.5 - Teensy++ 2.0 Flasher Software   

Les différents exploits utilisés sur PS3

[EXPLOIT]NORway 0.5 - Teensy++ 2.0 Flasher Software

Messagepar Attila » Mer 27 Juil 2011 13:45

imageNORway est un programme par judges pour Teensy++ 2.0 permettant de dumper/restaurer la mémoire NOR de la PS3.
Il s'agit d'une adaptation de NORalizer, par marcan.

Image


La mise en place n'est pas donnée à tout le monde.
L'auteur affirme avoir downgradé sa PS3 avec cet outil, il va publier un tutoriel prochainement.

Version 0.5
+ Added block table for Samsung K8Q2815UQB. The programming modes "writeword" and
"writewordubm" don't require manual chip/sector erase prior to writing anymore!
+ Bugfix: "NORway.py COMx release" didn't work. Now you can leave Teensy powered at
all times and console will boot up correctly after issuing a "release" command
+ Bugfix: increased TRANSMIT_TIMEOUT for Teensy's serial device to 10000ms
(required for OS X)
+ Bugfix: disabled DSR/DTR flow control (wasn't working reliably on OS X)
+ Bugfix: TRISTATE wasn't set correctly
+ Added additional verification when writing is done. Although each write command
verifies each written sector/block, it happened that written bytes weren't
persistent
+ Added "verify" command

Version 0.4
+ Bugfix: RY/BY signal was not always detected correctly
+ Added programming support for Samsung and Macronix

Currently supported NOR types:
Spansion S29GL128N
Spansion S29GL128P
Samsung K8P2716UZC
Samsung K8Q2815UQB
Macronix MX29GL128E

+ Added manufacturer and chip type autoselect
+ Added sector protection recognition (not supported for Samsung K8Q2815UQB)
+ Added "bootloader" command to NORway.py (enters Teensy's bootloader mode)
+ Added "erasechip" command to NORway.py

NORway.py COMx erasechip

Erases the entire NOR (takes 1-3 minutes)

+ Added two new programming modes

NORway.py COMx writeword dump.bin

Requires manual chip/sector erase before.

Programs the NOR in word programming mode. It's a four-bus-cycle
operation (per word), i.e. it's the slowest, but most compatible
programming mode. A full write takes about 9 minutes. Supported by
all NOR types. Use this as a last resort if nothing else works.

NORway.py COMx writewordubm dump.bin

Requires manual chip/sector erase before.

Programs the NOR in unlock bypass mode (word programming). It's a
two-bus-cycle operation (per word), i.e. it's slower than write
buffer programming (command "write"), but faster than standard word
programming mode (see above). A full write takes about 9 minutes.
Supported by all NOR types. Use this if "write" command doesn't work.

Version 0.3
Dumping now only takes 45 secs instead of over 5 mins!
Writing now only takes about 8.5 mins instead of over 2 hours!

Version 0.2
3.3V voltage regulator required!
Changed clock speed to 8MHz


This project has been ported for the Teensy++ 2.0 from the original NOR flasher tool
("noralizer" by Hector Martin "marcan" <[email protected]>) that was used to flash
AsbestOS onto the demo PS3 at 27C3, and for experimentation.

Contents:
\teensy\NORway.avrsln - Source code for the Teensy++ 2.0 (AVR Studio 5.0)
\teensy\default\NORway.hex - Compiled hex-file for the Teensy++ 2.0 (AT90USB1286)
\hwinstall\install-*.jpg - Some pics of how I've mounted the Teensy (CECH-2504A/B)
\hwinstall\nor_testpoints.png - Connection diagram of the NOR testpoints (CECH-2504A/B)
\hwinstall\teensy.jpg - Teensy connection points (see chart below)
\serial_install.exe - Teensy serial drivers for Windows
\README.txt - this file
\NORway.py - PC Python client

Hardware connections (see "\hwinstall\nor_testpoints.png"):
PS3 Teensy
A0-7 PF0-7
A8-15 PA0-7
A16-22 PB0-6
D0-7 PD0-7
D8-15 PC0-7
CE# PE0
OE# PE1
RESET# PE4
WE# PE5
RY/BY# PE6
TRISTATE# PE7
GND GND

The Teensy requires a 3.3V voltage regulator! 5V trace has to be cut and 3V pads have to be shorted!
Please refer to https://www.pjrc.com/teensy/3volt.html

DON'T CONNECT THE VCC SOLDER PADS TO ANYTHING!

Connection diagrams for other boards can be found at:
http://ps3devwiki.com/index.php?title=Hardware_flashing

Prerequisites for Windows:
Python 2.7.2 (http://www.python.org/ftp/python/2.7.2/python-2.7.2.msi)
pyserial 2.5 (http://pypi.python.org/packages/any/p/p ... .win32.exe)

Usage:
Install Python + pyserial (see "Prerequisites for Windows"). Install drivers. Connect Teensy
to your PC. Flash Teensy with "\teensy\default\NORway.hex" and reset it after completion. Start
Windows' "Device Manager", expand the "Ports (COM & LPT)" node, you should see something like
"USB Serial (Communication Class, Abstract Control Model) (COM4)". This tells you that "COM4"
(or whatever shows up) is the COM port used by Teensy.

At the command prompt enter "NORway.py" to display help.

Procedure to dump your flash:
- PS3 is turned off
- At the command prompt enter:
NORway.py <your com port>
- Turn on your PS3, it shouldn't boot
- At the command prompt enter:
NORway.py <your com port> dump flash.bin
- When dumping is finished enter:
NORway.py <your com port> release
- Power off your PS3 (disconnect Teensy if PS3 doesn't boot when restarted)

Dumping takes about 5 minutes. A file "flash.bin" with a size of exactly 16 MB (16.777.216 bytes)
has been created in your current directory.

Flashing is rather slow. Writing a complete flash with the "write" command takes about 2 hours.
Might be improved in future versions...

IMPORTANT:
Before you flash your PS3 with anything new, make sure that the content of your dump is correct
(e.g. compare ros0/ros1 area of your dump against "CORE_OS_PACKAGE.bin" from an actual PS3UPDAT.PUP
of your current firmware). And keep your original dump in a safe place. You might need it.

It's tested on Win7 x86, but should also work just fine on any x86 Windows >=XP.
Basically it should also work on Linux, but I didn't test. If you're running Linux, you
probably know what to do. ;-) Serial drivers are not required for Linux.

Unfortunately I couldn't manage to make it work on any x64 version of Windows, because of
the Python pyserial module.

Thanks to "marcan" for the original implementation.

-- judges ([email protected])


NORway_v0.5.zip


http://psx-scene.com/forums/f149/norway-teensy-2-0-flasher-software-94388/#post901655Site officiel : http://psx-scene.com/forums/f149/norway-teensy-2-0-flasher-software-94388/#post901655
Vous n’avez pas les permissions nécessaires pour voir les fichiers joints à ce message.
Avatar de l’utilisateur
Attila
Administrateur du site
 
Messages: 7572
Inscription: Ven 3 Sep 2010 11:53

Re: [EXPLOIT]NORway 0.5 - Teensy++ 2.0 Flasher Software

Messagepar lexou » Dim 14 Avr 2013 11:05

tres bon produit ,soft open source ,adaptée aux NAND et NOR ,bref un must par rapport a la progskeet 1.2 ou 1.21 ^^

testée sur 4 consoles ,impeccable ,merci a Marcan et Judges pour leurs travaux
lexou
Apprenti parleur
 
Messages: 173
Inscription: Sam 19 Mar 2011 21:44


Retourner vers Exploit PS3

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 1 invité