User talk:Zecoxao

From PS3 Developer wiki
Revision as of 23:11, 23 October 2015 by Zecoxao (talk | contribs) (Wii U Key/IV Goodness)
Jump to: navigation, search

The Last Piece of the Puzzle

How

  • By enabling diagnostic mode on the ps3, we can enable the use of JTAG again (it's temporarily disabled when diag mode isn't set)
  • It is possible to dump the syscon firmware using this method (in unencrypted state)
  • The JTAG registers/TAP-controllers need to be bruteforced / reverse engineered
  • The leaked service manuals present information about the pins connected to the JigPin
  • The ObjectiveSuite contains an object (DIAGSERVICE) used to diagnose the ps3 using JTAG
  • Using a DIY JigPin would facilitate the task, but we still need more info about the hardware and software interface used by ObjectiveSuite to handle this.
  • This would probably work on ps4 too (provided that the diag pin and the JTAG pins still exist)

To wikify

ebootroms CEB-1000/CEB-2000/CEB-20xx
Type Filename MD5 SHA1 CRC32
CEB1000 ebootrom.030.001 7ae573c73b66409ccbc8d2772643b3be ee83d08f8c619db0de0cc2f917b8010411fb6a64 9eb273c4
ebootrom.030.014 3710ef9b2c414d638d32316f4cc183a5 9e79f74e190bab4ec1f4d862ff8b107bdbd075c9 bffce7a4
ebootrom.030.020 b227df997c7ff7203b62b88f83adc64e 1d46af262a1a4fd74101e5bfa6041a0bd5e5da10 fb59bb97
ebootrom.030.022 ac3ce3a3adfd470e38a9b1ef830d5b75 427580a3a54985b429652435932ddd718e65674f ba108478
ebootrom.040.005 8614c779cf38324681d8cfbc1c4f6e1c 60dd68c00bbbae1497932a74f8000b5b9c520df8 21f5a45e
ebootrom.040.006 8a6939a0b80fb00f892e7cd37a6bdcae 37a3d5b6c3ec093dc80a0a05186edf2ba9233018 28923b66
ebootrom.040.012 7f4d89d9aa54753356b6fbffb5e8be1b 35ff41403ad1201e12b4f079b3e6377a2dbf7c4b e155241f
ebootrom.040.013 8cf3bab4f161e5cabe2ff1895eceb1a6 6fd40ffff6decde4b4398bf702e5381ab8effcb0 5e2d0193
CEB2000 ebootrom.030.001 3295dcef6848bdc70195012875d9d335 edad9e99e383aca6db8097ac59311c0ca5a024cd 5fc526b9
ebootrom.030.014 0f4f7bbf4ddc898b536e9d10ceb39a63 812dfc55227359183def43918d555cd364d4c76e c029c17c
ebootrom.030.020 03ed3b0480e66bea5f1b6140c602f7ce 3f2eb2bf5bb2348710b7de8cc57378de43f32397 78daf3a6
ebootrom.030.022 5fd995fe0306f0f14ecb40ffcad848c0 c7a92a420c30dbf4bffabc5ddfaae2905924deb6 38901f5d
ebootrom.040.005 13ebcab8dc4a0b128db2c881a0082fb1 601f8482c87bec4dadbeab5dfa43b3e5fb14d500 c2936196
ebootrom.040.006 890b5bc09a4d2a701ba1d15287bdfe3a 82ffc527621b792b570e3a21448e8ac58a6a12c8 f2d9a356
ebootrom.040.012 688641f61a814d5e9dd9c99953cdd8b9 61478eef778d66111d6fc0a4fe6e45e596c5f624 af0d0800
ebootrom.040.013 734126a040befaff1d772443eed0aab7 cb79460d3e509afcf145564938ef356acdd07db4 8aab1365
ebootrom.050.002 ce9a2d65d0f4e5fd852511dba3f91853 e93c80bc67319007fc4ee5e422dfa784a188f048 d6baaaf2
ebootrom.050.003 dc38add8377d9de833c3e763b99b4863 287f489cae1561c4aace98fca297cde87d706ea0 d2919d7f
ebootrom.050.004 da9079b93fa2f01a075a0ccbc754b6ac caa2a3588c908abc2f18dcd07afee59c6759aa05 5d6e6e49
ebootrom.050.008 cee5f1bc68a560af3c46a3c10c9e198d 03770161dd6fe1c068bf9f1f1f3571ad977e1d35 df1b8624
ebootrom.050.011 33ed3cbe5d67f643035a19886e59860c c3507b203d5d43679ee2b69f281027220218b60f d3c562be
ebootrom.050.012 53bf0374e3147428d4c31b8030cbd2f1 8fecabbf0f277f181430ac952abd5b8d56cc83be 018cb71a
ebootrom.050.013 7c8d14c66c6c4abe0ef5a17a32d8de96 47915436cc5a06e974a15dcfe7eecf1ee7d3d0f1 deef74a7
CEB20xx ebootrom.030.019.r003.out c36880c1028db58363bd4c6edf73a04e d143574fb07684a6e481fcaf29e7b484c866e125 37b4f448
ebootrom.030.020.r003.out 678e46ac828564aef38a4d6672c5dc9c 8637ca8938392d7b8d502edbfca16c8e502bd67c bf35c001
ebootrom.030.022.r004.out 87c5ac0cd3d48ed9f99f16b33f866e57 8515c1620ef6e202b1dfad412b39e870f52afc7c 9dd59749
ebootrom.040.001.r007.out 794dc4e60278d426f32ce1603940f602 463d2ffe1bb7a5aa80f357eed5de41244a54e3a0 8dadadbe
ebootrom.040.004.r009.out 01562c727f9e794180d3c5569c1d31ed 690c3b4ce734d50da9b93bc7e4bbf68e385ca78d 8146eeb3
ebootrom.040.005.r009.out 01b6d26811376e11099905b7c83c26bc 4edcd712bad05ed3c9eab493d945b065b04a8df9 89057f50
ebootrom.040.006.r009.out e755c8a7f8787fb32d1b9feb9bd8535e 21bf68dfbb925d58447cd8f98efff15911977598 73d0ccc2
ebootrom.040.012.r009.out dce9b2bf78615981b3d1c2d5f25c21b3 df6e0d92c692f8f9319aac55f2099a0260b45d02 e5fcce99
ebootrom.050.002.r010.out a2aabfcfa99c933fa1e6900acb8975b5 a3d93f4ab09e6cc9fb96b388ecc18846b2403bbb 70a0d6f9
ebootrom.050.003.r010.out 77836d78395607d75e1ee432add2708e 130d1b6f0ebf602b5201ad19b690d4e2927b4f31 a930ccff
ebootrom.050.004.r010.out 33f034f55dba0b34ca1f1c5e6132a9cb d4a0e955ec4c45ddd13558e8ad226da34e3d8819 bc76a0a5
ebootrom.050.008.r010.out b4c944b171ddd973879d2d93e3c26e4c de455a54ea08b738b20308a7f2d2936166a3961f ad95d10c
ebootrom.050.011.r010.out e708fe7dbddcb1801b791158834ecd5c 3de47774607688e25f93bdc9a434053aa2f44277 06e1ad58
ebootrom.050.012.r010.out 0d9371b329f91596a6fa3197077c6321 a5348eb06c5fdd228adef9d667b46114d9cbfb06 d65606ef
ebootrom_1250.bin.out 02d48cd73c6efdcb9c3fb564b61658d6 77e3deeadfdae2f595d8478f17a0f3f723949208 3f548170
ebootrom_E.r009.spu_to_6.out b1841ae5625878b7e886a889565149be 4fa607449a3977ca77765b382955a141b3c8cc63 1a999ec1
ebootrom_E.r009.spu_to_8.out 00782ff906899ab5db1b0f43e6dac63d afe8efad5f807f23aaed578cd67f62c343534dc8 a360f751
ebootrom_E_to_6.out 214fbb9d80315b051e91948975d774ac 28e712c681b17368049dc28fc4195fccc1543354 ca049038
ebootrom_E_to_8.out f05d5f037580f1ec1d94857338ce2444 a9d133d6469b10b104f8933f68bd98f1a168f097 e39040f3
Internal ebootrom2_I 73d6c09dca7395890628592e55378b81 14cda2ad0faaffbf5918b826efe424ca7ae44f5d 6f2d4ed8
ebootrom_I.r009.spu_to_6 45608c79758d57d76597663714518fb2 ef755af30626619e8782a9e77e5ab6669d689888 37b614f9
ebootrom_I.r009.spu_to_8 0f4160049a24d125300be6a2fb6ded01 734799341b7157c87f6528bc460dd12382241566 f029a038
ebootrom_mini_I.ceb 39f7259ae04904b5ea982fe78d779b54 760b02283721e6b557808b81edcf5530343382e8 e3a0432e

request_idps generated files binary xor

Note: files are padded 8 bytes at start, for convenience

Wii U Key/IV Goodness

. .

Type Key SHA1 Status Description
Key key:805E6285CD487DE0FAFFAA65A6985E17 sha1:2ba6f692ddbf0b3cd267e9374fa7dd849e80f8ab Valid Wii U Expresso Ancast
IV key:596D5A9AD705F94FE158026FEAA7B887 sha1:c1a8bffb7ca5271677d4242989c6ffe44fd3dc7d Valid Wii U Expresso Ancast / vWii Expresso Ancast
Key key:2EFE8ABCEDBB7BAAE3C0ED92FA29F866 sha1:ce3641b2660253f5a7e789db297be2c1585b3054 Valid vWii Expresso Ancast
IV key:91C9D008312851EF6B228BF14BAD4322 sha1:8377c1b51fd6aeab9d6f48a8e858f53aebfd0be3 Valid Wii U Starbuck Ancast
Key key:D7B00402659BA2ABD2CB0DB27FA2B656 sha1:6a0b87fc98b306ae3366f0e0a88d0b06a2813313 Valid Wii U Common
Retrieved from ‘http://www.psdevwiki.com/ps3/index.php?title=User_talk:Zecoxao&oldid=39405