asbestos-avr8susb ================= This is the asbestos-avr8susb, a ps3 exploit for Atmel avr8 devices that have no USB support, using software usb + a little circuit instead. It's primarily targeted at loading asbestos, which should be built separately. The payload (stage1) will install an usb driver which will download stage2 from usb. Then, stage2 will netboot (dhcp + tftp). Refer to asbestos for further information. http://git.marcansoft.com/?p=asbestos.git It could be made to run anything else. Just place payload in payload1.bin and undefine STAGE2 if it isn't needed. If DIPSWITCH is defined, three payloads can be made selectable in runtime. If JIG is defined and a key.h provided (see key.h.template), PS3 can be put in factory mode. This is derived from psgrade and can be used to downgrade PS3's system software. Refer to psgrade for further information, including how to leave factory mode. Some atmegas can fit stage2 in their internal flash memory. Most atmegas do not have enough memory to fit stage2. To work that around, there is support for streaming from an additional i2c AT24C512 or compatible 24Cxx EEPROM. I wrote a tool to program the EEPROM. It can be found in "tools/". If other means are used to program it, make sure the first 16bit word in it is the size of stage2. Store stage2's data next. It should work, with builtin stage2, on: - ATMega1280 (Arduino Mega) ... and maybe more. It should work, with an EEPROM: - ATMega328P (Arduino UNO, Arduino Duemilanove) - ATMega168 (Arduino Duemilanove, older Arduinos) ... and maybe more. This software is not intended to enable piracy. This software is intended to allow the use of third party operating systems and applications on the PS3. Notes ----- This software is based on psgroove-timwu, a port of psgroove to vusb. http://github.com/timwu/psgroove This software is designed to run asbestos, written by Hector Martín (marcan). http://git.marcansoft.com/?p=asbestos.git This software includes the vusb library and the USBaspLoader bootloader, written by Objective Development. http://www.obdev.at/products/vusb/ This software includes eeprom support functions from twitest.c, written by Joerg Wunsch and Ruwan Jayanetti. This software includes my port of PSGrade to vusb. PSGrade was written by zAxis. https://github.com/zAxis/PSGrade Cloning ------- git clone git://github.com/rvalles/asbestos-avr8susb Configuring ----------- Chip and board selection can usually be handled in the Makefile. In particular, update the MCU, BOARD, and F_CPU lines. Suggested values: Arduino Mega MCU = atmega1280 BOARD = ArduinoMega F_CLOCK = 16000000 Arduino Duemilanove (atmega168) MCU = atmega168 BOARD = ArduinoDuemilanove F_CLOCK = 16000000 Arduino Duemilanove (atmega328p) MCU = atmega328p BOARD = ArduinoDuemilanove F_CLOCK = 16000000 Other settings can be found in "asbestos-avr8susb.h". You should at the very least undef DIPSWITCH unless you will connect one or emulate it by connecting the appropiate pins to GND and undef STAGE2 if you're not using asbestos. Runtime settings ---------------- If DIPSWITCH is defined, program will be built with support for runtime settings using 4x DIP switches. For now, only the lowest 2 bits are used. 00 is reserved, while 01,10,11 select payloads 1,2,3 respectively. Board-specific notes -------------------- You'll need to build an interface circuit between your board and an USB connector or cable in order for the software USB to work. See README in subfolder for Boards corresponding to your particular board. Fritzing projects are included for Arduino Mega and Duemilanove. Breadboard view might be helpful, but the whole thing was done as an experiment. Fritzing can be found on: http://fritzing.org Kicad project is included for free3, my atmega 328P-based ps3-enabling device, which I recommend DIY building at home. Kicad can be found on http://kicad.sourceforge.net/ Building -------- On Linux, use the AVR GCC toolchain (Debian/Ubuntu package: gcc-avr) and the AVR libc (Debian/Ubuntu/Gentoo package: avr-libc). On MacOS X, check http://www.obdev.at/products/crosspack/download.html On Windows, WinAVR should do the trick. Symlink or copy stage1.bin and stage2.bin from asbestos into the current directory, as payload1.bin and stage2.bin respectively. If DIPSWITCH is defined, 3 payloads can be made available, named payload{1..3}.bin Then do: make clean make Programming ----------- To program, just edit the programming options section of the Makefile to match your particular board programming setup. You will need avrdude on your path. Then do: make program For arduino users, you can get some hints as to how to configure the programming options by checking what the arduino IDE does. 1. Open the arduino ide. 2. Import an example sketch. 3. Press GUI button to upload to your board while holding shift. 4. Check the output. From the IDE's output you should be able to determine what port to use and other useful information about configuring the options. Using ----- To use this exploit: * Select appropiate setting (Runtime settings section in this document). * Hard power cycle your PS3 (using the switch in back, or unplug it). * Plug the dongle into your PS3. * Press the PS3 power button, followed quickly by the eject button. After a few seconds, the first LED on your dongle should light up. After a few more seconds, the second LED will light up (or the LED will just go off, if you only have one). This means the exploit worked! By default, the exploit will netboot the PS3 (dhcp+tftp). During stage1, the exploit will provide debug information through the uart, at 57600bps. Once stage2 is running, it'll provide debug information via ethernet broadcast packets. Refer to asbestos for further information. ------- Roc Vallès. <vallesroc @.aaa@ @gmail.com>
rvalles/asbestos-avr8susb
Allows the use of third party operating systems and applications on the PS3. Intended to run on Atmel avr8 chips with no USB support.
CGPL-3.0