/asbestos-avr8susb

Allows the use of third party operating systems and applications on the PS3. Intended to run on Atmel avr8 chips with no USB support.

Primary LanguageCGNU General Public License v3.0GPL-3.0

asbestos-avr8susb
=================
This is the asbestos-avr8susb, a ps3 exploit for Atmel avr8 devices that have
no USB support, using software usb + a little circuit instead.

It's primarily targeted at loading asbestos, which should be built separately.

The payload (stage1) will install an usb driver which will download stage2
from usb. Then, stage2 will netboot (dhcp + tftp). 

Refer to asbestos for further information.

http://git.marcansoft.com/?p=asbestos.git

It could be made to run anything else. Just place payload in payload1.bin and
undefine STAGE2 if it isn't needed.

If DIPSWITCH is defined, three payloads can be made selectable in runtime. 

If JIG is defined and a key.h provided (see key.h.template), PS3 can be put
in factory mode. This is derived from psgrade and can be used to downgrade
PS3's system software. Refer to psgrade for further information, including
how to leave factory mode.

Some atmegas can fit stage2 in their internal flash memory.

Most atmegas do not have enough memory to fit stage2. To work that around,
there is support for streaming from an additional i2c AT24C512 or
compatible 24Cxx EEPROM.

I wrote a tool to program the EEPROM. It can be found in "tools/". If other
means are used to program it, make sure the first 16bit word in it is the size
of stage2. Store stage2's data next.

It should work, with builtin stage2, on:
- ATMega1280 (Arduino Mega)
... and maybe more. 

It should work, with an EEPROM:
- ATMega328P (Arduino UNO, Arduino Duemilanove)
- ATMega168 (Arduino Duemilanove, older Arduinos)
... and maybe more.

This software is not intended to enable piracy. This software is intended to
allow the use of third party operating systems and applications on the PS3.


Notes
-----
This software is based on psgroove-timwu, a port of psgroove to vusb.
http://github.com/timwu/psgroove

This software is designed to run asbestos, written by Hector Martín (marcan).
http://git.marcansoft.com/?p=asbestos.git

This software includes the vusb library and the USBaspLoader bootloader,
written by Objective Development.
http://www.obdev.at/products/vusb/

This software includes eeprom support functions from twitest.c, written by
Joerg Wunsch and Ruwan Jayanetti.

This software includes my port of PSGrade to vusb. PSGrade was written by
zAxis.
https://github.com/zAxis/PSGrade


Cloning
-------
    git clone git://github.com/rvalles/asbestos-avr8susb


Configuring
-----------
Chip and board selection can usually be handled in the Makefile.
In particular, update the MCU, BOARD, and F_CPU lines.  Suggested values:

Arduino Mega
    MCU = atmega1280
    BOARD = ArduinoMega
    F_CLOCK = 16000000

Arduino Duemilanove (atmega168)
    MCU = atmega168
    BOARD = ArduinoDuemilanove
    F_CLOCK = 16000000

Arduino Duemilanove (atmega328p)
    MCU = atmega328p
    BOARD = ArduinoDuemilanove
    F_CLOCK = 16000000

Other settings can be found in "asbestos-avr8susb.h". You should at the very
least undef DIPSWITCH unless you will connect one or emulate it by connecting
the appropiate pins to GND and undef STAGE2 if you're not using asbestos.


Runtime settings
----------------
If DIPSWITCH is defined, program will be built with support for runtime
settings using 4x DIP switches.

For now, only the lowest 2 bits are used. 00 is reserved, while 01,10,11
select payloads 1,2,3 respectively.


Board-specific notes
--------------------
You'll need to build an interface circuit between your board and an USB
connector or cable in order for the software USB to work.

See README in subfolder for Boards corresponding to your particular board.

Fritzing projects are included for Arduino Mega and Duemilanove.

Breadboard view might be helpful, but the whole thing was done as an
experiment.

Fritzing can be found on: http://fritzing.org

Kicad project is included for free3, my atmega 328P-based ps3-enabling device,
which I recommend DIY building at home.

Kicad can be found on http://kicad.sourceforge.net/


Building
--------
On Linux, use the AVR GCC toolchain (Debian/Ubuntu package: gcc-avr) and 
the AVR libc (Debian/Ubuntu/Gentoo package: avr-libc).
On MacOS X, check http://www.obdev.at/products/crosspack/download.html
On Windows, WinAVR should do the trick.

Symlink or copy stage1.bin and stage2.bin from asbestos into the current
directory, as payload1.bin and stage2.bin respectively. If DIPSWITCH is 
defined, 3 payloads can be made available, named payload{1..3}.bin

Then do:

    make clean
    make


Programming
-----------
To program, just edit the programming options section of the Makefile
to match your particular board programming setup. You will need avrdude
on your path. Then do:

    make program
    
For arduino users, you can get some hints as to how to configure the
programming options by checking what the arduino IDE does.

1. Open the arduino ide.
2. Import an example sketch.
3. Press GUI button to upload to your board while holding shift.
4. Check the output.

From the IDE's output you should be able to determine what port to use
and other useful information about configuring the options.


Using
-----
To use this exploit:
* Select appropiate setting (Runtime settings section in this document).
* Hard power cycle your PS3 (using the switch in back, or unplug it).
* Plug the dongle into your PS3.
* Press the PS3 power button, followed quickly by the eject button.

After a few seconds, the first LED on your dongle should light up.

After a few more seconds, the second LED will light up (or the LED
will just go off, if you only have one).  This means the exploit
worked!

By default, the exploit will netboot the PS3 (dhcp+tftp).

During stage1, the exploit will provide debug information through
the uart, at 57600bps.

Once stage2 is running, it'll provide debug information via ethernet
broadcast packets.

Refer to asbestos for further information.


-------
Roc Vallès.
<vallesroc @.aaa@ @gmail.com>