Thread: [IDEA]-Custom recovery menu.
View Single Post
Old 11-01-2012   #10
sandungas
Homebrew Developer
 
sandungas's Avatar
 
Join Date: Oct 2011
Location: dev_hdd0/home/
Posts: 510
Likes: 244
Liked 507 Times in 214 Posts
Mentioned: 100 Post(s)
Tagged: 0 Thread(s)
Originally Posted by sandungas View Post
So syscon is at the same time... a big problem... and a good target to find new features. Syscon and bootloader are so related that will be hacked together (or never)
Is funny few days after i wrote this, the bootloader was hacked (using an exploit in syscon)
Now we have all needed to make a good recovery/antibrick

Originally Posted by tjhooker73 View Post
What if We could make a custom bootldr and syscon On a Separate chip that could be soldered into place so it we brick we can just flip a switch and fix it.
The modchip juannadie was talking about was supposed to work in some way similar to what you said

For the exploit to work its needed to interfacte some output/input pins of syscon, to controll communications with CELL and to controll the areas used by syscon to store "temporal data"
This way you can "emulate" the syscon or make it work for you

The rest is a cake... having controll of the comunications with syscon means you have your root_key_0 (inside cell) and the rest of the bootchain stages is in flash (bootloader--->lv0-->etc, etc...), in other words... you can resign and regenerate all the contents in flash

To be able to write the flash (from a brick state)... maybe there are several ways... initially what writes the flash in a stock motherboard is the "southbridge"
Syscon has a connection with southbridge (or in other words... southbridge is an slave of syscon and does what the boss wants)
So maybe by sending commands from syscon to southbridge... we can write the flash !!! without a flasher !!!
Either way... if this idea of writing flash using southbridge doesnt works it makes no difference... this kind of modchip needs a way to write/read a 100% corrupted flash

To make a good recovery its needed to redirect the boot chain to another device (e.g: HDD or USB)... or as an alternative emulate the flash (a little eeprom in the modchip maybe is enought because we only need to load 1 stage more of the bootchain modifyed with a recovery menu)
Also the same idea can be used to make a multiboot with a selector menu (or a button)

It seems now is posible to make all this work, lest see what happens in next months, i would like to see a new generation of modchips, and probably i will buy one
__________________
Last edited by sandungas; 11-01-2012 at 09:08 PM.
sandungas is offline   Reply With Quote
Likes: (3)