PS3 Frankenstein PHAT PS3: CECHA with 40nm RSX

The COK-001, COK-002 and SEM-001 service manuals are public and the syscon pinout doesn't change, so you can trace it.
Seems like they just sniffed the SPI bus to analyze the communication and then modify the data on the fly.
 
M4j0r said:
The COK-001, COK-002 and SEM-001 service manuals are public and the syscon pinout doesn't change, so you can trace it.
Seems like they just sniffed the SPI bus to analyze the communication and then modify the data on the fly.
Click to expand...

Is it easy to develop this type of mod? Could you do it?
 
DeadEnd said:
Is it easy to develop this type of mod? Could you do it?
Click to expand...
Probably we dont needed it
As @M4j0r mentioned it seems the chip is modifying the SPI communications in between syscon and RSX "on the fly", but the reason why they are doing it that way is because they was not able to modify that data in his origin
I mean... they didnt had the syscon keys, so they was not able to change the hardware ID of the new RSX or any other setting
But we can modify syscon stuff, so we can configure it correctly

This is just speculation of course, i dont really know which kind of communications happens in that SPI channel
In my oppinion, the most interesting thing of that chip is they was able to identify that communications from different PS3 motherboards to clone them (at least partially)
 
Got the reply from seller they only giving u schematics only like picture already post here
Wish that i got cechb last time and do this since idk this is exist until now i just got slim instead....
 
To little is known yet to try and tackle this. So it's basically a mod chip to swap rsx revisions? Interesting to see a modchip that enables hardware swaps instead of being solely focused on piracy and homebrew. Would be cool to see someone chase this down
 
feel2death said:
Got the reply from seller they only giving u schematics only like picture already post here
Wish that i got cechb last time and do this since idk this is exist until now i just got slim instead....
Click to expand...
I'm not sure what you mean, are you saying they're refusing to send you more info on it or they don't actually sell the chips only the design?
 
I think he's just saying they do not provide more info even if you buy the chip from them, they just show where to solder them on and that's it. Maybe that is all that is required and they rather not give out too much info, as it probably is possible to do with software and they will basically lose sales if they make it fully public how the chip works, there might have been a good bit of research went into engineering the chip. Only guessing.
 
Last edited:
DoublesAdvocate said:
If you can get in contact with the seller and you're willing to ship to Canada I might be willing to pay the cost of some of the chips, like some for you and some for me/other people.
Also judging by this link https://shopee.sg/RSX-MOD-IC-i.255481496.7132549261 it suggests in the description that it works with both the 65nm RSX and the 40nm RSX as options to swap.
Click to expand...
Im willing to sent it to canada with seller that agree giving schematic or how to solder it just like devil303 said
Its 18$ without shipping ofc
Oh if someone buy it from me im gonna upload here the instruction to solder it that the seller giving to me via wa
 
feel2death said:
Im willing to sent it to canada with seller that agree giving schematic or how to solder it just like devil303 said
Its 18$ without shipping ofc
Oh if someone buy it from me im gonna upload here the instruction to solder it that the seller giving to me via wa
Click to expand...
Have you had success ordering stuff from Indonesia before? I know it's not too far from Singapore but I mean are the sellers willing to ship usually?
 
DoublesAdvocate said:
Have you had success ordering stuff from Indonesia before? I know it's not too far from Singapore but I mean are the sellers willing to ship usually?
Click to expand...
iam from indonesia.....
im still inexperience to sending stuff outside the country but last time im selling someone forged piston to us and do it well
pm me if u want

funny thing is this mod already exist since 5 year ago according someone in local ps3 group
 
Last edited:
feel2death said:
Im willing to sent it to canada with seller that agree giving schematic or how to solder it just like devil303 said
Its 18$ without shipping ofc
Oh if someone buy it from me im gonna upload here the instruction to solder it that the seller giving to me via wa
Click to expand...

I think you could see in some of the links, that they sell the chip + soldering schematics. But those pictures should be enough to see where to solder the wires.

Also here is someone who can help ship it worldwide. https://www.fiverr.com/lusianaliu/help-you-buy-something-online-from-indonesia?

I have already contacted that person, she asked the seller if the items are in stock.
 
Last edited:
Xc2c32a? Xilin? It is something on it probably?
For experimental purpose I can buy as well, pm with PayPal invoice if you know how to create. Everyone can create invoice on PayPal, just make account as business when you sell stuff.
Something if remember coldrunner was used in xbox 360, not on that area but I will ask.
edit
Somehow jrunner/coldrunner will extract/show cpu key in xbox, key to be applied in nand (got explained) different way probably then here.
 
Last edited:
DeadEnd said:
Is it easy to develop this type of mod?
Click to expand...

I guess you just need to analyze the RSX SPI data, which has already been done for the CELL SPI connection.

sandungas said:
Probably we dont needed it
As mentioned it seems the chip is modifying the SPI communications in between syscon and RSX "on the fly", but the reason why they are doing it that way is because they was not able to modify that data in his origin
I mean... they didnt had the syscon keys, so they was not able to change the hardware ID of the new RSX or any other setting
But we can modify syscon stuff, so we can configure it correctly
This is just speculation of course, i dont really know which kind of communications happens in that SPI channel
In my oppinion, the most interesting thing of that chip is they was able to identify that communications from different PS3 motherboards to clone them (at least partially)
Click to expand...

Yes, they patch the communication instead of patching the syscon firmware. The question is how much you need to patch to make it work. We know the actual Sony way required a new firmware.
I said that we can't add the new RSX code to older syscons since it's too big for the patch, but if the modchip changes the communication only a little bit (and not just replay everything) then we might have a chance to just create a dirty patch for the syscon itself, but that requires reversing the communication first.

DoublesAdvocate said:
Awesome, the price on those chips only seems to be about ~$20 USD so it shouldn't break the bank either.
Click to expand...

A new old stock genuine flash syscon is actually cheaper, but of course harder to install.
 
At 11:54 he starts making the changes to CG reset. Now something @squeept and I have been assuming is that R2054 (0 Ohms) is being turned diagonally to GND. However, it looks like he took R2153 (10K Ohms) and used it to make the diagonal connection. By using a 10K Ohm He's pulling the voltage up. That could explain @squeept's failure. I didn't notice before that the values were different. Essentially what we did was short CGreset to ground, which pulls the voltage to 0v = Pull-Down Resistor. The complete opposite thing.
CG Reset.png

Also, here's a pic I whipped together from that video to make it easier to see what he's doing:
RSX Mod (CG Reset) 2.png
 
Last edited:
You must log in or register to reply here.

Similar threads

Back
Top