PS3 Frankenstein PHAT PS3: CECHA with 40nm RSX

I have 2 questions for the guy:
  1. What would be the minimum quantity he'd sell and does he offer a wholesale price tier? Say 50x for $10ea, 100x for $8 each, and so on. Is he open to negotiating prices, or is he firm?
  2. Why doesn't he at least have an e-bay listing? Or better yet, his own website (LLC)? He could simultaneously remove the middle man and grow sales worldwide. I'm sure everyone would like an easier buying option, one that ships internationally, even if it were just e-bay. If it's easily accessible and the price reasonable, there would be no incentive to clone it.
 
M4j0r said:
Yes, Sony could do the same, but they won't (mostly because they reuse concepts from the PS3 on the PS4).
Click to expand...
Sony actually has less to lose. Companies used to offer schematics and replacement parts for sale to repair shops around the world. Hardware patients and Software copyrights protected their intellectual property from cloning and reverse engineering. The Atari2600 service manual has troubleshooting flowcharts!
The truith about the electronics industry's resistance to right to repair has been a 50 year long attack on the repair industry, which makes them compete with the console they already sold. SONY would rather you have no option but buy another console when your original dies (so they can sell you a second). Picture yourself in the1980s. Then you could take your busted Atari2600 or CRT TV down to Tom's Electric, a trusted local electronics repairman. Tom is a electrical enginner graduate turned successful small business owner! He pays taxes, rents out a small brick&mortor shop, buys parts and schematics from electronics manufacturers that allow him to do his job. He trains and employs 4 or 5 high school graduates/dropouts, inspiring and encouraging them to seek further education while paying them a fair wage. He oversees their work and guarantees the repair. He's a hard worker, an honest worker. He keeps your electronic working longer and out of the landfill. You think Tom is a standup guy offering needed service.

Fastforward to today, if Tom even exists, he's forced to rely on shady hackers selling stolen schematics on the dark web. What used to be a natural way of leveraging his electrical engineering degree to operate a respected small business has been deligetimized by big corporations who don't want to compete with themselves. Colege graduate with an EE degre are finding it much harder to find work, since they can't just start a repair nusiness anymore. It's just not profitable anymore. A repair that should only take a half hour now takes 4 hours because of intentionally difficult construction designed to make repairs impossible or likely to destroy the product. You can't guarintee a repair anymore, because you don't know if the part you need to fix the device os something you can get. And even if you can get the part, they are from shady sources and may not work. Now, Tom reputation is bad, because he has to be honest with people about the repair when they ask him if he can fix their I-Pad. He has to say, "I don't know. It depends on what's wrong and I won't know until I diagnose it." That hurts Toms reputation, because people just don't understand why an electronics repaiman wouldn't knew if he can fix it or not. They'd rather go to someone who was sure they could. But that doesn't exist anymore, because manufacturers have coordinated to hamstring and cripple the repairmen. They call him a pirate, hacker, and thief. Someone who steals their intellectual property and sells clones. We shouldn't ever trust Tom, he's a bad man! Instead we should love our mother SONY! She always treats us right when she destroys Toms reputation, cripples a once thriving industry, sells defective consoles that overheat, refuses to honor warranty repairs, don't take video game preservation seriously, takes actions easily predicted by the most profitable outcome, and treats customers like sheep to be fleeced every few years when they take down digital storefronts and release a new console requiring users to pay ransom for their digital (hostage) media, and on...and on...in perpetuity they hope!

...Unless you live in Indonesia where the repair man can install a 40nm RSX on your PS3, undoing SONYs planed obsolescence. Hurray for the repair man flying the bird in SONY's general direction!
 
Last edited:
RIP-Felix said:
I have 2 questions for the guy:
  1. What would be the minimum quantity he'd sell and does he offer a wholesale price tier? Say 50x for $10ea, 100x for $8 each, and so on. Is he open to negotiating prices, or is he firm?
  2. Why doesn't he at least have an e-bay listing? Or better yet, his own website (LLC)? He could simultaneously remove the middle man and grow sales worldwide. I'm sure everyone would like an easier buying option, one that ships internationally, even if it were just e-bay. If it's easily accessible and the price reasonable, there would be no incentive to clone it.
Click to expand...
yes he said that 100x for 8$ for nego it depends of where ship to
He doesnt know that this chip gonna be well in overseas and since as u said a language barrier maybe thats why he not try selling it overseas since it hassel even im ask him to sell it himself he just said let me sell it instead and watching back
 
vyktormvmpay25 said:
@sandungas are you saying that intercept spi on 65nm and 40nm and comparing with 90nm board spi and swapping that data?It is more nearly true for that time. Have you remembered that ps3hax thread where we all speak about this? At least I've tried to scramble wayback machine to get it, nothing found.
The ic has been programmed probably after pic jtag was released from xbox 360 that time. If it was locked with fusebits we won't be able to understand.
Click to expand...
I dont know almost anything about that SPI communications in between syscon and RSX, at this point i can only speculate about it, what im going to say could be wrong but i guess im not much far away from it

By looking in the installation it seems the chip is doing some kind of "man in the middle" modification of the data, and the communications "switches" the direction of the data several times, lets say is a bi-directional conversation, something like this:
<syscon> RSX wakeup
<rsx> What ?
<syscon> tell me your ID
<rsx> my name is 0x37 and my surname is 0x12
<syscon> ok, you are welcome

That conversation probably is encrypted. I cant imagine how someone could hack a PS3 by exploiting that SPI communications, but yeah... hackers are very smart and sometimes they discovers exploits that the manufacturer could never imagine them, so probaly they encrypted it for security reasons, just incase, because is a playstation
That encryption layer could be an additional annoyance, but i guess all the keys required to decrypt it are public, so incase it exists (im not sure) is not going to be a big deal

To get samples of that conversation is going to be needed to capture the data packets 2 times, before and after the modchip, then decrypt them, compare them... and try to make sense of it
Im guessing the magic happens at the end of the conversation, either when the RSX sends his ID to syscon, so the modchip is sending the ID of a 90nm to syscon (and the syscon thinks that is valid)... or at the last message of the conversation, so is the modchip who sends the last message to RSX with the "ok, you are welcome" (in other words, all the RSX models are going to be welcomed)
 
sandungas said:
I dont know almost anything about that SPI communications in between syscon and RSX, at this point i can only speculate about it, what im going to say could be wrong but i guess im not much far away from it

By looking in the installation it seems the chip is doing some kind of "man in the middle" modification of the data, and the communications "switches" the direction of the data several times, lets say is a bi-directional conversation, something like this:
<syscon> RSX wakeup
<rsx> What ?
<syscon> tell me your ID
<rsx> my name is 0x37 and my surname is 0x12
<syscon> ok, you are welcome

That conversation probably is encrypted. I cant imagine how someone could hack a PS3 by exploiting that SPI communications, but yeah... hackers are very smart and sometimes they discovers exploits that the manufacturer could never imagine them, so probaly they encrypted it for security reasons, just incase, because is a playstation
That encryption layer could be an additional annoyance, but i guess all the keys required to decrypt it are public, so incase it exists (im not sure) is not going to be a big deal

To get samples of that conversation is going to be needed to capture the data packets 2 times, before and after the modchip, then decrypt them, compare them... and try to make sense of it
Im guessing the magic happens at the end of the conversation, either when the RSX sends his ID to syscon, so the modchip is sending the ID of a 90nm to syscon (and the syscon thinks that is valid)... or at the last message of the conversation, so is the modchip who sends the last message to RSX with the "ok, you are welcome" (in other words, all the RSX models are going to be welcomed)
Click to expand...
Very good analisis
 
sandungas said:
I dont know almost anything about that SPI communications in between syscon and RSX, at this point i can only speculate about it, what im going to say could be wrong but i guess im not much far away from it

By looking in the installation it seems the chip is doing some kind of "man in the middle" modification of the data, and the communications "switches" the direction of the data several times, lets say is a bi-directional conversation, something like this:
<syscon> RSX wakeup
<rsx> What ?
<syscon> tell me your ID
<rsx> my name is 0x37 and my surname is 0x12
<syscon> ok, you are welcome

That conversation probably is encrypted. I cant imagine how someone could hack a PS3 by exploiting that SPI communications, but yeah... hackers are very smart and sometimes they discovers exploits that the manufacturer could never imagine them, so probaly they encrypted it for security reasons, just incase, because is a playstation
That encryption layer could be an additional annoyance, but i guess all the keys required to decrypt it are public, so incase it exists (im not sure) is not going to be a big deal

To get samples of that conversation is going to be needed to capture the data packets 2 times, before and after the modchip, then decrypt them, compare them... and try to make sense of it
Im guessing the magic happens at the end of the conversation, either when the RSX sends his ID to syscon, so the modchip is sending the ID of a 90nm to syscon (and the syscon thinks that is valid)... or at the last message of the conversation, so is the modchip who sends the last message to RSX with the "ok, you are welcome" (in other words, all the RSX models are going to be welcomed)
Click to expand...
If the code was exist, can u reprogram the syscon?
 
<syscon> RSX wakeup
<rsx> What ?
<syscon> tell me your ID
<rsx> my name is 0x37 and my surname is 0x12
<syscon> ok, you are welcome
Nor I don't understand , bearly learned how to use some commands over spi with buspirate to an panel ic to test it full open leds display.
Maybe my friend will find something when he is here to test together in weeks coming.
We don't have to much tools only a jtag programmer for xilinx and old oscilloscope 100 MHz 2ch which is quite old tektonix with tube.
We don't have to much hope just a quick test about few hours.
 
botakompong said:
I'm sorry because i'm busy rn. I will try to make a tutorial about how to install the ic modrsx and scheme of fat and slim ps3. However, i still dont know how to post the tutorial and i will need help from you about that.
Click to expand...
Yes sure I can help with that we just need to open a thread in hardware modifications "Rsx 90nm swap to newer 65nm or 40 nm with Orbis modchip " can be named. We kindly have all details for this, well I've tested on cok002 with @DeadEnd and is working. I may test myself with time rest of boards. I have a small workshop and I have multiple units passing here. Neither I did not created any proper tutorials, this mostly will need to be created as is more for advanced/service users that can do reball. Already posted reball reference in my way so part with modchip would be easier side. Only soldering those tiny points then ready to go.
https://www.psx-place.com/threads/reball-ps3-cell-rsx.32376/page-2#post-290650
Kind of help about reball.
 
DeadEnd said:
Amazing, thank you and thanks to him. I should probably let others ask more important questions. Myself I am only curious, how does the modchip work? Was it him who wrote the modchip code, or someone else? And of course, will he ever share it (the code) or is it creator's secret?

I ironically sold most of my disc games, but just in case here is some videogaming proof of the working console (better than blurry screenshots). https://drive.google.com/file/d/13jYAB33EQXFwPtB7yz7bB4EUCyHQCoCx/view?usp=sharing (ignore the rainbow stripes, it's what capturing software shows when there's no signal.)

Also, I have recorded the full process of how I soldered balls onto the chip (I added a second angle in some parts). I don't claim to say it's the best way, just something that worked for me.

Click to expand...
Idea: remove the head of the heater so the tin ore does not run away
 
botakompong said:
I'm sorry because i'm busy rn. I will try to make a tutorial about how to install the ic modrsx and scheme of fat and slim ps3. However, i still dont know how to post the tutorial and i will need help from you about that.
Click to expand...

Thank you so much and to your brother (my condolences) for creating this mod. Brilliant work. I have already tested your modchip and it works great. I've posted pictures and videos before. I installed 65 nm from slim model on cok002 and it works great. I've also written a guide based on your tutorials.


orbis mod white.jpg

resistors.jpg

What do you think ?
 
Last edited:
botakompong said:
Hallo all, sorry my engglish not good, i was thank full for u'r good respont about ic modrsx that was made by my big brother "kiaw" (that already past away), for developer only i will share the code, to introduce on of his creation
Click to expand...
First let me say thanks to you and your brother for this mod! I'm sorry to hear of your brothers loss, it would have been neat to get his input on what we were doing wrong in our approach. How much do you know about the device or the development process? I'm guessing your brother was an electrical engineer? Did he work for SONY or was he experienced in reverse engineering? I'm sure there is a cool story behind the development process for this device. I for one, would love to hear it. That is, if you don't mind sharing it with us.
 
You must log in or register to reply here.

Similar threads

Back
Top