ビビビッ

Web、サーバ、ソフトウェア、バグ・脆弱性 などの情報を何人かで集まって書いていく IT/Web情報系ブログ

【Complete version】How to apply PS2251-07(2307) patch for Psychson(BadUSB)

投稿日:   最終更新日:2017/04/03  投稿者:xx2zz

I released a patch to run Psychson on PS2251-07(2307), but since the procedure was complicated and incomplete.
Because there are too many questions, I will revisit a simplified patch file and procedure again.

スポンサーリンク

Difference file

This file contains the following changes.

Note: This file is research material for the purpose of experiment to work Psychson’s custom firmware in PS2251-07(2307). It does not guarantee the operate. Please use it at your own risk.

“Psychson2307_diff_en” をダウンロード Psychson2307_diff_20170401_en.zip – 38 回のダウンロード – 5 KB

Operation confirmation device

I confirmed the operation with the following USB memory.

  • TOSHIBA TransMemory-MX TNU-B008GK
  • TOSHIBA TransMemory-MX V3SZK-016G

Other necessary items

Building CFW for 2307

  1. Download source code from brandonlw/Psychson and extract it
  2. Overwrite/Add the contents of “Psychson2307_diff_20170401.zip” to the Psychson folder expanded with step 1
  3. Apply differences with patch command (Movie)
  4. patch -p0 < firmware-firmware2307.diff
    patch -p0 < DriveCom-DriveCom2307.diff
    
  5. Extract “FW07FF01V10153M_20140116.bin” and “BN07V106M.BIN” from “firmware_ps225107.rar” and place it in “firmware” folder
  6. Execute “fire2db.pl” placed in “firmware” folder (Perl 5 required)
  7. Run build.bat

Embedding the payload

Embed the payload file as necessary in the firmware file (bin/fw.bin) created above.

Flashing CFW for 2307

  1. Build DriveCom after applying the patch with VS2012
  2. Extract “BN07V502TAW.BIN” from “firmware_ps225107.rar”
  3. Open “BN07V502TAW.BIN” with hex editor and change the values of offset 0x4D85, 0x4D86 to 00
  4. Flashing firmware with DriveCom.exe
  5. DriveCom.exe /drive=E /action=SendFirmware /burner=BN07V502TAW.BIN /firmware=fw.bin
    

- BadUSB , , ,

Comment

  1. xcmx より:

    Does your BN07V502TAW.BIN patch turn on scrambler only for write?
    How to patch this loader to enable scrambler for reading (to get clean firmware dump)?
    Thx!

Message

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

Loading Facebook Comments ...

関連記事