Following the PS4 Linux 33c3 Demo and the start of a community-driven PS4Webkit Project, today I (@juansbeck on Twitter aka HybridComputers) am continuing from my UniversalFlash App work-in-progress bringing an update on the PlayStation 4 glitch pinout used by Marcan and the possibility to downgrade a PlayStation 4 Slim / PS4 Pro with details below. 
Rough translation: Failoverflow's Marcan made a 'glitch' attack TOOL0 combined other ports like RX and TX (rs232) to PS4 Southbridge (sysconf-hypervisor) to give read and write permissions to its devboard lattice ECP3 to intercept the signals and return them in a Payload as we showed CTurt in its extensive article, but how?
Anyone can give us the datasheet? Or if at PSDevWiki oops... the blessed datasheet is a farce. It's a troll from a dodgy blog... one has to be very stupid to believe that the r32c is the hypervisor to attack Marcan... not even the VSS nor the VCC agree
Never fool us, not all the other developers that have their functional CFW that the downgrade key or the way we can get to exploit versions 3.55, 4.01, 4.05 or whatever is in this simple sysconf
RL78G14 there are 100 pin and 64 and even less as it is ps4 pro the chip is from the company renesas company and although it cost us more 8 months without sleeping here I attach the datasheet, I can say that there is a pin the TOOOL0 credits (JaiCraB) which is the evolution of RX and TX.
For now the datasheet of sysconf and a small drawing for the devs who want to investigate meanwhile we do ours to keep this team that continues adding more than 8,000 euros a month I tell you why not everything is lost,
here we keep moving forward and something has to come out of this.
This can be used to find a way to downgrade to the minimum version of any PS4 (including PS4 Pro)
1. Correct hypervisor datasheet (ps3devwiki blunder this farce). This is the real 64 pin LQFP for ps4 slim and 1215A pages (18) and for PS4 fat page (21) PS4 Pro pending.
hypervisor final sony (sysconf).pdf
2. Correct way to program the hypervisor to create the glitch (sysconf)
forma correcta de programar hypervisor.pdf
3. Pinout glitch hypervisor PS4
https://drive.google.com/open?id=0B2cZly5GV8y-bDhFZWhKVFJtc3c
4. PS4 Pro (unconfirmed) some ports on which Sony is based on its hypervisor (sysconf)
https://drive.google.com/open?id=0B2cZly5GV8y-RjA5dnJiQXRJUFE
A greeting to all and wish you from Universal Team a Merry Christmas!
Note
As if you are a handyman, those who try to do this and you are bundled in short layout of connections so that it is if you do not make the plate yourselves and you stay like this.
https://drive.google.com/open?id=0B2cZly5GV8y-SHJac05IUVUwUUU
In the end will be something like this, we need your support in the kickstarter.
https://drive.google.com/open?id=0B2cZly5GV8y-MGF3Z0I4bS1ORk0
We based on that development board and we added reading and writing of XBox One, PS Vita, Wii U and we are working for iPhone reading
Sony did not (and still does not) uses eFuses to prevent downgrading (they are dedicated to store per console settings at factory)
Downgrading is prevented using hashes in syscon's NVS, revocation lists (on ps4/ps vita) and stripping PUP header keys from existing modules
I can confirm that they do not burn e-fuses to prevent downgrading (or during updates) and instead rely on a "Secure Non Volatile Storage" (aka SNVS), which only SAMU modules access the (per console) keys to read and write data from.
which only SAMU modules can access the (per console) keys to read and write data from * (just fixed a typo)
Of course, this also means that in the unlikely event that you do get SAMU code execution on a specific console, you can then downgrade it (but if you can achieve that, why the hell would you need to downgrade anyway?)
Rough translation: Failoverflow's Marcan made a 'glitch' attack TOOL0 combined other ports like RX and TX (rs232) to PS4 Southbridge (sysconf-hypervisor) to give read and write permissions to its devboard lattice ECP3 to intercept the signals and return them in a Payload as we showed CTurt in its extensive article, but how?
Anyone can give us the datasheet? Or if at PSDevWiki oops... the blessed datasheet is a farce. It's a troll from a dodgy blog... one has to be very stupid to believe that the r32c is the hypervisor to attack Marcan... not even the VSS nor the VCC agree
Never fool us, not all the other developers that have their functional CFW that the downgrade key or the way we can get to exploit versions 3.55, 4.01, 4.05 or whatever is in this simple sysconf
RL78G14 there are 100 pin and 64 and even less as it is ps4 pro the chip is from the company renesas company and although it cost us more 8 months without sleeping here I attach the datasheet, I can say that there is a pin the TOOOL0 credits (JaiCraB) which is the evolution of RX and TX.For now the datasheet of sysconf and a small drawing for the devs who want to investigate meanwhile we do ours to keep this team that continues adding more than 8,000 euros a month I tell you why not everything is lost,
here we keep moving forward and something has to come out of this.This can be used to find a way to downgrade to the minimum version of any PS4 (including PS4 Pro)
1. Correct hypervisor datasheet (ps3devwiki blunder this farce). This is the real 64 pin LQFP for ps4 slim and 1215A pages (18) and for PS4 fat page (21) PS4 Pro pending.
hypervisor final sony (sysconf).pdf
2. Correct way to program the hypervisor to create the glitch (sysconf)
forma correcta de programar hypervisor.pdf
3. Pinout glitch hypervisor PS4
https://drive.google.com/open?id=0B2cZly5GV8y-bDhFZWhKVFJtc3c
4. PS4 Pro (unconfirmed) some ports on which Sony is based on its hypervisor (sysconf)
https://drive.google.com/open?id=0B2cZly5GV8y-RjA5dnJiQXRJUFE
A greeting to all and wish you from Universal Team a Merry Christmas!
Note
As if you are a handyman, those who try to do this and you are bundled in short layout of connections so that it is if you do not make the plate yourselves and you stay like this.
https://drive.google.com/open?id=0B2cZly5GV8y-SHJac05IUVUwUUU
In the end will be something like this, we need your support in the kickstarter.
https://drive.google.com/open?id=0B2cZly5GV8y-MGF3Z0I4bS1ORk0
We based on that development board and we added reading and writing of XBox One, PS Vita, Wii U and we are working for iPhone reading
Sony did not (and still does not) uses eFuses to prevent downgrading (they are dedicated to store per console settings at factory)
Downgrading is prevented using hashes in syscon's NVS, revocation lists (on ps4/ps vita) and stripping PUP header keys from existing modules
I can confirm that they do not burn e-fuses to prevent downgrading (or during updates) and instead rely on a "Secure Non Volatile Storage" (aka SNVS), which only SAMU modules access the (per console) keys to read and write data from.
which only SAMU modules can access the (per console) keys to read and write data from * (just fixed a typo)
Of course, this also means that in the unlikely event that you do get SAMU code execution on a specific console, you can then downgrade it (but if you can achieve that, why the hell would you need to downgrade anyway?)
