PSJailbreak Reverse Engineered

PS3 Hacks , 26.08.2010

German website GameFreax has claimed to have successfully reverse engineered PS Jailbreak. They bring out some important information that was previously unknown. First off, PSJailbreak was apparently NOT a clone of Sony’s JIG, instead its a legitimate exploit that was developed. Second, we can NOT upgrade PSJailbreak without the use of additional hardware – maybe the company planned to sell another component to upgrade the unit?

Here is the translated post:

We have taken a closer look at this PSJailbreak dongle
We can confirm that the PSJailbreak is not a clone of Sony’s “Jig” module. PSJailbreak is a self-developed exploit. The chip is not a PIC18F444 but a ATMega is used with a software USB interface. This means the chip is internally capable of emulating any USB device. PSJailbreak emulates a 6 Port USB hub on which different devices will later be connected and then disconnected. One of these devices has the product:vendor ID of Sony’s “Jig” module, which means this had played a certain role during the development of PSJailbreak role.

But lets start from beginning: When the PS3 is powered on … A USB emulation device will be connected, which has a too large of a Configuration Descriptor. This Descriptor overrides the stack with a PowerPC shellcode that gets executed. Now, various USB devices are connected to the emulation USB hub. One device has a large Descriptor with a size of 0xAD, which is part of the exploit and contains static data. A short time later (we are talking milliseconds here) the jig module is connected, and encrypted data is transmitted to the jig module. A few milliseconds later, the Jig module answers with 64 byte static data, all USB devices are then disconnected, and a new USB device is connected and the PS3 launches with ‘a new feature’.

PSJailbreak is NOT software update-able. The Update feature which is mentioned, can be done just with hardware modifications. So by ‘update’ they mean ‘buy more of our stuff’

64Byte static data that is emulated by Jig sent to the PS3

Source

Thanks to Disane for the information and thanks to Aaron/mcd1992 for help with the translation.

Tags: PS Jailbreak, ps3, PS3 Hacks, PS3Hax, psjailbreak, reverse engineered

Discuss in Forums (74)

74 Comments

gliitch
08-26-2010
03:34 PM

1

woohooo roll on DIY :D
sonicjam
08-26-2010
03:34 PM

2

oh darn i just posted this in the forums :P
gliitch
08-26-2010
03:40 PM

3

So this means, the PSJB peeps did this by their own hand, not ripping off Sony?
How long until we can emulate this on a USB stick then?
tcmkenny
08-26-2010
03:45 PM

4

so does this mean we can get this thing running via usb stick?
Disane
08-26-2010
03:48 PM

5

here's my version:

This is not a Sony PS3 Jig Modul. It uses an vulnerability discovered by some unknown group. The chip is not a PIC18F444, but an ATMega with a USB storage storing software code. The software is inside the USB and is being emulated by the MCU. The jailbreak emulates a 6 port USB hub. Basically what happens is that this emulated hub receives termination of certain connected devices and then disconnects these devices. One of these devices hold the ID from the Sony JIG Modul. This means that the JIG Module played a main role in creating the jailbreak.
But let's move on shall we: When the ps3 is being turned on the USB emulates (that) a Device is being connected. This device holds a large "Configuration Descriptor". This data (Configuration Descriptor) overrides the stack in the memory with some PPC code (this is the shell code -Disane) which is going to be running later on. Now, some kind of USB devices are being emulated. One of these devices holds the 0xAD (173 Bytes) long data (the Configuration Descriptor), this part of the exploit holds static data. A little bit later (milliseconds later) the JIG Modul is being connected (probably the ID part gets emulated -Disane) this time the JIG Modul receives encrypted data. Milliseconds later the JIG answers with a 64 Byte long static data and all USB devices are being disconnected. A new USB device is being connected and the PS3 starts up in a new state.

The 64 Bytes data that goes back to the PS3 from the emulated JIG:

The PS3Jailbreak CANNOT be updated! This can only be realized by updated hardware.
gliitch
08-26-2010
03:52 PM

6

i should hope so. :D But from what i gather the PSJB itself emulates a sixport hub, in which injects the Jig Code from one of the ports then shuts down. so the jig is just an emulation on a stick, so yeah to answer your question tmckenny i should hope freeeaking so XD
NoisilySilent
08-26-2010
04:08 PM

7

Great news, and great job!
Thanks to Master Yoda for the translation:
" which means that played in the development of PSJailbreaks the "Jig" module, a certain role."
:-)))))
spec8320
08-26-2010
04:11 PM

8

so maybe give voice for moderators / admins . So is it possible to make jig from you own USB pendrive ?
mcd1992
08-26-2010
04:21 PM

9

Element's Translation
KrisAbsinthe
08-26-2010
04:24 PM

10

If this information is correct then making one from a standard pen drive will not be possible. However, being able to run unsigned code will allow developers to write software that will help search for usable exploits, by dumping memory or CPU data.These exploits are what the end user will be using to exploit their PS3s. it is very unlikely that at home cloning for the end user is probably not going to happen. However if you have a usb2IC controller you may be able to. From what I can tell this is a Buffer Over flow using the Device ID to over write (UberSchreibt, not sure why that didnt translate) the memory rage and (probably) a NOP sled to slide into the shellcode and take over the PPC. Again, this is just my opinion.
foodev
08-26-2010
04:31 PM

11

It's impossible for a low-speed device to emulate a USB hub.
NoisilySilent
08-26-2010
04:38 PM

12

could a PC with an appropriate device driver emulate the jig?

Disane
08-26-2010
04:39 PM

Originally Posted by foodev

It's impossible for a low-speed device to emulate a USB hub.

Yeah, thats what all the devs say. This article has a lot of misleading information :-( The execution of the shell code sounds fishy too:
You need to overflow the return address and make the PC jump to that address (this is the address where you have your shell code) to spawn your WAREZ.

gliitch
08-26-2010
04:50 PM

14

Ahh i think i gots an idea :D Get an A(MALE) to A(MALE) USB cable, boot linux command prompt, execute the code on bootup, just when pressing the power on + eject buttons.

sonicjam
08-26-2010
04:53 PM

Originally Posted by gliitch

Ahh i think i gots an idea :D Get an A(MALE) to A(MALE) USB cable, boot linux command prompt, execute the code on bootup, just when pressing the power on + eject buttons.

that will probably will work. make a bootable linux disc.

NoisilySilent
08-26-2010
04:54 PM

Originally Posted by gliitch

Ahh i think i gots an idea :D Get an A(MALE) to A(MALE) USB cable, boot linux command prompt, execute the code on bootup, just when pressing the power on + eject buttons.

yeah, and most of all, cross your fingers and eat chocolate, that surely will help

tcmkenny
08-26-2010
04:58 PM

Originally Posted by NoisilySilent

yeah, and most of all, cross your fingers and eat chocolate, that surely will help

LOL Maybe thats what helped the jailbreak team

Loan
08-26-2010
05:02 PM

18

aww nice i just want to fast forward 2 month from now :P
gliitch
08-26-2010
05:04 PM

19

NoisilySilent -_- only trying to help. @ SonicJam: We could have to pc and ps3 connected before the ps3 is turned on, then issue the code as soon as the ps3 turns on, it will be the same as the code injection that all the people with usbs would use.
the_tom777
08-26-2010
05:06 PM

20

Time to bust out the arduino and work on emulating this thing. Are there any USB logs or dumps from the chips available?

sonicjam
08-26-2010
05:11 PM

Originally Posted by gliitch

NoisilySilent -_- only trying to help. @ SonicJam: We could have to pc and ps3 connected before the ps3 is turned on, then issue the code as soon as the ps3 turns on, it will be the same as the code injection that all the people with usbs would use.

well you can add a 5 sec countdown to detect a connection and start the injection.

gliitch
08-26-2010
05:14 PM

22

No idea, im just thinking that should work, as the jig itself is emulated anyway, also we could write a script something like jig.sh with the code needed from the dump of the chips, and volia!! one jigged out PS3 and not a hole in your pocketo XD

I presume ardinuo is a drink of some sort? XD
the_tom777
08-26-2010
05:16 PM

23

arduino is a microcontroller. very easy to use

sonicjam
08-26-2010
05:16 PM

Originally Posted by gliitch

No idea, im just thinking that should work, as the jig itself is emulated anyway, also we could write a script something like jig.sh with the code needed from the dump of the chips, and volia!! one jigged out PS3 and not a hole in your pocketo XD

I presume ardinuo is a drink of some sort? XD

well let see when its up for download. :P

NoisilySilent
08-26-2010
05:21 PM

Originally Posted by gliitch

NoisilySilent -_- only trying to help. @ SonicJam: We could have to pc and ps3 connected before the ps3 is turned on, then issue the code as soon as the ps3 turns on, it will be the same as the code injection that all the people wit usbs would use.

Actually, your intentions are good, no doubt and of course the only free (i mean priceless) solution would be to simulate the dongle with a pc.
And be sure every dev interested in hacking the ps3 are looking towards this direction right now.
However, "injecting the code" is not that simple... there are communication protocols and many handshakes to have between the pc and the ps3 before injecting the so called code (that no one possesses at the time being btw).
Lets be patient, some guys will very soon find the solution, it's very close.
In fact, I am even sure there cant be any other issue than victory by now.
Too much info are revealed not to reach the goal.

tcmkenny
08-26-2010
05:39 PM

26

This idea sounds great and best part is it would be very easy to distribute I can't believe how fast this is picking up pace. Not long now, Now all that's needed is the dump
NoisilySilent
08-26-2010
05:40 PM

27

BTW, 1 question:

Our german friends say the dongle "could" be legit.
If it happens to be so, would it be legit from Sony to prevent this dongle from working?
(regarding the law and the jailbreak specific texts)
Wouldnt it be fracking ironical if Sony couldnt fix it without being outlaw?
gliitch
08-26-2010
05:41 PM

28

so it looks like im on the right track after all :D .. when it is done i want to see how they did it ..the devs i mean. hehe. When loading up the code we have to get the ps3 to glitch much like how the usb does it... i vote by next week, we will have a solution :D

As it is a homebrewed concoction i doubt Sony can shut this down on the grounds of "stealing SDK code" or can they? : \ I hope my idea, goes to some way help the devs to make a mainstream hack that is free ^_^
element
08-26-2010
05:45 PM

29

another point could be to take a psp ...
make a homebrew app with a custom usb driver ...

domatas
08-26-2010
05:47 PM

Originally Posted by element

another point could be to take a psp ...
make a homebrew app with a custom usb driver ...

I've no PSP, so I'd vote no for that :thefinger:

sonicjam
08-26-2010
05:48 PM

31

Element you're a genius! but at the same time i lost my hacked psp
jester
08-26-2010
06:29 PM

32

it would be great if they can provide more info about the MCU like the exact model and valules of fueses and lockbits!
cpierre
08-26-2010
06:31 PM

33

Sony themselves are the main cause of this, had they leave the "install other os" option all this would've been avoided. They already plagued the ps3 with lens problems, you spent your money and buy your own ps3 and yet its like they still want to control the item you bought. Well here's a news flash even they block the PSJLB hackers will still find other means and they won't stop no matter what it takes. Solution: leave users to do what ever they want with their console, if they void warranty thats their problem. Sony should just move on to PS4 and stop fighting hackers war.

Share your views, thank you...

tcmkenny
08-26-2010
06:37 PM

Originally Posted by cpierre

Sony themselves are the main cause of this, had they leave the "install other os" option all this would've been avoided. They already plagued the ps3 with lens problems, you spent your money and buy your own ps3 and yet its like they still want to control the item you bought. Well here's a news flash even they block the PSJLB hackers will still find other means and they won't stop no matter what it takes. Solution: leave users to do what ever they want with their console, if they void warranty thats their problem. Sony should just move on to PS4 and stop fighting hackers war.

Share your views, thank you...

I fully agree if you buy a console YOU OWN THAT CONSOLE! you are not renting it, you can buy a car and you dont get in trouble for modding it

domatas
08-26-2010
06:37 PM

Originally Posted by cpierre

Sony themselves are the main cause of this, had they leave the "install other os" option all this would've been avoided. They already plagued the ps3 with lens problems, you spent your money and buy your own ps3 and yet its like they still want to control the item you bought. Well here's a news flash even they block the PSJLB hackers will still find other means and they won't stop no matter what it takes. Solution: leave users to do what ever they want with their console, if they void warranty thats their problem. Sony should just move on to PS4 and stop fighting hackers war.

Share your views, thank you...

I just hope hackers won't need that much time to hack ps4...

gliitch
08-26-2010
06:41 PM

************* [ - Post Merged - ] *************

Originally Posted by cpierre

Sony themselves are the main cause of this, had they leave the "install other os" option all this would've been avoided. They already plagued the ps3 with lens problems, you spent your money and buy your own ps3 and yet its like they still want to control the item you bought. Well here's a news flash even they block the PSJLB hackers will still find other means and they won't stop no matter what it takes. Solution: leave users to do what ever they want with their console, if they void warranty thats their problem. Sony should just move on to PS4 and stop fighting hackers war.

Share your views, thank you...

even if we had OtherOS i still think this would of happened, the only difference now is, its seen as a retaliation against Sony. Where as before it would been done just out of pure curiosity, like saying "right so, here are where the constraints are, how about we crank this up a notch"
I hate how Sony and all those corporate big wigs think they know whats best, and how we should use it.

After all we give them the money to make these creations, i think we should have a bigger say in what goes on, and be listened to. Thats why there is hombrew, because what they ship out, just doesnt cut it.

madzak
08-26-2010
06:46 PM

37

Respect to the psjb team, outstanding idea emulatining multiple usbs to override the ps3 fw boot and take control.

Nice job

still waiting for an /hdd explorer\ with "copy ;cut " commands and maybe more functs in the bckup/mngr; it would just perfect.

then we can say ps3 is totally owned.
gliitch
08-26-2010
06:51 PM

38

It will all come in time(very quick time) Think of all the ideas people have had over the 4 years, the net is literally a barrage of can we have this and that. but due to constraints at the time, we couldn't, where as now, well judge for yourself :D
cpierre
08-26-2010
07:06 PM

39

I think they should put all these Ideas that we had over the past 4 years in PS4, then they would really be hack proof
gliitch
08-26-2010
07:18 PM

40

at least then we would not feel the need to hack it
keepkool
08-26-2010
08:12 PM

41

the pc(hubemu) 2 ps3 connection seems to me the better way

http://biot.com/blog/usb-sniffing-on-linux
http://wiki.wireshark.org/CaptureSetup/USB

may help ... just my 2cents
2n2upt
08-26-2010
08:36 PM

42

Any chance of this working without a BD-drive working properly? Mine is broken, and I would save some coins repairing it
$n!pR
08-26-2010
09:04 PM

43

The dongle would work without it, but you would need a working drive to make your own backups - or download GB worth of files online.
FirebirdTA01
08-26-2010
09:25 PM

44

As of now you still need a valid original disc in the drive even if you are using the backup manager.
davidthefat
08-26-2010
11:21 PM

45

If it really is an AtMega, you can always upgrade it by jtag. I don't see anything other than a AtMega with a LED and an oscillator. I know it was an AtMega by the looks of it, I was too hesitant to believe it was a PIC
Hailfire101
08-27-2010
03:38 AM

46

How do you delete comments?

konangrit
08-27-2010
04:05 AM

Originally Posted by Hailfire101

Not really...

However, if you where to say , download a copy of a game that someone had ripped to a USB HD, (as long as it is a FAT32 compatible game) this would work.
Ripping game to your internal HD, as of right now would be, for you, impossible)

BUT This is illegal... so I would highly recommend NOT doing it.

That won't work, it still needs to read an original disc in the drive.

gliitch
08-27-2010
06:34 AM

48

the disk in the drive is only to ensure "maximum compatibility" so it could work kind of
2n2upt
08-27-2010
07:50 AM

49

Well if the only "possible" chance is running from an external HDD, I should repair the BD-drive ;/
Mystery Guest
08-27-2010
11:13 AM

50

You say a PC to PS3 connection would be hard to time, but an external hard drive could possibly be modded to inject the proper sequence and start a load up, correct? The only reason I ask is b/c so many usb sticks and external HDs are set up to load their own OSes upon connection. Some even offering preloading ftp software, remote media streaming servers, and other tools that load up upon power up. Is it possible to load/inject and possibly bring up a custom UI/program before the ps3 loads ala PSP?

Mattr92
08-27-2010
12:04 PM

Originally Posted by Mystery Guest

You say a PC to PS3 connection would be hard to time, but an external hard drive could possibly be modded to inject the proper sequence and start a load up, correct? The only reason I ask is b/c so many usb sticks and external HDs are set up to load their own OSes upon connection. Some even offering preloading ftp software, remote media streaming servers, and other tools that load up upon power up. Is it possible to load/inject and possibly bring up a custom UI/program before the ps3 loads ala PSP?

if you "could emulate it" a probable way would be with a psp, create a prx plugin or pbp to register the device as the ps3 jig and then send the sequence like a micro controller would

RichB93
08-27-2010
12:10 PM

52

Prepare to get slashdotted
japsander
08-27-2010
12:32 PM

53

i have just emailed the european store i ordered mine from to see if they have heard from their supplier or god forbid the big "S"

domatas
08-27-2010
12:58 PM

Originally Posted by gregoryrasputin

it made bbc news http://www.bbc.co.uk/news/technology-11116416

...sony has won a temporary ban to prevent australian distributors selling a hardware hack for the playstation 3 (ps3)...

Temporary IS the key word

"I really doubt Sony has grounds to ban this dongle."

GregoryRasputin
08-27-2010
01:02 PM

Originally Posted by domatas

Temporary IS the key word

Yeah, it says as much on the first post.

I also posted that link in the wrong thread, i since deleted it and put it in the right thread, i know fail me >.<

General Plot
08-27-2010
02:00 PM

56

What's still unclear is that it states Sony currently has control over their stock and are allowed to study it and destroy it at their will. If this injunction were only temporary, then it begs the question on why Sony has been given so much freedom to do what they want with the dongles? Wouldn't they be kept in control of the government until a decision was reached?

japsander
08-27-2010
02:34 PM

Originally Posted by General Plot

What's still unclear is that it states Sony currently has control over their stock and are allowed to study it and destroy it at their will. If this injunction were only temporary, then it begs the question on why Sony has been given so much freedom to do what they want with the dongles? Wouldn't they be kept in control of the government until a decision was reached?

its just so sony can try and reverse the mod and to try and pick out anything that they could claim is a violation of their intellectual property.
the courts cant do it and who better to test them but sony themselves.

plus its a good way for them to try and find a method to detect block them
next update.

how much do you want to bet that it may take a few hundred "destruction tests" to figure it out?

this is of course only my interpretation.

konangrit
08-27-2010
03:28 PM

58

AFAIK the Australian retailers only have the original samples, as their retail shipments have yet to ship and will now most likely be cancelled due to this injunction. Sony should only receive 3 units, 1 from each of the 3 retailers.
japsander
08-27-2010
03:35 PM

59

totally forgot about them only having 1 sample each lol.
wouldnt it be a shame if the dongles accidentaly got fried or all its data wiped before going into sonys testing?
enohand
08-27-2010
04:33 PM

60

ok...i have a "?", here in the USA, they just (month ago?) passed a law ALLOWING hacking/jail breaking/etc...to ANY HW electronic device that you own (ie hacking/jail breaking Iphones in the USA is not ILLEGAL anymore, its LEGAL!) so does that me they could still be sold in the USA?

japsander
08-27-2010
04:48 PM

Originally Posted by enohand

ok...i have a "?", here in the USA, they just (month ago?) passed a law ALLOWING hacking/jail breaking/etc...to ANY HW electronic device that you own (ie hacking/jail breaking Iphones in the USA is not ILLEGAL anymore, its LEGAL!) so does that me they could still be sold in the USA?

as long as the dongles do not contain sony code i cant think of a reason why not.

mcd1992
08-27-2010
07:02 PM

If you pay attention to the HEX data in the background of the picture it looks like it might be the static 64 byte data we want.

Code:

8C 00 00 00 00 3D FE 78
80 00 00 90 00 3D EE 88
80 00 00 00 00 33 E7 20
E8 83 FF F9 E3 63 FF F8
E8 A3 OC 12 38 63 10 00
7C 04 28 00 40 82 FF F4
38 C3 F0 20 7C C9 03 A6
4E 80 04 20 04 00 00 00

Link

Mattr92
08-27-2010
07:19 PM

Originally Posted by mcd1992

If you pay attention to the HEX data in the background of the picture it looks like it might be the static 64 byte data we want.
Code:
8C 00 00 00 00 3D FE 78
80 00 00 90 00 3D EE 88
80 00 00 00 00 33 E7 20
E8 83 FF F9 E3 63 FF F8
E8 A3 OC 12 38 63 10 00
7C 04 28 00 40 82 FF F4
38 C3 F0 20 7C C9 03 A6
4E 80 04 20 04 00 00 00
Link

I think they just used that as an example might not actually be the code

Descrambler
08-28-2010
11:50 AM

64

PSJailbreak - USB Traffic

The first 8 bytes are from the usb protocol left [09 02 ... ]

The code Will be pushed four times onto ps3 usb stack:

00000: 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
00010: 02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
00020: 38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
00030: 64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
00040: 28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
00050: 4E 80 04 20 00 00 00 00 00 00 00 00 00 00 00 00
00060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00080: 7C 08 02 A6 F8 21 FF 61 FB 61 00 78 FB 81 00 80
00090: FB A1 00 88 FB C1 00 90 FB E1 00 98 F8 01 00 B0
000A0: 3B E0 00 01 7B FF F8 06 7F E3 FB 78 64 63 00 05
000B0: 60 63 0B 3C 7F E4 FB 78 64 84 00 70 60 84 01 AC
000C0: 38 A0 04 FA 4B 97 BF 59 7F E3 FB 78 64 63 00 05
000D0: 60 63 0B 3C 38 63 00 20 4B 9D 22 01 7F E3 FB 78
000E0: 64 63 00 05 60 63 0B 3C 7F E4 FB 78 64 84 00 2E
000F0: 60 84 B1 28 38 63 00 10 F8 64 01 20 7F E5 FB 78
00100: 64 A5 00 70 60 A5 01 50 80 65 00 00 28 03 00 00
00110: 41 82 00 18 80 85 00 04 7C 63 FA 14 90 83 00 00
00120: 38 A5 00 08 4B FF FF E4 48 00 05 88 F8 21 FF 51
00130: 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
00140: F8 01 00 C0 3B C0 07 D0 3B E0 00 C8 4B 90 A9 B8
00150: 00 04 90 E0 E8 82 0F 08 00 04 90 E4 E8 7C 00 20
00160: 00 04 90 E8 F8 64 00 00 00 04 F0 A8 48 00 1A 9D
00170: 00 2A AF C8 4B DA 5B 80 00 04 ED 18 38 80 00 00
00180: 00 04 ED 1C 90 83 00 00 00 04 ED 20 4E 80 00 20
00190: 00 3B A8 90 01 00 00 00 00 05 05 D0 38 60 00 01
001A0: 00 05 05 D4 4E 80 00 20 00 00 00 00 38 60 00 01
001B0: 4E 80 00 20 48 00 02 78 48 00 01 EC 80 00 00 00
001C0: 00 05 0C A8 80 00 00 00 00 33 E7 20 80 00 00 00
001D0: 00 05 10 32 80 00 00 00 00 05 0B 7C 80 00 00 00
001E0: 00 05 0B 8C 80 00 00 00 00 05 0B 9C 80 00 00 00
001F0: 00 05 0B D4 80 00 00 00 00 33 E7 20 80 00 00 00
00200: 00 05 0C 1C 80 00 00 00 00 33 E7 20 80 00 00 00
00210: 00 05 0C 78 80 00 00 00 00 33 E7 20 80 00 00 00
00220: 00 05 0C 84 80 00 00 00 00 33 E7 20 00 00 00 00
00230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00240: 00 00 00 00 F8 21 FF 81 7C 08 02 A6 F8 01 00 90
00250: 38 80 00 00 38 A0 00 01 48 08 1D B1 80 A3 00 08
00260: 38 60 00 00 3C 80 AA AA 60 84 C0 DE 7C 04 28 40
00270: 41 82 00 08 38 60 FF FF 7C 63 07 B4 E8 01 00 90
00280: 7C 08 03 A6 38 21 00 80 4E 80 00 20 F8 21 FF 81
00290: 7C 08 02 A6 F8 01 00 90 38 80 00 00 48 08 1D 99
002A0: 38 81 00 70 38 A0 00 00 F8 A4 00 00 38 C0 21 AA
002B0: B0 C4 00 00 38 C0 00 00 B0 C4 00 06 38 C0 00 01
002C0: 78 C6 F8 06 64 C6 00 05 60 C6 0B AC 38 E0 00 00
002D0: 48 08 1C CD 38 60 00 00 E8 01 00 90 7C 08 03 A6
002E0: 38 21 00 80 4E 80 00 20 38 60 00 00 39 60 00 FF
002F0: 44 00 00 22 2C 03 00 00 40 82 00 1C 38 60 00 01
00300: 78 63 F8 06 64 63 00 05 60 63 0B BC 38 80 00 01
00310: 90 83 00 10 4E 80 00 20 F8 21 FF 31 7C 08 02 A6
00320: F8 01 00 E0 FB E1 00 C8 38 81 00 70 48 16 2E 81
00330: 3B E0 00 01 7B FF F8 06 67 FF 00 05 63 FF 0B BC
00340: E8 7F 00 00 2C 23 00 00 41 82 00 0C 38 80 00 27
00350: 48 01 17 E9 38 80 00 27 38 60 08 00 48 01 13 9D
00360: F8 7F 00 00 E8 81 00 70 4B FF C5 F9 E8 61 00 70
00370: 38 80 00 27 48 01 17 C5 E8 7F 00 00 4B FF C6 0D
00380: E8 9F 00 00 7C 64 1A 14 F8 7F 00 08 38 60 00 00
00390: EB E1 00 C8 E8 01 00 E0 38 21 00 D0 7C 08 03 A6
003A0: 4E 80 00 20 F8 21 FF 61 7C 08 02 A6 FB 81 00 80
003B0: FB A1 00 88 FB E1 00 98 FB 41 00 70 FB 61 00 78
003C0: F8 01 00 B0 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01
003D0: 7B FF F8 06 7F A3 EB 78 7F E4 FB 78 64 84 00 05
003E0: 60 84 10 28 38 A0 00 09 4B FF C5 CD 28 23 00 00
003F0: 40 82 00 34 67 FF 00 05 63 FF 0B BC 80 7F 00 10
00400: 28 03 00 00 41 82 00 20 E8 7F 00 00 28 23 00 00
00410: 41 82 00 14 E8 7F 00 08 38 9D 00 09 4B FF C5 45
00420: EB BF 00 00 7F A3 EB 78 48 25 A2 38 7C 08 02 A6
00430: F8 21 FE 61 FB 61 00 78 FB 81 00 80 FB A1 00 88
00440: FB C1 00 90 FB E1 00 98 F8 01 01 B0 7C 7D 1B 78
00450: 7C 9E 23 78 3B E0 00 01 7B FF F8 06 EB 82 96 00
00460: EB 9C 00 68 EB 9C 00 18 EB 62 0F 08 E9 3D 00 18
00470: 81 29 00 30 79 29 84 02 2C 09 00 29 40 82 00 58
00480: E8 9C 00 10 78 85 C1 E4 78 A5 46 20 2C 05 00 FF
00490: 41 82 00 18 60 84 00 03 F8 9C 00 10 38 60 00 06
004A0: 90 7E 00 00 48 00 00 14 60 84 00 02 F8 9C 00 10
004B0: 38 60 00 2C 90 7E 00 00 80 BC 00 04 E8 9C 00 08
004C0: E8 7B 00 00 7D 23 2A 14 F9 3B 00 00 48 02 B1 C1
004D0: 48 00 00 C4 7F A3 EB 78 7F C4 F3 78 4B FF D9 B1
004E0: 7F FD FB 78 67 BD 00 05 63 BD 0B D0 80 7D 00 00
004F0: 80 BC 00 04 7C 63 2A 14 90 7D 00 00 E8 9C 00 10
00500: 78 85 C1 E4 78 A5 46 20 2C 05 00 FF 40 82 00 88
00510: E8 7B 00 00 38 80 00 00 38 C0 00 00 7C E3 22 14
00520: 80 A7 00 00 7C C6 2A 78 38 84 00 04 28 24 04 00
00530: 40 82 FF EC 80 7D 00 00 78 C6 07 C6 7C C6 1B 78
00540: 38 60 00 00 90 7D 00 00 7F E7 FB 78 64 E7 00 05
00550: 60 E7 0F 70 E8 67 00 00 28 23 00 00 41 82 00 38
00560: 38 E7 00 10 7C 23 30 40 40 82 FF EC E8 A7 FF F8
00570: E8 FB 00 00 80 65 00 00 28 03 00 00 41 82 00 18
00580: 80 85 00 04 7C 63 3A 14 90 83 00 00 38 A5 00 08
00590: 4B FF FF E4 38 60 00 00 EB 61 00 78 EB 81 00 80
005A0: EB A1 00 88 EB C1 00 90 EB E1 00 98 E8 01 01 B0
005B0: 38 21 01 A0 7C 08 03 A6 4E 80 00 20 F8 21 FF 51
005C0: 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
005D0: F8 01 00 C0 3B C0 0F A0 3B E0 00 C8 4B FB 9B 98
005E0: A0 55 6F 3D 00 2C B8 FD 80 00 00 00 00 05 0F B8
005F0: 8C 0A 94 8C 00 0D 99 B1 80 00 00 00 00 05 0F E0
00600: A2 BC 1A 56 00 05 2A DC 80 00 00 00 00 05 10 04
00610: 6B 70 28 02 00 02 00 17 80 00 00 00 00 05 0F D4
00620: 00 00 00 00 00 00 00 00 00 30 53 54 38 60 00 82
00630: 00 5F 3F C0 38 60 00 01 00 5F 3F C4 4E 80 00 20
00640: 00 00 00 00 00 02 ED 0C 3B A0 00 01 00 00 00 00
00650: 00 22 B8 88 5F 74 6F 6F 00 22 B8 8C 6C 32 2E 78
00660: 00 22 B8 90 6D 6C 23 72 00 22 B8 94 6F 6F 74 00
00670: 00 00 00 00 00 0D 68 B8 5F 74 6F 6F 00 0D 68 BC
00680: 6C 32 2E 78 00 0D 68 C0 6D 6C 23 72 00 0D 68 C4
00690: 6F 6F 74 00 00 00 00 00 2F 64 65 76 5F 62 64 76
006A0: 64 00 6D 6F 64 00 00 00 00 00 00 00 00 00 00 00
006B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
006C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
006D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
006E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
006F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00700: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00710: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00720: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00730: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00740: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00750: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00760: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00770: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00780: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00790: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
007A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
007B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
007C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
007D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
007E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
007F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00800: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00810: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00820: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00830: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00840: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00850: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00860: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00870: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00880: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00890: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
008A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
008B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
008C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
008D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
008E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
008F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00900: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00910: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00920: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00930: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00940: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00950: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00960: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00970: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00980: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00990: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
009A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
009B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
009C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
009D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
009E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
009F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00A20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00A30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00A60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00A70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00AA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00AB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00AC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00AD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00AE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00AF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00B20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00B30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00B60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00B70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00BA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00BB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00BC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00BD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00BE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00BF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00C20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00C30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00C60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00C70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00CA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00CB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00CC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00CD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00CE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00CF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00D20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00D30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00D60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00D70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00DA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00DB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00DC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00DD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00DE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00DF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00E20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00E30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00E60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00E70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00EA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00EB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00EC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00ED0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00EE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00EF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90

After that they push this two times on the stack to run
the code via disconnect/reconnect usb devices on the bus

00000: 09 02 4D 0A 01 01 00 80 01 09 04 00 00 00 FE 01
00010: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00020: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00030: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00040: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00050: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00060: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00070: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00080: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00090: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
000A0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
000B0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
000C0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
000D0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
000E0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
000F0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00100: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00110: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00120: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00130: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00140: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00150: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00160: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00170: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00180: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00190: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
001A0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
001B0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
001C0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
001D0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
001E0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
001F0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00200: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00210: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00220: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00230: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00240: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00250: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00260: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00270: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00280: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00290: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
002A0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
002B0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
002C0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
002D0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
002E0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
002F0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00300: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00310: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00320: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00330: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00340: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00350: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00360: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00370: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00380: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00390: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
003A0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
003B0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
003C0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
003D0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
003E0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
003F0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00400: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00410: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00420: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00430: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00440: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00450: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00460: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00470: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00480: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00490: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
004A0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
004B0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
004C0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
004D0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
004E0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
004F0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00500: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00510: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00520: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00530: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00540: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00550: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00560: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00570: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00580: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00590: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
005A0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
005B0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
005C0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
005D0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
005E0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
005F0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00600: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00610: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00620: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00630: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00640: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00650: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00660: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00670: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00680: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00690: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
006A0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
006B0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
006C0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
006D0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
006E0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
006F0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00700: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00710: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00720: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00730: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00740: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00750: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00760: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00770: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00780: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00790: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
007A0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
007B0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
007C0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
007D0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
007E0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
007F0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00800: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00810: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00820: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00830: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00840: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00850: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00860: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00870: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00880: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00890: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
008A0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
008B0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
008C0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
008D0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
008E0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
008F0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00900: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00910: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00920: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00930: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00940: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00950: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00960: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00970: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00980: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00990: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
009A0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
009B0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
009C0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
009D0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
009E0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
009F0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00A00: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00A10: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00A20: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00A30: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00A40: 00 FE 01 02 00 09 04 00 00 00 FE 01 02

That's all, folks.

Catched with an USB Sniffer

:thefinger:
Pockets69
08-28-2010
12:00 PM

65

What i said? usb sniffers will work, but all of a sudden, people come and say no they won't and bla bla bla, well i guess they do!

anyway the data might be encrypted, can you elaborate on your post?? descrambler.
japsander
08-28-2010
12:03 PM

66

so where does this leave us now?

is this all the code we need to put onto homemade devices?
god i wish i knew about this kind of shiznit!
the_tom777
08-28-2010
05:19 PM

67

I've been trying to push this using serial out on my arduino (micro controller uses an ATMEGA328p). But have to go to work now. Will try more when i get back.
jester
08-28-2010
05:39 PM

68

Descrambler, can you post the entire usb dump? (with usb frames data)
Descrambler
08-28-2010
07:07 PM

69

You all miss the point why i'm releasing this part of the dump :aetsch:

Our aussie friends need our help and the usb trace shows - no Sony (c) code is used in this hack

But these pjs ******s put, before they can deliver one single dongle, a million of videos on youtube showing their usb code can run warez, isoloader etc. and - the aussie court will see that all - in final conclusion: the aussie dealerz got ****ed up and will never be sale one piece of this atmel one dollar fun devices at all

and now ?

uh - dunno - but - first: **** da pirated gamez **** !

i'm not here to do your homework and presenting you a working piece of atmega8 code - that will happen sooner as you might be expect

look at the details that were published by gamefreax.de and some other trusted sources before - with their knowledge and the shown usb dumps above you can / could / would / mabye be able to rebuild the psjailbreak

a disasm of the hypervisor may ? be helpful .... don't fall asleep disasm the c0de ...

mcd1992
08-28-2010
07:35 PM

Originally Posted by Descrambler

You all miss the point why i'm releasing this part of the dump :aetsch:

Our aussie friends need our help and the usb trace shows - no Sony (c) code is used in this hack

But these pjs ******s put, before they can deliver one single dongle, a million of videos on youtube showing their usb code can run warez, isoloader etc. and - the aussie court will see that all - in final conclusion: the aussie dealerz got ****ed up and will never be sale one piece of this atmel one dollar fun devices at all

and now ?

uh - dunno - but - first: **** da pirated gamez **** !

i'm not here to do your homework and presenting you a working piece of atmega8 code - that will happen sooner as you might be expect

look at the details that were published by gamefreax.de and some other trusted sources before - with their knowledge and the shown usb dumps above you can / could / would / mabye be able to rebuild the psjailbreak

a disasm of the hypervisor may ? be helpful .... don't fall asleep disasm the c0de ...

I see your point, most people are overlooking the PSJB and just seeing isoloaders and pirating. I could care less about running games on my ps3, even when i was PSN enabled and all that i rarely played games (had my ps3 for about 3 years and only have 4 ps3 games & 1 pstore game)

But if you want to help out the aussies by showing that the PSJB isn't just a isoloader device then release some more info about the device ( a lsusb -vvv from linux and a wireshark .pcap would be very useful ) so that development will come faster and maybe the first app for PSJB can be shown to courts and prove that its not just a isoloader but should fall under the DMCA/EFF Fair Use

Descrambler
08-28-2010
07:52 PM

Originally Posted by mcd1992

then release some more info about the device

Sorry, you also missed the point ...

I'm NOT the mothball-luck-ing dev of that mothball-luck-ing device - and if they like to sell their crap in aussie land then the psj team should talk about how they f-bucket-d zony

Attention

Please keep your posts clean

Pockets69
08-28-2010
08:04 PM

72

News from RichDevX twitter, apparently:

"payload appears to run in lv2 "

these are great news for homebrew!!!!

mcd1992
08-28-2010
08:21 PM

Originally Posted by Descrambler

Sorry, you also missed the point ...

I'm NOT the motherf-uck-ing dev of that motherf-uck-ing device - and if they like to sell their crap in aussie land then the psj team should talk about how they f-ucke-d zony

You don't have to be the developer to gain information on the device ( you still managed to get that usb conversation didn't you )

I'm sorry for missing the point but your not exactly making sense, the community wants to know all about the PSJB they can. Right now you can obtain that info. My view is to create PSJB for the price it should be, free for software and however much the hardware costs would be (AVR is defiantly cheaper than $100+ ).

I don't plan to use the manager.pkg for backups I will end up using the PSJB to install demos from the PSN Store or get my PJ-Monsters that I payed for back on my PS3 because I'm on 3.15 and I'm not going to loose my OtherOS which i heavily use. I can understand fully you are against piracy, everything else tho your not making much sense :/

tripomatik
08-29-2010
05:56 AM

74

hello descrambler,, can you read the atmel 8 please ??
thank you very much

PSJailbreak Reverse Engineered

74 Comments

Attention

Please keep your posts clean

Visit Sponsored Links

Categories

Archives

Tags