The above video goes away if you are logged in!

Page 1 of 8 1 2 3 ... LastLast
Results 1 to 10 of 75
  1. #1

    Join Date
    Jan 2008
    Location
    In NeoSabin
    Posts
    17,055
    Likes
    10,261
    Liked 18,776 Times in 7,168 Posts
    Mentioned
    2066 Post(s)
    Tagged
    3 Thread(s)
    Feedback Score
    4 (100%)
    Downloads
    148
    Uploads
    111

    PSJailbreak Reverse Engineered

    German website GameFreax has claimed to have successfully reverse engineered PS Jailbreak. They bring out some important information that was previously unknown. First off, PSJailbreak was apparently NOT a clone of Sony's JIG, instead its a legitimate exploit that was developed. Second, we can NOT upgrade PSJailbreak without the use of additional hardware - maybe the company planned to sell another component to upgrade the unit?

    Here is the translated post:
    We have taken a closer look at this PSJailbreak dongle We can confirm that the PSJailbreak is not a clone of Sony's "Jig" module. PSJailbreak is a self-developed exploit. The chip is not a PIC18F444 but a ATMega is used with a software USB interface. This means the chip is internally capable of emulating any USB device. PSJailbreak emulates a 6 Port USB hub on which different devices will later be connected and then disconnected. One of these devices has the product:vendor ID of Sony's "Jig" module, which means this had played a certain role during the development of PSJailbreak role.

    But lets start from beginning: When the PS3 is powered on ... A USB emulation device will be connected, which has a too large of a Configuration Descriptor. This Descriptor overrides the stack with a PowerPC shellcode that gets executed. Now, various USB devices are connected to the emulation USB hub. One device has a large Descriptor with a size of 0xAD, which is part of the exploit and contains static data. A short time later (we are talking milliseconds here) the jig module is connected, and encrypted data is transmitted to the jig module. A few milliseconds later, the Jig module answers with 64 byte static data, all USB devices are then disconnected, and a new USB device is connected and the PS3 launches with 'a new feature'.

    PSJailbreak is NOT software update-able. The Update feature which is mentioned, can be done just with hardware modifications. So by 'update' they mean 'buy more of our stuff'

    64Byte static data that is emulated by Jig sent to the PS3
    Source

    Thanks to Disane for the information and thanks to Aaron/mcd1992 and element for help with the translation.
    Last edited by GregoryRasputin; 08-26-2010 at 05:46 PM.

  2. The Following 5 Users Like This Post:


  3. #2
    Member
    Join Date
    Aug 2008
    Location
    Nibelheim, Mako Reactor
    Posts
    844
    Likes
    82
    Liked 283 Times in 120 Posts
    Mentioned
    17 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    169
    Uploads
    0
    woohooo roll on DIY :D

  4. #3
    Member
    Join Date
    Mar 2009
    Posts
    72
    Likes
    2
    Liked 3 Times in 2 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    28
    Uploads
    0
    oh darn i just posted this in the forums :P

  5. #4
    Member
    Join Date
    Aug 2008
    Location
    Nibelheim, Mako Reactor
    Posts
    844
    Likes
    82
    Liked 283 Times in 120 Posts
    Mentioned
    17 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    169
    Uploads
    0
    So this means, the PSJB peeps did this by their own hand, not ripping off Sony?
    How long until we can emulate this on a USB stick then?

  6. #5
    Member tcmkenny's Avatar
    Join Date
    Aug 2010
    Posts
    104
    Likes
    11
    Liked 10 Times in 8 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    283
    Uploads
    0
    so does this mean we can get this thing running via usb stick?

  7. #6
    Member
    Join Date
    Jul 2008
    Location
    Austria
    Posts
    126
    Likes
    18
    Liked 103 Times in 31 Posts
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    11
    Uploads
    0
    here's my version:

    This is not a Sony PS3 Jig Modul. It uses an vulnerability discovered by some unknown group. The chip is not a PIC18F444, but an ATMega with a USB storage storing software code. The software is inside the USB and is being emulated by the MCU. The jailbreak emulates a 6 port USB hub. Basically what happens is that this emulated hub receives termination of certain connected devices and then disconnects these devices. One of these devices hold the ID from the Sony JIG Modul. This means that the JIG Module played a main role in creating the jailbreak.
    But let's move on shall we: When the ps3 is being turned on the USB emulates (that) a Device is being connected. This device holds a large "Configuration Descriptor". This data (Configuration Descriptor) overrides the stack in the memory with some PPC code (this is the shell code -Disane) which is going to be running later on. Now, some kind of USB devices are being emulated. One of these devices holds the 0xAD (173 Bytes) long data (the Configuration Descriptor), this part of the exploit holds static data. A little bit later (milliseconds later) the JIG Modul is being connected (probably the ID part gets emulated -Disane) this time the JIG Modul receives encrypted data. Milliseconds later the JIG answers with a 64 Byte long static data and all USB devices are being disconnected. A new USB device is being connected and the PS3 starts up in a new state.

    The 64 Bytes data that goes back to the PS3 from the emulated JIG:


    The PS3Jailbreak CANNOT be updated! This can only be realized by updated hardware.
    Last edited by Disane; 08-26-2010 at 04:36 PM. Reason: The translation doesn't suck anymore...

  8. The Following 9 Users Like This Post:


  9. #7
    Member
    Join Date
    Aug 2008
    Location
    Nibelheim, Mako Reactor
    Posts
    844
    Likes
    82
    Liked 283 Times in 120 Posts
    Mentioned
    17 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    169
    Uploads
    0
    i should hope so. :D But from what i gather the PSJB itself emulates a sixport hub, in which injects the Jig Code from one of the ports then shuts down. so the jig is just an emulation on a stick, so yeah to answer your question tmckenny i should hope freeeaking so XD

  10. #8
    Member NoisilySilent's Avatar
    Join Date
    Mar 2008
    Location
    France
    Posts
    427
    Likes
    114
    Liked 108 Times in 75 Posts
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    21
    Uploads
    0
    Great news, and great job!
    Thanks to Master Yoda for the translation:
    " which means that played in the development of PSJailbreaks the "Jig" module, a certain role."
    :-)))))

  11. #9
    Member
    Join Date
    Aug 2008
    Posts
    160
    Likes
    6
    Liked 4 Times in 4 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    61
    Uploads
    0
    so maybe give voice for moderators / admins . So is it possible to make jig from you own USB pendrive ?

  12. #10
    Member mcd1992's Avatar
    Join Date
    Feb 2008
    Location
    Tennessee
    Posts
    231
    Likes
    104
    Liked 113 Times in 36 Posts
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Feedback Score
    0
    Downloads
    62
    Uploads
    0
    Element's Translation
    ~Aaron M

  13. The Following 3 Users Like This Post:


Page 1 of 8 1 2 3 ... LastLast

Bookmarks

Bookmarks
  • Submit to Digg Digg
  • Submit to del.icio.us del.icio.us
  • Submit to StumbleUpon StumbleUpon
  • Submit to Google Google

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •