Author Archives: J. ΞPSTΞÏN

[PS3] PSGroove: Open Source PS3 Jailbreak Released

1 Reply

As expected an open source version of the PS3 Jailbreak has been released by french hackers Mathieulh and RichDevX. Find the source code here. Support for PS3Jailbreak’s backup manager which would technically allow piracy, has thus been disabled as this implementation targets at homebrew only.

The exploit is intended to be burnt to AT90USB and related microcontrollers like:

  • AT90USB162
  • AT90USB646
  • AT90USB647
  • AT90USB1286
  • AT90USB1287
  • ATMEGA32U4

PS3-Hacks.com now provide compiled binary files ready to be flashed to ATMEGA USB sticks. Tutorials and manuals for all John Does among us are likely to surface within the next few days.

Congratulations to Mathieulh and RichDevX.

[PS3] Game Over – PS Jailbreak Exploit Is Public Now

Leave a reply

A community around french hacker Mathieulh has provided information and assumptions of the PS Jailbreak’s bowels. Find the original article here and a PDF copy here.

ps3news_com_img_22220-2

Picture is courtesy of PS3News.com

Sniffed Code and Processing

As of yesterday they say they successfully managed to clone PS Jailbreak and they will document the exploit on the PS3 Wiki soon.

Moreover PS3News.com released the sniffed USB stream of the PS Jailbreak device:

(..) Descrambler sniffed the USB traffic and shared the log.(..)

  • The PSJailbreak is inserted
  • It connects with the host (PS3) and sends 09 02 12 00 01 00 00 80 + all the bytes from the first packet starting at 0008 up to 00EFF.
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated four times
  • It connects with the host and sends 09 02 4D 0A 01 01 00 80 + the bytes from the second packet starting at 0008 up to 0A4C
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated twice.

Voilà… The PS3 is in “Debug Mode”.

Apparently the third and fourth byte of the after the 09 02 are the numbers of bytes to be sent. At least this goes for the second log (4D 0A->0A4D bytes)…

The first 8 bytes are from the usb protocol left [09 02 ... ]
The code will be pushed four times onto ps3 usb stack:
00000: 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
00010: 02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
00020: 38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
00030: 64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
00040: 28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
(..) this is a snipped only.
Find the whole sniffed hex code and asm readable code here and as 7zip downloadable archive here

Our Comments

Well, this game is over. It’s pretty sure, that the commercial hackers have lost and so do the chinese clone makers. Even before the devices have been made available to the masses.

We suppose this might not have happened if Sony wouldn’t have disabled the Other-OS/Linux feature a couple of months ago. At that point only GeoHot and XorLoser were attacking the PS3 with a rather mass-incompatible but techie approach, that includes badly glitching technics.

Now this new bootloader exploit is known to the community. In fact, it is only a matter of days until a free open source solution will be available on the internet.

[MacOS] Pace iLok Dongle Compromised

1 Reply

A worldwide team of crackers managed to generally attack the Pace iLok dongle security system. An automized unwrapper for protected applications has surfaced on the net. The unwrapper is compatible to MacOS X 10.6 (Slow Neopard) and works for the Intel based part of universal binaries only.

The Pace iLok dongle is mainly used by music applications and music plugins. As this market is a little one, the impact of the generic unwrapper is not predictable at the moment. Anyway we suppose, that producers and studios – hopefully – do use legally licensed software and that this unwrapper is used for try before buy possibilities. Marketpenetration comes with confirmed habit of users.

Although some iLok protected applications are offered as trial, forum users say trial times are much too short and having to register a Pace iLok account is considered to not be comfortable for the average user.

Anyway, forum reports indicate that many developers using the Pace iLok dongle have applied additional custom protection layers, which render the Pace iLok unwrapper not useful at least for the average John Doe. It is expected that iLok will very soon add new encryption layers for improved security.

[News] Quantum Cryptography Compromised

Leave a reply

Nature.com posted an article describing that a hacking team around Vadim Makarov at the Norwegian University of Science and Technology in Trondheim have now cracked two commercial quantum cryptographic systems.Vadim Makarov said

Our hack gave 100% knowledge of the key, with zero disturbance to the system (..)

The Norwegian team attacked one system by ID Quantique (IDQ) based in Switzerland and another one by MagiQ Technologies from the U.S. It took two months to develop an unnoticable hack.

The Theory behind

Usually in cryptography the sender of a message is called “Alice”, the receiver is called “Bob”, and and evesdropper is named “Eve”. In quantum cryptography the message is consisting of photons. And according to the theory of quantum cryptography an evesdropper “Eve” trying to apply a man-in-the-middle attack leaves disturbances on the properties of the photons, sent by “Alice”, thus corrupting the message. But a corrupted message is easily detected by comparing parts of the message.

In Makarov and colleagues’ hack, Eve gets round this constraint by ‘blinding’ Bob’s detector — shining a continuous, 1-milliwatt laser at it. While Bob’s detector is thus disabled, Eve can then intercept Alice’s signal.
(..) That means that every time Eve intercepts a bit value of 1 from Alice, she can send a bright pulse to Bob, so that he also receives the correct signal, and is entirely unaware that his detector has been sabotaged. There is no mismatch between Eve and Bob’s readings because Eve sends Bob a classical signal, not a quantum one. As quantum cryptographic rules no longer apply, no alarm bells are triggered, says Makarov.

“We have exploited a purely technological loophole that turns a quantum cryptographic system into a classical system, without anyone noticing,” says Makarov.

Enjoy the whole article on Nature.com

[PS3] Sony Australia Vs. PS Jailbreak Suppliers

Leave a reply

Sony Australia somehow managed to get court orders for a temporary injunction against australian based modchip sellers like OZModChips, ModSupplier and Quantronics. Until today (Aug 31st, 2010) none of the modchip sellers is allowed to sell any PS Jailbreak device they rather have to give up the whole stock that they get until today.

Well this doesn’t come unexpected as modchip sellers in Europe have had the same legal battles a couple of years ago.

We don’t believe Sony will win in the end. Their strategy can only be delaying the inevitable. As a matter of fact, the PS3 has eventually been broken, the PS Jailbreak device samples have already been fully reverse engineered by a couple of chinese manufacturers and also by other teams.

A free open source solution is most likely to be released sooner or later.

[E-Biz] Intel To Acquire Infineon

Leave a reply

According to Businessweek there are rumors that Intel is about to purchase german chip manufacturer Infineon. Infineon is a former Siemens subsidary that has been spun out of the parent company in 1999. Infineon is the main supplyer of the baseband modem chips of Apple’s iPhone.

[PS3] Hacking the Hackers: PS Jailbreak Reverse Engineered

Leave a reply

German Gamefreax claim to have reverse engineered a testing PSJailbreak device. They say this exploit is based on emulating of a USB hub which gets virtual devices attached and unattached at certain points during the boot process.

Among those emulated devices there is also one that uses the ID of Sony’s JIG module. Anyway Gamefreax claim this hack is based on a self developed exploit. Dumped files that might support this claim are not available at this moment…

Picture snippet of USB Stream is courtesy of Gamefreax.de

courtesy_of_gamefreax_de-usbstream

[Privacy] International VPN Provider Searched by Authorities in Germany

Leave a reply

Perfect Privacy reports today, that a member of the staff of the well known international VPN provider Perfect Privacy has been police searched last friday (August 20th).

H-Security writes:

The search warrant was reportedly issued on suspicion that unknown perpetrators may have routed potentially criminal communications via the servers in the German city of Erfurt.

Perfect Privacy writes:

The servers have so far not been confiscated. We decided, however, to disable all services (OpenVPN, PPTP VPN, L2TP/IPSec VPN, SOCKS5, SQUID) in Erfurt temporarily in order to give those of our members, who have elevated security needs, time to read this announcement and to evaluate the risks. It is not known to us whether the authorities initiated measures such as telecommunication monitoring in Erfurt. (..)

It is not known (..) whether the authorities initiated measures such as telecommunication monitoring in Erfurt.

Users with security concerns better do not connect via Erfurt at the moment.

[PS3] PS Jailbreak and Clones To Be Released

Leave a reply

Media have widely reported about the latest steps in hacking the Playstation 3 console. Obviously that tiny PS Jailbreak USB Dongle turns a consumer PS3 into a debug PS3, thus allowing to run games from the internal or from an attached USB harddrive. The price is said to be around 160US$. For legal reasons here in Germany we can’t like to PS Jailbreak supplyers.

Now PS3Hax.net reports that using PS Jailbreak on Sony’s Playstation Network is very likely to result in being banned:

According to SKFUand RichDevX, the Backup manager game ID (LAUN-12345) could be logged/recorded by Sony when logged into PSN (when online). This would obviously allow Sony to see who would be using the illegal PSjb/clone and we could very well see ban waves similar to the Xbox 360. Sony does currently ban PSN/consoles that results in the 8002A227 error code.

Redmondpie.com reports that latest rumors indicate that there are also chinese clones of the PS3 Jailbreak called X3Jailbreak on their way, priced at 40$.

It seems like the PS3 hacking as a business model is out of date even before it started. We suspect it it won’t take long until a free open source solution will be available on the net aswell…

[Pre] Palm Testing Final Version Of Adobe Flash 10.1

1 Reply

Adobe.com today announced, that Adobe Flash 10.1 for mobile devices has been released to mobile platform partners:

Flash Player 10.1 was also released to mobile platform partners to be supported on devices based on Android, BlackBerry, webOS, future versions of Windows® Phone, LiMo, MeeGo and Symbian OS, and is expected to be made available via over-the-air downloads and to be pre-installed on smart phones, tablets and other devices in the coming months.

Palm/HP: keep testing Flash, your userbase is keen on finding Flash on the App Catalog soon.