[PS3] Firmware 3.42 Breaks Jailbreaks

Sony tries to rearm their game console flagship. Most of you using your Playstations will likely have found out: since the end of last week Sony broadcasts a new firmware 3.42. They say it fixes security issues, which not quite wrong. But do we wanna have this issue fixed?

At the moment for online players there doesn’t seem to exist any other possibility but updating, so be aware you’re gonna lose root access to your fav console and it will possibly not come back anytime soon.

For all the others playing once in a while and mostly offline: just don’t update. We really suppose something is being worked on in the background to allow updating and not losing root access, but let’s see. Sony’s fighting with two armies: the army of technicians, and the army of darkness: they got aweful lawyers also out there ;-)

[MacOS] Using Windows 7 From The iPad With Parallels Desktop 6

Windows can eventually be used from the iPad. Users of Parallels Desktop 6 can seamlessly logon their Windows virtual appliance from the iPad. The required iPad app “Parallels Mobile” can be downloaded for free from the iTunes App Store (get it here). In the meantime check their vid:

[MacOS] Handle DMG Images under Microsoft Windows

Are you one of those lonesome people who tried to access the contents of a DMG image under Windows? Yes, there are several ways like converting to ISO with programs like Magic-Iso or mounting with Mac-Drive. All these solutions are nice, handy and well… expensive…

Simply using 7-zip is in my opinion the easiest way, as all of us should have 7-Zip installed anyway ;-)

  • right click the .dmg file
  • choose:
    7-Zip
  • a submenu opens, in that submenu choose:
    unpack to <nameofmydmg\>
  • wait a couple of secs while unpacking and
    open the subfolder <nameofmydmg\>
  • you should find a bunch of files:
    0.MBR
    1.Primary GPT Header
    2.Primary GPT Table
    3.free
    4.hfs
    5.free
    6.Backup GPT Table
    7.Backup GPT Header
  • The file for further examination is “4.hfs”. It mostly is a lot bigger than all the rest of the files.
  • now do a right click on "4.hfs" again and
  • choose 7-Zip
  • a submenu opens again, now in that submenu choose:
    unpack to <4\>
  • et voilà…

you’re done with unpacking… now fire IDA and find the jump ;-)

[Pre] Palm Pre Jailbreaks PS3

A coder going under the nick “black_zero” ported the PS3 jailbreak to the Palm Pre. Find his instructions for “PS3 Freedom for Palm Pre” on the PSX-Scene.com.

[Update] In contrast to “PS3 Groove” this version also seems to enable the possibility of backups – means circumventing of copy protections. It is legally not allowed to apply this in most european countries and the U.S.

Our Comment

Sony’s protection has been compromised, no matter what they’re gonna do in the future. It is likely that there will be an update soon to stop the stack overflows in the USB code. But it won’t help them anymore.

The reason is simple: Sony will not be able to make that insecure system secure again. Because of the jailbreak the PS3 now allows accessing all features. That means that any update to come will be decrypted first, analyzed, modified to re-enable debug backdoors and then installed with all the debug features enabled again. Custom modified firmwares are the next logical step.

So although this seems to be good news for the homebrew scene, since there is hope now for a universal media center based on the PS3, the downside is still that some versions of the jailbreak also enable to play illegal backups.And since Sony’s biz model is selling licenses and games they will fight the jailbreak by trying to detect it and to block jailbroken devices from accessing the Playstation Network. And this means: permanent updates. For people playing a lot this will not be an option as they will have to wait again and again for custom firmwares that are likely to not work very long.

In the meantime check the Palm Pre vid:

[Apple] Facebook Blocks Apple’s Ping

According to AllThingsDigital Facebook blocked Apple from using the Facebook API to access user data. Using Facebook’s API is normally free, but not for large scale access and not if it’s getting used a lot. iTunes got a user base of 160million, so that would be quiet a lot.

Kara Swisher writes:

Sources said Apple went ahead with a plan to access the Facebook APIs freely, but Facebook blocked it since it violated its terms of service.

Find the whole article on AllThingsDigital

[News] Blogosphere Under Attack by Righthaven LLC

Wired.com published an article about the business strategies of Las Vegas based law firm Righthaven LLC. Righthaven’s strategy to “save” the media world is simple:

  • buy copyrights of newspaper articles
  • instead of sending takedown notices under the DMCA,
  • they rather sue blogs and website, who repost articles without consent of the owner

Righthaven’s first client is the Las Vegas Review-Journal. Between March and July 2010 Righthaven has filed at least 80 lawsuits against bloggers and website owners.

And this is just the beginning, according to Wired.com:

[Steve] Gibson says, he’s just getting started, Righthaven has other media clients that he won’t name undtil the lawsuits start rolling out (..).

Links

» Wired.com: Newspaper Chain’s New Business Plan: Copyright Suits
» Law.com: Is This the Birth of the Copyright Troll?
» Spiegel.de: Abmahnungen gegen Blogs – Notwehr als Geschäftsmodell (german only)

[PS3] PSGroove: Open Source PS3 Jailbreak Released

As expected an open source version of the PS3 Jailbreak has been released by french hackers Mathieulh and RichDevX. Find the source code here. Support for PS3Jailbreak’s backup manager which would technically allow piracy, has thus been disabled as this implementation targets at homebrew only.

The exploit is intended to be burnt to AT90USB and related microcontrollers like:

  • AT90USB162
  • AT90USB646
  • AT90USB647
  • AT90USB1286
  • AT90USB1287
  • ATMEGA32U4

PS3-Hacks.com now provide compiled binary files ready to be flashed to ATMEGA USB sticks. Tutorials and manuals for all John Does among us are likely to surface within the next few days.

Congratulations to Mathieulh and RichDevX.

[PS3] Game Over – PS Jailbreak Exploit Is Public Now

A community around french hacker Mathieulh has provided information and assumptions of the PS Jailbreak’s bowels. Find the original article here and a PDF copy here.


Picture is courtesy of PS3News.com

Sniffed Code and Processing

As of yesterday they say they successfully managed to clone PS Jailbreak and they will document the exploit on the PS3 Wiki soon.

Moreover PS3News.com released the sniffed USB stream of the PS Jailbreak device:

(..) Descrambler sniffed the USB traffic and shared the log.(..)

  • The PSJailbreak is inserted
  • It connects with the host (PS3) and sends 09 02 12 00 01 00 00 80 + all the bytes from the first packet starting at 0008 up to 00EFF.
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated four times
  • It connects with the host and sends 09 02 4D 0A 01 01 00 80 + the bytes from the second packet starting at 0008 up to 0A4C
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated twice.

Voilà… The PS3 is in “Debug Mode”.

Apparently the third and fourth byte of the after the 09 02 are the numbers of bytes to be sent. At least this goes for the second log (4D 0A->0A4D bytes)…

The first 8 bytes are from the usb protocol left [09 02 ... ]
The code will be pushed four times onto ps3 usb stack:
00000: 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
00010: 02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
00020: 38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
00030: 64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
00040: 28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
(..) this is a snipped only.

Find the whole sniffed hex code and asm readable code here and as 7zip downloadable archive here

Our Comments

Well, this game is over. It’s pretty sure, that the commercial hackers have lost and so do the chinese clone makers. Even before the devices have been made available to the masses.

We suppose this might not have happened if Sony wouldn’t have disabled the Other-OS/Linux feature a couple of months ago. At that point only GeoHot and XorLoser were attacking the PS3 with a rather mass-incompatible but techie approach, that includes badly glitching technics.

Now this new bootloader exploit is known to the community. In fact, it is only a matter of days until a free open source solution will be available on the internet.

[MacOS] Pace iLok Dongle Compromised

A worldwide team of crackers managed to generally attack the Pace iLok dongle security system. An automized unwrapper for protected applications has surfaced on the net. The unwrapper is compatible to MacOS X 10.6 (Slow Neopard) and works for the Intel based part of universal binaries only.

The Pace iLok dongle is mainly used by music applications and music plugins. As this market is a little one, the impact of the generic unwrapper is not predictable at the moment. Anyway we suppose, that producers and studios – hopefully – do use legally licensed software and that this unwrapper is used for try before buy possibilities. Marketpenetration comes with confirmed habit of users.

Although some iLok protected applications are offered as trial, forum users say trial times are much too short and having to register a Pace iLok account is considered to not be comfortable for the average user.

Anyway, forum reports indicate that many developers using the Pace iLok dongle have applied additional custom protection layers, which render the Pace iLok unwrapper not useful at least for the average John Doe. It is expected that iLok will very soon add new encryption layers for improved security.