Tag Archives: Backup

[MacOS] Backup Chameleon Boot USB-Stick

1. Abstract

You have the situation that you installed Chameleon for security and compatibility purposes on an external USB-stick. For safety reasons you should consider making a backup. But all diskimaging (either Apple’s Diskutility, Carbon Copy Cloner or Super Duper) tools fail to create a proper backup since the bootblock is just not copied. So you end up with having to create a second usb-stick, but this takes time. So why not copying it? In the following article we’ll show you some basic steps to create a proper backup of your precious Chameleon bootable USB-Stick.

This session is not considered for newbies. You need to understand the steps and understand that you can completely destroy your system when you apply certain steps in a wrong way. The following steps comprise a forum threat on OSX86.net.

2. Walkthru: Backing up your Chameleon USB-Stick

Continue reading

[Pre] Palm Pre Jailbreaks PS3

A coder going under the nick “black_zero” ported the PS3 jailbreak to the Palm Pre. Find his instructions for “PS3 Freedom for Palm Pre” on the PSX-Scene.com.

[Update] In contrast to “PS3 Groove” this version also seems to enable the possibility of backups – means circumventing of copy protections. It is legally not allowed to apply this in most european countries and the U.S.

Our Comment

Sony’s protection has been compromised, no matter what they’re gonna do in the future. It is likely that there will be an update soon to stop the stack overflows in the USB code. But it won’t help them anymore.

The reason is simple: Sony will not be able to make that insecure system secure again. Because of the jailbreak the PS3 now allows accessing all features. That means that any update to come will be decrypted first, analyzed, modified to re-enable debug backdoors and then installed with all the debug features enabled again. Custom modified firmwares are the next logical step.

So although this seems to be good news for the homebrew scene, since there is hope now for a universal media center based on the PS3, the downside is still that some versions of the jailbreak also enable to play illegal backups.And since Sony’s biz model is selling licenses and games they will fight the jailbreak by trying to detect it and to block jailbroken devices from accessing the Playstation Network. And this means: permanent updates. For people playing a lot this will not be an option as they will have to wait again and again for custom firmwares that are likely to not work very long.

In the meantime check the Palm Pre vid:

[PS3] Game Over – PS Jailbreak Exploit Is Public Now

A community around french hacker Mathieulh has provided information and assumptions of the PS Jailbreak’s bowels. Find the original article here and a PDF copy here.


Picture is courtesy of PS3News.com

Sniffed Code and Processing

As of yesterday they say they successfully managed to clone PS Jailbreak and they will document the exploit on the PS3 Wiki soon.

Moreover PS3News.com released the sniffed USB stream of the PS Jailbreak device:

(..) Descrambler sniffed the USB traffic and shared the log.(..)

  • The PSJailbreak is inserted
  • It connects with the host (PS3) and sends 09 02 12 00 01 00 00 80 + all the bytes from the first packet starting at 0008 up to 00EFF.
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated four times
  • It connects with the host and sends 09 02 4D 0A 01 01 00 80 + the bytes from the second packet starting at 0008 up to 0A4C
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated twice.

Voilà… The PS3 is in “Debug Mode”.

Apparently the third and fourth byte of the after the 09 02 are the numbers of bytes to be sent. At least this goes for the second log (4D 0A->0A4D bytes)…

The first 8 bytes are from the usb protocol left [09 02 ... ]
The code will be pushed four times onto ps3 usb stack:
00000: 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
00010: 02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
00020: 38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
00030: 64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
00040: 28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
(..) this is a snipped only.

Find the whole sniffed hex code and asm readable code here and as 7zip downloadable archive here

Our Comments

Well, this game is over. It’s pretty sure, that the commercial hackers have lost and so do the chinese clone makers. Even before the devices have been made available to the masses.

We suppose this might not have happened if Sony wouldn’t have disabled the Other-OS/Linux feature a couple of months ago. At that point only GeoHot and XorLoser were attacking the PS3 with a rather mass-incompatible but techie approach, that includes badly glitching technics.

Now this new bootloader exploit is known to the community. In fact, it is only a matter of days until a free open source solution will be available on the internet.

[PS3] Sony Australia Vs. PS Jailbreak Suppliers

Sony Australia somehow managed to get court orders for a temporary injunction against australian based modchip sellers like OZModChips, ModSupplier and Quantronics. Until today (Aug 31st, 2010) none of the modchip sellers is allowed to sell any PS Jailbreak device they rather have to give up the whole stock that they get until today.

Well this doesn’t come unexpected as modchip sellers in Europe have had the same legal battles a couple of years ago.

We don’t believe Sony will win in the end. Their strategy can only be delaying the inevitable. As a matter of fact, the PS3 has eventually been broken, the PS Jailbreak device samples have already been fully reverse engineered by a couple of chinese manufacturers and also by other teams.

A free open source solution is most likely to be released sooner or later.

[PS3] Hacking the Hackers: PS Jailbreak Reverse Engineered

German Gamefreax claim to have reverse engineered a testing PSJailbreak device. They say this exploit is based on emulating of a USB hub which gets virtual devices attached and unattached at certain points during the boot process.

Among those emulated devices there is also one that uses the ID of Sony’s JIG module. Anyway Gamefreax claim this hack is based on a self developed exploit. Dumped files that might support this claim are not available at this moment…

Picture snippet of USB Stream is courtesy of Gamefreax.de

[PS3] PS Jailbreak and Clones To Be Released

Media have widely reported about the latest steps in hacking the Playstation 3 console. Obviously that tiny PS Jailbreak USB Dongle turns a consumer PS3 into a debug PS3, thus allowing to run games from the internal or from an attached USB harddrive. The price is said to be around 160US$. For legal reasons here in Germany we can’t like to PS Jailbreak supplyers.

Now PS3Hax.net reports that using PS Jailbreak on Sony’s Playstation Network is very likely to result in being banned:

According to SKFUand RichDevX, the Backup manager game ID (LAUN-12345) could be logged/recorded by Sony when logged into PSN (when online). This would obviously allow Sony to see who would be using the illegal PSjb/clone and we could very well see ban waves similar to the Xbox 360. Sony does currently ban PSN/consoles that results in the 8002A227 error code.

Redmondpie.com reports that latest rumors indicate that there are also chinese clones of the PS3 Jailbreak called X3Jailbreak on their way, priced at 40$.

It seems like the PS3 hacking as a business model is out of date even before it started. We suspect it it won’t take long until a free open source solution will be available on the net aswell…

[Pre] Palm Pre Overclocked to 800MHz

A team of developers consisting mainly of caj2008 and unixpsycho from PreCentral-Forums managed to overclock the Pre, now running 800MHz stable.

Currently this requires a custom modified kernel. caj2008 and unixpsycho released a kernel for webOS 1.3.5.1, a kernel for webOS 1.4 is still under development. Anyway you may check this vid: webOS unbelievable fast.

Kudos to caj2008 and unixpsycho.

via PreCentral

[PS3] XorLoser Releases PS3 Exploit Toolkit

Notorious XorLoser has fully rewritten GeoHot’s PS3 glitch attack programs, that allow more convenient exploiting. He names it XorHack.

It allows you to call lv1 syscalls (level 1 system calls) from a normal (userspace) program. It also lets you run the software required when triggering the PS3 exploit from a normal userspace program. To give an example of how it can be used I have included the following example programs:

  • ps3exploit – Runs the software required to exploit the ps3, it loops a number of times which can be specified as a parameter. (This still must be used along with the “button pressing”, it will not exploit the PS3 via software alone).
  • dumphv – Dumps the hypervisor to a file in the current directory.
  • dumpbl – Dumps the bootloader to a file in the current directory.
  • dumprom – Dumps the system  rom to a file in the current directory.

Links

» XorLoser: XorHack – The PS3 Exploit Toolkit
» GeoHot: Here’s Your Silver Platter

Picture is courtesy of XorHack