Tag Archives: Homebrew

[Pre] Palm Pre Jailbreaks PS3

Leave a reply

A coder going under the nick “black_zero” ported the PS3 jailbreak to the Palm Pre. Find his instructions for “PS3 Freedom for Palm Pre” on the PSX-Scene.com.

[Update] In contrast to “PS3 Groove” this version also seems to enable the possibility of backups – means circumventing of copy protections. It is legally not allowed to apply this in most european countries and the U.S.

Our Comment

Sony’s protection has been compromised, no matter what they’re gonna do in the future. It is likely that there will be an update soon to stop the stack overflows in the USB code. But it won’t help them anymore.

The reason is simple: Sony will not be able to make that insecure system secure again. Because of the jailbreak the PS3 now allows accessing all features. That means that any update to come will be decrypted first, analyzed, modified to re-enable debug backdoors and then installed with all the debug features enabled again. Custom modified firmwares are the next logical step.

So although this seems to be good news for the homebrew scene, since there is hope now for a universal media center based on the PS3, the downside is still that some versions of the jailbreak also enable to play illegal backups.And since Sony’s biz model is selling licenses and games they will fight the jailbreak by trying to detect it and to block jailbroken devices from accessing the Playstation Network. And this means: permanent updates. For people playing a lot this will not be an option as they will have to wait again and again for custom firmwares that are likely to not work very long.

In the meantime check the Palm Pre vid:

[PS3] Game Over – PS Jailbreak Exploit Is Public Now

Leave a reply

A community around french hacker Mathieulh has provided information and assumptions of the PS Jailbreak’s bowels. Find the original article here and a PDF copy here.

ps3news_com_img_22220-2

Picture is courtesy of PS3News.com

Sniffed Code and Processing

As of yesterday they say they successfully managed to clone PS Jailbreak and they will document the exploit on the PS3 Wiki soon.

Moreover PS3News.com released the sniffed USB stream of the PS Jailbreak device:

(..) Descrambler sniffed the USB traffic and shared the log.(..)

  • The PSJailbreak is inserted
  • It connects with the host (PS3) and sends 09 02 12 00 01 00 00 80 + all the bytes from the first packet starting at 0008 up to 00EFF.
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated four times
  • It connects with the host and sends 09 02 4D 0A 01 01 00 80 + the bytes from the second packet starting at 0008 up to 0A4C
  • The stack is overwritten and the PS3 jumps into code from the packet
  • The Atmega sends a “USB Disconnect command”
  • The last three steps are repeated twice.

Voilà… The PS3 is in “Debug Mode”.

Apparently the third and fourth byte of the after the 09 02 are the numbers of bytes to be sent. At least this goes for the second log (4D 0A->0A4D bytes)…

The first 8 bytes are from the usb protocol left [09 02 ... ]
The code will be pushed four times onto ps3 usb stack:
00000: 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
00010: 02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
00020: 38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
00030: 64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
00040: 28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
(..) this is a snipped only.
Find the whole sniffed hex code and asm readable code here and as 7zip downloadable archive here

Our Comments

Well, this game is over. It’s pretty sure, that the commercial hackers have lost and so do the chinese clone makers. Even before the devices have been made available to the masses.

We suppose this might not have happened if Sony wouldn’t have disabled the Other-OS/Linux feature a couple of months ago. At that point only GeoHot and XorLoser were attacking the PS3 with a rather mass-incompatible but techie approach, that includes badly glitching technics.

Now this new bootloader exploit is known to the community. In fact, it is only a matter of days until a free open source solution will be available on the internet.

[PS3] Sony Australia Vs. PS Jailbreak Suppliers

Leave a reply

Sony Australia somehow managed to get court orders for a temporary injunction against australian based modchip sellers like OZModChips, ModSupplier and Quantronics. Until today (Aug 31st, 2010) none of the modchip sellers is allowed to sell any PS Jailbreak device they rather have to give up the whole stock that they get until today.

Well this doesn’t come unexpected as modchip sellers in Europe have had the same legal battles a couple of years ago.

We don’t believe Sony will win in the end. Their strategy can only be delaying the inevitable. As a matter of fact, the PS3 has eventually been broken, the PS Jailbreak device samples have already been fully reverse engineered by a couple of chinese manufacturers and also by other teams.

A free open source solution is most likely to be released sooner or later.

[PS3] Hacking the Hackers: PS Jailbreak Reverse Engineered

Leave a reply

German Gamefreax claim to have reverse engineered a testing PSJailbreak device. They say this exploit is based on emulating of a USB hub which gets virtual devices attached and unattached at certain points during the boot process.

Among those emulated devices there is also one that uses the ID of Sony’s JIG module. Anyway Gamefreax claim this hack is based on a self developed exploit. Dumped files that might support this claim are not available at this moment…

Picture snippet of USB Stream is courtesy of Gamefreax.de

courtesy_of_gamefreax_de-usbstream

[Pre] Recommended Apps: Reboot Scheduler

Leave a reply

Many of us know the phenomenon. The longer we use the iPhone or the Palm Pre the slower it goes. Rebooting the system always helped on either device.

For the Palm Pre there is now a solution that is called Reboot Scheduler by Zinge, which allows to automize the reboot process and to schedule it to a certain time.

We feel this is a nice tool for people running homebrew apps on their Pre anyway. You find it via the PreCentral repository.

That’s what we really like about the Palm Pre WebOS platform: it embraces the homebrew developers. No jailbreaking, no hassle.

Kudos fly out to Zinge and the PreCentral team.

Links

» PreCentral.net: Palm Pre Reboot Scheduler

Screenshot is courtesy of PreCentral.net

rebootscreenshot

[PS3] GeoHot Opens All HV’s SPUs / XorLoser Preps Manual

1 Reply

Obviously notorious George Hotz has managed to get all 7 SPUs of the Playstation 3’s CPU under his control. This means although he cannot access the CPU’s root key, he now can decrypt everything that’s going thru these SPUs like datastreams of (encrypted) commercial games.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

In the meantime another hacker going under the nick XorLoser has released a more detailed manual of how to use GeoHot’s exploitation files and how to do the glitching.

Besides that XorLoser maintains a plugin for reverser’s beloved Interactive Disassembler (IDA) that contains special PPC instructions for Xbox360 and PS3.

Congratulations to GeoHot. Kudos fly out to XorLoser.

Links

» GeoHot: On Isolated SPUs
» XorLoser: PS3 Exploit – Software
» XorLoser: PS3 Exploit – Hardware
» XorLoser: PS3 and Xbox360 IDA PlugIn
» Hex-Rays.com: IDA Pro

[Pre] Video Recording with Precorder 0.2 Alpha

Leave a reply

The long waiting is over. A team around the Precentral’s forum member Prenosicator has released an alpha version of a Palm Pre video recording application. It requires WebOS 1.3.1.

You will not find it in the know homebrew repositories as long as it is in alpha status. Anyway for all of you able to root into your beloved Palm Pre the installation is as simple as drinking beer.

Kudos fly out to Prenosicator and his dev team guys. This is a very nice app, many of us have been waiting for.

Features

Option Description Selections
Audio Format Select what format you would like the audio stream to be saved in. AAC, AMRNB, MP3
Video Format Select what format you would like the video stream to be saved in. Mpeg-4, H.263, H.264/AVC
Container Select what multimedia container the audio/video streams will be in. mp4, 3gp
Media Source Would would you like Precorder to capture. Audio only, Video only, Both
Flash Would you like to use the built in LED for illumination Off, On
  • Options in bold are defaults
  • Recordings land in /media/internal

Installation

  1. root into your Pre (weather via Novaterm or running the terminal installed from within Preware)
  2. go to Pre’s tmp folder
    root@palm-webos-device:/# cd /tmp
  3. download the alpha version of Precorder
    root@palm-webos-device:/# wget http://bit.ly/precorder-bootstrap
  4. install Precorder
    root@palm-webos-device:/# sh precorder-bootstrap

Links

» PreCentral Forums: Introducing Precorder, in Alpha testing form
» WebOS-Internals: Precorder – Version: Alpha 0.2.0

Screenshots

Courtesy of WebOS-Internals.org

launcher_2009-24-11_164206
precorder_2009-24-11_164140
precorder_2009-24-11_164136
precorder_2009-24-11_164128