0
Update:
This is the translated text of the analysis of the psjailbreak dongle:
We have taken a closer look at this PSJailbreak dongle
We can confirm that the PSJailbreak is not a clone of Sony’s “Jig” module. PSJailbreak is a self-developed exploit. The chip is not a PIC18F444 but a ATMega is used with a software USB interface. This means the chip is internally capable of emulating any USB device. PSJailbreak emulates a 6 Port USB hub on which different devices will later be connected and then disconnected. One of these devices has the product:vendor ID of Sony’s “Jig” module, which means this had played a certain role during the development of PSJailbreak role.
But lets start from beginning: When the PS3 is powered on … A USB emulation device will be connected, which has a too large of a Configuration Descriptor. This Descriptor overrides the stack with a PowerPC shellcode that gets executed. Now, various USB devices are connected to the emulation USB hub. One device has a large Descriptor with a size of 0xAD, which is part of the exploit and contains static data. A short time later (we are talking milliseconds here) the jig module is connected, and encrypted data is transmitted to the jig module. A few milliseconds later, the Jig module answers with 64 byte static data, all USB devices are then disconnected, and a new USB device is connected and the PS3 launches with ‘a new feature’.
PSJailbreak is NOT software update-able. The Update feature which is mentioned, can be done just with hardware modifications. So by ‘update’ they mean ‘buy more of our stuff’
Well, even before the official release, it looks like the psjailbreak might have been successfully reverse engineered. First to report from it is the German website gamefreax.
It looks like the psjailbreak hardware on the usbstick/modchip emulates a 6 port usb hub. As the dongle certificates are being validated, a PPC shell is spawned and allows the code to be executed. Essentially, it looks like a well executed stack overflow.
Take a look at the graphic if you're interested.
This is the translated text of the analysis of the psjailbreak dongle:
We have taken a closer look at this PSJailbreak dongle
We can confirm that the PSJailbreak is not a clone of Sony’s “Jig” module. PSJailbreak is a self-developed exploit. The chip is not a PIC18F444 but a ATMega is used with a software USB interface. This means the chip is internally capable of emulating any USB device. PSJailbreak emulates a 6 Port USB hub on which different devices will later be connected and then disconnected. One of these devices has the product:vendor ID of Sony’s “Jig” module, which means this had played a certain role during the development of PSJailbreak role.
But lets start from beginning: When the PS3 is powered on … A USB emulation device will be connected, which has a too large of a Configuration Descriptor. This Descriptor overrides the stack with a PowerPC shellcode that gets executed. Now, various USB devices are connected to the emulation USB hub. One device has a large Descriptor with a size of 0xAD, which is part of the exploit and contains static data. A short time later (we are talking milliseconds here) the jig module is connected, and encrypted data is transmitted to the jig module. A few milliseconds later, the Jig module answers with 64 byte static data, all USB devices are then disconnected, and a new USB device is connected and the PS3 launches with ‘a new feature’.
PSJailbreak is NOT software update-able. The Update feature which is mentioned, can be done just with hardware modifications. So by ‘update’ they mean ‘buy more of our stuff’
Well, even before the official release, it looks like the psjailbreak might have been successfully reverse engineered. First to report from it is the German website gamefreax.
It looks like the psjailbreak hardware on the usbstick/modchip emulates a 6 port usb hub. As the dongle certificates are being validated, a PPC shell is spawned and allows the code to be executed. Essentially, it looks like a well executed stack overflow.
Take a look at the graphic if you're interested.
