September 29, 2010 // 11:32 pm
- Nintendo Wii developer Marcan
has been sharing updates via Twitter
on his progress
with a PS3 Linux bootloader, one that is currently working on PlayStation 3 Firmware 3.41 (including on the PS3 Slim) and now named AsbestOS.
Download: AsbestOS ATMega Port with Software USB (Arduino Mega)
Below are some of his recent Tweets for those curious, to quote:
"AsbestOS port to the ATMega with software USB (Arduino Mega, etc...) http://is.gd/fDg1C
Investigating how RSX access will work. It's definitely possible but it might end up very different from desktop Linux 3D as we know it.
git repo if you want to follow along. No support or docs yet, it's not done, don't ask, but feel free to peek.
Preliminary porting notes: http://is.gd/fCBFd
. If you have developed or ported a version of the exploit, please let me know your comments
The device I'm using to test is an IGEPv2 (OMAP3, same as the Beagleboard, N900, Palm Pre, ...).
It doesn't mean I'm going to somehow deliberately screw you over, it means if your device can't handle a custom 40KB payload, then it can't.
"non-generic psjailbreak clone" means "cheap closed low storage probably unupgradable device designed with no future-proofing in mind".
Any non-microcontroller devices will work. Phones, iPods, other media players or portable consoles, etc.
Users of non-generic psjailbreak and clones are probably SOL though (that's what you get for buying essentially a dedicated piracy device).
To clarify, you need at least a 64K (not 32K!) micro *or* a device that has at least 64K extra external storage (SD, Flash, EEPROM).
working a bit better now
Confirmed that it works (to the same extent) on the Slim too
It's alive! Mostly, anyway.
I bet you've never seen a Linux kernel say this: [ 0.000000] PS3 firmware version 3.4.1
Wasted like an hour debugging a bootwrapper that was working perfectly, except noone documents this stuff. dtbImage.ps3 != zImage.ps3
That wasn't too bad. Threads caught.
Next headache: catching *both* CPU threads from lv2.
AsbestOS (yeah, I'm calling it that) now works on the PS3 Slim (still doesn't quite boot Linux, though)
I can TFTP-load a kernel now, though it doesn't exactly boot yet. More tomorrow, hopefully.
There are two stages. Stage1 replaces the usual psjb payload (2kB or so) and loads stage2 via USB (30kB currently)
The Teensy will NOT work without external mem (32K Flash). The Teensy++ and the AT90USBKEY SHOULD be enough (128K Flash).
By the way, if anyone wants to run this Linux loader from a hardware dongle, make sure you get something with at least 64k of storage!
IP stack = done (lwIP FTW). 64 bytes from ps3 (192.168.3.60): icmp_req=1 ttl=255 time=0.361 ms
I suck at names. Help me name a usb-exploit PS3 Linux bootloader? All i came up with so far is lv2ate ("levitate") and AnotherOS.
Last tweet brought to you by LPAR, VAS, HTAB, TLB, SLB, DMA, BI, PU, RM, PME, HPTE, VSID, ESID, AVPN, RPN, WIMG, GELIC, and, of course, LV1.
http://is.gd/fj0dK sent from a USB lv2 payload using raw lv1 syscalls. And now I can finally go to sleep today.
Ha, Linux got owned by *exactly* the same bug that the 360 hypervisor had: comparing 32b of a system call no., then using 64b. (via tmbinc)"