Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links
Sponsored Links
Home PS4 News - Latest PlayStation 4 and PS3 News

PS JailBreak Mod Code Sniffed via USB, Logged and Examined


Sponsored Links
239w ago - A few days ago PS JailBreak was reverse-engineered, and today Descrambler sniffed the USB traffic and shared the log.

I don't know that much about the USB protocol, but I think this is what happens:

• The PSJailbreak is inserted
• It connects with the host (PS3) and sends 09 02 12 00 01 00 00 80 + all the bytes from the first packet starting at 0008 up to 00EFF.
• The stack is overwritten and the PS3 jumps into code from the packet
• The Atmega sends a "USB Disconnect command"
• The last three steps are repeated four times

• It connects with the host and sends 09 02 4D 0A 01 01 00 80 + the bytes from the second packet starting at 0008 up to 0A4C
• The stack is overwritten and the PS3 jumps into code from the packet
• The Atmega sends a "USB Disconnect command"
• The last three steps are repeated twice.

Voilà... The PS3 is in "Debug Mode".

Apparently the third and fourth byte of the after the 09 02 are the numbers of bytes to be sent. At least this goes for the second log (4D 0A->0A4D bytes)...

The first 8 bytes are from the usb protocol left [09 02 ... ]

The code will be pushed four times onto ps3 usb stack:

00000: 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
00010: 02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
00020: 38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
00030: 64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
00040: 28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
00050: 4E 80 04 20 00 00 00 00 00 00 00 00 00 00 00 00
00060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00080: 7C 08 02 A6 F8 21 FF 61 FB 61 00 78 FB 81 00 80
00090: FB A1 00 88 FB C1 00 90 FB E1 00 98 F8 01 00 B0
000A0: 3B E0 00 01 7B FF F8 06 7F E3 FB 78 64 63 00 05
000B0: 60 63 0B 3C 7F E4 FB 78 64 84 00 70 60 84 01 AC
000C0: 38 A0 04 FA 4B 97 BF 59 7F E3 FB 78 64 63 00 05
000D0: 60 63 0B 3C 38 63 00 20 4B 9D 22 01 7F E3 FB 78
000E0: 64 63 00 05 60 63 0B 3C 7F E4 FB 78 64 84 00 2E
000F0: 60 84 B1 28 38 63 00 10 F8 64 01 20 7F E5 FB 78
00100: 64 A5 00 70 60 A5 01 50 80 65 00 00 28 03 00 00
00110: 41 82 00 18 80 85 00 04 7C 63 FA 14 90 83 00 00
00120: 38 A5 00 08 4B FF FF E4 48 00 05 88 F8 21 FF 51
00130: 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
00140: F8 01 00 C0 3B C0 07 D0 3B E0 00 C8 4B 90 A9 B8
00150: 00 04 90 E0 E8 82 0F 08 00 04 90 E4 E8 7C 00 20
00160: 00 04 90 E8 F8 64 00 00 00 04 F0 A8 48 00 1A 9D
00170: 00 2A AF C8 4B DA 5B 80 00 04 ED 18 38 80 00 00
00180: 00 04 ED 1C 90 83 00 00 00 04 ED 20 4E 80 00 20
00190: 00 3B A8 90 01 00 00 00 00 05 05 D0 38 60 00 01
001A0: 00 05 05 D4 4E 80 00 20 00 00 00 00 38 60 00 01
001B0: 4E 80 00 20 48 00 02 78 48 00 01 EC 80 00 00 00
001C0: 00 05 0C A8 80 00 00 00 00 33 E7 20 80 00 00 00
001D0: 00 05 10 32 80 00 00 00 00 05 0B 7C 80 00 00 00
001E0: 00 05 0B 8C 80 00 00 00 00 05 0B 9C 80 00 00 00
001F0: 00 05 0B D4 80 00 00 00 00 33 E7 20 80 00 00 00
00200: 00 05 0C 1C 80 00 00 00 00 33 E7 20 80 00 00 00
00210: 00 05 0C 78 80 00 00 00 00 33 E7 20 80 00 00 00
00220: 00 05 0C 84 80 00 00 00 00 33 E7 20 00 00 00 00
00230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00240: 00 00 00 00 F8 21 FF 81 7C 08 02 A6 F8 01 00 90
00250: 38 80 00 00 38 A0 00 01 48 08 1D B1 80 A3 00 08
00260: 38 60 00 00 3C 80 AA AA 60 84 C0 DE 7C 04 28 40
00270: 41 82 00 08 38 60 FF FF 7C 63 07 B4 E8 01 00 90
00280: 7C 08 03 A6 38 21 00 80 4E 80 00 20 F8 21 FF 81
00290: 7C 08 02 A6 F8 01 00 90 38 80 00 00 48 08 1D 99
002A0: 38 81 00 70 38 A0 00 00 F8 A4 00 00 38 C0 21 AA
002B0: B0 C4 00 00 38 C0 00 00 B0 C4 00 06 38 C0 00 01
002C0: 78 C6 F8 06 64 C6 00 05 60 C6 0B AC 38 E0 00 00
002D0: 48 08 1C CD 38 60 00 00 E8 01 00 90 7C 08 03 A6
002E0: 38 21 00 80 4E 80 00 20 38 60 00 00 39 60 00 FF
002F0: 44 00 00 22 2C 03 00 00 40 82 00 1C 38 60 00 01
00300: 78 63 F8 06 64 63 00 05 60 63 0B BC 38 80 00 01
00310: 90 83 00 10 4E 80 00 20 F8 21 FF 31 7C 08 02 A6
00320: F8 01 00 E0 FB E1 00 C8 38 81 00 70 48 16 2E 81
00330: 3B E0 00 01 7B FF F8 06 67 FF 00 05 63 FF 0B BC
00340: E8 7F 00 00 2C 23 00 00 41 82 00 0C 38 80 00 27
00350: 48 01 17 E9 38 80 00 27 38 60 08 00 48 01 13 9D
00360: F8 7F 00 00 E8 81 00 70 4B FF C5 F9 E8 61 00 70
00370: 38 80 00 27 48 01 17 C5 E8 7F 00 00 4B FF C6 0D
00380: E8 9F 00 00 7C 64 1A 14 F8 7F 00 08 38 60 00 00
00390: EB E1 00 C8 E8 01 00 E0 38 21 00 D0 7C 08 03 A6
003A0: 4E 80 00 20 F8 21 FF 61 7C 08 02 A6 FB 81 00 80
003B0: FB A1 00 88 FB E1 00 98 FB 41 00 70 FB 61 00 78
003C0: F8 01 00 B0 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01
003D0: 7B FF F8 06 7F A3 EB 78 7F E4 FB 78 64 84 00 05
003E0: 60 84 10 28 38 A0 00 09 4B FF C5 CD 28 23 00 00
003F0: 40 82 00 34 67 FF 00 05 63 FF 0B BC 80 7F 00 10
00400: 28 03 00 00 41 82 00 20 E8 7F 00 00 28 23 00 00
00410: 41 82 00 14 E8 7F 00 08 38 9D 00 09 4B FF C5 45
00420: EB BF 00 00 7F A3 EB 78 48 25 A2 38 7C 08 02 A6
00430: F8 21 FE 61 FB 61 00 78 FB 81 00 80 FB A1 00 88
00440: FB C1 00 90 FB E1 00 98 F8 01 01 B0 7C 7D 1B 78
00450: 7C 9E 23 78 3B E0 00 01 7B FF F8 06 EB 82 96 00
00460: EB 9C 00 68 EB 9C 00 18 EB 62 0F 08 E9 3D 00 18
00470: 81 29 00 30 79 29 84 02 2C 09 00 29 40 82 00 58
00480: E8 9C 00 10 78 85 C1 E4 78 A5 46 20 2C 05 00 FF
00490: 41 82 00 18 60 84 00 03 F8 9C 00 10 38 60 00 06
004A0: 90 7E 00 00 48 00 00 14 60 84 00 02 F8 9C 00 10
004B0: 38 60 00 2C 90 7E 00 00 80 BC 00 04 E8 9C 00 08
004C0: E8 7B 00 00 7D 23 2A 14 F9 3B 00 00 48 02 B1 C1
004D0: 48 00 00 C4 7F A3 EB 78 7F C4 F3 78 4B FF D9 B1
004E0: 7F FD FB 78 67 BD 00 05 63 BD 0B D0 80 7D 00 00
004F0: 80 BC 00 04 7C 63 2A 14 90 7D 00 00 E8 9C 00 10
00500: 78 85 C1 E4 78 A5 46 20 2C 05 00 FF 40 82 00 88
00510: E8 7B 00 00 38 80 00 00 38 C0 00 00 7C E3 22 14
00520: 80 A7 00 00 7C C6 2A 78 38 84 00 04 28 24 04 00
00530: 40 82 FF EC 80 7D 00 00 78 C6 07 C6 7C C6 1B 78
00540: 38 60 00 00 90 7D 00 00 7F E7 FB 78 64 E7 00 05
00550: 60 E7 0F 70 E8 67 00 00 28 23 00 00 41 82 00 38
00560: 38 E7 00 10 7C 23 30 40 40 82 FF EC E8 A7 FF F8
00570: E8 FB 00 00 80 65 00 00 28 03 00 00 41 82 00 18
00580: 80 85 00 04 7C 63 3A 14 90 83 00 00 38 A5 00 08
00590: 4B FF FF E4 38 60 00 00 EB 61 00 78 EB 81 00 80
005A0: EB A1 00 88 EB C1 00 90 EB E1 00 98 E8 01 01 B0
005B0: 38 21 01 A0 7C 08 03 A6 4E 80 00 20 F8 21 FF 51
005C0: 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
005D0: F8 01 00 C0 3B C0 0F A0 3B E0 00 C8 4B FB 9B 98
005E0: A0 55 6F 3D 00 2C B8 FD 80 00 00 00 00 05 0F B8
005F0: 8C 0A 94 8C 00 0D 99 B1 80 00 00 00 00 05 0F E0
00600: A2 BC 1A 56 00 05 2A DC 80 00 00 00 00 05 10 04
00610: 6B 70 28 02 00 02 00 17 80 00 00 00 00 05 0F D4
00620: 00 00 00 00 00 00 00 00 00 30 53 54 38 60 00 82
00630: 00 5F 3F C0 38 60 00 01 00 5F 3F C4 4E 80 00 20
00640: 00 00 00 00 00 02 ED 0C 3B A0 00 01 00 00 00 00
00650: 00 22 B8 88 5F 74 6F 6F 00 22 B8 8C 6C 32 2E 78
00660: 00 22 B8 90 6D 6C 23 72 00 22 B8 94 6F 6F 74 00
00670: 00 00 00 00 00 0D 68 B8 5F 74 6F 6F 00 0D 68 BC
00680: 6C 32 2E 78 00 0D 68 C0 6D 6C 23 72 00 0D 68 C4
00690: 6F 6F 74 00 00 00 00 00 2F 64 65 76 5F 62 64 76
006A0: 64 00 6D 6F 64 00 00 00 00 00 00 00 00 00 00 00
006B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
006C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
006D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
006E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
006F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00700: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00710: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00720: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00730: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00740: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00750: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00760: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00770: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00780: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00790: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
007A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
007B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
007C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
007D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
007E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
007F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00800: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00810: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00820: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00830: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00840: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00850: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00860: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00870: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00880: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00890: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
008A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
008B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
008C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
008D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
008E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
008F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00900: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00910: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00920: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00930: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00940: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00950: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00960: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00970: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00980: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00990: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
009A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
009B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
009C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
009D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
009E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
009F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00A20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00A30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00A60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00A70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00AA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00AB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00AC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00AD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00AE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00AF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00B20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00B30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00B60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00B70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00BA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00BB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00BC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00BD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00BE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00BF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00C20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00C30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00C60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00C70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00CA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00CB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00CC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00CD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00CE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00CF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00D20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00D30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00D60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00D70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00DA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00DB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00DC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00DD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00DE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00DF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00E20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00E30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00E60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00E70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00EA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00EB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00EC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00ED0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00EE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00EF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90

After that they push this two times on the stack to run the code via disconnect/reconnect usb devices on the bus.

00000: 09 02 4D 0A 01 01 00 80 01 09 04 00 00 00 FE 01
00010: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00020: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00030: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00040: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00050: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00060: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00070: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00080: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00090: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
000A0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
000B0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
000C0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
000D0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
000E0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
000F0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00100: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00110: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00120: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00130: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00140: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00150: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00160: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00170: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00180: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00190: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
001A0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
001B0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
001C0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
001D0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
001E0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
001F0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00200: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00210: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00220: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00230: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00240: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00250: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00260: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00270: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00280: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00290: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
002A0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
002B0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
002C0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
002D0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
002E0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
002F0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00300: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00310: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00320: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00330: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00340: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00350: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00360: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00370: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00380: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00390: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
003A0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
003B0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
003C0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
003D0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
003E0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
003F0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00400: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00410: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00420: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00430: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00440: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00450: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00460: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00470: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00480: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00490: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
004A0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
004B0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
004C0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
004D0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
004E0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
004F0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00500: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00510: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00520: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00530: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00540: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00550: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00560: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00570: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00580: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00590: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
005A0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
005B0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
005C0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
005D0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
005E0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
005F0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00600: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00610: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00620: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00630: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00640: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00650: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00660: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00670: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00680: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00690: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
006A0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
006B0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
006C0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
006D0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
006E0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
006F0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00700: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00710: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00720: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00730: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00740: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00750: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00760: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00770: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00780: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00790: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
007A0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
007B0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
007C0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
007D0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
007E0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
007F0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00800: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00810: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00820: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00830: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00840: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00850: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00860: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00870: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00880: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00890: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
008A0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
008B0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
008C0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
008D0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
008E0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
008F0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00900: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00910: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00920: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00930: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00940: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00950: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00960: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00970: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00980: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00990: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
009A0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
009B0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
009C0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
009D0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
009E0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
009F0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00A00: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00A10: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00A20: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00A30: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00A40: 00 FE 01 02 00 09 04 00 00 00 FE 01 02

That's all, folks.

Repost in binary (Thanks Disane) The first 8 bytes are from the usb protocol left [09 02 ... ]

http://www.ps4news.com/forums/attachment.php?attachmentid=21111

ASCII binary (Thanks xCoder)

http://www.ps4news.com/forums/attachment.php?attachmentid=21116

Here's an improved disassembly by crazyc.

http://www.ps4news.com/forums/attachment.php?attachmentid=2111

PS JailBreak Mod Code Sniffed via USB, Logged and Examined

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!

Comments 113

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#53 - crisdo98 - 239w ago
crisdo98's Avatar
Nice work mate.. have a good sleep you'll need it for tomorrow. Sony might come a knocking so be careful.. jk

^^ what's this attachment?

#52 - xantra - 239w ago
xantra's Avatar
If it can interest someone :

#51 - Kiriller - 239w ago
Kiriller's Avatar
yes? lol you obviously don't know how sad sony is lol

go sleep, youve done enough soldier ! you've got a busy day ahead of you when you wake up

#50 - crckmc - 239w ago
crckmc's Avatar
lol man even if i was sony what could i do with this code? block it on the n900?

#49 - Bulldogzz - 239w ago
Bulldogzz's Avatar
Quote Originally Posted by kakarotoks View Post
I finally got the kernel module to work! It loads up and everything, so that's cool. It also properly answers the device/configuration requests.

Well you need to send enough data to rewrite the return address to that of your malicious code - the bypass / overwrite for the Sony JIG Answer Response Scheme.

E.G.
=====================
BUFFER[ ]

#48 - Kiriller - 239w ago
Kiriller's Avatar
Don't share the code/anything with anyone other then people you trust, we don't want sony to get their sticky fingers all over this.

and thank you for your hard work! personally if i knew how to do what you were doing, i'd be doing this around the clock.

#47 - crckmc - 239w ago
crckmc's Avatar
kakarotoks would you mind sharing your code or module? it is a long time till your tomorrow

#46 - IHM - 239w ago
IHM's Avatar
Have a PSP, DSXL, iphone4, if any will help guys..., i personally will still probably still buy a stick, just to say i have one, but here is hoping to a good free or partly free solution.

I do also have about 4 8gb MicroSD cards hanging around.

#45 - kakarotoks - 239w ago
kakarotoks's Avatar
Ok guys, some more news here! I finally got the kernel module to work! It loads up and everything, so that's cool. It also properly answers the device/configuration requests. But I have one issue :

The host asks for a buffer of size 18, and I send it a size 3840 bytes.. and with the usb sniffer I have here under linux (for tests), all I see is a 'corrupted packet error', so I'm not sure if the data is sent correctly, or if it doesn't even get sent because the underlying framework refuses it.

anyways, so far all good, assuming the data is sent correctly, then I've written a driver that reproduces the usb dumps received! Now we just need a proper dump to see exactly what's going on, when to send that data, etc...

Now it's 10:20 AM, and I really need to go to sleep, so good night all! I hope we'll have some more stuff tomorrow so I can continue working on this!

#44 - caviar44 - 239w ago
caviar44's Avatar
Hi all,

it seems possible to convert PC computer to USB Slave Module

here is link on an NSLU2 with a USB slave modification: http://www.nslu2-linux.org/wiki/HowTo/AddDeviceSideUSBPort
but it should work for almost any USB device.

information about it came from here :http://wiki.wireshark.org/CaptureSetup/USB

with PC with USB Slave Module, we should be abble
->#1 to spy USB Traffic with PS3 and Hardware PSJailBreak

->#2 to connect the PC to the PS3 and try to emulate PS JailBreak
in addition,

caviar

 

Sponsored Links

Sponsored Links

Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News