August 22, 2010 // 9:11 pm
- A few days ago we saw the inside pics
of PS JailBreak, and today SKFU
(linked above) has posted that PSJailbreak is both detectable and bannable on PSN along with Mathieulh
's exploit was used and that PS JailBreak can be easily dumped
He went on to state: "Actually they used the geohot hack to get code with lv1 privileges running on the console, they then used this to 1. Dump lv1 2. dump the spm syscall table (that's after quite a bit of lv1 reversing to even figure the spm exists) 3. Use the actual spm syscalls to trick the spu into calculating the proper response for the dongle id of their choosing.
Without those steps that all require geohot's hack, they could never have gotten their dongle to successfully identify as a jig and they could never have triggered their hack.
The psjailbreak basically exploits the update manager which is the code that does the dongle auth located inside the spm itself inside lv1.
We don't have the payload it sends though because we don't have a dongle to sniff it from, thus we have yet to know what lv2 patches it does."
has also tweeted (HERE
, and HERE
) the following: "Using the backup manager on PSN is like walking into a trap. Title: Backup Manager || Title ID: LAUN12345. FYI, dongle IDs can be revoked! Don't be surprised if error 0x8002A227 is returned."
This essentially means Sony may detect those launching the backup manager and sending the following response which suspends the console from PSN: SCE_NP_AUTH_ERROR_CONSOLE_ID_SUSPENDED
Currently PlayStation Network is down for maintenance, although unconfirmed if it is due to Sony implementing PS JailBreak detection.
To quote from SKFU
: "While hackers usually had to work very hard to succeed in the videogame scene, now all seems to become a business of corruption and audacity.
A short timeline of the PSJailbreak. How it may have started, succeeded and may go on.
Part 1: Someone (called "the fake hacker" below) came in contact with an employee of a SONY service center. The fake hacker probably used a bit social engeneering until the employee agreed to sell him one of the SONY confidential JIG Sticks used in the service centers to test and repair broken PS3 SKU's.
Part 2: The fake hacker used documentation and software which was leaked by other SONY employees to study the JIG stick. The stick is used to boot a special firmware from itself before the original PS3 firmware starts. The now running system allows to execute debug/fake signed executables which can be created with SONY's official SDK.
Part 3: The fake hacker shared the information with his team members and people who were able to clone the stick. Probably in china as usual.
Part 4: The stick is clonable, so the fake hacker went on and used stolen/leaked software from SONY's official SDK to develope (the only real work he did!) the application known as "backup manager" which is used on the PS3 to dump and start the backups.
Part 5: The fake hacker distributes high illegal clones of the original JIG stick via several online shops including the "backup manager" which is also illegal as it's all created with stolen/leaked software and documentation by SONY.
Part 6: SONY may update the PS3's bootcode to prevent loading the stick. They also could log the "backup manager"'s game ID (LAUN-12345) when people go online. So they could identify who actually uses the illegal JIG clone and ban the affected consoles. This would be an illegal step aswell, but hey; it's SONY."