PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

August 26, 2010 // 6:00 pm - A few days ago PSJailBreak Reverse-Engineering work began, and today German site (linked above) has posted a breakdown of the PSJailBreak, how it was reverse engineered and notes that it requires additional hardware to update.

Below is the rough translation of the PS JailBreak reverse-engineering details, to quote:

"We have the PSJailbreak dongle yet again brought out of retirement to put it more precisely Herbs to take a closer look. We tell you here in brief the main steps of the internal process of PSJailbreak.

We can confirm that it can not confirm that PSJailbreak a clone of Sony's "Jig" is module. PSJailbrak is an exploit honest self-developed. The chip is not but a PIC18F444 ATMega with software USB.

This means the chip is internally capable of USB to emulate. PSJailbreak mainly be emulated 6Port a USB hub connected to a specific end USB devices and then disconnected. One of these devices has the ID of Sony's "Jig" module, which means that played in the development of PSJailbreaks the "Jig" module, a certain role.

But let's start at the front: When the PS3 is clamped in the USB emulation device, which has a much too big Configuration Descriptor. This Descriptor ├╝berschriebt the stack with a PowerPC contained code that is executed. Now, various USB devices are connected in the emulation. A device has a large 0xAD Descriptor, which is part of the exploit and contains static data.

A short time later (we are moving here in Milisekundenbereich) the jig module is connected, and encrypted data are transmitted to the module jig. A (in Milisekundenbereich) eternity later, the answers Jig 64Byte module with static data, all USB devices are disconnected, a new USB device is connected and the PS3 launches with a new look.

64Byte static data that is emulated by the PS3 64Byte Jig sent to the static data that is emulated by Jig sent to the PS3

Extract from the USB stream Extract from the USB stream (pictured below).

Incidentally PSJailbreak is NOT updateable. The Update feature can be mentioned, if realized at all, only with additional hardware."

PSJailBreak Reverse Engineered, Requires Hardware to Update

PSJailBreak Reverse Engineered, Requires Hardware to Update

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew.

#43 - Maniac2k - August 27, 2010 // 5:21 am
Maniac2k's Avatar
If the information are correct the dongle should be easily clone able. The AtMega used in the original JB should be an Atmega16 or Atmega32 since those two are available in a TQFP-44 socket.

For our own JB maybe the smaller Atmega8 could be enough too. An open USB implementation for the Atmega series exists on the internet. With a full log of communication (including timestamps) between PSJB and Ps3 i could program the firmware for the Atmega.

#42 - thetom777 - August 27, 2010 // 5:02 am
thetom777's Avatar
Quote Originally Posted by PS3 News View Post
Here are some raw dumps of output data from the dongle courtesy of FiDilllo also.

any chance of getting the full dump?

#41 - shadowi - August 27, 2010 // 4:34 am
shadowi's Avatar
Quote Originally Posted by PS3 News View Post
Here are some raw dumps of output data from the dongle courtesy of FiDilllo also.

It come from lv0lv1lv2 dump

#40 - joysei - August 27, 2010 // 3:17 am
joysei's Avatar
"PSJailbreak emulates mainly an 6 Port USB-Hub, where in a special order, different USB-Devices gets connected and disconnected (emulated!). One of these devices has the id from the sony jig."

Interesting... what is the 6 devices ID? is it the order or ID was repeatable?

#39 - PS4 News - August 27, 2010 // 2:32 am
PS4 News's Avatar
Here are some raw dumps of output data from the dongle courtesy of FiDilllo also.

#38 - Pcsx2006 - August 27, 2010 // 2:17 am
Pcsx2006's Avatar
Another great day, another great development and i'm loving this.

#37 - atlask2 - August 27, 2010 // 2:02 am
atlask2's Avatar
maybe or update the dongle via the 6 gold contact and a hardware support ?

#36 - Gunner54 - August 27, 2010 // 1:50 am
Gunner54's Avatar
I think what they meant by "Updatable" on the PSJB website is that they will update their loader "manager.pkg"

#35 - anita999 - August 27, 2010 // 1:48 am
anita999's Avatar
well, finally some real reverse engineering begin with data sniffing... though it's not confirmed yet, the ATMEGA soft USB seems to be a good "guess"... if the usb simulation and the 64 bytes "static" response are only things we need, then of course there will be a way to duplicate it with low cost.

There are many USB micron solutions. all we need is coding.. as for the "it need extra hardware for update" speculation, I would doubt that for a while. with a good coding, the chip could accept data from USB and then perform a in system program. I am not sure whether PSJB's code has this function or not.

But hardware wise, it shouldn't be impossible. but we need to know the actual micron used in PSJB before we can conclude more things.... remember, all we are seeing now are data sniffing, not final truth.. I wonder the 64 bytes "static" response is really static or not. in most cases, the challenge response sequences requires different responses corresponding to the random challenges.. or maybe the stack overflow caused by the oversized descriptor (again, this is only a speculation) makes the challenge/response routine accepts a "static" response...

I don't know how the real jig responses to the challenges.. I don't have the jig, and nor the PSJB... I am simply summarizing the facts with my working experiences in reverse engineering....

#34 - clouduzz - August 27, 2010 // 1:48 am
clouduzz's Avatar
well hopefully we can get a free version soon even so as it seems stick is NOT upgradeable but the backup loader is? Maybe the dev gurus can turn a normal usb stick into one. Don't know if that's even possible..