PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

243w ago - A few days ago PSJailBreak Reverse-Engineering work began, and today German site GamerFreax.de (linked above) has posted a breakdown of the PSJailBreak, how it was reverse engineered and notes that it requires additional hardware to update.

Below is the rough translation of the PS JailBreak reverse-engineering details, to quote:

"We have the PSJailbreak dongle yet again brought out of retirement to put it more precisely Herbs to take a closer look. We tell you here in brief the main steps of the internal process of PSJailbreak.

We can confirm that it can not confirm that PSJailbreak a clone of Sony's "Jig" is module. PSJailbrak is an exploit honest self-developed. The chip is not but a PIC18F444 ATMega with software USB.

This means the chip is internally capable of USB to emulate. PSJailbreak mainly be emulated 6Port a USB hub connected to a specific end USB devices and then disconnected. One of these devices has the ID of Sony's "Jig" module, which means that played in the development of PSJailbreaks the "Jig" module, a certain role.

But let's start at the front: When the PS3 is clamped in the USB emulation device, which has a much too big Configuration Descriptor. This Descriptor überschriebt the stack with a PowerPC contained code that is executed. Now, various USB devices are connected in the emulation. A device has a large 0xAD Descriptor, which is part of the exploit and contains static data.

A short time later (we are moving here in Milisekundenbereich) the jig module is connected, and encrypted data are transmitted to the module jig. A (in Milisekundenbereich) eternity later, the answers Jig 64Byte module with static data, all USB devices are disconnected, a new USB device is connected and the PS3 launches with a new look.

64Byte static data that is emulated by the PS3 64Byte Jig sent to the static data that is emulated by Jig sent to the PS3

Extract from the USB stream Extract from the USB stream (pictured below).

Incidentally PSJailbreak is NOT updateable. The Update feature can be mentioned, if realized at all, only with additional hardware."

PSJailBreak Reverse Engineered, Requires Hardware to Update

PSJailBreak Reverse Engineered, Requires Hardware to Update

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!


  • Sponsored Links




#22 - xantra - 244w ago
xantra's Avatar
Tks for the translate. Now wait documentation about PSJailbreak.

The reverse engineering is done.

#21 - soulfood3 - 244w ago
soulfood3's Avatar
so here is a rough translation. My english isn't that good by the way

They say that they examined the jailbreak device again and explain in a few steps how it works. It shouldnt be a clone of the sony jig. Jailbreak is an selfinvented hack. Its an Atmega with software usb, not an PIC18F444 Chip. This means the chip can emulate USB internally.

PSJailbreak emulates mainly an 6 Port USB-Hub, where in a special order, different USB-Devices gets connected and disconnected (emulated!). One of these devices has the id from the sony jig.

This means, that the sony jig played a certain role in the creation of PSJailbreak.

When you turn on your PS3, it simulates that a device gets connected to the hub, which has an way to big Configuration Descriptor. This Descriptor overwrites the stack with an contained PowerPC Code, which gets executed.
Now more devices will get connected to the hub.

One device has an 0xAD discriptor which is part of the exploit and contains static data. After that the jig gets connected (this all happens within microseconds) and some encrypted data will be send to the jig (auth process). After that the jig answers with 64Byte of static data, all other usb-devices are getting disconnected and a new device gets started, so that your PS3 starts with hack and all o its advantages.

The Jailbreak is not updateable! The Update-Feature only works (if it works at all) with an extra piece of Hardware!

The graphic shows the 64Byte of static data.

So far...

good night

#20 - red8316 - 244w ago
red8316's Avatar
Quote Originally Posted by Mbb View Post
Translated with google

Cleaned up version, duplicate sentences removed:

We have the PSJailbreak dongle yet again brought out of retirement to put it more precisely Herbs to take a closer look. We tell you here in brief the main steps of the internal process of PSJailbreak.

We can confirm that it can not confirm that PSJailbreak a clone of Sony's "Jig" is module. PSJailbrak is an exploit honest self-developed. The chip is not but a PIC18F444 ATMega with software USB. This means the chip is internally capable of USB to emulate. PSJailbreak mainly be emulated 6Port a USB hub connected to a specific end USB devices and then disconnected. One of these devices has the ID of Sony's "Jig" module, which means that played in the development of PSJailbreaks the "Jig" module, a certain role.

But let's start at the front: When the PS3 is clamped in the USB emulation device, which has a much too big Configuration Descriptor. This Descriptor überschriebt the stack with a PowerPC contained code that is executed. Now, various USB devices are connected in the emulation. A device has a large 0xAD Descriptor, which is part of the exploit and contains static data.

A short time later (we are moving here in Milisekundenbereich) the jig module is connected, and encrypted data are transmitted to the module jig. A (in Milisekundenbereich) eternity later, the answers Jig 64Byte module with static data, all USB devices are disconnected, a new USB device is connected and the PS3 launches with a new look.

64Byte static data that is emulated by the PS3 64Byte Jig sent to the static data that is emulated by Jig sent to the PS3

Extract from the USB stream Extract from the USB stream

Incidentally PSJailbreak is NOT updateable. The Update feature can be mentioned, if realized at all, only with additional hardware.

#19 - xantra - 244w ago
xantra's Avatar
I don't understand, it's a PIC or not??

#18 - EiKii - 244w ago
EiKii's Avatar
google translate ftw hehe, almost makes sense hehe

oh and a lot of doubles apperently.
PSJailbreak reverse engineered

We took the PSJailbreak dongle out of the drawer again to examine it a bit more in detail. Now we'll give you a short explaination on the important steps that take place inside of the dongle.

We can confirm that PSJailbreak is in fact no simple clone of Sony's “Jig” modul, instead it's an honest, self developed exploit. The Chip inside is no PIC18F444 but an ATMega with USB-software. That means that the chip is capable of internal USB emulation. PSJailbreak mainly emulates a 6-port USB-hub to that several USB-devices get connected and disconnected in a speciffic sequence. One of these devices has the ID of Sony's “Jig” modul, so that means that the “Jig” played a certain role during the development of PSJailbreak.

But first things first: When switching the PS3 on, a device is connected within the USB-emulation, which has a too large configuration descriptor. This discriptor overwrites the stack with contained PowerPC-code that is executed. Now various other devices get connected within the emulation. One device has a 0xAD large descriptor that is part of the exploit and contains static data. Short time later (we're talking about milliseconds here) the “Jig” gets connected and encrypted data is sent to the “Jig”.
An eternity later (in milliseconds that is) the “Jig” answers with 64Bytes of static data, all USB-devices get disconnected, a new device is connected and the PS3 restarts in a new look.

By the way: The PSJailbreak is not updateable. The noted update-feature can, if at all, only be carried out with additional hardware.

#17 - Mbb - 244w ago
Mbb's Avatar
Quote Originally Posted by PSGamer24 View Post

Translated with google:
We have the PSJailbreak dongle yet again brought out of retirement to put it more precisely Herbs to take a closer look. We tell you here in brief the main steps of the internal process of PSJailbreak.

We can confirm that it can not confirm that PSJailbreak a clone of Sony's "Jig" is module. We can confirm that it can not confirm that a clone of PSJailbreak Sony's "Jig" is module. PSJailbrak is an exploit honest self-developed. PSJailbrak exploit is an honest self-developed. The chip is not but a PIC18F444 ATMega with software USB. The chip is not but a PIC18F444 ATMega with software USB. This means the chip is internally capable of USB to emulate.

This means the chip is internally capable of USB to emulate. PSJailbreak mainly be emulated 6Port a USB hub connected to a specific end USB devices and then disconnected. PSJailbreak mainly be emulated 6Port a USB hub connected to a specific end USB devices and then disconnected. One of these devices has the ID of Sony's "Jig" module, which means that played in the development of PSJailbreaks the "Jig" module, a certain role. One of these devices has the ID of Sony's "Jig" module, which means that played in the development of PSJailbreaks the "Jig" module, a certain role.

But let's start at the front: When the PS3 is clamped in the USB emulation device, which has a much too big Configuration Descriptor. But let's start at the front: When the PS3 is clamped in the USB emulation device, which has a much too big Configuration Descriptor. This Descriptor überschriebt the stack with a PowerPC contained code that is executed.

This Descriptor überschriebt the stack with a PowerPC contained code that is executed. Now, various USB devices are connected in the emulation. Now, various USB devices are connected in the emulation. A device has a large 0xAD Descriptor, which is part of the exploit and contains static data. A device has a large 0xAD Descriptor, which is part of the exploit and contains static data. A short time later (we are moving here in Milisekundenbereich) the jig module is connected, and encrypted data are transmitted to the module jig.

A later short time (we are moving here in Milisekundenbereich) the jig module is connected, and encrypted data are transmitted to the module jig. A (in Milisekundenbereich) eternity later, the answers Jig 64Byte module with static data, all USB devices are disconnected, a new USB device is connected and the PS3 launches with a new look. A (in Milisekundenbereich) eternity later, the answers Jig 64Byte module with static data, all USB devices are disconnected, a new USB device is connected and the PS3 launches with a new look.

64Byte static data that is emulated by the PS3 64Byte Jig sent to the static data that is emulated by Jig sent to the PS3

Extract from the USB stream Extract from the USB stream

Incidentally PSJailbreak is NOT updateable. Incidentally PSJailbreak is NOT updateable. The Update feature can be mentioned, if realized at all, only with additional hardware. The Update feature can be mentioned, if realized at all, only with additional hardware.

#16 - PSGamer24 - 244w ago
PSGamer24's Avatar
Can someone better translate this http://www.gamefreax.de/psjailbreak-reverse-engineered.html

#15 - thirdq - 244w ago
thirdq's Avatar
Is there anyone at all that has the usbdongle ?

Wouldn't it be pretty stright forward making a usb emulator using a unit with usb-device port (like an android phone), and a regular pc which forwards the usb communication to the phone thru wifi?

with this setup, we could get an complete dump of a session doing all the "magic" this dongle does, and be able to make the emulator just repeat the steps without the dongle.

but of course, we still need someone with the real hardware

--goodie

#14 - shadowi - 244w ago
shadowi's Avatar
Thanks, have you any info about Interface and EndPoint ?

it lacks information!?

#13 - segobi - 244w ago
segobi's Avatar
Here is some information:

[Register or Login to view code]