- Today KaKaRoTo
detailed how to port PL3 to an exploitable PS3 Firmware via Github (linked above).
To quote: "How to port to a new Firmware (but < 3.41) :
First disable the JIG mode, and try to bruteforce the position of the payload with a panic payload (add 'b panic' at payload_start in dump_lv2.S), until you can get a hit reliably (see http://pastie.org/1195108
Then replace the payload with the original dump_lv2 payload, and connect the ps3 through ethernet to your PC and run wireshark to capture your dump... Run the payload, then once the ps3 panics (to tell you it's done), you can save your wireshark dump to a file in .pcap format.
Then run the tools/dump_lv2_pcap_to_bin program to dump the lv2 binary from the pcap file captured by wireshark.
Open the dump with IDA, set the processor to 'ppc', then run the dump_lv2_analyzer.idc IDC file from the tools directory to get it analyzed and follow the instructions (set TOC table in IDA options).
Once you are done, set the TOC_TABLE value in PSFreedom/PSGroove and set the syscall_table define in macros.h.S.
Then look for the position of the JIG response offset in the dump by searching for a recognizable string you previously put in there. You can now set the JIG response address...