Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source PS3 Jailbreak Released

Posted by CmdrTaco on from the out-of-the-bag dept.

tlhIngan writes "Despite all the lawsuits and injunctions by Sony to keep the PS3 Jailbreak out of modder's hands, it appears that a third party has made a clone. The best part is, it only requires a cheap (approximately $40) development board by Atmel, and the requisite software is open-source. Get the Atmel code from GitHub and apply a small patch which will enable backup play (the code by itself only lets you run unsigned code, the patch allows for BD backups). The code is GPLv3. It would be highly ironic if someone ported this to Linux USB Gadgets, then you could use a Linux device to jailbreak your PS3, to which Sony removed Linux functionality. An Android phone would be suitable."

15 of 226 comments (clear)

  1. Hehehe by Jorl17 · · Score: 4, Funny

    "It would be highly ironic if someone ported this to Linux USB Gadgets, then you could use a Linux device to jailbreak your PS3"

    Nice way to ask an entire community of nerds to do that for you!
    Now, let's get working!

    --
    Have you heard about SoylentNews?
    1. Re:Hehehe by nebaz · · Score: 5, Funny

      Because it runs Linux?...oh wait.

      --
      Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
    2. Re:Hehehe by ThoughtMonster · · Score: 5, Informative

      Now, let's get working!

      http://kakaroto.homelinux.net/2010/08/psjailbreak-usb-gadget-kernel-driver/

      There you go. Still not released, but well underway (check the blog for updates).

    3. Re:Hehehe by Sancho · · Score: 3, Insightful

      If you're a consumer you're almost certainly doing this. Unless you bought your home outright, only shop at local farmer's markets, sew your own clothes, and don't purchase any entertainment to speak of.

    4. Re:Hehehe by Dreadrik · · Score: 3, Insightful

      I can't say that I have noticed many Sony fans or even Sony apologists. So either they choose not to speak up or there are a lot of people who prioritize games over good character or good sense.

      I like their TV's and the PS3, but I'm not exactly a fanboy. I don't think their business practices are much different than any of the giants'. I thought the rootkit scandal was embarrasing, but I don't get why MS got out of that mess so easily, while Sony became marked for life.
      I tried to question an anti-sony rant here one time before, but got modded to hell (even though it turned out I was right), so at least I am very careful when trying to defend Sony.

    5. Re:Hehehe by jonwil · · Score: 4, Informative

      Microsoft's problem is that unlike OSX where apps generally put things in one place (documents in a documents folder, settings in settings files etc), on Windows, its impossible to know where apps may have put things.

      Some apps put their settings in the registry under HKEY_CURRENT_USER
      Some apps put their settings in the registry under HKEY_LOCAL_MACHINE
      Some apps put their settings in a config file in the windows or my documents folders.
      Some apps put their settings in a config file in their own folder.
      Some do all of the above.
      Not to mention all the apps that do things like register COM objects, install system services and who knows what else.

  2. Patch 3.43. bye bye USB. by leuk_he · · Score: 3, Funny

    HOT FROM SONY SITE:

    Downloading and installing the PlayStation®3 system software update will update your PS3 system's operating system to include the latest security patches, settings, features and other items. We encourage you to check this page from time to time for system software updates and to always maintain your system to use the latest version of the system software.

    An update to the PS3 system software will be was released on September 27, 2010. You can use this update to upgrade your system software to version 3.43.
    English EspañolFrançais

    Notices

            * Do not download or install updates using data other than official update data provided online or on disc media by Sony Computer Entertainment, and do not download or install updates by methods other than those described in the system documentation or on this website. If you download or install update data from another source, by another method, or with a PS3 system that has been altered or modified in any way, the PS3 system may not operate properly and may not be able to install the official update data. Any of these actions may void the PS3 system warranty and affect your ability to obtain warranty services and repair services from Sony Computer Entertainment.
            * This update is for PS3 systems purchased in North America. DO NOT update your PS3 system through this website if you purchased your system outside North America. There is no guarantee of proper operation with models sold outside North America.
            * The system software and system software updates installed on your system are subject to a limited license from Sony Computer Entertainment Inc. Visit http://www.scei.co.jp/ps3-eula for details.
            * If your PS3 system software version is 3.43 (or later), you do not need to perform this update. To check the version of your system software, go to > (Settings) > (System Settings) > [System Information]. The information is shown in the [System Software] field.
            * The [Install Other OS] and [Default System] features have been deleted in system software versions 3.21 and later. You will not be able to use [Install Other OS] or [Default System] under (Settings) > (System Settings). See the Consumer Alerts page for more details.
            * To play some software or use some features, you may first need to update the system software.
            * Depending on your PS3 system software version, the screen images and icons that are used on this website may differ from those that appear on your system.
            * This version will disable USB ports due to security issues. If you have to USB peripherals you will have to to replace them with wireless versions. See the Consumer Alerts page for more details.

    1. Re:Patch 3.43. bye bye USB. by smussman · · Score: 3, Funny

      An update to the PS3 system software will be was released on September 27 , 2010

      *brain explodes*

  3. Re:simple solution by LingNoi · · Score: 4, Insightful

    Actually all Sony really has to do is give people a way to run home brew on their own systems without letting pirates in and none of this would have ever happened.

    Since they screwed that up now the cats out the bag. People aren't going to stop hacking it until they can run their homebrew and linux again.

  4. This exploit is beautiful by DeadCatX2 · · Score: 5, Informative

    http://www.ps3news.com/PS3-Dev/ps-jailbreak-ps3-exploit-reverse-engineering-is-detailed/

    It emulates a six-port hub and connects/disconnects devices with corrupted descriptors (that have their size changed on-the-fly!) in a particular order to smash the Heap so you can use a corrupted malloc boundary tag to overwrite the call to free() so that after the failed Jig authentication tries to release the memory allocated for the cryptographic response it will launch the shell code that was dropped into memory using a USB descriptor.

    It brings a tear to my eye. Truly, one of the most beautiful things I ever had the privilege of understanding.

    --
    :(){ :|:& };:
    1. Re:This exploit is beautiful by DeadCatX2 · · Score: 3, Interesting

      I have blue screened my development workstation before because I had a bad descriptor that the Windows Audio driver tried to parse and it brought down the kernel. So I knew this sort of thing would be possible. I think attacking the USB host controller driver is going to become a much more common method of infection in the next few years.

      But to get that far...you need dedication. You need to love the hardware. When you see it, it's like the matrix...behind the 1s and 0s and circuit board traces, there is a setting, characters, and a plot.

      From there, that's how you can see the attack on the heap. That's actually the most complicated part, in my opinion. You are trying to fool the kernel into handing you a certain portion of memory. It's like social engineering...and that's what makes it hard. The kernel is interrogating you, and you have to give the right answers. Not only the right answers, but the answers must be corrupted in just the right way.

      Everything from this point can be built on the work of someone before you. Pretty much all exploits eventually launch shellcode somewhere. They all need some way to launch the shellcode, and hooking a system call (in this case, free()) is a favored way to go about that. Then you need some way to do the hook, which in this case was the smashing the Heap.

      So you sit there and think...how do I drop shellcode in? What function do I hook? How do I hook it? Dots appear...and then you connect them, and you annotate the connections, and you go back and you start from scratch again because you see a better way, and then finally...it all comes together.

      --
      :(){ :|:& };:
    2. Re:This exploit is beautiful by Myoukochou · · Score: 4, Insightful

      (clarification) At least, that's my speculation. (Darn it, mixing up preview and submit.)

      You'll note no significant movement was ever made on a working modchip. PS3 remained pretty much hack-free... until Sony disabled OtherOS.

      geohot's glitch - for it was a glitch attack, requiring hardware intervention, and a fair pile of luck for things not to crash - was specifically targeted at the OtherOS hypervisor, only worked in OtherOS, and was simply trying to get more hardware access, but it would never have gotten you complete access (for a start, by the time you're in OtherOS, the SPU in security mode is latched off the bus, I understand, although I never got the opportunity to check personally).

      Sony (characteristically, some might say) totally overreacted in the worst possible way - geohot's glitch was really not a useful exploit! - but by taking everyone's toys away, and specifically by causing a problem to a lot of security researchers who used PS3 clusters for all kinds of research (including cryptographic research, for example the MD5/SHA-1 collisions) and who could now only get replacements from eBay praying they're not updated... they made a lot of people suddenly very interested and determined to crack it, and maybe those with clusters would be equally interested in something like this, perhaps even willing to fund research? *shrug* Merely idle speculation...

      So, yeah. A fairly tight architecture it is, but start annoying security researchers with the resources to decap or fab chips, let alone dump firmware and look for bugs, and you've got to expect some kind of robust response - although where it really came from originally, we may never know, and what else they have in store for the future, it's hard to tell.

      It's a cute little heap overflow in the USB controller; a nice little puppy-pile of (it appears, uncleanly nested) USB hellos and goodbyes to fill the heap, and a shellcode dump for the last one. Fixable in a firmware update, yes - and PSN-bannable (even brickable, if Sony are that hardcore) if used as is, as PS3s log what applications/games you run and send that info to Sony as part of DNAS authentication (at least, they do in unmodified DNAS; it's no longer foolproof) - but this is the tip of the iceberg I'm sure - when Sony fix this, I don't doubt another bug will be found in short order, maybe a software-only one (the PS3 parses enough formats that there's basically got to be something). The arms race has officially begun.

      It's correctly named, too; this is really a 'jailbreak' in exactly the same sense as used on the iPhone for example, not some modchip to let people play copied games or anything (in fact, I don't believe it can... yet).

  5. Re:simple solution by hardburn · · Score: 3, Interesting

    Oh, and another solution: Mark updates with an expiration date such that the unit will refuse to run if its firmware is too stale.

    If they ever do that, I will have to kill somebody. Besides the obvious reason, I have a driving wheel that won't work unless the system date is set before 12-22-08. The bug has been there for well over a year and there's no sign its getting fixed.

    Consider that the one and only reason I bought a PS3 over a 360 is to play GT5. See how well that decision worked for me?

    --
    Not a typewriter
  6. Re:simple solution by Animaether · · Score: 3, Insightful

    I never quite understood that "If only they'd allowed homebrew, none of this* would have happened!" reasoning.

    After all, you can certainly run homebrew on a PC, but this* still happens.

    In addition, you -could- run homebrew on the PS3. You didn't get access to the BD, you didn't get full access to the graphics bits and pieces, but you could run homebrew. Apparently that wasn't enough for some, somebody decided to poke at the hypervisor to gain access to these resources, and once they started succeeding a bit, OtherOS was nixed on the older models as well, citing 'security concerns'.

    *"this"?

    Get the Atmel code from GitHub [which] by itself [...] lets you run unsigned code

    Seems like homebrew and linux were possible right there and then...

    and apply a small patch which will enable backup play

    Right. Backups. I guess that's really what "this" is.

    Sounds rather threatening. Open your platform to homebrew, without restriction, or else we'll open it for you - and make it stupid-simple for this* to happen as a(n un)fortunate 'side-effect'.

    That out of the way.. I'm looking forward to an actual thriving homebrew scene for the PS3, with lots of indie developers making the games for PS3 they always wanted to but never had the funds to become a licensed developer, and didn't have the access they needed to develop their envisioned games.

  7. Oblig. Adams by MrFurious5150 · · Score: 4, Funny

    The major problem is quite simply one of grammar, and the main work to consult in this matter is Dr Dan Streetmentioner's Time Traveller's Handbook of 1001 Tense Formations. It will tell you for instance how to describe something that was about to happen to you in the past before you avoided it by time-jumping forward two days in order to avoid it. ... Most readers get as far as the Future Semi-Conditionally Modified Subinverted Plagal Past Subjunctive Intentional before giving up: and in fact in later editions of the book all the pages beyond this point have been left blank to save on printing costs.