Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source PS3 Jailbreak Released

Posted by CmdrTaco on from the out-of-the-bag dept.

tlhIngan writes "Despite all the lawsuits and injunctions by Sony to keep the PS3 Jailbreak out of modder's hands, it appears that a third party has made a clone. The best part is, it only requires a cheap (approximately $40) development board by Atmel, and the requisite software is open-source. Get the Atmel code from GitHub and apply a small patch which will enable backup play (the code by itself only lets you run unsigned code, the patch allows for BD backups). The code is GPLv3. It would be highly ironic if someone ported this to Linux USB Gadgets, then you could use a Linux device to jailbreak your PS3, to which Sony removed Linux functionality. An Android phone would be suitable."

8 of 226 comments (clear)

  1. Hehehe by Jorl17 · · Score: 4, Funny

    "It would be highly ironic if someone ported this to Linux USB Gadgets, then you could use a Linux device to jailbreak your PS3"

    Nice way to ask an entire community of nerds to do that for you!
    Now, let's get working!

    --
    Have you heard about SoylentNews?
    1. Re:Hehehe by nebaz · · Score: 5, Funny

      Because it runs Linux?...oh wait.

      --
      Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
    2. Re:Hehehe by ThoughtMonster · · Score: 5, Informative

      Now, let's get working!

      http://kakaroto.homelinux.net/2010/08/psjailbreak-usb-gadget-kernel-driver/

      There you go. Still not released, but well underway (check the blog for updates).

    3. Re:Hehehe by jonwil · · Score: 4, Informative

      Microsoft's problem is that unlike OSX where apps generally put things in one place (documents in a documents folder, settings in settings files etc), on Windows, its impossible to know where apps may have put things.

      Some apps put their settings in the registry under HKEY_CURRENT_USER
      Some apps put their settings in the registry under HKEY_LOCAL_MACHINE
      Some apps put their settings in a config file in the windows or my documents folders.
      Some apps put their settings in a config file in their own folder.
      Some do all of the above.
      Not to mention all the apps that do things like register COM objects, install system services and who knows what else.

  2. Re:simple solution by LingNoi · · Score: 4, Insightful

    Actually all Sony really has to do is give people a way to run home brew on their own systems without letting pirates in and none of this would have ever happened.

    Since they screwed that up now the cats out the bag. People aren't going to stop hacking it until they can run their homebrew and linux again.

  3. This exploit is beautiful by DeadCatX2 · · Score: 5, Informative

    http://www.ps3news.com/PS3-Dev/ps-jailbreak-ps3-exploit-reverse-engineering-is-detailed/

    It emulates a six-port hub and connects/disconnects devices with corrupted descriptors (that have their size changed on-the-fly!) in a particular order to smash the Heap so you can use a corrupted malloc boundary tag to overwrite the call to free() so that after the failed Jig authentication tries to release the memory allocated for the cryptographic response it will launch the shell code that was dropped into memory using a USB descriptor.

    It brings a tear to my eye. Truly, one of the most beautiful things I ever had the privilege of understanding.

    --
    :(){ :|:& };:
    1. Re:This exploit is beautiful by Myoukochou · · Score: 4, Insightful

      (clarification) At least, that's my speculation. (Darn it, mixing up preview and submit.)

      You'll note no significant movement was ever made on a working modchip. PS3 remained pretty much hack-free... until Sony disabled OtherOS.

      geohot's glitch - for it was a glitch attack, requiring hardware intervention, and a fair pile of luck for things not to crash - was specifically targeted at the OtherOS hypervisor, only worked in OtherOS, and was simply trying to get more hardware access, but it would never have gotten you complete access (for a start, by the time you're in OtherOS, the SPU in security mode is latched off the bus, I understand, although I never got the opportunity to check personally).

      Sony (characteristically, some might say) totally overreacted in the worst possible way - geohot's glitch was really not a useful exploit! - but by taking everyone's toys away, and specifically by causing a problem to a lot of security researchers who used PS3 clusters for all kinds of research (including cryptographic research, for example the MD5/SHA-1 collisions) and who could now only get replacements from eBay praying they're not updated... they made a lot of people suddenly very interested and determined to crack it, and maybe those with clusters would be equally interested in something like this, perhaps even willing to fund research? *shrug* Merely idle speculation...

      So, yeah. A fairly tight architecture it is, but start annoying security researchers with the resources to decap or fab chips, let alone dump firmware and look for bugs, and you've got to expect some kind of robust response - although where it really came from originally, we may never know, and what else they have in store for the future, it's hard to tell.

      It's a cute little heap overflow in the USB controller; a nice little puppy-pile of (it appears, uncleanly nested) USB hellos and goodbyes to fill the heap, and a shellcode dump for the last one. Fixable in a firmware update, yes - and PSN-bannable (even brickable, if Sony are that hardcore) if used as is, as PS3s log what applications/games you run and send that info to Sony as part of DNAS authentication (at least, they do in unmodified DNAS; it's no longer foolproof) - but this is the tip of the iceberg I'm sure - when Sony fix this, I don't doubt another bug will be found in short order, maybe a software-only one (the PS3 parses enough formats that there's basically got to be something). The arms race has officially begun.

      It's correctly named, too; this is really a 'jailbreak' in exactly the same sense as used on the iPhone for example, not some modchip to let people play copied games or anything (in fact, I don't believe it can... yet).

  4. Oblig. Adams by MrFurious5150 · · Score: 4, Funny

    The major problem is quite simply one of grammar, and the main work to consult in this matter is Dr Dan Streetmentioner's Time Traveller's Handbook of 1001 Tense Formations. It will tell you for instance how to describe something that was about to happen to you in the past before you avoided it by time-jumping forward two days in order to avoid it. ... Most readers get as far as the Future Semi-Conditionally Modified Subinverted Plagal Past Subjunctive Intentional before giving up: and in fact in later editions of the book all the pages beyond this point have been left blank to save on printing costs.