Sponsored Links

Sponsored Links

Page 5 of 12 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 114



  1. #41
    Senior Member Mantagtj's Avatar
    Join Date
    Feb 2008
    Posts
    294
    Sponsored Links
    Sponsored Links
    well not everytime, but everytime we want to run it in that mode yes, I'm not REALLLY worried as the pc is sitting next to the ps3 on the desk but some people who have them in seperate rooms or a long distance away might be caffuffled lol....

    Whatever works guys... SOOO EXCITED!!! lol

  2. #42
    Registered User xroc88's Avatar
    Join Date
    Jun 2006
    Posts
    12
    Sponsored Links

    Question

    Sponsored Links
    is an AA cable same as usb cable? i don't know what AA is.

  3. #43
    Contributor crckmc's Avatar
    Join Date
    Oct 2009
    Posts
    27
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by kakarotoks View Post
    I've spent the last few hours writing a kernel driver for linux that would replicate the descriptors and data reported here.
    i was thinking about that but i'm not skilled enough to write this. if you need n900 testers i can help if you want. i hope you get scratchbox set up soon can't wait for something to happen

  4. #44
    Junior Member Bulldogzz's Avatar
    Join Date
    Apr 2010
    Posts
    73
    Theoretically all we need is the code to send the PS3 into a 'DFU mode' or the like, if it is merely a buffer overflow exploit.. I think that once you emulate the said USB Hub, the fact that it connects and disconnects up to six devices repeatedly, this is what causes the buffer to overflow, then what you need to do is it overwrite the return address with the address of an opcode which in theory will cause execution to jump to the user supplied data? e.g. the code used in psJB to send ps3 into DFU mode?

  5. #45
    Registered User caviar44's Avatar
    Join Date
    Feb 2008
    Posts
    4
    Hi all,

    it seems possible to convert PC computer to USB Slave Module

    here is link on an NSLU2 with a USB slave modification: [Register or Login to view links]
    but it should work for almost any USB device.

    information about it came from here :[Register or Login to view links]

    with PC with USB Slave Module, we should be abble
    ->#1 to spy USB Traffic with PS3 and Hardware PSJailBreak

    ->#2 to connect the PC to the PS3 and try to emulate PS JailBreak
    in addition,

    caviar

  6. #46
    Banned User kakarotoks's Avatar
    Join Date
    Jul 2008
    Posts
    119
    Ok guys, some more news here! I finally got the kernel module to work! It loads up and everything, so that's cool. It also properly answers the device/configuration requests. But I have one issue :

    The host asks for a buffer of size 18, and I send it a size 3840 bytes.. and with the usb sniffer I have here under linux (for tests), all I see is a 'corrupted packet error', so I'm not sure if the data is sent correctly, or if it doesn't even get sent because the underlying framework refuses it.

    anyways, so far all good, assuming the data is sent correctly, then I've written a driver that reproduces the usb dumps received! Now we just need a proper dump to see exactly what's going on, when to send that data, etc...

    Now it's 10:20 AM, and I really need to go to sleep, so good night all! I hope we'll have some more stuff tomorrow so I can continue working on this!

  7. #47
    Banned User
    Join Date
    May 2007
    Posts
    296
    Have a PSP, DSXL, iphone4, if any will help guys..., i personally will still probably still buy a stick, just to say i have one, but here is hoping to a good free or partly free solution.

    I do also have about 4 8gb MicroSD cards hanging around.

  8. #48
    Contributor crckmc's Avatar
    Join Date
    Oct 2009
    Posts
    27
    kakarotoks would you mind sharing your code or module? it is a long time till your tomorrow

  9. #49
    Registered User Kiriller's Avatar
    Join Date
    Sep 2008
    Posts
    108
    Don't share the code/anything with anyone other then people you trust, we don't want sony to get their sticky fingers all over this.

    and thank you for your hard work! personally if i knew how to do what you were doing, i'd be doing this around the clock.

  10. #50
    Junior Member Bulldogzz's Avatar
    Join Date
    Apr 2010
    Posts
    73
    Quote Originally Posted by kakarotoks View Post
    I finally got the kernel module to work! It loads up and everything, so that's cool. It also properly answers the device/configuration requests.
    Well you need to send enough data to rewrite the return address to that of your malicious code - the bypass / overwrite for the Sony JIG Answer Response Scheme.

    E.G.
    =====================
    BUFFER[ ] <----- 90 bytes space allocated for BUFFER[ ]
    =====================
    RETURN ADDRESS <----- When the user inputs data the program control would come here and follow the 'address' stored here to go back.
    ===================

    But if the users inputs more than 90 bytes of data...for example XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [user input]

    This is how it would look in the memory..

    =====================
    XXXXXXXXXXXXXXXXXXXX
    =====================
    XXXXXXXXXXXXXXXXXXXX
    ====================

    So you are returning to where you want.

 

Sponsored Links
Page 5 of 12 FirstFirst ... 34567 ... LastLast
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News