Are we meant to add the new payload to the android.bin file in the android.img.gz file? Or replace android.bin with the payload?
Wiki says to copy to /proc/psfreedom/payload/ however I'm confused as to where that actually is.. hurr
You have to add it to the contents of the android.img.gz, now android.img.gz is a gun zip file so you have to unzip it then mount the .img file that was in it in terminal then go to the directory find proc and add the files in under the various subfolders. Once that is all done you then have to recompile the .img file and gun zip it again. (All in linux)
This is not an easy task if you do not know what you are doing, I wouldn't suggest trying. Just wait... whole process will be streamlined within 1-2 weeks and won't have all the bugs etc.
Just to clear things up. This exploit is CURRENTLY only for:
iPod Touch 1G
iPod Touch 2G
iPod Touch 3G
This exploit will work on any iphone 4.0.1 or below that has been Jail-broken with either redsn0w or pwnagetool (any tool that uses pwnage style JB) and has Android (anykind) installed on there iphone with openiboot. (for OSX users i recommend iPhoDroid because it is a oneclick solution for android installation on a JB iPhone, windows/linux users will have to do it the hard way)
To do the exploit your iphone has to be plugged in whilst you start your ps3 when the xmb shows up you can unplug your iphone and will not have to use it until the next time you boot up your ps3. Period.
This current release will JB your PS3 but the ability to emulate BD rom is not working (cant play backup games). You can still run / install 3rd party unsigned code (FTP & toolkit). This code MAY work on SOME older games with the debug Backup Manager.
Like it says at Wiki: The experimental payload is still being tested but there are some reports of some older games working, but only with the above rdx_manager.pkg backup manager, and not the original or stealth versions. Whatever the case may be it is still very buggy.
With the rate of progress made over this weekend, I'd like to assume by monday next week we will have a full functioning solution.
A little about the exploit: The exploit emulates a USB HUB with 6 different devices on it which rapidly connect and disconnect with different device id's as it goes. This rapid connecting and disconnecting overloads the "HEAP" with code but not really (some code deletes itself) leaving enough room to place a special segment in there which opens a door for the "Payload" which has the code to add to lv2 gameos to tell it that its ok to install packages, other os, BD emulation e.t.c.
huge question. My friend has one of the phones which has a completed PSfreedom program. Can I use his phone to jailbreak my PS3 properly, then use my incomplete iphone PSfreedom to start the exploit?
no, of course... but good news - kernel for 3g is prooved to working with BM!
from IPhoneLinux wiki
Update #4 [13.09.2010]: iphone3g binary above works with backup manager! I think NTAuthority is compiling for iTouch 1G, I don't have a kernel compiled for iPhone2G but you can try the 3G binary on your 2G (I think it should work?)
Last edited by mklie; 09-13-2010 at 10:43 AMReason: Automerged Doublepost