PS JailBreak Mod Code Sniffed via USB, Logged and Examined

Category: PS3 Hacks & JailBreak By: Karl69 - (ps3news.com)
Tags: ps jailbreak mod code ps jailbreak sniffed ps jailbreak logged ps jailbreak dump examined

142w ago - A few days ago PS JailBreak was reverse-engineered, and today Descrambler sniffed the USB traffic and shared the log.

I don't know that much about the USB protocol, but I think this is what happens:

• The PSJailbreak is inserted
• It connects with the host (PS3) and sends 09 02 12 00 01 00 00 80 + all the bytes from the first packet starting at 0008 up to 00EFF.
• The stack is overwritten and the PS3 jumps into code from the packet
• The Atmega sends a "USB Disconnect command"
• The last three steps are repeated four times

• It connects with the host and sends 09 02 4D 0A 01 01 00 80 + the bytes from the second packet starting at 0008 up to 0A4C
• The stack is overwritten and the PS3 jumps into code from the packet
• The Atmega sends a "USB Disconnect command"
• The last three steps are repeated twice.

Voilà... The PS3 is in "Debug Mode".

Apparently the third and fourth byte of the after the 09 02 are the numbers of bytes to be sent. At least this goes for the second log (4D 0A->0A4D bytes)...

The first 8 bytes are from the usb protocol left [09 02 ... ]

The code will be pushed four times onto ps3 usb stack:

00000: 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
00010: 02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
00020: 38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
00030: 64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
00040: 28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
00050: 4E 80 04 20 00 00 00 00 00 00 00 00 00 00 00 00
00060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00080: 7C 08 02 A6 F8 21 FF 61 FB 61 00 78 FB 81 00 80
00090: FB A1 00 88 FB C1 00 90 FB E1 00 98 F8 01 00 B0
000A0: 3B E0 00 01 7B FF F8 06 7F E3 FB 78 64 63 00 05
000B0: 60 63 0B 3C 7F E4 FB 78 64 84 00 70 60 84 01 AC
000C0: 38 A0 04 FA 4B 97 BF 59 7F E3 FB 78 64 63 00 05
000D0: 60 63 0B 3C 38 63 00 20 4B 9D 22 01 7F E3 FB 78
000E0: 64 63 00 05 60 63 0B 3C 7F E4 FB 78 64 84 00 2E
000F0: 60 84 B1 28 38 63 00 10 F8 64 01 20 7F E5 FB 78
00100: 64 A5 00 70 60 A5 01 50 80 65 00 00 28 03 00 00
00110: 41 82 00 18 80 85 00 04 7C 63 FA 14 90 83 00 00
00120: 38 A5 00 08 4B FF FF E4 48 00 05 88 F8 21 FF 51
00130: 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
00140: F8 01 00 C0 3B C0 07 D0 3B E0 00 C8 4B 90 A9 B8
00150: 00 04 90 E0 E8 82 0F 08 00 04 90 E4 E8 7C 00 20
00160: 00 04 90 E8 F8 64 00 00 00 04 F0 A8 48 00 1A 9D
00170: 00 2A AF C8 4B DA 5B 80 00 04 ED 18 38 80 00 00
00180: 00 04 ED 1C 90 83 00 00 00 04 ED 20 4E 80 00 20
00190: 00 3B A8 90 01 00 00 00 00 05 05 D0 38 60 00 01
001A0: 00 05 05 D4 4E 80 00 20 00 00 00 00 38 60 00 01
001B0: 4E 80 00 20 48 00 02 78 48 00 01 EC 80 00 00 00
001C0: 00 05 0C A8 80 00 00 00 00 33 E7 20 80 00 00 00
001D0: 00 05 10 32 80 00 00 00 00 05 0B 7C 80 00 00 00
001E0: 00 05 0B 8C 80 00 00 00 00 05 0B 9C 80 00 00 00
001F0: 00 05 0B D4 80 00 00 00 00 33 E7 20 80 00 00 00
00200: 00 05 0C 1C 80 00 00 00 00 33 E7 20 80 00 00 00
00210: 00 05 0C 78 80 00 00 00 00 33 E7 20 80 00 00 00
00220: 00 05 0C 84 80 00 00 00 00 33 E7 20 00 00 00 00
00230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00240: 00 00 00 00 F8 21 FF 81 7C 08 02 A6 F8 01 00 90
00250: 38 80 00 00 38 A0 00 01 48 08 1D B1 80 A3 00 08
00260: 38 60 00 00 3C 80 AA AA 60 84 C0 DE 7C 04 28 40
00270: 41 82 00 08 38 60 FF FF 7C 63 07 B4 E8 01 00 90
00280: 7C 08 03 A6 38 21 00 80 4E 80 00 20 F8 21 FF 81
00290: 7C 08 02 A6 F8 01 00 90 38 80 00 00 48 08 1D 99
002A0: 38 81 00 70 38 A0 00 00 F8 A4 00 00 38 C0 21 AA
002B0: B0 C4 00 00 38 C0 00 00 B0 C4 00 06 38 C0 00 01
002C0: 78 C6 F8 06 64 C6 00 05 60 C6 0B AC 38 E0 00 00
002D0: 48 08 1C CD 38 60 00 00 E8 01 00 90 7C 08 03 A6
002E0: 38 21 00 80 4E 80 00 20 38 60 00 00 39 60 00 FF
002F0: 44 00 00 22 2C 03 00 00 40 82 00 1C 38 60 00 01
00300: 78 63 F8 06 64 63 00 05 60 63 0B BC 38 80 00 01
00310: 90 83 00 10 4E 80 00 20 F8 21 FF 31 7C 08 02 A6
00320: F8 01 00 E0 FB E1 00 C8 38 81 00 70 48 16 2E 81
00330: 3B E0 00 01 7B FF F8 06 67 FF 00 05 63 FF 0B BC
00340: E8 7F 00 00 2C 23 00 00 41 82 00 0C 38 80 00 27
00350: 48 01 17 E9 38 80 00 27 38 60 08 00 48 01 13 9D
00360: F8 7F 00 00 E8 81 00 70 4B FF C5 F9 E8 61 00 70
00370: 38 80 00 27 48 01 17 C5 E8 7F 00 00 4B FF C6 0D
00380: E8 9F 00 00 7C 64 1A 14 F8 7F 00 08 38 60 00 00
00390: EB E1 00 C8 E8 01 00 E0 38 21 00 D0 7C 08 03 A6
003A0: 4E 80 00 20 F8 21 FF 61 7C 08 02 A6 FB 81 00 80
003B0: FB A1 00 88 FB E1 00 98 FB 41 00 70 FB 61 00 78
003C0: F8 01 00 B0 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01
003D0: 7B FF F8 06 7F A3 EB 78 7F E4 FB 78 64 84 00 05
003E0: 60 84 10 28 38 A0 00 09 4B FF C5 CD 28 23 00 00
003F0: 40 82 00 34 67 FF 00 05 63 FF 0B BC 80 7F 00 10
00400: 28 03 00 00 41 82 00 20 E8 7F 00 00 28 23 00 00
00410: 41 82 00 14 E8 7F 00 08 38 9D 00 09 4B FF C5 45
00420: EB BF 00 00 7F A3 EB 78 48 25 A2 38 7C 08 02 A6
00430: F8 21 FE 61 FB 61 00 78 FB 81 00 80 FB A1 00 88
00440: FB C1 00 90 FB E1 00 98 F8 01 01 B0 7C 7D 1B 78
00450: 7C 9E 23 78 3B E0 00 01 7B FF F8 06 EB 82 96 00
00460: EB 9C 00 68 EB 9C 00 18 EB 62 0F 08 E9 3D 00 18
00470: 81 29 00 30 79 29 84 02 2C 09 00 29 40 82 00 58
00480: E8 9C 00 10 78 85 C1 E4 78 A5 46 20 2C 05 00 FF
00490: 41 82 00 18 60 84 00 03 F8 9C 00 10 38 60 00 06
004A0: 90 7E 00 00 48 00 00 14 60 84 00 02 F8 9C 00 10
004B0: 38 60 00 2C 90 7E 00 00 80 BC 00 04 E8 9C 00 08
004C0: E8 7B 00 00 7D 23 2A 14 F9 3B 00 00 48 02 B1 C1
004D0: 48 00 00 C4 7F A3 EB 78 7F C4 F3 78 4B FF D9 B1
004E0: 7F FD FB 78 67 BD 00 05 63 BD 0B D0 80 7D 00 00
004F0: 80 BC 00 04 7C 63 2A 14 90 7D 00 00 E8 9C 00 10
00500: 78 85 C1 E4 78 A5 46 20 2C 05 00 FF 40 82 00 88
00510: E8 7B 00 00 38 80 00 00 38 C0 00 00 7C E3 22 14
00520: 80 A7 00 00 7C C6 2A 78 38 84 00 04 28 24 04 00
00530: 40 82 FF EC 80 7D 00 00 78 C6 07 C6 7C C6 1B 78
00540: 38 60 00 00 90 7D 00 00 7F E7 FB 78 64 E7 00 05
00550: 60 E7 0F 70 E8 67 00 00 28 23 00 00 41 82 00 38
00560: 38 E7 00 10 7C 23 30 40 40 82 FF EC E8 A7 FF F8
00570: E8 FB 00 00 80 65 00 00 28 03 00 00 41 82 00 18
00580: 80 85 00 04 7C 63 3A 14 90 83 00 00 38 A5 00 08
00590: 4B FF FF E4 38 60 00 00 EB 61 00 78 EB 81 00 80
005A0: EB A1 00 88 EB C1 00 90 EB E1 00 98 E8 01 01 B0
005B0: 38 21 01 A0 7C 08 03 A6 4E 80 00 20 F8 21 FF 51
005C0: 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
005D0: F8 01 00 C0 3B C0 0F A0 3B E0 00 C8 4B FB 9B 98
005E0: A0 55 6F 3D 00 2C B8 FD 80 00 00 00 00 05 0F B8
005F0: 8C 0A 94 8C 00 0D 99 B1 80 00 00 00 00 05 0F E0
00600: A2 BC 1A 56 00 05 2A DC 80 00 00 00 00 05 10 04
00610: 6B 70 28 02 00 02 00 17 80 00 00 00 00 05 0F D4
00620: 00 00 00 00 00 00 00 00 00 30 53 54 38 60 00 82
00630: 00 5F 3F C0 38 60 00 01 00 5F 3F C4 4E 80 00 20
00640: 00 00 00 00 00 02 ED 0C 3B A0 00 01 00 00 00 00
00650: 00 22 B8 88 5F 74 6F 6F 00 22 B8 8C 6C 32 2E 78
00660: 00 22 B8 90 6D 6C 23 72 00 22 B8 94 6F 6F 74 00
00670: 00 00 00 00 00 0D 68 B8 5F 74 6F 6F 00 0D 68 BC
00680: 6C 32 2E 78 00 0D 68 C0 6D 6C 23 72 00 0D 68 C4
00690: 6F 6F 74 00 00 00 00 00 2F 64 65 76 5F 62 64 76
006A0: 64 00 6D 6F 64 00 00 00 00 00 00 00 00 00 00 00
006B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
006C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
006D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
006E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
006F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00700: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00710: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00720: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00730: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00740: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00750: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00760: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00770: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00780: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00790: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
007A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
007B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
007C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
007D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
007E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
007F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00800: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00810: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00820: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00830: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00840: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00850: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00860: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00870: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00880: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00890: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
008A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
008B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
008C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
008D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
008E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
008F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00900: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00910: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00920: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00930: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00940: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00950: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00960: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00970: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00980: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00990: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
009A0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
009B0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
009C0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
009D0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
009E0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
009F0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00A20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00A30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00A60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00A70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00A80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00A90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00AA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00AB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00AC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00AD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00AE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00AF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00B20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00B30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00B60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00B70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00B80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00B90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00BA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00BB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00BC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00BD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00BE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00BF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00C20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00C30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00C60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00C70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00C80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00C90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00CA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00CB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00CC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00CD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00CE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00CF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00D20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00D30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00D60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00D70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00D80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00D90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00DA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00DB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00DC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00DD0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00DE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00DF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E00: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E10: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00E20: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00E30: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E40: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E50: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00E60: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00E70: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00E80: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00E90: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00EA0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00EB0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
00EC0: EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
00ED0: 38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
00EE0: 38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
00EF0: EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90

After that they push this two times on the stack to run the code via disconnect/reconnect usb devices on the bus.

00000: 09 02 4D 0A 01 01 00 80 01 09 04 00 00 00 FE 01
00010: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00020: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00030: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00040: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00050: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00060: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00070: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00080: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00090: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
000A0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
000B0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
000C0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
000D0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
000E0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
000F0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00100: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00110: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00120: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00130: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00140: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00150: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00160: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00170: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00180: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00190: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
001A0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
001B0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
001C0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
001D0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
001E0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
001F0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00200: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00210: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00220: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00230: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00240: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00250: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00260: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00270: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00280: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00290: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
002A0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
002B0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
002C0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
002D0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
002E0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
002F0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00300: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00310: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00320: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00330: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00340: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00350: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00360: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00370: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00380: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00390: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
003A0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
003B0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
003C0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
003D0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
003E0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
003F0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00400: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00410: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00420: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00430: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00440: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00450: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00460: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00470: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00480: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00490: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
004A0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
004B0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
004C0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
004D0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
004E0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
004F0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00500: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00510: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00520: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00530: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00540: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00550: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00560: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00570: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00580: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00590: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
005A0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
005B0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
005C0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
005D0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
005E0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
005F0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00600: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00610: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00620: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00630: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00640: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00650: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00660: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00670: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00680: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00690: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
006A0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
006B0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
006C0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
006D0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
006E0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
006F0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00700: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00710: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00720: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00730: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00740: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00750: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00760: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00770: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00780: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00790: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
007A0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
007B0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
007C0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
007D0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
007E0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
007F0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00800: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00810: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00820: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00830: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00840: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00850: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00860: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00870: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00880: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00890: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
008A0: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
008B0: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
008C0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
008D0: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
008E0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
008F0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00900: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00910: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00920: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00930: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00940: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00950: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00960: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00970: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
00980: 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00990: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
009A0: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
009B0: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
009C0: 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
009D0: 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
009E0: 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
009F0: 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
00A00: FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00A10: 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00A20: 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00A30: 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00A40: 00 FE 01 02 00 09 04 00 00 00 FE 01 02

That's all, folks.

Repost in binary (Thanks Disane) The first 8 bytes are from the usb protocol left [09 02 ... ]

http://www.ps3news.com/forums/attachment.php?attachmentid=21111

ASCII binary (Thanks xCoder)

http://www.ps3news.com/forums/attachment.php?attachmentid=21116

Here's an improved disassembly by crazyc.

http://www.ps3news.com/forums/attachment.php?attachmentid=2111

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

113 Comments - Go to Forum Thread »

#98 - mushy409 - 142w ago

Ah, but if they all come on the same bill then they are 1! (Damn Sky advert)

Anyways, yes the solution is probably staring us straight in the mush (no pun intended) The code for this JB dongle may have been leaked by someone involved/in contact with the JB device.

I'm sure many of the chinese companies have access to people/equipment who can duplicate pretty much ANYTHING electronics wise. For example:

Mobile phones - Ripped off by the Chinese
Modchips - Ripped off by the Chinese
Ipods - Ripped off by the chinese

Do I need to continue?

The main objective here is to get the code from the atmel - decapping/glitching/begging whatever.

For now I'm off to do some research and dig out my old AVR programmer...

@tripellex - good luck with the decapping

#97 - Bulldogzz - 142w ago

As i stated previously, if not acknowledged, the most simplistic it could be, is overflowing the buffer, which we have code for (Even if the code is a little, 'damaged'), then overwriting return address to execute user provided code which changes a je to a jmp asm wise, I mean I doubt it's that simple but hell, that's simplistic for you.

#96 - mushy409 - 142w ago

Sorry forgot to mention:

@tripellex
I used 95% nitric to decap them. I know some people prefer different strengths depending on how keen you are to get at the die

Best method I found was to go at it slowly, check after each acid bath & be VERY VERY gentle when/if you need to scrape.

#95 - tripellex - 142w ago

On a related note, I have a feeling that we're all working way too hard here to disassemble this thing, when the solution must be extraordinairily simple. How else would so many generic clones start popping up so quickly? We're overcomplicating the process, and just need to find the same solution the clone makers came up with.

#94 - mushy409 - 142w ago

Originally Posted by whinis

Could we possibly use the ps3 to generate custom pups after we flash it?

No. Where in this topic do you see the mentioning of FLASHING? This is different to your typical ad-mag / Ebay "I'll flash your xbox for £20.." jobby.

@tripellex
I've done this a few times with PICs and a few older atmels, but to be honest it's been a while since I did anything like this (4-5 years+)

I've turned my attention to other areas nowadays. Although I do have a few friends who study electronics at grad level so may have access to the kind of equipment required.

I would imagine once (if) we have decapped the atmel & dumped the contents we can start to disassemble the code PROPERLY to understand how it communicates to the host (ps3) and what timings etc are used.

Page 4 of 23 «‹1 2 345 6 7 8 9 ›LAST »

Related PS3 News and PS3 CFW Hacks or JailBreak Articles

• PSPMinis / PS3Minis / Bite v1.5.1 Update for PS3 is Now Released
• PS3 Fan Control Utility v1.7 for PS3 CFW CEX 3.41 to 4.41 Arrives
• PSPMinis / PS3Minis / Bite v1.5 for PS3 with PSP Homebrew Support
• PS3 Fan Control Utility v1.6 for PS3 CFW CEX 3.41 to 4.40 Arrives
• OpenSCETool (OSCETool) v0.9.2 By SpacemanSpiff for PS3 is Released
• PUAD GUI v1.5 - PS3 PUP Unpacker, Repacker and Decrypter Out

PlayStation 3 Links
• Contact Us E-Mail
• PS3 Affiliates
• PS3 CFW & MFW
• PS3 Debug Firmware
• PS3 Decrypted PSN Links for CFW
• PS3 Downloads
• PS3 EBOOT.BIN Original File Links
• PS3 Firmware
• PS3 Game Releases List
• PS3 Guides & Tutorials
• PS3 Hacking Guides and Tutorials
• PS3 Hacks & JailBreak
• PS3 Help & Support
• PS3 JailBreak Game Compatibility List
• PS3 JB2 / True Blue (TB) Game Links
• PS3 multiMAN Updates
• PS3 News Forums
• PS3 News Site FAQ
• PS3 News Site Advertising FAQ
• PS3 News Site Posting FAQ
• PS3 News Site Privacy FAQ
• PS3 News Site Rules
• PS3 News Site Tag Cloud
• PS3 News Site Terms
• PS3 Resources
• PS3 Reviews
• PS3 Save Files Repository
• PS3 Themes
• PS3 Trophies List
• PS3 Videos
• PS Vita Trophies List

PlayStation 3 News Discussions

PS3 questions, been out of the loop help? - 15m ago

Well this is no good. I tried installing Rebug D-Rex 4.30.2 but kept getting an error that it's corrupt from the main update screen and from the recov...

By Neo Cyrus with

5 Comments »

ps3 HELP - 25m ago

Ok for 3.41 dongle you had fixes for 3.41 Now that your on 3.55 Kmeaw you will need 3.55 fixes and you don't need the dongle Some games had the same...

By windrider42 with

2 Comments »

The Yes/No question thread - 3h ago