172w ago - A few days ago PSJailBreak Reverse-Engineering work began, and today German site GamerFreax.de (linked above) has posted a breakdown of the PSJailBreak, how it was reverse engineered and notes that it requires additional hardware to update.
Below is the rough translation of the PS JailBreak reverse-engineering details, to quote:
"We have the PSJailbreak dongle yet again brought out of retirement to put it more precisely Herbs to take a closer look. We tell you here in brief the main steps of the internal process of PSJailbreak.
We can confirm that it can not confirm that PSJailbreak a clone of Sony's "Jig" is module. PSJailbrak is an exploit honest self-developed. The chip is not but a PIC18F444 ATMega with software USB.
This means the chip is internally capable of USB to emulate. PSJailbreak mainly be emulated 6Port a USB hub connected to a specific end USB devices and then disconnected. One of these devices has the ID of Sony's "Jig" module, which means that played in the development of PSJailbreaks the "Jig" module, a certain role.
But let's start at the front: When the PS3 is clamped in the USB emulation device, which has a much too big Configuration Descriptor. This Descriptor überschriebt the stack with a PowerPC contained code that is executed. Now, various USB devices are connected in the emulation. A device has a large 0xAD Descriptor, which is part of the exploit and contains static data.
A short time later (we are moving here in Milisekundenbereich) the jig module is connected, and encrypted data are transmitted to the module jig. A (in Milisekundenbereich) eternity later, the answers Jig 64Byte module with static data, all USB devices are disconnected, a new USB device is connected and the PS3 launches with a new look.
64Byte static data that is emulated by the PS3 64Byte Jig sent to the static data that is emulated by Jig sent to the PS3
Extract from the USB stream Extract from the USB stream (pictured below).
Incidentally PSJailbreak is NOT updateable. The Update feature can be mentioned, if realized at all, only with additional hardware."
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
This is very interesting, it basically means that there is no special hardware involved... all it's doing is use a buffer overflow (exploit found by reading the ps3's kernel code) to inject some code.. the code injected is probably used to override the 'jig authentication procedure' to make it authenticate any given code as the jig.
The fact that this is just a software emulation of the USB means that one can create a 100% free solution, most of us probably already have the necessary hardware, be it a PSP, a PC, or in my case, I'm planning on writing a kernel driver for my N900 that would emulate the dongle.
Yes people can't "change/reprogram" usb flash sticks, but with a powerful device like the N900 (and probably other linux-based (android) phones out there), you can actually 'reprogram' the usb slave device.
Come on people! We need usb dumps, the methodology and algorithms used (which 6 usb ids used, what order, what device name used to overflow the stack, what static 64bytes get sent, etc..)!
Give me the info and I'll give you a kernel package for your N900 to transform it into a dongle!