143w ago - Earlier today we reported that the PSJailBreak PS3 modchip is
easily dumped and that
PSJailBreak clones are already on the way, and now some PlayStation 3 developers are working on reverse-engineering the costly USB device in hopes to make a less expensive or free scene alternative available soon.
Tsujin,
knightsolidus and
bushing have made brief attempts at determining the PSJailBreak IC chip and pin-out, while
Neme6 of Logic-Sunrise (linked above) has also shared his findings thus far.
More pictures are available
HERE for those curious, and to quote, roughly translated on the linked pics:
"Many teams are studying the JSP to try to clone a low cost and how it works. From the photos released, I tried to determine the electronic design of PSJ.
Here is the result of my work and my observations. Feel free to post if can lighten the shadows that remain.
First ICP is probably the type PIC18F declination 4455, 4550, 4458, 4553. The size of the EEPROM is 256 bytes."
Comments:
Components (red dots)
A: Resistor, 1K
B: LED
C: LED
D: Resistor, 1k
E:?? Resistor ?? Resistor??
F:?? Capacitor ?? Capacitor??
G:?? Resistor ?? Resistor??
H:?? Resistor ; 1K (Pullup resistor) ?? Resistor, 1K (pullup resistor)??
I:?? Capacitor ?? Capacitor??
J: Capacitor, 100nF (Decoupling cap)
. . : XTAL
• The blue dots A, B and D control the LEDs.
• The blue dots ¤ K, L, G and H are for power (Vdd, Vss).
• I suppose the blue dots M, I and J are to program the PIC (ICPGC, ICPGD, / MCLR).
• Points E and F are blue and OSC1 OSC2. They should be connected to XTAL (orange dots A and B).
• And the GND (file alpha) through two 22pF capacity.
• The orange dot ¤ F, there should be a link with USB.D-(I can not quite see from the photos).
• Maybe the orange dot at point C is connected blue M (ICPGC).
• Maybe the orange dot C is connected to pin 33 (/ ICRST).
• I guess the orange dot E is connected to a via (through hole) noted alpha.
I tried adding game_bg_overlay=0 to the config.bin file but that didn't work either. There used to be a view mode called "Game list (user backgro...
lol but I like money
With Geo's exploit, we're bank robbers standing in front of a teller telling them to give us the money. We still have to rely on the teller to retrieve the money, and they could easily be pushing the silent alarm button while we wait. We only have access to limited funds.
With the Jailbreak, we're in the bank after hours, at the vault door. While we're not technically "in the money" yet, we're close enough now where we can start to work our way through the door and have access to almost unlimited funds. As we're not having to deal with a middle man of sorts, we can throw everything at the door until the hinges finally break.
The ultimate goal? To get ahold of the bank manager's code (the systems's encryption keys) and voila, we're rich, biatch! While this last step may still prove to be nigh impossible, our chances of running exploits as unsigned code and elevating our privileges to "bank manager" status are greater than just poking at the memory registers or gleaming data from the SPEs.
lmao, looks like you should stop focusing on money for a bit
Hi,
That has always been a false belief, but popular, Install package worked perfectly on retail hybrid pseudo-debug consoles, I assure you I had occasion to check on several units and save images from a couple of years ago that I show to see if you like, note also that I could install pkg retail, also other functions were also fully operational as bd_emu format, change button, region seting, free HDD space, free space fake, check game column, etc.It was my own experience, real time later when I debug I could see that actually worked a few options.
I'm not quite sure.. From what I understand, unsigned code is only ran in 'game' or 'user' mode and we're limited in what can be achieved through this mode. Updates and other core stuff requires higher privileges. It's like the PSP: we couldn't do much with user mode exploits, kernel exploits were needed to flash custom firmwares.
What's neat to consider here though is, even though the PKGs are ran in game/user mode, it essentially puts our foot in the door, possibly allowing us to elevate privileges. With Geo's exploit, we were only able to "peek" at privileged HW functions, and not necessarily modify them in any useful way. For a simpler explanation, think of it like this:
With Geo's exploit, we're bank robbers standing in front of a teller telling them to give us the money. We still have to rely on the teller to retrieve the money, and they could easily be pushing the silent alarm button while we wait. We only have access to limited funds.
With the Jailbreak, we're in the bank after hours, at the vault door. While we're not technically "in the money" yet, we're close enough now where we can start to work our way through the door and have access to almost unlimited funds. As we're not having to deal with a middle man of sorts, we can throw everything at the door until the hinges finally break.
The ultimate goal? To get ahold of the bank manager's code (the systems's encryption keys) and voila, we're rich, biatch! While this last step may still prove to be nigh impossible, our chances of running exploits as unsigned code and elevating our privileges to "bank manager" status are greater than just poking at the memory registers or gleaming data from the SPEs.