Sponsored Links

Sponsored Links

PSJailBreak Reverse-Engineering Details Begin to Surface


Sponsored Links
210w ago - Earlier today we reported that the PSJailBreak PS3 modchip is easily dumped and that PSJailBreak clones are already on the way, and now some PlayStation 3 developers are working on reverse-engineering the costly USB device in hopes to make a less expensive or free scene alternative available soon.

Tsujin, knightsolidus and bushing have made brief attempts at determining the PSJailBreak IC chip and pin-out, while Neme6 of Logic-Sunrise (linked above) has also shared his findings thus far.

More pictures are available HERE for those curious, and to quote, roughly translated on the linked pics:

"Many teams are studying the JSP to try to clone a low cost and how it works. From the photos released, I tried to determine the electronic design of PSJ.

Here is the result of my work and my observations. Feel free to post if can lighten the shadows that remain.

First ICP is probably the type PIC18F declination 4455, 4550, 4458, 4553. The size of the EEPROM is 256 bytes."

Comments:

Components (red dots)
A: Resistor, 1K
B: LED
C: LED
D: Resistor, 1k
E:?? Resistor ?? Resistor??
F:?? Capacitor ?? Capacitor??
G:?? Resistor ?? Resistor??
H:?? Resistor ; 1K (Pullup resistor) ?? Resistor, 1K (pullup resistor)??
I:?? Capacitor ?? Capacitor??
J: Capacitor, 100nF (Decoupling cap)
. . : XTAL

•The blue dots A, B and D control the LEDs.
•The blue dots K, L, G and H are for power (Vdd, Vss).
•I suppose the blue dots M, I and J are to program the PIC (ICPGC, ICPGD, / MCLR).
•Points E and F are blue and OSC1 OSC2. They should be connected to XTAL (orange dots A and B).
•And the GND (file alpha) through two 22pF capacity.
•The orange dot F, there should be a link with USB.D-(I can not quite see from the photos).
•Maybe the orange dot at point C is connected blue M (ICPGC).
•Maybe the orange dot C is connected to pin 33 (/ ICRST).
•I guess the orange dot E is connected to a via (through hole) noted alpha.







Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 39 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

dinzy's Avatar
#34 - dinzy - 210w ago
I'm hoping for a clone that will work on FW 3.15. If this thing does not allow Custom FW then I think there is still value in having OtherOS.

tripellex's Avatar
#33 - tripellex - 210w ago
lmao, looks like you should stop focusing on money for a bit
lol but I like money

BwE's Avatar
#32 - BwE - 210w ago
What's neat to consider here though is, even though the PKGs are ran in game/user mode, it essentially puts our foot in the door, possibly allowing us to elevate privileges. With Geo's exploit, we were only able to "peek" at privileged HW functions, and not necessarily modify them in any useful way. For a simpler explanation, think of it like this:

With Geo's exploit, we're bank robbers standing in front of a teller telling them to give us the money. We still have to rely on the teller to retrieve the money, and they could easily be pushing the silent alarm button while we wait. We only have access to limited funds.

With the Jailbreak, we're in the bank after hours, at the vault door. While we're not technically "in the money" yet, we're close enough now where we can start to work our way through the door and have access to almost unlimited funds. As we're not having to deal with a middle man of sorts, we can throw everything at the door until the hinges finally break.

The ultimate goal? To get ahold of the bank manager's code (the systems's encryption keys) and voila, we're rich, biatch! While this last step may still prove to be nigh impossible, our chances of running exploits as unsigned code and elevating our privileges to "bank manager" status are greater than just poking at the memory registers or gleaming data from the SPEs.

lmao, looks like you should stop focusing on money for a bit

randalf's Avatar
#31 - randalf - 210w ago
It can run unsigned code and it makes all debug options available AND functional (install pkg file will only work on REAL debug/test PS3's, not on pseudo hybrid retail-debug consoles).
Hi,

That has always been a false belief, but popular, Install package worked perfectly on retail hybrid pseudo-debug consoles, I assure you I had occasion to check on several units and save images from a couple of years ago that I show to see if you like, note also that I could install pkg retail, also other functions were also fully operational as bd_emu format, change button, region seting, free HDD space, free space fake, check game column, etc.It was my own experience, real time later when I debug I could see that actually worked a few options.

tripellex's Avatar
#30 - tripellex - 210w ago

I'm not quite sure.. From what I understand, unsigned code is only ran in 'game' or 'user' mode and we're limited in what can be achieved through this mode. Updates and other core stuff requires higher privileges. It's like the PSP: we couldn't do much with user mode exploits, kernel exploits were needed to flash custom firmwares.

What's neat to consider here though is, even though the PKGs are ran in game/user mode, it essentially puts our foot in the door, possibly allowing us to elevate privileges. With Geo's exploit, we were only able to "peek" at privileged HW functions, and not necessarily modify them in any useful way. For a simpler explanation, think of it like this:

With Geo's exploit, we're bank robbers standing in front of a teller telling them to give us the money. We still have to rely on the teller to retrieve the money, and they could easily be pushing the silent alarm button while we wait. We only have access to limited funds.

With the Jailbreak, we're in the bank after hours, at the vault door. While we're not technically "in the money" yet, we're close enough now where we can start to work our way through the door and have access to almost unlimited funds. As we're not having to deal with a middle man of sorts, we can throw everything at the door until the hinges finally break.

The ultimate goal? To get ahold of the bank manager's code (the systems's encryption keys) and voila, we're rich, biatch! While this last step may still prove to be nigh impossible, our chances of running exploits as unsigned code and elevating our privileges to "bank manager" status are greater than just poking at the memory registers or gleaming data from the SPEs.

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News