144w ago - A few weeks back we reported on the PS JailBreak PS3 exploit reverse engineering followed by the PSJailBreak PS3 exploit payload, and today naehrwert has focused on the PSJailBreak payload itself, as follows:
PSJailbreak Payload Reverse Engineering
Here's my understanding of what the exploit playload does:
1. it gets control at exploit_entry, which copies the rest of the payload to the fixed address 0x8000000000700000 and jumps to exploit_main.
2. exploit_main copies a resident part of the payload to another location, creates virutal usb device driver called "mod" with 3 functions, hooks some vsh functions via toc entry and does some permanent in-ram patching. when the work is done it zeroes itself out.
3. the resident part has basically 3 purposes: it manages virtual usb device, it does some on-the-fly patching and it hooks all the game disk file accesses from the vsh.
a. the virtual usb device is needed to make sure the original ps3jb device in plugged in. once the correct device is plugged (the one with the AAAAC0DE) device...
147w ago - Earlier today we reported that the PSJailBreak PS3 modchip is easily dumped and that PSJailBreak clones are already on the way, and now some PlayStation 3 developers are working on reverse-engineering the costly USB device in hopes to make a less expensive or free scene alternative available soon.
Tsujin, knightsolidus and bushing have made brief attempts at determining the PSJailBreak IC chip and pin-out, while Neme6 of Logic-Sunrise (linked above) has also shared his findings thus far.
More pictures are available HERE for those curious, and to quote, roughly translated on the linked pics:
"Many teams are studying the JSP to try to clone a low cost and how it works. From the photos released, I tried to determine the electronic design of PSJ.
Here is the result of my work and my observations. Feel free to post if can lighten the shadows that remain.
First ICP is probably the type PIC18F declination 4455, 4550,...