Open Source PS3 Jailbreak Released 226
tlhIngan writes "Despite all the lawsuits and injunctions by Sony to keep the PS3 Jailbreak out of modder's hands, it appears that a third party has made a clone. The best part is, it only requires a cheap (approximately $40) development board by Atmel, and the requisite software is open-source. Get the Atmel code from GitHub and apply a small patch which will enable backup play (the code by itself only lets you run unsigned code, the patch allows for BD backups). The code is GPLv3. It would be highly ironic if someone ported this to Linux USB Gadgets, then you could use a Linux device to jailbreak your PS3, to which Sony removed Linux functionality. An Android phone would be suitable."
Re:simple solution (Score:1, Informative)
Not only is it too late to have that happen on PS3s, but they do used signed firmware, look into how the exploit (and firmware singing, and even the intial hypervisor jailbreak that lead to Other OS being removed) before you start discussing what Sony should do.
Do you think it would have taken this long if all someone had to do was just modify the firmware and reupload it?
Re:Hehehe (Score:3, Informative)
I can't understand why any of you own a PS3 in the first place.
Really? I mean.......really? You can't think of a single reason why anyone would want one?
Re:Hehehe (Score:2, Informative)
Because we like the games?
And the other alternative charge to play online?
And the other alternative has not the games we like?
And the other alternative is buying a computer? (which also may not have the games we like)
I own only a Wii but I have a PS3 in my wallet's sight :)
I have been thinking between buying an Xbox or a ps3... but after xbox live price increment, the PS3 has more and more points (free netplay, blueray, better graphics... and soon homebrew)
Re:Just how does this exploit work? (Score:2, Informative)
The USB dongle is a microcontroller that emulates a 6-port USB hub. It works by attaching a sequence of fake USB devices with large configuration descriptors, one of which contains the exploit payload. The sequence of USB connections and disconnections results in a heap overflow that eventually results in the exploit code being executed with root privileges. Sony can indeed patch the hole and surely will in the next firmware update. I believe that the open-source version disables automatic firmware updates, but I might be wrong.
Re:Hehehe (Score:2, Informative)
I can't understand why any of you own a PS3 in the first place.
Really? I mean.......really? You can't think of a single reason why anyone would want one?
Well, the single reason I can think of is hating Microsoft more than Sony. It's tough call though.
Who do you hate more, the guy that killed mommy or the guy that killed daddy? (Think of this as a lyrical exaggeration, of course)
Re:Hehehe (Score:5, Informative)
Now, let's get working!
http://kakaroto.homelinux.net/2010/08/psjailbreak-usb-gadget-kernel-driver/ [homelinux.net]
There you go. Still not released, but well underway (check the blog for updates).
This exploit is beautiful (Score:5, Informative)
http://www.ps3news.com/PS3-Dev/ps-jailbreak-ps3-exploit-reverse-engineering-is-detailed/ [ps3news.com]
It emulates a six-port hub and connects/disconnects devices with corrupted descriptors (that have their size changed on-the-fly!) in a particular order to smash the Heap so you can use a corrupted malloc boundary tag to overwrite the call to free() so that after the failed Jig authentication tries to release the memory allocated for the cryptographic response it will launch the shell code that was dropped into memory using a USB descriptor.
It brings a tear to my eye. Truly, one of the most beautiful things I ever had the privilege of understanding.
Re:Hehehe (Score:1, Informative)
IBM made the PS/2, Sony makes the PS2.
Re:Hehehe (Score:2, Informative)
Just as long as you realize you're supporting a conglomerate that is actively trying to remove all your rights concerning copyright, among others.
To put it more bluntly, you're giving money to a lobbyist group so they can screw you with it.
Re:Let's make this easier for everyone... (Score:3, Informative)
If it's one of the usual Atmel parts, you can probably use Digi-Key.ca
Extremely fast shipping, no customs fees.
Re:This exploit is beautiful (Score:3, Informative)
This isn't really a buffer overflow in the sense of smashing the stack. There's no strcmp or anything that the programmer forgot to do a bounds check on. It relies on corrupting the malloc boundary tag.
In fact, USB descriptors have a size field built into them. One of the elegant aspects of the exploit is that the descriptors are read *twice* by the PS3, and the size is being changed in between the two reads.
Re:simple solution (Score:3, Informative)
For a bug like that, any price is unreasonable.
Re:simple solution (Score:1, Informative)
If you allow the homebrew crowd to do what they want, they arent motivated to make jailbreak tools that pirates then use to run ISO dumps.
Most pirates arent motivated to do the jailbreaking part, which is why they wait for the homebrew crowd to do it for them.
Re:simple solution (Score:3, Informative)
That's because OtherOS was crippleware.
Homebrew in that sense had to run without the aid of the Cell that the hypervisor blocked access to.
Native, Sony approved games still had full access.
Re:Hehehe (Score:5, Informative)
Microsoft's problem is that unlike OSX where apps generally put things in one place (documents in a documents folder, settings in settings files etc), on Windows, its impossible to know where apps may have put things.
Some apps put their settings in the registry under HKEY_CURRENT_USER
Some apps put their settings in the registry under HKEY_LOCAL_MACHINE
Some apps put their settings in a config file in the windows or my documents folders.
Some apps put their settings in a config file in their own folder.
Some do all of the above.
Not to mention all the apps that do things like register COM objects, install system services and who knows what else.
Re:Hehehe (Score:3, Informative)
Blu-Ray is not a monopoly any more than "Sun's" Java is. There are other vendors than Sony to buy Blu-Ray from.
And even if it were, Blu-Ray doesn't exert anywhere near the influence over IT as Microsoft does - if any at all.
Re:Hehehe (Score:3, Informative)
Nice way to condone piracy idiot... let's not pretend anyone wants to use for the things like Homebrew.
Fsck off, troll.
Some of us DO want to use it to keep our legitimate games libraries on hard disk. There's zero technical or legal reason that the machine shouldn't do this, it's just an annoying DRM measure. I know defeating DRM is itself now illegal, but that's a travesty of justice IMHO and not a law I will respect.
So you can go on about condoning piracy all you like (and I know that a lot of people will pirate whatever they can get their hands on) but it's not everyone that's interested in this mod. I can do this with the PS2, I could (if I had more than 1 game) do it on the Wii (where it an also do things like bypass annoying region codes).
Frankly a PSN ban wouldn't be too much hassle. I never play online multiplayer and new games that require firmware updates usually come with them on disk, or they can be downloaded from a PC. So long as Sony don't actually brick these jailbroken PS3 consoles, which they may, then I don't actually care that much.
Re:Hehehe (Score:3, Informative)
And it wasn't just "a particular CD"; it was a nice list of titles [eff.org]; 102 different albums in total according to Wikipedia. Millions of CDs. MediaMax alone went out on 20 million discs.
Your point that other IT concerns outweigh the problems with Sony's rootkit is valid, but you're comparing apples and oranges here. And the way you dismissed the seriousness of the rootkit makes you look like a fool or someone with an agenda.