[Theory] permanent Jailbreak

**user** · 12-13-2010,06:15 AM

now that we can write to dev_flash it will be much easier achieve a permanent jailbreak solution

congratulations JaiCraB and ps3mrenigma, great work!

libfreetype seems to be a weak point, because its known for it's vulnerabilities
I hope somebody manages to patch Lv2 memory using a malformed font file or whatever soon

**DevilGun** · 12-13-2010,06:41 AM

We can NOT write to dev_flash

**user** · 12-13-2010,06:49 AM

yes we can

if you don't believe me read the post of "sk group" at ps3news.

**RatAndDragon** · 12-13-2010,07:01 AM

Originally Posted by DevilGun

We can NOT write to dev_flash

Check out the current hot news.

Turns out that by remounting dev_flash under(or adding multiple mount points for it) under a different name, the hypervisor can be worked around as it doesn't prevent writes to the new mount. If I have understood correctly. Which is really bad design....

**TnA** · 12-13-2010,07:23 AM

Originally Posted by RatAndDragon

Turns out that by remounting dev_flash under(or adding multiple mount points for it) under a different name, the hypervisor can be worked around as it doesn't prevent writes to the new mount. If I have understood correctly. Which is really bad design....

Hahaha@Sony.

Now you see what you get, when you build your software on others (OPEN!) source.
You simply can't know every part of the source.

I agree on what I quoted.
If that's the way how it (the flash 'write-protection') is 'worked around', well done Alejandro Pedro/DAX/M33 and the other person.

...and for/to Sony... EPIC FAIL!

**TitaniumL** · 12-13-2010,07:32 AM

Originally Posted by DevilGun

We can NOT write to dev_flash

Heh.. So much for your confident "NOT"

**chappo** · 12-13-2010,08:03 AM

Originally Posted by DevilGun

We can NOT write to dev_flash

Fail....

**clik.MEK** · 12-13-2010,08:40 AM

If someone has the patience to answer some of my questions, very appreciated.
1) you mount dev_flash (1,2 and3?) to another folder (dev_xxx) on the internal hdd. Then you replace those files in dev_xxx and they get loaded, right? how does this open up write access to the firmware-chip? part of the firmware is not on the hdd, right?

2) kind of follows the first, how is mounting the folders on hdd a permanent solution? sk group confirmed it being permanent, how can that be? the mount point would be reset after reboot, right?

sorry, i'm kinda lost

**user** · 12-13-2010,08:47 AM

Originally Posted by clik.MEK

If someone has the patience to answer some of my questions, very appreciated.
1) you mount dev_flash (1,2 and3?) to another folder (dev_xxx) on the internal hdd. Then you replace those files in dev_xxx and they get loaded, right? how does this open up write access to the firmware-chip? part of the firmware is not on the hdd, right?

2) kind of follows the first, how is mounting the folders on hdd a permanent solution? sk group confirmed it being permanent, how can that be? the mount point would be reset after reboot, right?

sorry, i'm kinda lost

1) you mount dev_flash to dev_Alejandro
hv blocks write access to dev_flash by checking if "/dev_flash" is part of the destinated path which is named dev_Alejandro now (but its still the same device). so the hv just doesn't care about it

2) no, but writing to flash is permanent

**Pockets69** · 12-13-2010,08:57 AM

To OP, don't know if that is possible because the exploit, that allows later to inject the payload, requires the usb ports to be triggered, how can you trigger it if you won't connect anything to the machine, you could inject the payload, but with no exploit the payload won't work if you know what i mean.

Although i heard somewhere that someone was working on it, can't remember where it was about 3 weeks ago if i am not mistaken.

User Tag List

Thread: [Theory] permanent Jailbreak

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!