How exactly does the jailbreak work???

**blazie151** · 01-06-2011,12:42 PM

I'm a PC tech, mainly hardware work, and have been tinkering around with programming since qbasic (never learned C++ though). I have a solid knowledge of computers and hardware, yet I've never gotten into the scene of console modding. I've used the mods plenty, but never actually contributed. Now, I'm thinking about trying to expand my knowledge in to console realm, and need some explaining.

When the jailbreak runs, I understand that it exploits a piece of code in the bootup of the system, most likely with a buffer overflow, and allows unsigned code to run, then it inserts a few commands (syscalls) that are not normally found in the system. I can imagine that its only modified in run time memory, or else the JB wouldn't need to run each time. I could assume that much since the launch of the first dongle, but what surprises me is thats about all I can find online. My question is, how exactly is the system modified? What specific files are modified, and in what way?

**blazie151** · 01-08-2011,11:21 AM

bump... Still would like some info on how exactly the ps3 system is modified by the psgroove code. I tried looking up the source code but the core functionality is illuding me (mainly cause I have no access to github or the ability to uncompress gzip files from work, so I'm relying on cached google pages). If someone could post the portion of code that actually exploits the ps3, I could probably figure it out.

**Blade86-PSG** · 01-08-2011,04:49 PM

Yeah, plz. Someone who knows that PLEASE HELP!
It would be fantastic to have syscalls on 3.55 through a new .hex file for the dongle and a new lv2diag.self file for the FW.
lv2diag.self posted on geohot.com could help, since it allows unsigned code to be run, but we still need syscalls ;(

***electriZer*** · 01-08-2011,07:15 PM

psgroove.c File
http://pastebin.com/egryfeyJ

im reading it, too
i wanna try to build that into a cfw :'D

[edit]
wrong source..
look at PL3
https://github.com/kakaroto/PL3
psgroove is using PL3, PL3 is the "jailbreaker" and psgroove just the fw for the usb dongle

[edit2]
look here

**Blade86-PSG** · 01-08-2011,08:17 PM

Nice one *electriZer* ...
Now we need to apply this to 3.55. blazie151, it's your time now...

**Dabora3003** · 01-08-2011,11:19 PM

I'm going to give a unique answer.

"How exactly does the jailbreak work???"

Magic.
or how about
Very Carefully.

**Jassbag-PSG** · 01-09-2011,04:48 AM

http://ps3wiki.lan.st/index.php/PSJa...se_Engineering

**blazie151** · 01-17-2011,05:17 PM

Well, I was afraid of this... If I knew 1/4 of what I know about VB and ASP.net in C++ I'd be useful, that source code definitely contains the info I was looking for. I know enough C++ to see the exploit and some of how it works, but its not modifying the files directly, its modifying the memory addresses, which I wouldn't know how to convert into a lvl2.self patch. Guess we'll all have to wait for someone to take wan's bricking cfw with a small chance of a working backup manager but inability to install signed packages, and geos package only cfw with no backup support, and combine em into something great (breath after long winded and annoyingly accurate run on sentence). Its frustrating that I don't know enough about the memory allocations and C++ programing to do it myself...

Time to hit the books. C++ for dummies here I come, lol.

User Tag List

Thread: How exactly does the jailbreak work???

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!