Open source version of the Play Station 3 Jailbreak

Don’t steal. It’s a lesson that children are taught from the youngest age and a core principle in every society. The PSGroove sets out to follow this mantra in several ways. It is an open source implementation of the PSJailbreak hardware we covered a couple of weeks back. It’s difficult to find a definitive source of information on that hardware but many have speculated that the original device contains stolen code. Whether that’s true or not is moot as the PSGroove doesn’t include the backup manager program alleged to violate copyright.

The device is also aimed at running homebrew, and doesn’t natively allow one to play backups. It runs on a variety of AVR hardware, including the Teensy boards. If you have one of them, it’s just a matter of compiling the code and unlocking the potential of your PlayStation 3.

[Thanks Mark via PS3news]

Comments

  1. Lutzie says:

    About time they made this!

  2. paul says:

    There was no copyright infringement with the PSJB dongle, so please stop spreading that. The developers had explained that a while ago. Furthermore, the device has been reverse engineered and there are several descriptions explaining how the exploit works.

  3. Ps3 says:

    I’ve been monitoring this for awhile now. I was going to buy a dev board last night before code was released. Now, their sold out all over the place till November, I’m kicking myself in the head now…!

  4. andrew says:

    I can’t find any descriptions of how or why this works. Does it put the ps3 into debug mode? There’s some cryptic message about a lv1_panic hypercall, is that the key? What’s going on?

  5. Josh says:

    Awesome they finally figured something out with the ps3. The morons that only want this for piracy need to shut up already before sony puts the hammer down. Also, the name of the device sucks. Jailbreaking is for apple crap, not playstations.

  6. brennanthl says:

    Exactly, I’m really tired of that stupid term “jailbreak” used for any kind of hack. Apple ruins everything.

  7. VV says:

    I know everyone thinks this is mainly about playing… “Backups”. But I’m more interested in playing old consoles in an emulator to be honest!

  8. Frogz says:

    anyone who wanted to pirate on the ps3 could just buy a mod chip right along
    sure its a pain to install but how many people have already done it?
    if it wasnt for homebrew, i wouldnt be able to play mario kart on my psp!
    ironically, not that i really care…
    it is legal for me to do so as i own the original cartridge

  9. gus says:

    This wiki documents how the exploit works. It turns out it’s a heap overflow in the usb stack.

    http://ps3wiki.lan.st/index.php?title=PSJailbreak_Exploit_Reverse_Engineering

  10. Mike Szczys says:

    Wow, that is by far the worst photo I’ve ever put on a post. Sorry everyone.

  11. Punkguyta says:

    What the hell, are we back in 1998 using 160×80 CMOS webcams to take pictures??

  12. andrew says:

    @gus, thanks!!!

  13. brennanthl says:

    @Frogz

    Not true. ROMs are ALWAYS illegal, even if you own a copy of the game. I think the only situation where a ROM would be legal is if it was licensed to you directly from the rights holder. See here for more info:

    http://en.wikipedia.org/wiki/ROM_image#Legal_status

  14. andrew says:

    The fact that the hardware necessary to pull off this hack is sold out all over the place might make it harder for sony to be able to fix the exploit. They’d need to develop their own exploit using different hardware (and thus their own software) until their can get their hands on the PSGroove-compatible hardware.

  15. N0der says:

    Now all we need is a port of the firmware to an arduino and we are all set ;-D.

    Joking aside, there is a software usb stack for arduinos, however it looks as a not so easy task to port the code over…

  16. annon says:

    Having had a hand in some of the Console hacking that has been done this story exemplifies why I stopped making things like this. The devs are bickering and counter releasing each other. This was posted as a cloned psJB which is kind of like saying a pile of frosting is a clone of a wedding cake (ya know minus the whole cake part). This probably spurred the purchase of thousands of teensy++ , all on misinformation.

    It is my opinion that until Game distributors come up with a media that cannot be ruined the desire to play backups of games you own is a legitimate one. All that would need to be offered is a disc exchange program. Mail in your scratched disc , with 5$ to cover the media and get one back that works. Until this happens the industry has no right to expect to prevent it.

  17. RSKuroi says:

    “Don’t steal.”, a lesson learned during childhood… right alongside that other core life lesson;

    “Learn to share.”

  18. annon says:

    Its also worth noting , some one has already patched the “clone” to be an actual clone. But beware Sony will probably utilize their ability to see who is using it, and take appropriate action against them.

  19. chris says:

    Next sony firmware update is gonna ban usb hubs or some similar trick you can bet…

    Easy solution, simply don’t buy closed platforms, if I can’t run my own code on it I aint buying it.

    If enough people do this – manufacturers will soon enough get the idea…

  20. Addidis says:

    Is any one surprised this happened after they removed otheros support?

  21. zero says:

    I hope all this will lead to the ps3 being an “open system” and that we will soon be able to use all of the ps3′s power… although I hate the idea of the ps3 dyeing prematurely, as the psp, because of the dev’s not wanting to work on the system “due to piracy”. All in all, I hope this leads to tons of hacks and homebrew

  22. Addidis says:

    @andrew

    The hardware used to pull this off is simply a USB equipped Micro controller. The teensy++ was just chosen out of a multitude of possible platforms due to its ease of use. A PIC18f14k50 or similar could be used, Assuming the code was ported.

    For another possible piece of hardware that could have been used check out the USBTHUMB.
    http://www.gadgetgangster.com/find-a-project/56?projectnum=240

    The hardware being sold out will not impact sony’s ability to react to this. They could just buy the chip the teensy is modeled on and build the 8$ worth of support circuitry.

  23. Alexander Rossie says:

    @chris,

    I don’t buy anything that doesn’t levitate magically and have a phaser array.

    If enough people do this – manufacturers will soon enough get the idea…

  24. Alexander Rossie says:

    @andrew,
    It’s a heap overflow. *whips out the sock puppets* heap is where programs get extra space from. Like most overflow exploits we place some of our code into the heap and trick the computer into running it.

  25. Philip says:

    The backup manager code is still there, but disabled in the code.

    Changing 0×78, 0×78, 0×78, 0×78 for 0×62, 0×64, 0×76, 0×64 in descriptor.h will reactivate it.

  26. Ps3 says:

    Anyone have any ideas what other dev boards could defiantly be used? Everything is selling out all over the place.

  27. zeropointmodule says:

    hehe.. PS3 supercomputer anyone?

    Even better, for most applications it doesen’t matter if the PS3 has no internet connection and helpfully Sony never included a “kill_ps3_if_no_internet_for_n_days” auto shutdown mechanism..

    Sony is looking more and more like the BORG every day, with the mentality “if we can’t control it no-one can have it”…

  28. DarwinSurvivor says:

    @chris Except that until April of this year we COULD run our own code on it (GPU excluded). It was the REMOVAL of this ability that pissed everyone off and spawned this whole race to fully crack the system.

    I always like the playstation (have a 3 myself), but I’m seriously considering never upgrading to 4 when it comes out after the crap they pulled this year.

  29. Yann Vernier says:

    I tested psgroove (on homebuilt hardware), the exploit does work. It appears possible the exploit itself cannot be patched, but the current payload is firmware version specific (3.41, which I do not have installed). The function I care about (running Linux, which it was sold for) may not need to be, as the payload would then be a boot loader instead of an OS patch, but until that becomes available I’m not updating the firmware.

    I do partly regret giving in and buying a PS3 before they were properly chipped (my initial resolution), but at the pace they were removing features I decided to get an original model while I could. That was before they suddenly decided to destroy features of already sold consoles.

    @brenannthl “ROMs always illegal” is one of those convenient lies told by organizations that profit from it. The article you linked to yourself makes this clearer.

  30. DrAltaica says:

    > Don’t steal. It’s a lesson that children are
    > taught from the youngest age and a core
    > principle in every society.

    Except for all the ones where it isn’t.

    “15 Then upon all other thefts, which were called “not manifest,” they imposed a two-fold penalty.57 16 I recall also that I read in the work of the jurist Aristo,58 a man of no slight learning, that among the ancient Egyptians, a race of men known to have been ingenious in inventions and keen in getting at the bottom of things, thefts of all kinds were lawful and went unpunished.

    17 Among the Lacedaemonians too, those serious and vigorous men (a matter for which the evidence is not so remote as in the case of the Egyptians) many famous writers, who have composed records of their laws and customs, affirm that thieving was lawful and customary, and that it was practised by their young men, not for base gain or to furnish the means for indulgence of amassing wealth, but as an exercise and training in the art of war; for dexterity and practice in thieving made the minds of the youth keen and strong for clever ambuscades, and for endurance in watching, and for the swiftness of surprise.”

    Noctes Atticae by
    A. Cornelius Gellius

  31. TJSomething says:

    I always thought that made it illegal is the distribution part, not the ROM copying part. Therefore, I’m pretty sure the illegal aspect is downloading it, so you’re in the clear if you rip it yourself, like ripping from a CD. However, if there’s proper copy protection (as seen in DVDs, Nintendo DS games, etc.) then you’re violating the DMCA.

  32. idontknow says:

    @Yann Vernier:
    Since this exploit is version specific (3.41), how have you tested it if you have not upgraded your PS3 to this version?
    And have you used Atmega or ported it to another chip?
    Thanks!

  33. finn says:

    Josh and brennanthl:

    A jailbreak is the act or tool used to perform the act of breaking out of a chroot or jail in UNIX-like operating systems or bypassing digital rights management (DRM).

    The FreeBSD jail mechanism is an implementation of operating system-level virtualization that allows administrators to partition a FreeBSD-based computer system into several independent mini-systems called jails.
    (source wikipedia)

    on the iPhone it makes sense to call them jail breaks.

  34. Solderguy says:

    That is the worst picture I have EVER seen. :P

  35. Peter says:

    Just watch out cause Sony Australia have just sued all the top chip sellers in Australia and now have an injunction to stop them from selling any PS3 chips at all. Having said that this is probably a top idea and alternative for home brewers. As much as I agree stealing is bad I also think big corporations like Sony being douches and wrecking it for all is also just as bad.

  36. youarewrong says:

    @brennanthl

    Stop spreading rubbish. You are incorrect. Read and understand the law before you attempt to educate or correct other people.

  37. Dave says:

    Shocked that on a ‘hacking’ site, nobody has suggested individual components/parts that could be used to do this cheaper than buying a ready made board.

  38. Brennan says:

    @TJSomething

    It is illegal make your own ROM dumps, even if you never distribute them. Of course, no one ever has to know that you did that, so it’s kind of a grey area but *technically* it is still illegal.

    @finn

    I know what a jailbreak is, I’m saying it’s becoming a buzzword that people are using in cases where it doesn’t make sense, just because people know what it means from the iPhone.

  39. Alexander Rossie says:

    @Dave,

    I totally agree. No one can get their hand son teensy boards and they are selling for 40£ pre-burnt with psgroove on ebay.

    There must be another way.

  40. Yann Vernier says:

    I used my own homemade at90usb1287 experimentation board. It’s the first of the whole AVR with USB group. The exploit consists of a multitude of parts; first a convoluted sequence of USB plug events of virtual devices with invalid descriptors triggers a buffer overflow and delivers the PPC code, then it jumps to a small part termed “shell code” by some. This part of PPC code acknowledges the USB stick by sending it a message, indicating that it successfully started running injected PPC code. After that, it jumps into the “payload” code which is what patches game OS to enable “install package” and the virtual disc mounting – and that payload code is specific to the PS3 firmware version.

    So, I observed that it did run the first part of the exploit because the PS3 signals the USB device. After that it hung. I am thinking that replacing the payload code with a Linux bootloader would be the proper route for complete independence from both gameOS firmware and the piracy stuff.

  41. anon says:

    Arg some one should port the firmware to Microchip product. I can list 2 that would be a good place to start. I do have 4 or 5 dev kits to test ported code for,, but I cannot verify it works (no ps3).

    So I think ive done the homework to verify 2 extremely similar products, Based on the PIC18f14k25 and 18f14k50. A port for one should be nearly drop in compatible in the other.

    first is a USBThumb using 18f14k25
    http://www.gadgetgangster.com/find-a-project/56?projectnum=240

    The next is the Kit that this was based on which uses the 18f14k50.
    There are two versions of this board, one with a programmer one with out , The above unit is a better first choice till stock runs out then on to these.
    http://www.microchipdirect.com/ProductSearch.aspx?Keywords=DV164126 with programmer

    http://www.microchipdirect.com/ProductSearch.aspx?Keywords=DM164127 with out programmer.

    Perhaps some one is eager to port it ? Other wise when im done with my project im working on ill give it a try. Hopefully some one is looking for a project .

  42. Tom says:

    Hmmppff stolen code from an illegal device.

  43. Captain Zilog says:

    @brennanthl – You’re WRONG! Ever hear of FAIR USE? Sorry if you’re not in the USA, but, Fair Use is valid for all media – analog, digital, etc…

    Youarewrong has it right! YOU ARE WRONG!

  44. error404 says:

    @Dave: No real peripheral parts are needed. Get a supported AT90USB series MCU (I think any of them will work) and wire it up with the required power components and a crystal, and optional LEDs and burn the firmware. That’s pretty much it.

    @anon: Shouldn’t be hard to port, but I don’t see any reason to bother other than to tide a few people over until production on the thousands of inevitable clones ramps up. Maybe one of the clones will, since the PIC parts are probably a few 10s of cents cheaper than the Atmel. Assuming, of course, that these chips become more available than they are now, because they seem a bit tricky to source at the moment…

  45. T0n3z says:

    @error404: Ok, say I build the board myself, where do I get the firmware? Can someone point me at a bit of guide / tutorial for the DIY approach. Thanks.

  46. anon says:

    @error

    Well if you build your own platform its literally a PIC (free sample?) a few caps , resistors , your really looking at 7-10 $ worth of parts. (assuming you have a breadboard, and a modest junk box).

    This can be used as a great learning tool. And more importantly stop the gougers from getting rich. The inevitable raping of many people by the guys on ebay is the motivation.

  47. Kamanashi says:

    @Captain Zilog, while I agree that brennanthl is wrong, you are also wrong as Fair Use laws in the US mean that you can use it for educational, news related, and other things similar to those, but only if you use no more than 30 seconds at a time for digital media and I forgot what it is for print.

    But, ROMs are legal none the less, just not under Fair Use. They are legal in the same way as DVD backups are so long as you don’t do it commercially and only have one back up.

  48. Angry Voter says:

    The MPAA and RIAA are the modern faces of a sinister propaganda organization. Their real purpose is to control all media content. That is why they want lockout chips and monitoring of all games, movies and music.

    http://en.wikipedia.org/wiki/Hays_code

    It’s good to hack the PS3 – it’s better not to buy one in the first place!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s