Tgames Actualité Consoles et Homebrew

Après Waninkoko voici une autre personne qui veut jailbreaker le FW 3.55, il s'agit cette fois de Flukes1



Greg Hughes, alias Flukes1 a donc décidé de porter le PL3 dans le kernel du lv2 du firmware 3.55. Flukes1 n'en ai pas à ses débuts en termes de programmation, en effet il est issue de la scène Iphone.

voici donc un extait des conversations sur IRC

< +flukes1> anyone know where the syscall table is in 3.55 lv2
< +flukes1> again, anyone got the TOC location in lv2_kernel.elf yet?
< +flukes1> im trying to find the TOC in lv2_kernel.elf
< +flukes1> found the syscall table
< +flukes1> but cant find the toc
< +flukes1> im working on incorporating the jailbreak payload into the lv2_kernel self and other files
< +flukes1> for 3.55
< +sorrowuk> flukes1 : did you find what was changed in 3.42 etc to remove jailbreak ?
< +flukes1> they just fixed the usb bug
< +sorrowuk> flukes1 : can you not just put the usb bug back in there
< +flukes1> well yes but that’s stupid
< +flukes1> you’d need a usb device as before
< +flukes1> this way is better – the jailbreak is directly incorporated into the firmware update
< +sorrowuk> flukes1 : but isnt it risky cause your messing with lv2 kernel
< @Nicksasa> flukes1, did you test if the makeself’ed lv2_kernel works ? lol
< +flukes1> Nicksasa: no its not done yet
< +flukes1> sorrowuk: somewhat risky yes but it has to be done
< @Nicksasa> well if you’re doing the same patches as a payload … but there’s always a chance that something fails
< +flukes1> all of the changes im making have been done on many other lv2 kernels
< +flukes1> this will take me a while
< +flukes1> im about 50% done
< +flukes1> homebrew can be signed extremely easily now though
< +flukes1> im nearly done
< +FoG> I’ll watch as you brick your PS3 flukes1
< +flukes1> FoG: not likely
< +flukes1> i’m basically taking the payload which we know works
< +flukes1> and permanently patching it into lv2
< +sorrowuk> flukes1 : but are you doing it for 3.55 ?
< +flukes1> yes
< +flukes1> 3.55
< +flukes1> nobody can run this until we have confirmation that lv2 signing works
< +flukes1> decibell: i am stuck on the last patch
< +flukes1> that dcc exploits a ‘protection’ feature in some routers
< +flukes1> netgear i think
< +flukes1> sven: you may not know this, but would the TOC be missing from an elf
< +flukes1> I’m not sure but its something to do with the syscall table
< @sven> no idea
< +flukes1> ok
< +flukes1> is anyone able to extract lv2_kernel.self from firmware 3.40 and upload it somewhere
< +flukes1> it doesnt just execute the self
< +flukes1> it will keep booting from it
< +flukes1> ive already ported everything
< +flukes1> each patch can be disabled/enabled
< +flukes1> I now have everything I need to compile the PL3 payload for 3.55
< +flukes1> next step is to add the payload as a section on lv2_kernel and write a jump into it somewhere
< +flukes1> so still some stuff to do
< +flukes1> i’ve had 5 or 6 people offer to test it though
< +flukes1> and i won’t release it to them until i’m pretty sure about it
< +vidarino> flukes1: wouldn’t it be easier to just add peek/poke to the kernel, and let an app do the rest of the job?
< +flukes1> vidarino: technically its probably better to use a previously tested payload
< +flukes1> without making changes to it
< +vidarino> flukes1: the peek’n'poke code alone is tiny enough to be hexedited into place. :]
< +flukes1> vidarino: i know but I wanted to make something more complete
< +flukes1> it’s possible, so why not
< +flukes1> hmm, just one hash left to find, but it’s not showing itself
< +flukes1> i may have a problem though, the PL3 payload uses hashes of 4 different elf/prx files
< +flukes1> to patch them
< +flukes1> hey math, do you know anything about how PL3 does its elf hashing

SOURCE

Vivement !!!