Eleganz release for Cobra ODE

Hi everyone,

It’s been a long time since I last blogged. Today I have some exciting news for you, as I have ported Eleganz, my homebrew manager, to the Cobra ODE.

A little while ago, I tweeted that if Cobra ever released their device and did provide an open source library for integration of other managers, I would port Eleganz to it, and today I am fulfilling that promise. I would like to thank the guys over at ps3crunch.net and ps3hax.net for testing this for me, particularly Abkarino, hyappon, freddy, magneto and Xodus69.

When I released Eleganz in November 2011, I left out one small thing on the TODO list, I wanted to see someone pick it up and add the code to exitspawn to actually make Eleganz execute the homebrew apps, but no one did that in almost a year now. I am a bit disappointed that the ps3 scene (homebrew devs, not users) didn’t pick it up, but it looked like no one was interested in maintaining Eleganz in my place. Today, I am happy to see that Eleganz is not throw-away code, as it can be useful to ODE users.

I can understand why Eleganz didn’t have much appeal in the world of CFW (it was originally intended to run on OFW if my HEN ever worked), but with the ODEs running on OFW, it’s perfect for the job. It’s simple, it’s beautiful and customizable!

Not only can Eleganz list the games from the Cobra ODE and allow you to select your iso, but it will also allow you to list and run homebrew apps that you can embed in the ISO file. This way you can get access to all your homebrew in a single place, without the need to restart the PS3 or boot the homebrew’s iso from the ODE. You can just extract the eleganz iso, and add homebrew apps (that are re-signed for running from a BD drive) to the iso’s PS3_GAME/USRDIR/HOMEBREW directory and recreate the iso with the cobra tool, and that’s it.

Note that this is not an indication of me getting back into the hacking scene. I have given up on the HEN long ago as I realized that there was no way (that I could find) to run homebrew on OFW, unless they are running from a disc. I may keep improving Eleganz in the near future, but I do not plan to do anything more than that for the ps3 scene at this point.

I would also like to tell everyone that there’s no need to worry, Eleganz will not become cobra-specific, as any feature I’d implement will benefit CFW as well as ODE users. I will be releasing an updated version for CFW users soon.

I’d also like to thank magneto and the Cobra team for offering to send me a Cobra ODE as a gift for porting Eleganz to it. Once I receive it, I plan on adding disc dumping capabilities to Eleganz and improve the user experience a little without relying on others to test it for me.

You can find the latest source code on github as always and compile it yourself or you can download the pre-compiled iso file from this link : http://www.multiupload.nl/GXBBI19VOL

I hope it gets used now and you all can enjoy it and I hope I can see some cool themes created for it now!

KaKaRoTo

Status update on the PS3 4.0 HEN

Here’s a “quick” status update on the 4.00 HEN (Homebrew ENabler) for PS3.

Following my clarifications from almost 2 months ago here, there has been a lot of progress. We have not been slacking off, we’re a group of about 10 developers working together for the last 2 months, for sometimes 15 hours everyday in order to bring back homebrew support to the latest version of the PS3.

There are three major parts to the HEN, first, getting the packages to install on the PS3, that part is done, completed, tested, debugged, etc.. the second part is to get the apps to run, that one still has major issues… the last part is something I will not discuss for now (it’s a surprise) but it’s about 60% to 70% done (and it has nothing to do with peek&poke and has nothing to do with backup managers or anything like that. This is and will stay a piracy-free solution for the PS3).

Now, running apps is the biggest challenge that we’ve been working on for the past 2 months. As some of you know, if you’ve been following me on Twitter, we originally had hoped for Mathieulh to give us the “npdrm hash algorithm” that was necessary to run the apps, but he was reluctant, he kept doing his usual whore so people would kiss his feet (or something else) so he’d feel good about himself. But in the end, he said that he refuses to give us the needed “npdrm hash algorithm” to make it work… So what I initially thought would be “this will be released next week” ended up taking a lot more time than expected, and we’re still nowhere near ready to make it work.

Mathieulh kept tossing his usual “riddles” which he thinks are “very helpful for those who have a brain”, and which pisses off anyone who actually does… so he told us that the solution to all our problems was to look in appldr of the 3.56 firmware.. and that it was something lv1 was sending appldr which made the “hash check” verified or not… so we spent one month and a lot of sweat and after killing a few of our brain cells out of exhaustion, we finally concluded that it was all bullshit. After one month of reading assembly code and checking and double-checking our results, we finally were able to confirm that that hash algorithm was NOT in the 3.56 firmware like he told us (at all).

He said  that it was an AES OMAC hash, but after tracking all the uses of the OMAC functions in appldr, we found that it was not used for the “hash”…  he then said “oh, I meant HMAC“, so we do that again and again come up with the same conclusion, then we’re sure it’s not in appldr, and then he says “ah no, it’s in lv1“.. have a look for yourself to what he decided to write : http://www.ps3devwiki.com/index.php?title=Talk:KaKaRoTo_Kind_of_%C2%B4Jailbreak%C2%B4

That happened after the huge twitter fight I had with him for being his usual arrogant ass and claiming that he “shared” something (For your information, the code that he shared was not his own, I have proof of that too (can’t show you the proof because even if I don’t respect him, I gave him my word to not share what he gave me, and I respect my word) since he forgot to remove the name of the original developer from one of the files… also it was completely useless and was not used at all, just made me waste a day reading the crappy undocumented code. So why is he still trying to force his “advice” through these riddles even after we had that fight? Well to sabotage us and make us lose all those months of hard work!

So anyways, we had all accepted that Mathieulh was full of shit (we knew before, but we gave him the benefit of the doubt) and decided to continue working without considering any of his useless riddles. So we then tried to exploit/decrypt the 3.60+ firmware in order to get the algorithm from there.

Now, a few more weeks later, we finally have succeeded in fully understanding that missing piece from the “npdrm hash algorithm”,  and here it is for everyone’s pleasure with some prerequisite explanation :

A game on the PS3 is an executable file in a format called a “SELF“file (kind of like .exe on windows), those “self” files are cryptographically signed and encrypted.. For PSN games (games that do not run from a bluray disc), they need to have an additional security layer called “NPDRM”. So a “npdrm self” is basically an executable that is encrypted and signed, then re-encrypetd again with some additional information. On 3.55 and lower, we were able to encrypt and sign our own self files so they would look like original (made by sony) “npdrm self” files, and the PS3 would run them without problem. However, it wasn’t really like an original file.. a real NPDRM self file had some additional information that the PS3 simply ignored, it did not check for that information, so we could put anything in it, and it worked. Since the 3.60 version, the PS3 now also validates this additional information, so it can now differentiate between NPDRM self files created by sony and the ones that we create ourselves for homebrew. That’s the “npdrm hash algorithm” that we have been trying to figure out, because once we can duplicate that information in the proper manner, then the PS3 will again think that those files are authentic and will let us play them.

Another important point to explain, I said a few times that the files are “signed”.. this means that there is an “ECDSA signature” in the file which the PS3 can verify. The ECDSA signature is something that allows the PS3 to verify if the file has been modified or not.. it is easy to validate the signature, but impossible to create one without having access to the “private keys” (think of it like a real signature, you can see your dad’s signature and recognize it, but you can’t sign it exactly like him, and you can recognize if your brother tried to forge his signature). So how were we able to sign the self files that were properly authenticated on 3.55? That’s because this “ECDSA signature” is just a very complicated mathematical equation (my head still hurts trying to fully understand it, but I might blog about it in the future and try to explain it in simple terms if people are interested you can learn about it here), and one very important part of this mathematical equation is that you need to use a random number to generate the signature, but Sony had failed and used the same number every time.. by doing that, it was easy to just find the private key (which allows us to forge perfectly the signature) by doing some mathematical equation on it. So to summarize, a “signed file” is a file which is digitally signed with an “ECDSA signature” that cannot be forged, unless you have the “private key” for it, which is impossible to obtain usually, but we were able to obtain it because Sony failed in implementing it properly.

Now, back on topic.. so what is this missing “npdrm hash algorithm” that we need? well it turns out that the “npdrm self” has a second signature, so it’s a “encrypted and signed self file” with an additional layer of security (the NPDRM layer) which re-encrypts it and re-signs it again. That second signature was not verified in 3.55 and is now verified since the 3.60 version of the PS3 firmware.

One important thing to note is that Sony did NOT make the same mistake with this signature, they always used a random number, so it it technically impossible to figure out the private key for it. To be more exact, this is the exact same case as the .pkg packages you install on the PS3, you need to patch the firmware (making it cfw) so that those .pkg files can be installed, and that’s because the .pkg files are signed with an ECDSA signature for which no one was able to get the private key. That’s why we call them “pseudo-retail packages” or “unsigned packages”.

The signature on the NPDRM self file uses the exact same ECDSA curve and the same key as the one used in PS3 .pkg files, so no one has (or could have) the private key for it. What this means is that, even though we finally figured out the missing piece and we now know how the NPDRM self is built, we simply cannot duplicate it.

The reason we wasted 2 months on this is because Mathieulh lied by saying that he can do it.. remember when the 4.0 was out and I said “I can confirm that my method still works” then he also confirmed that his “npdrm hash algorithm” still works too? well he didn’t do anything to confirm, he just lied about it because there is no way that he could have verified it because he doesn’t have the private key.

I said I will provide proof of the lies that Mathieulh gave us, so here they are : he said it’s in 3.56, that was a lie, he said it’s an AES OMAC, that was a lie,  he said it’s an HMAC, that was a lie, he said it’s in appldr, that was a lie, he said it’s in lv1, that was a lie, he said that he can do it, that was a lie, he said that “it takes one hour to figure it out if you have a brain”, that was a lie, he said that he verified it to work on 4.0, that was a lie, he said that he had the algorithm/keys, that was a lie, he said that once we know the algorithm used, we can reproduce it, that was a lie, he kept referring to it as “the hash”, that was wrong. The proof ? It’s an ECDSA signature, it’s not a hash (two very different terms for different things), it was verified by vsh.self, it was not in lv2, or lv1, or appldr, and the private key is unaccessible, so there is no way he could build his own npdrm self files. Now you know the real reason why he refused to “share” what he had.. it’s because he didn’t have it…

So why do all this? was it because his arrogance didn’t allow him to admit not knowing something? or was it because he wanted to make us lose all this time? To me, it looks like pure sabotage, it was misleading information to steer us away from the real part of the code that holds the solution…. That is of course, if we are kind enough to assume that he knew what/where it was in the first place.  In the end, he wasn’t smart enough to only lie about things that we could not verify.. now we know (we always knew, but now we have proof to back it) that he’s a liar, and I do not think that anyone will believe his lies anymore.

 

Enough talking about liars and drama queens, back to the 4.0 HEN solution… so what next? well, we now know that we can’t sign the file, so we can’t run our apps on 3.60+ (it can work on 3.56 though). What we will do is look for a different way, a completely new exploit that would allow the files we install to actual run on the PS3. We will also be looking for possible “signature collisions” and for that we will need the help of the community, hopefully there is a collision (same random number used twice) which will allow us to calculate the private key, and if that happens, then we can move forward with a release.

When will the “jailbreak” be released? If I knew, I’d tell you, but I don’t know.. I would have said in last november, then december, then before christmas, then before new year, etc… but as you can see, it’s impossible to predict what we will find.. we might get lucky and have it ready in a couple of days, or we may not and it will not be ready for another couple of months.. so all you need to do is : BE PATIENT (and please stop asking me about an estimated release date)!

I would like to thank the team who helped on this task for all this time and who never got discouraged, and I’d like to thank an anonymous contributor who recently joined us and who was instrumental in figuring it all out. We all believe that freedom starts with knowledge, and that knowledge should be open and available to all, that is why we are sharing this information with the world. We got the confirmation (by finding the public key used and verifying the signatures) yesterday and since sharing this information will not help Sony in any way to block our efforts in a future release, we have decided to share it with you.  We believe in transparency, we believe in openness, we believe in a free world, and we want you to be part of it.

If you want to know more about this ECDSA signature algorithm, I tried to explain it in a blog post here, also, you can read this interesting paper that explains it in detail, and you can also watch Team Fail0verflow’s CCC presentation that first explained Sony’s mistake in their implementation, which made custom firmwares possible.

 

Thanks for reading,

KaKaRoTo

 

Clarifications about 3.73 (and 4.0) “jailbreak”

Update:
I tested the jailbreak on the latest firmware 4.0 since it was released and I can confirm that it still works.

Hi all,

I’ve been flooded with questions on twitter and I’ve read many posts on news sites and  I’ve seen some stuff being said on IRC and I thought I needed to clarify a few things…

First of all, I didn’t expect to see my tweet front paged on all ps3 hacking news sites.. although I should have expected it.. but anyways, the “jailbreak” is not ready to be used, at all. I only tweeted that because I was excited having it working and I wanted to share my excitement with everyone. But this is a bit equivalent to the day I released that create_cfw.sh script that created the very first CFW/MFW but it still took a couple of months before a real, easy, multiplatform and fully fledged solution was released : PS3MFW.

We are currently at the same state, I have the proof of concept, it works, but a solution that anyone can use where they just click a button and their PS3 gets jailbroken is still far from ready.

I’ve seen people say (and even write it in their front page news) that I’ll release it in two weeks after I come back from vacation. That is not true and I never said that. What I said was that for the next 2 weeks, the project is on hold until I get back.. but when I get back, then I will continue working on it, and it will then take some more time before it’s ready and released.

Some asked if it’s based on what gitbrew was doing/suggesting or if I used someone else’s exploit or work. No, this solution is my own idea and 100% my own implementation. However, the actual solution for the full jailbreak involves some components on which I will not work, and I expect/hope that someone else will provide the solution for that.

Some speculated it might be what I spoke about back in March which I later said I wasn’t pursuing by lack of motivation.. and yes, you are right. The same hack I had in March is still valid today, I told a few people about it (rms, Mathieulh, an0nym0us, and a couple more), but no one was interested in pursuing it further and actually exploiting that flaw (mainly because it requires a huge amount of work to get a proof of concept working). 10 days ago (I started on the 11th), I got bored and decided to start poking at it again, and yesterday (a lot faster than I thought it would take), I got my first pkg installed on 3.73 firmware.

On twitter, I said “do not update if you are on 3.55”, I said that in response to someone who said he would update.  Because of that, people speculated that you need to be on 3.55 first, and then install something before doing the upgrade. No, that’s not it, that would be useless. The purpose of my solution is to jailbreak a ps3 that is already on 3.73 firmware and which had never been jailbroken before. I told people not to update because, first of all, it’s not yet ready, and second of all, the 3.55 firmware gives you a lot more possibilities than what can be achieved on 3.73.

So what is this jailbreak? I won’t say because I don’t want Sony to block it in a firmware update (and yes, they potentially could) before it’s even released (and yes, I will release it when it’s ready). But I will explain this to you : in order to run your homebrew apps, you need two things. First, to be able to install them on the ps3, and second to be able to run it once installed. I did only one of these two things.

Some may say it’s not a real jailbreak, but the way I see it, there are three ‘jails’ on the ps3, I broke the first one which prevents you from installing anything, so now you can install your .pkg, great, but it won’t run, that’s the second jail. The third jail is being able to modify the firmware (peek&poke).

The second jail (running apps) is something that can be done, but it’s not my area of expertise (npdrm algo), so I will not be working on that. I am waiting for someone else to achieve it (some have succeeded but do not wish to release it, at least not for now) then I will release.

The third jail (modifying the firmware) is not possible with my method, this means that you will  not have a “CFW”, you will run your homebrew applications and games on an official firmware. This also means that without peek&poke support, none of the backup managers will work. So, again, my solution is piracy-free, and as always, I do not plan on working on a way to enable piracy (or even legal backups).

Overall, the purpose will be to allow people who are on 3.73 firmware to enjoy the homebrew games that were released, to play a bit with Eskiss, and to use Showtime for playing their movies. This should be more than enough for everyone.

Finally, I will conclude by replying to another question I received : Do you accept donations? The answer is yes. I do accept donations but I do not seek them out. I will include a donate button to the bottom of this post, so if anyone wishes to donate, they can do so, however, I want to make it clear that whether or not you donate does not and will not affect in any way, the release, or the progress of the work I’m doing. If you donate, you would do it as a sign of appreciation of my efforts, and not in exchange of any favors or anything crazy like that.

That’s about it I think… If you have any more questions, please refrain from asking them, I get enough as it is already.. I also said everything I needed to say and I don’t want to give any more information than that (for now).

KaKaRoTo

Eskiss for PS3 with PS Move support

Hi all,

I’m releasing Eskiss with Move support and I think the instructions on how  to use it require a bit more than what twitter allows (from my usual small updates).

You can download here the Eskiss package for PS3 3.55, and here the package for PS3 3.41.

The instructions are simple, you can still play with a normal mouse if you want, or use the controller to emulate the mouse, just like before. But, if you have a PS Eye camera plugged in, then it will also be ready to handle the Move.

If it detects a move controller, the ball on the controller will be white, at that point, you must press the Action button while pointing the controller to the camera (there’s no image feedback on the screen, so just point and press the action button). This will calibrate the controller and the ball will change color. At this point, moving the controller will also move the cursor on screen.

You can press the Action button at any time to recalibrate the controller (useful if the tracking stops working correctly, or camera falls off), and you can press the Start button at anytime to center the cursor on screen. Pressing the T button trigger will emulate a click.

You have the choice between two tracking modes, the first one (the one selected by default) is the 3D coordinate system, which means the cursor appears on screen with 1 to 1 precision (kind of) with where the controller is located in the room, so you have to move the whole controller to move the cursor (and even maybe stretch your arms to get to the corners), the second tracking mode is using the internal gyroscope of the controller, in other words, you can move the cursor just by pointing or rotating the controller without moving the whole controller in 3D space.

You can switch from one tracking mode to another at any time by pressing the Select button. Try them both and see which one you like best.

P.s:  When you press the Action button to calibrate, the ball will change colors a few times, you must not move the controller while it’s doing that, do not move until it becomes a solid, stable color. If the ball becomes white again, it means you moved and the calibration failed… in that case, try again.

P.p.s: In this release, I have also fixed the crash that you might have had in the previous version, so the game should be a lot more stable. While it still might crash, it is now very rare and shouldn’t break the gameplay like it did before.

And here’s a video demo of the game running with the Move controller, courtesy of fungos :

Enjoy,

KaKaRoTo

Programming, Open Source, Hacking and Greedy Corporations

I’m a programmer, a developer, a hacker. I’m mostly involved with the Open Source community and I try to promote open source development as much as I can. Unfortunately, most of the time when I tell someone that I’m a “developer”, they don’t understand the concept, and when I start talking about open source, they understand me even less.

The world is full of people with different backgrounds, with different references and we don’t always understand each other. As most of you who read my blog would probably know, I’m involved in the PS3 hacking scene, and I see a lot of misinformed people, and I read a lot of things that don’t make any sense to me. This is because most people don’t understand the world that we (developers/hackers) come from and things tend to be misinterpreted.

This message is for everybody, it’s intent is to open a window into our world so people can understand us better. I don’t have the audacity to explain everything about programming in this text, but I will try to formulate in terms easy to understand the general idea behind it. While most of this post will be generic and intended to anyone, there will be a paragraph that will address some of the recent issues surrounding the PS3 and Sony. This post will probably be very long and I’m sorry, I don’t think I have a shorter version for those who get bored easily.

1 – Programming

If you’re familiar with or understand programming, you may skip this section, as it might be a bit boring, otherwise, read on, it should explain what you need to know to understand the rest of this blog post.

What is a “program”? Let’s put it simply : “It’s a set of instructions that produce a result”. A program is what you run on your computer, phone, gaming console, or even your alarm clock. It tells the computer to do something, for example “if the user pressed the ‘up’ button, advance the minutes by one. If the time reaches this specific value, sound the alarm” (alarm clock programming) or “Draw a red circle. If the user clicks inside the circle, change the color to blue”. With many simple instructions, you end up with a complex program that can achieve a multitude of tasks, like for example Microsoft Office, or Skype. But the basic definition is that a program is “a set of instruction that produce a result”.

Now what is a “source code”? This mystical thing you keep hearing about is nothing more than “a set of instructions that produce a result”.. sounds familiar? Basically, a “source code” is the text that the programmer writes in order to tell the computer the instructions it wants the program to achieve. The source code is in itself, the program, but it’s in a readable and understandable format : a text file using a language that the programmer understands. The computer however doesn’t understand the source code, it only understand mathematics, numbers. A program’s instructions are written with “numbers” that the computer understands, for example 1 might mean “copy this” and 2 might mean “write that” and 3 might mean “show this”, etc.. (very simplistic view, but you get the idea). So the difference between a program that you run and a source code is that they are both the exact same thing, but the program you run is made up of numbers representing instructions to the computer (this is what we call the “Assembly” language or “machine code”) while the source code is the same instructions written in a more readable format, text, using a language that is easy to understand.. so instead of “1 4 185 353 532” (machine code) you would see “if the user clicks on the circle, change the color to blue” (source code).

What is a “programming language”? The source code can be written in different languages, just like spoken language, we have english, french, italian, russian, etc.. in the programming world, there are multiple different languages to define the instructions for the computer. These programming languages differ in the vocabulary (commands/functions) and in grammar (syntax). Explanation more than that is not relevant to the current topic so I’ll leave it at that.

How do you get an application (a program) from source code? It’s simple, there is a program called a “compiler” which reads this source code (the text), understands it, and rewrites it into machine code (the numbers). When you download an application, you only get these ‘numbers’ that the computer understands because that’s all you need to run your application.

2 – Open Source

So.. what is this “open source” everyone keeps talking about? Well now that you know the basics about programming, let me put it simply : a program (all those numbers) is open source, when the source code used to generate the program is publicly available.

And here is the juicy part of this blog post. Remember when I said that a program is “a set of instructions that produce a result”? Well, here’s an absolutely superb analogy: A program is like a recipe. What is a recipe? Well, isn’t it a set of instructions that you must follow in order to produce something? This analogy comes from Richard Stallman in the documentary The code (this one, not the 2011 movie) and I think it’s absolutely brilliant.

You can listen to it in his own words here : https://www.youtube.com/watch?v=20ClL3mL8Gc

 

I’d like to remind people to not make the confusion, thinking that the source code is the recipe and the program is the final meal, you have to think of the programs themselves as being recipes, the ingredient is the electricity used and the result is whatever appears on your screen. The language of the recipe is what changes (from the various programming languages or to the ‘machine language’).

So now, with this analogy in mind (which I’ll keep referring to throughout this blog post), back to the question at hand. A closed source (or “proprietary”) program is like going to a restaurant where they serve this dish that you like, but when you ask the waiter/waitress what’s in it, they refuse to tell you the recipe for it. And open source is when you go to your friend’s house, you eat something that you like, and when you ask what’s in it, your friend tells you “oh, let me give you the recipe”.

Now imagine a world where no one could ever get a recipe for anything, you want to cook something, you have to relearn from scratch, experiment yourself with everything and see if the result is satisfactory, without having any references. Unfortunately, you’ll end up mixing two things together that you never should have done, and you’d be thinking how sad it is that every person in the world has to reinvent something that should be ‘common knowledge’. Thankfully, this isn’t the world we live in, and in the same way as you might enjoy cooking and exchanging recipes with your friends and family, we, programmers, enjoy sharing source code with each other, making our ‘recipes’ publicly available to everyone.

If you eat a delicious cheesecake at your friend’s house, and he/she gives you the recipe, then you try it, but then you realize it’s too sweet and you decide to decrease the amount of sugar, you have just “modified the code”, then you realize that adding a bit of lemon juice will make it better, and it does. You tell your friend about your changes, and he/she likes it and says “I’ve always wondered what it was missing”. You have just “contributed” to the program and now all your friends and family can enjoy this improved cheesecake (I love cheesecake by the way).

This is what Open Source is all about, it’s about sharing your recipes, anyone being able to improve on them and contribute his changes and slowly, thanks to the original recipe, new recipes will be born and people will enjoy more great products. It’s all thanks to this simple idea of sharing. This applies to the programming world in the same way, we write programs, we share the source code, others can improve them (add features, fix bugs, add translations, make a better/easier user interface, etc..) and everyone benefits from it.

My journey into this wonderful world started more than 10 years ago, I was using a program that I liked but I wanted something that it didn’t do. Thankfully, it was open source, so I added the feature that I wanted, gave my changes back to the project, the other users loved it which made the program more popular and some new users decided to do the same thing and improve the program, and in the end (I’ll say it again) everyone benefits from it.

3 – Hacking

What is “hacking”? Again, let’s put it simply: hacking basically means “working around a problem”. In a broader definition, it could also be viewed as “modifying something to make it do a task it wasn’t intended to do”. I have headphones and one of the wires got cut.. so I taped it and it worked.. in my definition, that counts as “hacking” because I worked around the problem. The term “hacking” has been publicized as being ‘evil’ or a bad thing, but people confuse it too much with what it really means. I hack everyday and you probably do without knowing it. Back to the food/recipe analogy. Did you ever go to someone’s home and were served a meal, then you took the salt from the table and added some to your plate? You have just “worked around a problem” (not salty enough) and you just modified something (the meal) from its intended purpose (the ‘view/taste’ of the one who cooked it). In my definition, you “hacked” the meal to make it fit more to your taste.

This is the reality of things, when you modify something that you own to make it more to your taste (everyone has different tastes after all), you are “hacking” it. When you decide that 200g of sugar is better than 250g of sugar in your cupcake recipe, you are “hacking” the recipe. But in the terms of the computer world, the term has been used widely to describe pretty much anything we do, but mostly things we do in a hurry. My friend programmed his computer to play a sound (an alarm) when his girlfriend connects on MSN so it wakes him up, but he would say “I hacked it” because he did it in 5 minutes and didn’t spend months setting up a whole infrastructure behind this “wake me up when my girlfriend is online” system. Nowadays, the simple fact of “programming” is called “hacking”, it’s nothing illegal, it’s nothing harmful, but most of the time we say “I’m hacking” rather than “I’m programming” simply because the act of programming is all about finding solutions and working around problems. You should read the definition of the term as explained in wikipedia.

The problem is that there are those who use their talent for criminal behavior and when it’s related to anything “computer-y”, people decide to call it “hacking”. It’s like saying that “cooking” is evil and anyone who “cooks” is a criminal because someone, somewhere put a drop of poison in someone else’s food. Isn’t that ridiculous? I very often see people saying “death to the hackers” or “those hackers are criminals and should rot in jail forever” without knowing what they are talking about. It’s funny how people get emotional and suddenly they become judge, jury and executioner. To all these people, let me tell you something : The next time that you add some salt to your meal, watch your back because the FBI just might lock you up for your crime!

Now here’s another thing that we, programmers and hackers, often do, it’s called “reverse engineering”, it’s basically about understanding how something works without being told by the original maker. Whenever you try to understand how something works, you are ‘reverse engineering’ it. In the recipes analogy, this would mean that when you taste something and you start wondering if there’s garlic in it, or say “is that cinnamon?”, you are basically reverse engineering the meal by trying to recreate the recipe (or part of it) by looking at the final product.

Yes, that is what reverse engineering is, you receive a finished product and you try to understand how it was made. This is equivalent to going to a restaurant and trying to make the same dish that they served without them giving you the recipe. If you ever did that, then you definitely know what a reverse engineer is.

 

4  – The Greedy Corporations

Now,  this is the interesting part, the ‘greedy corporations’. I’m saying it like this because I didn’t want to say “Sony” because they are clearly not the only ones playing this game. Why are they greedy? because they want to have total control over you and your freedom, thus allowing them to generate more profit. I’ll go back to the recipe analogy: What Sony/Microsoft/Apple/etc.. are doing is basically the equivalent of LG selling you a kitchen appliance and saying you can only use it with their products! Imagine buying a kitchen stove that only allowed you to cook using ‘LG and Tefal” pans… or imagine a pan or a pot that only allowed you to cook food from some specific brands. No, you can’t buy the cheap, equivalent (and sometimes better) “no name” brand or buy your fresh vegetables at the market.. no, those vegetables have to have been processed by those giant corporations that put some sort of label on it allowing the pan to cook them. This is my analogy, it may sound stupid, but I believe this is what it is.

Did you ever wonder what “DRM” (Digital Rights Management) is?  well to put it simply, it’s like having a microchip inside your Tefal pan, and it continuously detects what’s in it.. if you ever dare to put in the pan an ingredient (a tomato!) that wasn’t pre-selected and pre-accepted by Tefal, then the pan would automatically and instantly cool down and stop absording heat. Hell, it could even send a signal to the stove which will simply shut it down. That’s what DRM is.. and why is it there? Well, they would tell you that it’s “For your own good”, it’s because they want to deter people from stealing food from the supermarket or using products that aren’t “fresh” or up to their standards. But what it really does is that it prevents you from using your fresh vegetables that you proudly grew yourself in your backyard, so that you have to buy their product. Even worse, DRM means that you can only use ‘pre made’ cookie dough in your oven.. if you get a better cookie recipe from your friend and try to make those cookies yourself, the oven will not turn on. And for those “super awesome, elite, we are the nice guys” oven brands that tell you “wow, you can bake your own cookies! Here is the recipe!”, you have to read the fine print, the recipe says 250g of flour, and it’s unfortunate, but the oven will not turn on if you made the mistake of puttin 255g of flour in your dough. And I’m not even talking about the LG microwave that will only heat meals that were cooked on an LG appliance, or the fridge that will not cool anything without the “Kraft” label on it…

The irony is that when you buy your pan, you’re buying it for 100$, because do you think that these greedy corporations will pay the fee for the DRM? no, YOU are! The pan should cost 20$, but they are charging you 100$ because you have to pay for that microchip in your pan, you don’t want it, but you are paying for it.. you have no choice! And if someone comes along and creates a new, DRM-free pan and wants to sell it, they’ll label him a “pirate” (ouh, that’s a scary word) and pay millions in propaganda and in advertisement (that conveniently appear at the bottom of your pan and on the front glass of your oven) to tell you how this DRM-free oven/pan is ‘evil’, will eat your babies at night and will kill your dog. The funny thing is, the first time you hear it, you’re thinking “wtf?”, then after hearing it 1000 times a day, you believe in it as being the absolute truth. You will eventually get used to verifying the “compatibility list” of your new oven before you buy it.. make sure that you can borrow plates from your neighbor because they are “authorized/licensed accessories” to the oven. You will get used to checking the label on your vegetables when you go to the supermarket to make sure that they are compatible with your pan, and you will get used to not buying a specific brand because your fridge’s manufacturer never made a deal with that brand so you can’t put it in your fridge…

I know what you’re thinking : “what the hell?”. Yes, what I just said sounds absolutely absurd, it sounds crazy and it doesn’t make any sense. After all, who would accept that? Who would even think of doing some crazy things like that? Well here’s the thing, the reason I love this analogy between programming and recipes is simply because not only is it quite accurate, but it’s also something that everyone can relate to. I think pretty much everyone knows how to cook, if even just an omelette. And if you don’t, you probably saw or know someone who can. If not, then at least cooking isn’t a concept that is so “obscure” that you can’t comprehend it. If the kitchen appliances tried to force all those restrictions, or if people tried to outlaw exchanging recipes, then pretty much 99.99% of the population will say “this is bullshit, we refuse!”. But in the computer world, this is exactly what is happening, only nobody cares because nobody can understand it… all this “computer-y” stuff is not something that interests most people, so they don’t try to understand it and they don’t care about it, and for those who do, well, unfortunately, they prefer to program rather than go on trial against all the corporations.

Here’s a real life example, here is a ‘hack’ that I’ve done a couple of days ago :

This is indeed a ‘hack’, I used two tools that weren’t made to be used together in order to work around a problem that I had at that time. There’s nothing wrong with it! Both the whisk and the drill are mine, they are my property and I should be able to do what I want with them. However, if a similar situation was happening in the computer world, then I’d already be getting a lawsuit, because for some reason I don’t own the drill, I only paid to be “authorized to use it the way they allow it”. They would call me a “pirate” because I’m “killing the industry”, because by doing that hack, Black&Decker are losing money. They would be right, because since I did that hack, I didn’t have to spend another 100$ to buy an electric mixer. The funny thing is that I’d probably lose in court because there are no real laws to protect me as a consumer into using my tools any way I want, at least not in the programming world.

I read this last paragraph again and I’m thinking “I’m a lunatic” and I perfectly understand if you’re thinking the same thing. At least now we have something in common, we both think that the current situation in the programming world is completely crazy, and I’m glad you are able to see it.

5 – My angry rant

Yes, I’m angry! I am angry because I see the world evolving at an alarming rate but the laws (and people’s common sense) isn’t. I will dedicate this paragraph to rant about all the things that I recently saw and that got me angry. If you don’t want to see some angry dude raging, then skip it 🙂

First of all, there are many people who are associating us, the jailbreakers, the programmers, the hackers, with what recently happened to the PSN data leak. Because they couldn’t play their games online for a few weeks, they decide to throw their anger at us, put us all in the same boat, and label us criminals. Every time we speak, I see comments saying “ah, these criminals are now trying to justify their crime”. But.. what crime? What crime did we do that you should label us criminals? Don’t throw words like that without understanding their meaning! Or at least, use your common sense before thinking that anything deemed ‘illegal’ is a ‘crime’! Do you know that in France, a woman must wear a dress, and that, by law, she’s a criminal if she wears pants/jeans? It’s an old law when only men wore pants and a women who did was considered a ‘transvestite’… this is a stupid example, but I’m using it to show you that common sense should overcome stupid laws.
If you think we’re criminals for jailbreaking the PS3, then how is it a crime to want to use your backyard-grown tomatoes to cook your meals? If it’s because of the PSN hack, then here’s another analogy for you: when you go to a restaurant and someone orders food, eats it and runs without paying the bill, how would you feel if the restaurant’s owner puts all the blame on you, you, who were sitting all the way to the other side of the restaurant, who didn’t even see or notice the thief, but you had the audacity of adding a bit of ketchup to your burger. As you know.. you “modified the vision of the chef” and that is a huge criminal offense and you should rot in jail you filthy criminal. No need to answer me, but just think about it.. how would you feel? (and yes, I believe that this analogy is very representative of the situation).

Now here’s another thing that makes us criminals: reverse engineering. We are ‘criminals’ because we reverse engineer products? Back to the recipe analogy: the next time you taste a meal and say or even think “humm, I think they put garlic in it”, then consider yourself a criminal and you should rot in jail.

If one million PS3 users (I’m being generous) told Sony that they don’t agree with them, that would still only be 1% or 2% of their user base, so they keep doing what they’re doing because 1 million people is an “insignificant number”.  What happened last year when Sony removed OtherOS support from the PS3 is the equivalent of Frigidaire selling you a fridge then a couple of months later, tell you that “On the 1st of april, your freezer will stop working, we suggest you remove any food from the freezer and stop using it. You have a choice though, if you don’t want your freezer to automatically stop working, then empty the top 2 shelves of your fridge because those sections in the fridge will be at room temperature now. If you ever put something back into the top shelves of your fridge, then the freezer will be disabled permanently”… sure we have a choice, thank you for your generosity!!! The worst thing, the most heartbreaking thing is that going to Frigidaire’s website to complain about their unlawful practice, you find those thousands of people cheering and saying “who cares? it’s A FRIDGE, it’s not a freezer!! who uses the freezer anyway? just buy a dedicated freezer instead!” or “I wasn’t using the freezer, after all it does say “refrigirator” on the machine, so that freezer was a BONUS, be happy you got to use it for free all this time”, etc.. Let me ask you a question… if you accept that Sony removes OtherOS from your PS3, then you will have absolutely no problem in Frigidaire disabling your freezer right? even if you don’t use it, I might but who cares right? you’re not egotistical after all, if you don’t use it then no one in the world is? And again “DEATH TO THOSE DAMN HACKERS”.. how dare they put a cheesecake in the fridge when Frigidaire specifically said “no pastries”!! After all, they clearly wrote it in page 258 of their user manual!!!! After all, it’s Frigidaire’s fridge (no you didn’t buy it, you only ‘rented’ it for 2000$, it’s clearly written on page 531 of the manual!) and they have all the rights to it, they have all the rights to defend their interests… I mean, they never made any sort of deal with the bakeries!!! You know what this “deal” means? it means that the bakeries had to accept paying Frigidaire to allow their pastries in the freezer, so every time you buy something from them, you are paying 50% to the bakery and 50% to Frigidaire, and this allows you to put your cheesecake in the fridge and you’ve always been wondering why the prices doubled recently..

Anyways, you get the idea… but what pisses me off the most is how all these people think that their mission on earth is to defend Sony… like they say where I come from “is it your father’s company?”… seriously, why do you feel the need to go all over the internet, in every forum that you find and yell hate messages against ‘us’? why do you feel like you need to repeat Sony’s propaganda everywhere and why do you hope that we die and/or spend our life in jail? What do YOU gain from that? Why do you think that this multi-billion dollar company needs you to defend it? It’s like walking in the street at night and seeing a mob of 10+ huge guys beating an innocent child in an alley and you’re rooting for the mob… where is your common sense?

6 – Conclusion

I wrote this post because I wanted to make people understand our world a bit better. I know that some people might disagree with some of the things I said, but remember, this  is not meant to be an exhaustive explanation of how computers work but rather simply a glimpse into it, in terms that non-initiated people can, hopefully, understand.

I hope that I have achieved my goal: make a few people understand us and most importantly, make a few more people think about these issues. I know that I will continue to see misinformed posts everywhere, and nothing can change that, but to those who are willing to listen to others and accept differing views, then I’m glad I could help you with that (if I did). If you have questions or want to start a debate on something I said, feel free to comment.

And for your information, I am not saying that closed source is evil, I believe in freedom, and if you want to keep your code closed, then you are free to do so. I also do understand the need for closed source sometimes, in order to stay competitive for example, but I think that if everything was open source, then competition would become different. I simply believe that the world would be a better place if everything was always shared. Knowledge is for everyone, and I just can’t imagine where the world would be today if people shared all their ideas/code/recipes/etc.. with each other. It would certainly be a wonderful world. I find it truly pathetic to know that every company is recreating the same thing that others did before them.

Finally, I’d like to point people to the EFF, the Electronic Frontier Foundation. It’s a group that protects us and defends our digital rights every day.  Right now, we are still under the mercy of the giant greedy corporations, but thanks to the EFF’s efforts, I hope that some day soon, we will be free to code the way we want, just like we are free to cook the way we want.

Thank you for reading!

KaKaRoTo

 

Update: After reading a few comments about this post, I thought I should clarify a few things.

First of all, this post isn’t about Sony or the PS3, which is why my title and fourth paragraph says “Greedy corporations”. While I do address the PS3 subject in my rant, it is only because it’s a subject that is dear to me and for which I have a lot to say. But what I outline is and should be considered generic and the main purpose remains to “open a window into our world” for those who are not computer savvy and who may not understand the issues at hand. I want people to understand that, from our point of view, the world is a crazy place, and you can draw parallels with many things, not just with the recent issues with Sony.

Also, like I’ve found myself saying a few times in the comments, there’s a saying that should govern us all : “One’s freedom stops where someone else’s freedom starts”. I believe that you are free to do whatever you want. As a consumer, you should be free to use your legally bought devices any way you wish (as long as you don’t infringe on other’s freedom, whether it is other’s freedom to gain money from their work or freedom of a fellow customer to enjoy their product (online cheating as an example)), but also, as a product manufacturer or a company, you are free to put the restrictions you want and you are entitled to use anything you feel is needed to protect your investment, but again, as long as it doesn’t infringe on other’s freedom.

I’ve had a few comments about DRM, but I never said that DRM is bad and this post isn’t at all about DRM. I have personally no issues with DRM as long as it’s reasonable but when you think that your own needs are more important than the needs of others, that’s where I see a problem. If I ever got an idea for something that could potentially make me rich, I would pursue it and I probably would try to protect my investment and intellectual property as much as I can, but there is a moral barrier that remains and I will never allow myself to be controlled by greed in such a way that I would sacrifice other’s freedom to further my goals.

In the same way, you are free to do whatever you want with your work, I have absolutely no problem with closed source applications, I simply prefer open source and I believe that the world would be a much better place and our civilization would be much more advanced if everything was open source.

One example of the above is the fact that advertisement exist as a sort of ‘payment’ for things you watch. When I watch a movie on public TV, I see ads and that’s what’s paying for the movies I’m watching “for free”, but then, why is it that when I buy a DVD, I am forced to watch ads before accessing its content? Didn’t I already pay for the DVD so why are you forcing me to watch ads? And even if you put ads in there, and it’s ok, then why can’t I skip them? If I watched the movie 10 times, do I still need to see the same ads? And why would I be forced to watch a trailer for a movie that I might have already bought (or which I already saw and hated)? Why is it that if a friend comes over and I want to show him a 30 second scene from a movie, do I need to wait 10 minutes until all your trailers finish just to show him that? This “you cannot skip the trailers in a DVD” is something unrelated to DRM but is still something caused by companies’ greed (get more money from each sale) which is infringing on my freedom of using the DVD I legally bought the way I want (in this case, watch it without having to suffer through all those trailers).

Finally, this post contains information, it contains knowledge, and my belief is that knowledge should be free and available to all. I am not trying to generate any page views (my poor server would hate me) and I don’t have any ads on my blog, so if anyone wants to publish this whole article somewhere else, where others could benefit from its content, then you are permitted and encouraged to do so. I’d be quite happy to see this published in its entirety on sites such as Arstechnica, Kotaku, Joystiq, the New York Times, or whatever other media that would reach more people than this humble blog.

Don’t forget, share, and everyone benefits from it 🙂

Thank you (and congratulations :p) for reading!

 

The Humble Homebrew Collection

Finally, after almost 2 months of hard work, I’m proud and happy to announce the release of the Homebrew game I’ve been working on : SGT Puzzles. It’s a collection of portable puzzle games for Windows, Mac, Linux, Android, PocketPC, Android, etc.. and I’ve ported it to the PS3 too!

The release of this homebrew game comes with the  release of The Humble Homebrew Collection which is inspired by the Humble Indie Bundle Initiative (but not endorsed by it). The difference here is that you don’t have to pay anything in order to enjoy the games, they are free to download by anyone, but you are also able to donate any amount to the developer of the puzzle games (Simon Tatham) as well as the PS3 port developer (me!) and the EFF. You decide who to send the money to just like with the Humble Bundle. I’ve also linked to the game’s Windows, Mac and Android ports if you want them (they are already available in most Linux distributions).

The addition here and probably the most important part is a petition where yo get to sign and send a message to Sony asking for a legitimate way of having homebrew games on the PS3. Every signature will send an email to SCEE, SCEA, SCE Australia, SCE New Zealand and Kazuo Hirai, the CEO of Sony Computer Entertainment.  This is done in the hopes that Sony will finally see the light, learn from the mistakes they’ve been doing these past few years, and finally give us a legitimate and officially supported way of developing homebrew applications for our PS3 Systems.

Sony would be stupid not to answer to that, considering that Apple complied, Microsoft complied and Google complied, and they are all generating huge revenues thanks to homebrewers, with zero investment from their part. I know that the Sony execs only understand when you talk about money, so I hope this is a good enough incentive for them. Clearly, they do not care about their customers, so I don’t think they’ll change anything only to do what is right.

The SGT Puzzles game includes 33 puzzles, which are excellent for the most part. My favorite is and always will be Pattern, as I’ve spent countless hours playing it. I’ve recently also discovered Rectangles and Net which are also very good (in higher difficulties). I suggest you give those puzzles a try. Above all, I hope everyone can enjoy these games.

This all started about 2 months ago when I found a copy of Pattern on my PC and started playing it again. I tweeted about it and asked if someone wanted to port it to the PS3. Clement Bouvet (@TeToNN) quickly made a proof of concept using cairo. That got me excited and I decided to help him. We ended up writing a PS3 application over Simon Tatham’s Portable Puzzle Collection which, I must say, is very well written and made porting it to the PS3 very easy. It took maybe a day or two and the first game was playable on the PS3. At that point, I discovered the Cairo Drawing API which I loved and and I decided to invest myself entirely in this. It took 3 more weeks of hard work to get the whole system working (choose your puzzle game, change difficulty (Select) and writing the whole menu system for the game). I’ve received various help, Surenix made the designs for the menu graphics and buttons, and BeGamer helped design the HHC website.

The game still lacks a few things, and I will continue to work on it and improve it so everyone can enjoy a quality homebrew game, that, I hope, will make the anti-homebrew purists jealous.

The funny thing is that since day one, the source code for this game was available on my github account, but no one noticed it. Only a few people who accidently ended up on my github page found it, but no news website author found it or reported on it. I’m glad, because it allowed me to make this happen the way I wanted it to and launch this HHC initiative when it became ready. I’d like to ask the various websites out there not to link directly to the games (even if you are allowed to) and instead link to humblehomebrew.com so people can sign the petition while downloading.

Most of the code is licensed under the MIT license. Parts of the code (the cairo menu system) is licensed under the LGPL license and I plan on extracting that into its own library for other developers to use in their applications.

The website took about 3 weeks to code. I learned two valuable lessons.. first, HTML coding is crap… secondly, it’s much more complicated than it looks. I hope people will appreciate this effort and I hope the Humble Homebrew Collection will make a difference.

In the future, I hope to enhance it by adding new homebrew games whenever I find something of quality, and keep the website and this whole initiative going for a long time, for as long as necessary.

 

So.. go ahead, download the games, sign the petition, maybe donate if you’re feeling generous, and most importantly, have fun!

Thank you!

 

PS3: First ‘Custom Firmware’ now working!

Update: I’ve now fixed the issue about the missing game data icons. PS3-Hacks.com has a nice step-by-step tutorials and they posted the PUP files.

Update 2: DO NOT try to install this from the service mode, it might brick your console, install it normally from the normal menu or the recovery menu.

Great news!

Thanks to the tools made by the fail0verflow team (and thanks to sven in particular for his work on the pkg/unpkg tools), the first “Custom Firmware” is now available for the PS3!

I see a lot of questions coming up really fast on my Twitter account, so here are the basic things you need to know :

Because of legal/copyright issues, I will not provide the custom firmware to anyone, however, I’ve made available all the tools necessary to transform an Official firmware update, into a custom one, just grab my ps3utils repository from github, compile, then run :

./create_cfw.sh PS3UPDATE.PUP CFW.PUP

This will take the official firmware, unpack it, modify it, then repack it correctly (requires you to install ps3tools).

This should work on Linux and Mac for now, but I’m sure others will do it for the masses and illegally release those files somewhere.

The advantage here is that you can do it for any firmware, if you want to keep version 3.41, then give it the 3.41 update, if you are on 3.55 already and can’t downgrade, then run the script on the official 3.55 firmware and it will create a modified 3.55 firmware.

You can put the file in a USB drive under the filename “PS3/UPDATE/PS3UPDAT.PUP” and then go to system update in the XMB, and it will allow you to install the update (even if you’re already on 3.55).

People are asking what are the features of this firmware, it’s simple, all it does is to add those “Install Package Files” options to the Game section of the XMB. It doesn’t do anything else!

This firmware will not allow you to run the currently available homebrew application. Once the homebrew developers re-package their files in a ‘retail’ .pkg format with signed executable, then it will work (this should be coming soon thanks to the work of the fail0verflow team).

Since the kernel is left unmodified, this means that this custom firmware is really meant for future homebrew installation, and it will not allow piracy. I plan on keeping it that way.

This is just the first attempt at custom firmware, and it only contains a minor modification to allow you to install pkg files directly, eventually we’ll get some more options added to it in the future. This is just starting to get interesting!

p.s: Thanks to everyone who helped make this possible!

Enjoy! 🙂
KaKaRoTo

PSFreedom now supports firmware 3.01, 3.10 and 3.15

Hi,

I’ve got some great news for those of you who have not updated your PS3 firmware! I have just succeeded in adding Firmware 3.01 support into PSFreedom. I’ve pushed the latest code to github and you can now download the source and compile PSFreedom for 3.01.
For now, you will need to edit config.h and change the FIRMWARE_3_41 into FIRMWARE_3_01, then recompile. However, I will soon add support for dynamically choosing the target firmware version by simply doing a :
echo 3.01 > /proc/psfreedom/fw_version

I will soon add support for firmware 3.10 and 3.15, so be patient, and you will be rewarded. I would like to thank Klutsh as well as Philippe Hug who helped me achieve this port to 3.01.
The new payload changes are available in the PL3 github and any project/port that is also using PL3 should automatically gain support for the 3.01 firmware.
You will also be able to enjoy some new ‘tools’ in PL3 that will allow you to dump the LV2 kernel as well as the decrypted ELF files of the XMB and other configuration files it uses. The ethernet dumping is also now compatible with PS3 Slim models.

Update:
Philhug and I have worked together recently to make PL3 compatible with 3.15, and it is now done, working and ready for you to use. I have just pushed the latest changes to github, so just update both PSFreedom and PL3, and define FIRMWARE_3_15 in PSFreedom’s config.h and recompile. You will then be able to enjoy your unrestricted PS3 on 3.15 firmwares. Enjoy!

Update 2:
I have just added support for firmware 3.10 to PL3. You can get it by upgrading to the latest git version of PL3. There are however some changes in there that might break PSFreedom, so wait until I update PSFreedom tomorrow to be compatible with the latest PL3 changes!
I have also added a HOWTO file that explains the steps required to port PSFreedom to an exploitable firmware. Enjoy

I would like to thank, again, those who have donated. For the others, you can still donate, if you appreciate the work I’ve done.

Enjoy!
KaKaRoTo

PS3: Introducing PL3 and 3.01 firmware news

Hi,

I’ll announce two things, first, let’s talk about PL3.. PL3 is a new project I started in order to have a common repository of payloads that can be used by any ‘jailbreak’  implementation. I got tired of copying payloads from PSGroove, and I had some nice changes in mine that I thought the PSGroove project could benefit from, so I thought I’d create a single repository that both projects, PSFreedom and PSGroove (or any other similar projects) could use.

You can find it in github, so don’t hesitate to submodule it and use it.

Second important news… I’ve bought a new PS3 just for homebrew. Thanks to all who donated money so I can buy it (I didn’t get enough donations to pay for it, but enough to help me). I bought this PS3 used and it came with firmware 3.01! This is good and bad news : I can’t use PSFreedom to jailbreak it, so i’ve put on hold any improvements for it, however, it will allow me to actually port PSFreedom to older firmwares! My plan is to get the jailbreak working on 3.01, then move on to 3.10 and 3.15 (depending on how hard it is, i might skip 3.10).

Another good news is that after 4 days of  work, I was finally able to dump the LV2 memory from the 3.01 firmware, and now all that remains is to find the right offsets to patch, and port PSFreedom to 3.01, so all those who are still using this firmware version, you will soon be able to jailbreak it! Once I’m done with that, I’ll try to do the same with the 3.10/3.15 firmware versions!

To dump LV2, I used a trick and algorithms found by marcan42, so big thanks goes to him, as well as many other people who helped me out, RichDevX and Aaron in particular. I used RichDevX’s idea of ignoring the JIG and bruteforcing the address in which the port1 descriptor gets stored until I get a hit, then use that payload to dump lv2, then find the right JIG offset for that particular firmware from the dump. Marcan’s trick was to send the data through the ethernet cable by using LV1 only hypercalls, and it worked!

Now the latest git version of PL3 has a new ‘dump_lv2’ payload which you can use, it is firmware independent, and only uses LV1 hypercalls, so it should just work… It will dump all the lv2 memory through ethernet, so fire up wireshark, save the dump to a .pcap file, and use the tool in PL3/tools to extract the memory dump from the .pcap file.

In other news, I will soon upload to Ps3utils an .idc script that will search and find the syscall table, and correctly resolve all of its functions and name them properly.. maybe even have it automatically find all functions of a dump in order to save time creating procs in IDA. I’ll let you know once I’m done with it.

KaKaRoTo

PS3: Registry viewer and PDB generator

Hi all,

Here’s a quick post to share these small tools I wrote.

First, there’s  a .pdb file generator, it’s useful to install demos, I wrote this 6 days ago, but didn’t want to release it, I didn’t want people to use it to pirate PSN games, but it turns out it only works for demos… Even if it installs full retail games, they won’t run because you still need a license to run them. Also, two other people released similar tools (but much better, with more customization, good UIs, etc..) so I don’t need to keep this to myself anymore!

Second is a registry viewer! The /dev_flash2/etc/xRegistry.sys file contains a lot of interesting stuff, mostly your user settings, but it also contains some settings that you cannot change through the XMB (like QAMode or debugSoftwareUpdate, etc..). The file format is quite weird, SKFU attempted to reverse engineer it but didn’t really succeed, but thanks to Matsy who figured out how to link the keys with their values, I was able to understand the file format (most of it anyways) and write this app.  It’s just a crappy tcl/tk script that I wrote real quick! I’m really bad at UIs so I thought I’d put a quick and dirty tcl/tk script to build the UI for it.. it’s not much, it doesn’t allow you to change values, so don’t pay it much attention. Matsy is working on building a QT application to allow you to view and edit the registry values, so be patient, in the meantime, you can use this simple viewer to check out the contents of the file!

You can grab these tools (and possibly other stuff I might write in the future) from my new git repository at : http://github.com/kakaroto/ps3utils. They are both released under the GPL license.

On a side note, I just upgraded to firmware 3.42, so I’ll be taking a bit less active from the ps3 hacking scene for a little while, until I get enough money to buy a new (used actually) PS3. I also want to thank everyone who donated so far, so… thank you 🙂

KaKaRoTo