Flukes1 Going To Port PL3 Payload To 3.55 Firmware

[DeadlyAnGeL91792]

Reading the chat logs yesterday, i noticed that someone working his *** of to incorporate PL3 payload into the 3.55 firmware (CFW) which eventually permanently patching it into lv2. I don’t know how exactly the PS3 security system works but it does brings music into my ears especially the imagination of backup manager in my minds.

The question is why PL3? Unlike Hermes, KaKaRoTo does a great job making his payload open to all by putting his work in the social coding platform, Github. We had an argument long ago about Hermes reluctantly not sharing his source code for his Hermes payload work.

Flukes1 has a quite of reputation to behold in the iPhone Jailbreaking scene, having his name off an iPhone app, Wi-Fi Sync that sells reached 20,000 worlwide in Cydia. Impressive really. Well, it’s not about numbers now but of how his ability can be put to test in the PS3 console. Let’s just hope he got his excellent finish to his PL3 work so i can taste backuping my PS3 game on 3.55 console.

IRC chat:

QUOTE< +flukes1> anyone know where the syscall table is in 3.55 lv2
< +flukes1> again, anyone got the TOC location in lv2_kernel.elf yet?
< +flukes1> im trying to find the TOC in lv2_kernel.elf
< +flukes1> found the syscall table
< +flukes1> but cant find the toc
< +flukes1> im working on incorporating the jailbreak payload into the lv2_kernel self and other files
< +flukes1> for 3.55
< +sorrowuk> flukes1 : did you find what was changed in 3.42 etc to remove jailbreak ?
< +flukes1> they just fixed the usb bug
< +sorrowuk> flukes1 : can you not just put the usb bug back in there
< +flukes1> well yes but that’s stupid
< +flukes1> you’d need a usb device as before
< +flukes1> this way is better – the jailbreak is directly incorporated into the firmware update
< +sorrowuk> flukes1 : but isnt it risky cause your messing with lv2 kernel
< @Nicksasa> flukes1, did you test if the makeself’ed lv2_kernel works ? lol
< +flukes1> Nicksasa: no its not done yet
< +flukes1> sorrowuk: somewhat risky yes but it has to be done
< @Nicksasa> well if you’re doing the same patches as a payload … but there’s always a chance that something fails
< +flukes1> all of the changes im making have been done on many other lv2 kernels
< +flukes1> this will take me a while
< +flukes1> im about 50% done
< +flukes1> homebrew can be signed extremely easily now though
< +flukes1> im nearly done
< +FoG> I’ll watch as you brick your PS3 flukes1
< +flukes1> FoG: not likely
< +flukes1> i’m basically taking the payload which we know works
< +flukes1> and permanently patching it into lv2
< +sorrowuk> flukes1 : but are you doing it for 3.55 ?
< +flukes1> yes
< +flukes1> 3.55
< +flukes1> nobody can run this until we have confirmation that lv2 signing works
< +flukes1> decibell: i am stuck on the last patch
< +flukes1> that dcc exploits a ‘protection’ feature in some routers
< +flukes1> netgear i think
< +flukes1> sven: you may not know this, but would the TOC be missing from an elf
< +flukes1> I’m not sure but its something to do with the syscall table
< @sven> no idea
< +flukes1> ok
< +flukes1> is anyone able to extract lv2_kernel.self from firmware 3.40 and upload it somewhere
< +flukes1> it doesnt just execute the self
< +flukes1> it will keep booting from it
< +flukes1> ive already ported everything
< +flukes1> each patch can be disabled/enabled
< +flukes1> I now have everything I need to compile the PL3 payload for 3.55
< +flukes1> next step is to add the payload as a section on lv2_kernel and write a jump into it somewhere
< +flukes1> so still some stuff to do
< +flukes1> i’ve had 5 or 6 people offer to test it though
< +flukes1> and i won’t release it to them until i’m pretty sure about it
< +vidarino> flukes1: wouldn’t it be easier to just add peek/poke to the kernel, and let an app do the rest of the job?
< +flukes1> vidarino: technically its probably better to use a previously tested payload
< +flukes1> without making changes to it
< +vidarino> flukes1: the peek’n'poke code alone is tiny enough to be hexedited into place. :]
< +flukes1> vidarino: i know but I wanted to make something more complete
< +flukes1> it’s possible, so why not
< +flukes1> hmm, just one hash left to find, but it’s not showing itself
< +flukes1> i may have a problem though, the PL3 payload uses hashes of 4 different elf/prx files
< +flukes1> to patch them
< +flukes1> hey math, do you know anything about how PL3 does its elf hashing

Source: http://dukio.com/flukes1-port-pl3-payload-355-firmware.html

Between this and geohots firmware we should have a full blown cfw with homebrew and backup support.

 

[notmeanymore]

Sounds like an awesome IRC to lurk in. Wonder where it is...

 

[DeadlyAnGeL91792]

agreed i really would like to know...wish they would post it.

 

[chrisrlink]

might be a noobish question but I thought with the keys we xcould sign our own and i thought pl3 was for jailbreaking not required anymore cause we have them (the Keys)

 

[Joe88]

might be a noobish question but I thought with the keys we xcould sign our own and i thought pl3 was for jailbreaking not required anymore cause we have them (the Keys)

the keys do nothing because the game are already signed

running them from the XMB from a back up manager is a different story

now its where it gets interesting because when connected to PSN it should be able to see the firmware isnt a 1 to 1 match to a regular 3.55, they talk about about hexediting it into the firmware
effectively this means it could ban the system

 

[drewmerc]

not really hard to find out were they are http://searchirc.com/whois/sven

freenode
Nick:
sven ([email protected])
Realname:
sven
Channels:
?
Server:
zelazny.freenode.net

 

[chrisrlink]

-looks for a used Ps3 to hack since the one he has is his dads-

 

[abel009]

will it b possible to make a hack where u can listen to music while u play games? cause i know some ps3 game alow u to do that but most wont.

 

[Heran Bago]

will it b possible to make a hack where u can listen to music while u play games? cause i know some ps3 game alow u to do that but most wont.

No, not this.

 

[SifJar]

will it b possible to make a hack where u can listen to music while u play games? cause i know some ps3 game alow u to do that but most wont.

No, not this.

What on earth makes you say that? Please backup your claims.

 

[Heran Bago]

will it b possible to make a hack where u can listen to music while u play games? cause i know some ps3 game alow u to do that but most wont.

No, not this.

What on earth makes you say that? Please backup your claims.

It is up to game developers to decide if they want to add that feature, it is not universally supported like on the 360. This support would have to be hacked into games missing it. The PL3 features in 3.55 would not assist people in doing this any more than current Jailbreak technology.

 

[SifJar]

will it b possible to make a hack where u can listen to music while u play games? cause i know some ps3 game alow u to do that but most wont.

No, not this.

What on earth makes you say that? Please backup your claims.

It is up to game developers to decide if they want to add that feature, it is not universally supported like on the 360. This support would have to be hacked into games missing it. The PL3 features in 3.55 would not assist people in doing this any more than current Jailbreak technology.

Doesn't mean it isn't possible. On PSP in game music isn't supported officially at all, but there is a PRX plugin which enables it. (Several in fact I believe). I don't think it is beyond the realms of possibility that a SPRX could be developed to do this (by my understanding, SPRXs are basically the PS3 equivalent of PRXs).

 

[Rydian]

I can confirm, PRXs (plugins) on the PSP can add much more functionality to the system, and SRPXs are said by a PS3 hacker to be tweaked PRXs.