I've been thinking with my think muscle.

[witchy]

The new PS3 hack, if reports are to be believed then it's an ATmega running software which emulates a 6 port usb hub, and each hub has an emulated usb stick with various bits of software on them.

Since they have reverse engineered it, that would mean they have access to the emulated software within the virtual usb sticks?!

What's to stop us from getting these individual dumps (if available), grabbing a 6 port USB hub, inserting a usb stick into each slot each containing a different part of the hack?

AFAIK a jig emu does it's stuff first then it hands off control to software on one of the emulated usb slots, if this can be done virtually then surely it can be done in reality too?

Possible problem with speed though, would a usb hub respond fast enough for the preceise millisecond timings?

 

[neorage]

hmmm sounds a possibiliy.

if reports are to be believed then it's an ATmega running software

could put a use to the old atmega cards i got in the draw loool

 

[witchy]

I've just had another thought.

The ATmega will control the order of which usb port to initiate and execute the software, a hub wouldn't have this control.

Unless the jig software in the inititial emulated usb port could take control and instruct each other port?

Maybe a modified usb hub with a controller?

I'll shut up now, I'm drunk and talking shite.

:Cheers:

 

[hackmax]

hmmm sounds a possibiliy.



could put a use to the old atmega cards i got in the draw loool

Afraid not ... those are ATmega163's with no USB emulation and wrong pinout.

I would guess it's a variation of Atmega128/256 with USB

 

[hackmax]

I think you are mis understanding it.

It's one chip that reports to the PS3 that it's a 6-port hub - in affect it's lies to the PS3.

This one chip emulates connections/disconnections and emulates the data sent/received. So it's more like emulating the affect of 6 devices and not actually emulating 6 devices. Think of it as a person doing 6 different impressions. In essence it's all 'faked'.

The key here is how the PS3 responds to the connections/disconnection & processing of the data sent (such as device ID)

The chip almost certianly has been dumped if clones are appearing, but most of the 'public' analysis has probably been obtained just by sniffing the coms between the device and the PS3.

The new PS3 hack, if reports are to be believed then it's an ATmega running software which emulates a 6 port usb hub, and each hub has an emulated usb stick with various bits of software on them.

Since they have reverse engineered it, that would mean they have access to the emulated software within the virtual usb sticks?!

What's to stop us from getting these individual dumps (if available), grabbing a 6 port USB hub, inserting a usb stick into each slot each containing a different part of the hack?

AFAIK a jig emu does it's stuff first then it hands off control to software on one of the emulated usb slots, if this can be done virtually then surely it can be done in reality too?

Possible problem with speed though, would a usb hub respond fast enough for the preceise millisecond timings?

 

[witchy]

Think of it as a person doing 6 different impressions. In essence it's all 'faked'.

Yes but why can't we use 6 different people instead of getting 1 guy to do all the impersonations?

I'm talking about looking at each individual step of the hack and making it real as opposed to emulated.

It was just a thought conjured up in my drunken mind.

 

[hackmax]

Yes but why can't we use 6 different people instead of getting 1 guy to do all the impersonations?

I'm talking about looking at each individual step of the hack and making it real as opposed to emulated.

It was just a thought conjured up in my drunken mind.

But you can't - because in some cases it's not the contents of the device thats the issue ... it's the protocol.

For example on flash drives you can't change the device name ... part of this exploit is a device name that is malformed (to cause some overflow) so it's the malformed device name that is important. You won't be able to make this real as you can't make a physical USB device that violates the USB specification - not unless you actually manufactured the device.

And btw, some of the timing of this happens very fast ... in milliseconds ... I think even if you did manage this your wrist would be well worn out ... meaning no masterbating for you (unless Audball offered to lend a hand...)

 

[witchy]

Couldn't a controller be built to spoof the Device ID? But then if we are going to start building hardware specifically for the purpose of spoofing ID's etc then that defeats the whole purpose of my idea, lol

I know about the timing issues, I think i mentioned that in my first post.

oh well, I'll leave it to the experts in China or Japan or wherever the fook they are.

 

[Spectre]

USB protocol analyser?

You need to recreate what its doing, not what's on it.

 

[neorage]

Afraid not ... those are ATmega163's with no USB emulation and wrong pinout.

I would guess it's a variation of Atmega128/256 with USB

the atmega refrence was a joke hence the looool

but its good to see witchy coming up with an idea that sounds plausable.. but in reality very difficult to do..

not seen much in giving on the forum all "want this want this"

so kudos to you witchy. and thanks again as usual haxmax for you insite...

now im off to do more research see what i can find out

 

[deedie]

i have seen mentioned on a few sites, that it might be possible to emulate this dongle with a custom app on hacked psp.

 

[hackmax]

i have seen mentioned on a few sites, that it might be possible to emulate this dongle with a custom app on hacked psp.

Well I could see the funny side to that I suppose