PSGroove tutorial

From EurAsiaWiki

Jump to: navigation, search

Source: http://ps3wiki.lan.st/index.php/PSGroove
Backup stuff added by modrobert, patch by CJPC


PSGroove is an open source program for executing the 'PSJailbreak' exploit, and injecting unsigned code into the lv2 gameos kernel during the PS3 boot process.

Contents

Supported Hardware

  • AT90USB162
  • AT90USB646
  • AT90USB647
  • AT90USB1286
  • AT90USB1287
  • ATMEGA32U4

... and maybe more


Compiling

Linux

Prerequisites

avr-gcc

Under Gentoo:

emerge -av portage-utils crossdev
USE="-openmp" crossdev -t avr --without-headers

dfu-programmer (for installing)

Download here: http://sourceforge.net/projects/dfu-programmer/files/

Cloning the repository

The repository uses the LUFA library as a submodule. To clone, use something like:

git clone git://github.com/psgroove/psgroove.git
cd psgroove
git submodule init
git submodule update

Configuring

Chip and board selection can usually be handled in the Makefile. In particular, update the MCU, BOARD, and F_CPU lines. Suggested values:

Teensy 1.0:

  • MCU = at90usb162
  • BOARD = TEENSY
  • F_CLOCK = 16000000

Teensy++ 1.0:

  • MCU = at90usb646
  • BOARD = TEENSY
  • F_CLOCK = 16000000

Teensy 2.0:

  • MCU = atmega32u4
  • BOARD = TEENSY
  • F_CLOCK = 16000000

Teensy++ 2.0:

  • MCU = at90usb1286
  • BOARD = TEENSY
  • F_CLOCK = 16000000

AT90USBKEY / AT90USBKEY2:

  • MCU = at90usb1287
  • BOARD = USBKEY
  • F_CLOCK = 8000000

AVROpendous v1.1:

  • MCU = at90usb162
  • BOARD = USER (need to manually attribute LED pins in Board/LEDs.h)
  • F_CLOCK = 8000000

Building

On Linux, use the AVR GCC toolchain (Debian/Ubuntu package: gcc-avr).

make clean
make

Programming

Now program psgroove.hex into your board and you're ready to go. For the AT90USBKEY and other chips with a DFU bootloader preinstalled, you can get the dfu-programmer tool, put your board in programming mode, and run

make dfu

For the Teensy boards, you probably have to use the [Teensy Loader](http://www.pjrc.com/teensy/loader.html) software.

Windows

WinAVR should do the trick.


OSX

Once the prerequisites are installed, this is pretty much the same as the Linux process listed above.  

Prerequisites

Install the following to get started :

XCode - download from apple or install directly from an OSX DVD
MacPorts - BSD ports functionality on OSX
CrossPack AVR AVR toolchain for OSX

Open a new terminal window and enter the following:

sudo port install git-core dfu-programmer

Everything else

# get the source
git clone git://github.com/psgroove/psgroove.git
cd psgroove
git submodule init
git submodule update

# do the build
make clean
make


# put the board into programming mode
make dfu


Notes

MacPorts includes a portfile for the AVR toolchain, however, the included version of avr-gcc(4.0.2) does not support the AT90USB1287, it may be suitable for other boards.  

Haven't tested the programming part yet, still waiting for a board to arrive.

Using

To use this exploit:

  • Hard power cycle your PS3 (using the switch in back, or unplug it)
  • Plug the dongle into your PS3.
  • Press the PS3 power button, followed quickly by the eject button.

After a few seconds, the first LED on your dongle should light up. After about 5 seconds, the second LED will light up (or the LED will just go off, if you only have one). This means the exploit worked! You can see the new "Install Package Files" menu option in the game menu.


Board-specific notes

Teensy boards only have one LED, so it will turn off when the exploit succeeds rather than turn green. Older Teensy 1.0 boards also have the polarity inverted. In general, a LED should do something when the board is powered, and do something different when the exploit works.

Links

Github Page


Backups

In order to load backups using PSGroove on the PS3 the source code needs a little patch as follows.

  • Edit the contents of the file descriptor.h (among the PSGroove source files)
  • Find the byte segment below and replace accordingly.

Find this:

0x78, 0x78, 0x78,  
0x78

Replace with:

0x62, 0x64, 0x76,   
0x64


If you prefer 'diff' output, here it is:

139,140c139,140
<       0x6f, 0x6f, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2f, 0x64, 0x65, 0x76,
0x5f, 0x78, 0x78, 0x78,
<       0x78, 0x00, 0x6d, 0x6f, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
---
>       0x6f, 0x6f, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2f, 0x64, 0x65, 0x76,
0x5f, 0x62, 0x64, 0x76,
>       0x64, 0x00, 0x6d, 0x6f, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
Personal tools