USB-Based PSFreedom PS3 Exploit Now Adapted To Palm Pre, Dingoo

by Mike Bendel September 4, 2010 @ 6:06 pm

Update: A lesser-known portable gaming and multimedia device, known as the Dingoo, has also received the porting treatment courtesy of Wii hacking guru Waninkoko.

Huzzah! Now the Palm Pre can be used to hack the PS3, too. Developer blake_zero over at PSX-Scene has released an adaptation of KaKaRoTo’s USB hub-emulating PSFreedom exploit, which takes advantage of the same heap overflow vulnerability inĀ PSGroove, the initial open-source implementation of PS Jailbreak’s jigkick wonder. Currently, only source code is available.

The Palm Pre joins the N900 along with several USB microcontrollers in the list of devices that can be used to unlock debug mode on Sony’s console, allowing for the execution of unsigned (homebrew) code.

Until a compiled build surfaces, those with a bit of Linux know-how can compile the code themselves by following blake_zero’s instructions below. Who wants to take a bet on when this will hit the iPhone and Android-based devices? Can’t be long now.

What you need:

1. The kernel package for the Palm Pre (linuxkernel-2.6.24.tgz) and palm patches (linuxkernel-2.6.24-patch(pre).gz) that you can find on Open Source Packages.
2. ARM toolchain for your the platform I use IA32 Linux toolchain, 2009q1 release
3. Compiled psfeedom module from the modified PSFreedom source
4. Root access to your Palm Pre, it could be by ssh or Terminal app on phone

Setting the ARM toolchain

1. Extract the file:
Code:
tar xjvf arm-2009q1-203-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2
2. Move the extracted folder where you like it to be:
Code:
mv arm-2009q1 /usr/local/arm
3. Set some environment variables so cross-compilation works. Create a new file named setup-env and paste this
Code:
export PRETOOL_DIR=”/usr/local/arm”
(echo “$PATH” | grep -q “${PRETOOL_DIR}”) || export PATH=”${PRETOOL_DIR}/bin:${PATH}”
export STRIP=”arm-none-linux-gnueabi-strip”
export LD=”arm-none-linux-gnueabi-ld”
export CC=”arm-none-linux-gnueabi-gcc -march=armv4t -mtune=arm920t”
export CPPFLAGS=”-isystem${PRETOOL_DIR}/arm/arm-none-linux-gnueabi/include”
export RANLIB=”arm-none-linux-gnueabi-ranlib”
export CXX=”arm-none-linux-gnueabi-g++ -march=armv4t -mtune=arm920t”
export OBJCOPY=”arm-none-linux-gnueabi-objcopy”
export PKG_CONFIG_PATH=”${PRETOOL_DIR}/usr/local/lib/pkgconfig”
export PKG_CONFIG_SYSROOT_DIR=”${PRETOOL_DIR}/arm/arm-none-linux-gnueabi”
#export LDFLAGS=”-L${PRETOOL_DIR}/usr/local/lib -Wl,-rpath-link,${PRETOOL_DIR}/arm/arm-none-linux-gnueabi/lib -Wl,-O1″
export CCLD=”arm-none-linux-gnueabi-gcc -march=armv4t -mtune=arm920t”
export MAKE=”make”
export CFLAGS=”-isystem${PRETOOL_DIR}/usr/local/include -fexpensive-optimizations -fomit-frame-pointer -frename-registers -Os”
export CXXFLAGS=”-isystem${PRETOOL_DIR}/arm/arm-none-linux-gnueabi/include -fexpensive-optimizations -fomit-frame-pointer -frename-registers -Os -fpermissive -fvisibility-inlines-hidden”
export F77=”arm-none-linux-gnueabi-g77 -march=armv4t -mtune=arm920t”
export AS=”arm-none-linux-gnueabi-as”
export AR=”arm-none-linux-gnueabi-ar”
export CPP=”arm-none-linux-gnueabi-gcc -E”
export OBJDUMP=”arm-none-linux-gnueabi-objdump”
export CONFIG_SITE=”${PRETOOL_DIR}/arm/site-config”
you need to set PRETOOL_DIR to where you move the extracted folder. Finally Source the variables (use the path where you saved setup-env):
Code:
. /usr/local/pre/setup-env
Extract and compile Pre Kernel

1. Extract the kernel:
Code:
tar xvzf linuxkernel-2.6.24.tgz
2. Extract palm modifications:
Code:
gunzip linux-2.6.24-patch.gz
3. Change to kernel directory:
Code:
cd linux-2.6.24
4. Apply patch:
Code:
patch -p1 < ../linux-2.6.24-patch
5. Copy configuration for the Pre:
Code:
cp arch/arm/configs/omap_sirloin_3430_defconfig .config
6.Compile the kernel:
Code:
make
(this will take a while)

Compile modified PSFreedom source

1. Extract the files:
Code:
tar xvzf PSFreedom-for-PalmPre.tar.gz
2. Change to folder:
Code:
cd PSFreedom-for-PalmPre
3. Compile PSFreedom:
Code:
make
Copy and install psfreedom.ko module to Palm Pre

1. Connect your Palm pre to PC on drive mode and copy psfreedom.ko to it
2. ssh to your pre (or open terminal app) and insmod the module:
Code:
insmod /media/internal/psfreedom.ko
Now you should be ready to go

1. Turn completely off your PS3 with firmware 3.41
2. Connect your Palm Pre to the usb of PS3
3. Turn on your PS3 followed by rapidly pressing eject
4. Wait for your PS3 to reboot
5. Enjoy

After using your PalmPre for this exploit you should make a complete device restart to restore usb functions.

Special Thanks to kakaroto for creating PSFreedom, I simply made some small modifications to make it compile for the Palm Pre since it runs linux and also use musb

Intructions for cross-compilation taken from WebOS Internals Custom Kernels instructions
http://www.webos-internals.org/wiki/Custom_Kernels

PSFreedom for the N900modified to work on Palm Pre [PSX-Scene]

PSFreedom Dingoo [TeknoConsolas]

Follow this author on .