Our Interview Series is a full success. Not only can you get an in-depth look behind all the great projects each of those developer's have worked on in the past and their plans into the future, but also that you can get a useful overview with all important Homebrew Releases made by the developer's which will help you if you want to get the "Full Experience" from your hacked Console's and devices. For instance, we learned in our last Interview with developer @aldostools that he created the "Tools Collection" for the PS3, which contains OVER 50+ TOOLS! But while we had interviewed candidates before, who developed their projects after a Hack/Exploit was released, we thought about introducing you to another side of development, namely those, who make it possible for those previously mentioned developers to create their Homebrew running on your hacked devices. And since this mentioned "Tools Collection" contains mainly Tools for your hacked PS3, it would be only fair to give you an in-depth look with one of the developers of the PS3Xploit-Team, who helped reanimating you and your PS3 with all those great projects. This developer work includes participation in projects like the Flash Writer's that provide the ability for CFW Installation, then "PS3HEN" which brought Homebrew Support for "nonCFW Models" and also the variety of tools and dumpers released from the PS3Xploit-Team. So, without further waiting, our Guest Today is no other than Developer and long-time Community Member - @esc0rtd3w!
Volume 04: "Interview with esc0rtd3w"
More about Today's Guest: "esc0rtd3w"
Other Interviews in our "The Power Supply"-Series
-
Hello @esc0rtd3w, and welcome to our new "The Power Supply"-Series, where we like to introduce an inside look from the Developers to our audience with an Interview.
Right at the beginning, I have to admit that everyone should already know that you are one of the masterminds behind "PS3Xploit". But for those people who don't, would you like to introduce it to the readers? What makes it so special compared to other Hacks and Exploits for the PlayStation 3?
The "PS3Xploit" project is a collaborative effort from a great group of people, including W, [U]@bguerville[/U], [U]@habib[/U], and myself. I always feel it's appropriate to also include [U]@Joonie[/U] as our "(un)official" team member.
The software exploitation side of the PS3 kind of just fell into place magically. Before the PS3, I never really had much experience with "WebKit" bugs, but I was pretty familiar with the "PS3 Debugger". I remember playing around with some samples from the SDK and was surprised when testing a default web download sample, the browser crashed! At the time I did not understand that the PS3 uses two different rendering engines, those being "Silk" and "WebKit". I later found out that the same sample does work in Silk, but crashes WebKit.
I posted in a thread on PSX-Place some screenshots of my findings, unaware that bguerville had also been playing with some browser stuff. The thread was made private after several more posts were made about the different crashing scenarios.
Fast forward a few weeks and another dev, W, had helped [to] get an older PoC made by [U]@xerpi[/U], working on newest Firmware, that allowed leaking of values in "Userland Memory". He did not have a PS3 [with an] Custom Firmware, only a Super Slim, so could not use the Debugger. He connected to my computer and helped debug on my Slim [PS3], running "REBUG DREX [Custom Firmware]". After getting it working on 4.81, this was posted to [the] private forum and shortly after, we (W, bguerville, and myself) started chatting and working on finding out more information about how to move forward with exploiting the browser.
After testing hundreds of known WebKit and Safari vulnerabilities (for redundancy), and several months of work getting the JS in order, we had a working PoC. Utilizing two vulnerabilities, the Userland Memory leak by xerpi and a "parseFloat Bug" (not really sure where this bug originated, but I have seen references to mj and Luke Wagner from an Android based exploit) that allowed us, with some very clever ideas, to get a "ROP Chain" executing a "System Call". First step done lol!
We continued working together getting a solid working exploit chain that would do something useful, like dumping "IDPS". We quickly realized that we had some limitations, but were also fortunate in a way because the browser runs as root!
The dumping and patching ROS to allow installing a CFW was originally bguerville's idea, and a great one! We were wondering how newer hardware (late Slim / Super Slim) would handle this, but after realizing even using a hardware flasher on these models was possible to patch, it would of course not boot after, due to the different "metldr". This would eventually evolve into "HAN" (and later in the future, "HEN") for supporting some sort of modifications to these consoles, with the help of our soon to be newest team member Habib, and resident unofficial team member Joonie.
Due to some complications before release, mainly a personal account being hacked and early versions of IDPS dumper surfacing, we decided to release the IDPS dumper in its working form shortly after, to the public.
Now during this whole time, bguerville had been working on the ROP Chain for the "Flash Dumper" and "Writer". The Dumper was near completion, but the Writer, due to its more complex nature, was taking a bit longer. This is when Habib joined the team. He is of course very familiar with the PS3 system internals, and helped us get the writer finished in record time! We released version 1 of all 3 tools, the IDPS dumper now using same base as Flash Dumper.
Now that these original tools were public, we started working on cleaning up the code base. bguerville is our JS ninja and with the help from the rest of the team, with debugging, ideas, and testing, we shortly after released version 2 of the IDPS Dumper, Flash Dumper and Writer. These were now using a better JS framework instead of pure unescaped hex, and the offset search in browser was much better.
I think what makes this so special is that these bugs have basically always existed since Sony first started using WebKit on v4.10 Firmware, but since the 3.55 fiasco had all of their attention, as well as the attention from most of the hacking community, for CFW and related things, Sony just never thought about updating WebKit on the PS3, even though its cousin, the PlayStation Vita, share many of the same bugs.
When we get deep into the technical details of "PS3Xploit", then we should admit that using a "Kernel and/or Web Exploit" as a loophole wasn't the first time we saw this method running on a PlayStation Console. Tell us what was the attention of you and the others tinkering with such a method on the PS3. Was it because of the success you saw on both the PlayStation 4 and the PlayStation Vita? Or are they using complete different Exploits and we can't compare "apples to oranges"?
The last months showed us that you are also involved in all these wonderful releases behind "PS3HEN", which many people suprised that not only you can now run Homebrew on newer System Firmwares, but also the fact that there was - and is - still such a huge interest in the Development for the PS3. Did this huge interest suprised you as well and if so, why do you think that there is still such a great demand for Homebrew running on the PS3 - especially when we compare this to the poor Releases we got for the PS4?
Before "PS3Xploit" got released, we didn't saw any new Hacks or Exploits for the PS3 by nearly 7 years since the most famous System Firmware 3.55 got hacked. But what's more interesting, it seems that Sony isn't such interested anymore in fixing those loopholes like they did in the past or when we compare this to other consoles from the PlayStation family nowadays. In fact, we saw that Sony is even fixing loopholes from the PS4 Blu-ray Drive, which wouldn't lead into any Piracy anyway, as we learned by the great talk from oct0xor back at 36C3. What do you think why Sony is reacting like described? Is it just because the PS4 is now their main top seller on the market? Or does Sony lacks in manpower because of the complexity of the PS3 architecture and no one knows anymore how to fix your Exploits properly?
With such many projects you had in your mind, people will be happy to read how you get into the scene? Maybe you can tell us about your very first project you worked for. Was it even developed for the PS3 or for another console?
Speaking about other consoles, is there any other interesting console you work for currently or any other project, which has been already released?
What's your opinion about other consoles and its communities in general, like the Nintendo Switch for instance. The PlayStation 5 is also not far away from a release. Tell us about your favourite consoles you liked to both work and to play for. And how about your favourite games you liked to play? Any retro consoles/games you enjoyed in the past as well?
I think the people would like to come to know better the guy behind all this work you did for this scene. What are you doing when you don't play video games or when you don't tinker with all the consoles you mentioned before? Any interesting hobbies or other interests you like to share?
Since you are also a member of the PSX-Place-Community, our readers would probably like to know, what has drawn you to join us?
In our new interview series, we would like to make these interviews also a little bit helpful to the readers, especially for those who wants to develop something for the very first time from ground up. Where do you suggest someone to start with? Do you have any tips for those new inspiring developers?
I would probably call myself a Hacker 1st, Developer 2nd lol. The way I usually learn is, some may say... in reverse! I like to reverse-engineer things and see how they work, then figure out how to make it do what I want. As far as development, I love low level stuff. Learning assembly and having basic "C" knowledge is always helpful. I also love scripting, and for beginners, this is where I would recommend starting. I started with Batch Files on Windows and Shell Scripts on Linux. "Python" is also a good language to start with to make a quick project for simple interactions. It really depends on what you want do actually use it for. There are differences in architectures, and I would say x86 is a good start, using debuggers like "ollyDBG" or "IDA". I also have recently fell in love with PowerPC.
Final Question. A few months ago, you helped me personally via Twitter on my very own PS3 (thank you for that <3). Maybe you want to share a good tip - kinda like a "Tip of the Day" - to the community to one of your projects or to the Homebrew Scene in general?
Alright, Thank you very much esc0rtd3w for attending to this Interview. It was a pleasure to come to know better to you and all your hard work you achieved for this scene! Have a great day!
-
To sum up what Releases Developer @esc0rtd3w already worked for, we would probably need another whole article to do that. Nevertheless, here is a Overview for all important Quick Links we mentioned before in our Interview:
Click here to get the newest "PS3Xploit Hybrid Flash Writer (HFW) Ver. 4.85", including the newest "IDPS & Flash Dumpers"
which will allow you to install a Custom Firmware from System Firmware 4.85!
dDeveloper @esc0rtd3w was also always a hard-working man to provide you with various "PS3Xploit Tools & Utilities", no matter if you wanted to "swap your XMB with the official ★ Debug Settings", or when you wanted to give "your XMB an fresh look with custom made background waves", for instance.
d
And for those who have a "nonCFW Slim" or a "Super Slim Model", there is of course help available as well. Click here to enjoy the latest "PS3HEN Ver. 3.0.0" to enjoy the latest Exploits on mentioned PS3 Models. And not only that. There is also a great "All-In-One Guide" for newcomers as well!
d
Thanks to @esc0rtd3w, there is a good amount of Applications mentioned in the Interview,
which will run on your PS3 without the need to be connected to the PSN Servers, called as "NoPSN Patches". -
The Power Supply (Vol. 08) - Our Guest Today: "well-known multiconsole Developer CelesteBlue123"
Click here to read our eighth Interview in our new series with well-known Developer CelesteBlue.
dThe Power Supply (Vol. 07) - Our Guest Today: "well known multi-console Developer mathieulh"
Click here to read our seventh Interview in our new series with well-known Developer mathieulh.
dThe Power Supply (Vol. 06) - Our Guest Today: "Blu-Play and BD-J Developer mr_lou"
Click here to read our sixth Interview in our new series with well-known Developer mr_lou.
dThe Power Supply (vol. 05): A chat with (PS Vita Developer) Rinnegatamante
Click here to read our fifth Interview in our new series with well-known Developer Rinnegatamante.
dThe Power Supply (vol. 03): A chat with Aldotools (developer of IRISMAN / webMAN MOD / PS3 Tools .)
Click here to read our third Interview in our new series with PSX-Place Developer [U]@aldostools[/U].
dThe Power Supply (Vol. 02) - Our Guest Today: "PS4 Developer @m0rph3us1987"
Click here to read our second Interview in our new series with well-known Developer @m0rph3us1987.
dThe Power Supply (vol. I) Featuring a chat with developer deank (creator of multiMAN / webMAN & ...)
Click here to read the very first Interview in our new series with PSX-Place Developer @deank.
dIntroducing "The Power Supply": A new developer interview series
Click here to get an overview about this new Series and to find all previous Interviews.
Since @esc0rtd3w is also a long-time Community Member from this Forum here, he was so kind to allow you to ask some further questions as well. Just reply to this Thread here and he will answer them as good as he can. This is already a HUGE "Thank You" worth, don't you think? And of course, Thank You @esc0rtd3w again for the Interview and to come to know you better!
This is already a HUGE "Thank You" worth, don't you think? And of course, Thank You @esc0rtd3w again for the Interview and to come to know you better!
Last edited:
