Success! Breakthrough with successful payload delivery, code execution and exploitation has happened. Both a Palm Pre and an N900 have been used, by completely separate developers, to "jailbreak" the Playstation 3.

Using a modified kernel driver, KaKaRoTo has been able to successfully emulate multiple USB devices to deliver his payload for the psgroove vulnerability, giving you the ability to run unsigned code and opens doors for developers, hackers and homebrew'ers. PSFreedom.

He has said source and all will be released shortly, but has provided the kernel driver, compiled against the stock OMAP1 kernel for the N900. It's literally plug and play.

Meanwhile, Hector Martin has been working with his OMAP3 beagleboard, and has received word from a fellow tester that he was able to tinker with gadget and sysfs enough on his Palm Pre, to deliver the code to a PS3 sporting 3.41 firmware.

I prefer the userspace approach, however once KaKaRoTo releases his source, I'll be compiling it for my kernel and giving it a shot!

Ain't this device just the best?

It’s been a while since the PS3 was hardware hacked, however it never came to the masses due to the hardware needed to glitch the bus and the level of complexity and pure luck of timing. Then came PSJailbreak – a closed release of a USB-based “modchip”. Sony  stuck their lawyers on them with an injunction attempt. Welp, somebody decided to sniff out the entire payload delivery from one of the units – and so PSGroove is born. A completely free and open source alternative. You’ll need some proper hardware to do it; an Atmel microcontroller is the recommended choice, but there’s nothing stopping you from using an OMAP beagleboard, or say – even your N900.

I got in touch Hector Martin, the supreme hardware hacker who busted open the Wii, and started digging into getting his PS3 delivery and payload package working on the N900. Unfortunately, with the way Nokia took HAL, BME and made dependant watchdogs – it’s extremely hard to get direct userland access to the hardware without some serious voodoo trickery.

After a few hours of futzing around and talking with him – I’m going to let him continue with his work code. I don’t have deep-dish hardware skills, and after attempting to negotiate and send USB descriptors – delivery fails on my (and the other tester’s) N900s; note the resets back to high-speed modes, which indicates HAL/BME not be giving up control of the hardware completely. BME is something I’ve grown to hate, a long with others who have been working on USB Host Mode for the N900.

There’s some work being done using USB Gadgets as a separate way of delivery, by Kakaroto – who has been working on the implementation since before PSGroove was released. This method is semi-specific to the N900 and may require an updated kernel and modules to achieve functionality. Either way, huge steps here.

With some very talented people at work here, I feel confident to say – that we can expect the ability to jailbreak the Playstation 3 using nothing but an N900 and widely available microUSB cable. Who else can say the same thing about their phone?

NeoPwn recently started sending out emails with instructions and links for downloading the current beta incarnation of their mobile pen-testing suite. After a little bit of a tussle with the Maemo comunity, everything seems to be back on track.

Included is a full chroot filesystem for writing to a 4GB microSD, updated kernel and kernel modules for nefarious network purposes (including live injection). You’ll get access to a plethora of tools, repository and source that compares to the full-blown BackTrack.

 

I’ll be posting up a quick overview with more included tools, the UI and confirming the stability of live injection – once I get it and shoehorn it onto my device. Which I’d like to have done before I visit Nokia World. So here’s to hoping.

If you can’t wait for that, head  over to the NeoPwn Store –  drop $40 and you should receive an email with more details.

While I did not get an official invite, through MaemoFanatics, Mobile Fanatics or this site  – I did manage to win myself a trip and ticket, accommodations paid, to Nokia World 2010…courtesy of the Ovi Blog contest of course.

I’ve docked my name down for the 1000 heads meetup. Which currently weighs in at over 50 bloggers strong. Micky (along with Dan, Michael and Richard) and the 1000heads crew have tackled the huge task of hosting a “meetup” (read: party) with some of the top-dog Nokia and mobile-tech bloggers on planet Earth. Check out the huge list of attendees.

Should get some live updates at Mobile Fanatics as well as Maemo Fanatics and quite possibly here. It’s going to be an extremely busy week, especially since I’ll be skipping out on 4 days of classes. I’ve got a good feeling of what is to be announced at Nokia World (and I’d love to be surprised) – but the most exciting part is the people I will meet and finally shake hands with.

I hope to get some time to hop from Nokia World to the Developer Summit to see what’s cracking there. Who knows.

I also should mention I’ve never been to England (although my mother was born there!) so this will be a real treat and a helluva good time since it falls the day after my birthday.

So away we go!

So I’ve begun trying out some of the optimizations I’ve been using on my Debian machines for the past 8 or 9 years, on my N900. While I would have loved to see 512MB or more, the size we have is very usable as is. So in order to help you maximize the performance of your N900 I’ve compiled a list of simple (and completely reversible) optimizations that I’ve been using for a while that are relatively safe, but I’m not responsible for anything malafashion that happens. I’m using the Community Power-Kernel by Tom Tanner that I discussed in my previous article. It’s patched to the hilt already, but the changes listed below are extremely noticeable.

Most tweaks consist of tuning caches controlled by the kernel VM and I’m using values that are optimized for perceived performance. What happens in the background, happens, but I want my UI to be as fluid and responsive as possible. No more screen tearing, no more jagged responses. So sit down, strap in and let’s give our penguins some wings…

 

 

echo 30 > /proc/sys/vm/swappiness - The N900 is notoriously slow when doing multiple disk reads or writes. So I lower the “desire” for it to swap out pages. Less paging means more data will be stuck in RAM, so adjust it accordingly if you find yourself running out of memory. I run a cronjob that drops buffer cache containing pagecache, dentries and inodes, to clear out unused dirty pages (sync; echo 3 > /proc/sys/vm/drop_caches).

echo 0 > /proc/sys/vm/page-cluster - When it does swap out, I don’t want it doing huge operations and temporarily freeze the UI due to slow IO bus coupled with the use of CFQ scheduler instead of NOOP.

echo 1 > /proc/sys/vm/laptop_mode - But I do want it to smartly schedule when it’s going to write, so I’m not trying to write to disk when my device is in sleep mode. This might also help with reducing sporadic writes and saving the flash module.

echo 1 > /proc/sys/vm/oom_kill_allocating_task – Instead of killing “lower” priority or idle processes, I’d prefer whichever application tripped an Out-Of-Memory error, to be killed. The tasks I have in background are there for a reason.

echo 0 > /proc/sys/vm/dirty_expire_centisecs – This tells the kernel how often to look for modified/dirty pages in RAM that needs to be written to disk.

echo 0 > /proc/sys/vm/dirty_writeback_centisecs – This tells the kernel how old modified/dirty pages need to be, before they can be considered for flushing.

echo 60 > /proc/sys/vm/dirty_background_ratio – This is the lowest (percent) amount of memory where a dirty page flush can stop.

echo 95 > /proc/sys/vm/dirty_ratio – This is the highest (percent) amount of memory that can be stored before a force flush happens.

echo 0 > /proc/sys/net/ipv4/tcp_timestamps – I disable timestamps so the processor has less data to deal with when traffic comes in. Packets can be resent if they’re OOB or clocked wrong.

echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save – I also disable saving threshold metrics. Just ‘cause I’m gangster like that.

 

So that’s a couple of relatively safe and stable steps you can take to significantly boost your N900 performance and response time. Feel free to call me a fool for some of the values I’m using. I’ll consider your argument.

The heavy-hitters in the Android community have been tuning their kernels for quite a while and giving users awesome experience with their full customized and pre-cooked ROMS. It’s about time we catch-up to their supremeness dontchathink?