Forgot your password?
typodupeerror
PlayStation (Games) Games

PlayStation 3 Hack Released Online 164

Posted by Soulskill
from the let-the-games-begin dept.
itwbennett writes "On Friday, George Hotz, best known for cracking Apple's iPhone, said he had managed to hack the PlayStation 3 after five weeks of work with 'very simple hardware cleverly applied, and some not so simple software.' Days later, he has now released the exploit, saying in a blog post that he wanted to see what others could do with it. 'Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released,' he wrote. 'I have a life to get back to and can't keep working on this all day and night.'" Reader MBCook points out an article written by Nate Lawson "explaining how the hack bypasses the hypervisor to gain unrestricted access to memory. It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry."
This discussion has been archived. No new comments can be posted.

PlayStation 3 Hack Released Online

Comments Filter:
  • Even if your software security is perfect, if your hardware cuts corners then all it takes is 100mW in the wrong place at the wrong time...

    • Someone here needs to try it and report back... :)

      • Re: (Score:2, Informative)

        by noidentity (188756)
        Yeah, his rough description sounds similar. In this case, he's causing the hypervisor to constantly update the MMU page tables, then glitching the system during that, which gives him access to memory that the hypervisor thought it had protected.
    • If you have physical access to the circuit board then frankly short of encrypting every single data and address line theres not much any company can do to prevent hack attempts.

      • by Khyber (864651)

        No cut corners that you can see?

        Hahaha. Let's see. We've got at least 5 different PS3 models, with varying hardware capabilities. Somewhere, in the name of making money, they most certainly did cut corners.

        Now the question is - which model was hacked? I can almost guarantee the new Slim wasn't used, so which fat model? With or without PS2 BC? Full hardware PS2 or hardware/software?

        We already knew we could glitch the memory bus with properly applied current to get some signals past the hypervisor, it was rea

  • by Anonymous Coward

    How dramatic

  • by ACK!! (10229) on Wednesday January 27, 2010 @12:02PM (#30918360) Journal
    If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.
    • by decipher_saint (72686) on Wednesday January 27, 2010 @12:12PM (#30918544) Homepage

      I often wonder if part of the success of the original XBox was it's "hackability".

      Anyone care to weigh in?

      • Re: (Score:3, Interesting)

        by Sir_Lewk (967686)

        If by "hackability", you mean Halo...

        I think the GP isn't suggesting that this will make the PS3 fair better to any significant degree in the market at large, but rather make it more popular with nerd types you might find on places like slashdot.

        Who knows though, it probably wouldn't be too out of line to claim that iphone unlocking made those more desirable, plenty of my non-nerd friends have unlocked iphones.

      • Re: (Score:2, Insightful)

        by flabordec (984984)

        At least in some places that was the case. People in less developed countries do not have as much money to spend on videogames, some of my friends in Mexico pay about $50 monthly rent, so paying more for a single game than for a whole month of housing does not make much sense. Paying $5 for essentially the same thing, on the other hand, is much more manageable.

        • ofc people who "pirate" all thier games aren't making MS any money so whether you can call being popular among "pirates" a success is open to interpretation (working on the assumption that console manufacturers either make a loss or a very small profit on the consoles and make up for it on the games)

          • by Bert64 (520050)

            Being popular among pirates diminishes the mindshare of your competitors if nothing else...
            Games consoles are often owned by kids who don't have a lot of money to spend on games, but plenty of time to spend playing them.

      • by Hatta (162192)

        The original Xbox was a success? The Xbox sold about as much as the Gamecube, and about as fifth as many as the PS2. The gamecube made Nintendo a few hundred million dollars, while the Xbox lost microsoft a few billion dollars. The only success there is that it made Microsoft a legitimate name in console gaming, providing footing for the Xbox 360.

        • by Again (1351325)

          The original Xbox was a success? The Xbox sold about as much as the Gamecube, and about as fifth as many as the PS2. The gamecube made Nintendo a few hundred million dollars, while the Xbox lost microsoft a few billion dollars. The only success there is that it made Microsoft a legitimate name in console gaming, providing footing for the Xbox 360.

          And Microsoft has only lost 1 billion dollars on that so far.

          • Microsoft has the resources to keep trying until they get it right. If it takes two more generations of Xbox until it's profitable, so what? They aren't likely to implode any time soon.
      • Success? The Xbox cost MS millions, and from what I can tell they are still trying to pay it back with the 360 which just recently *may* have turned a profit. The reason I say may is because of the way MS has it's divisions organize group Mac software (highly profitable) with Xbox HW.
      • I often wonder if part of the success of the original XBox was it's "hackability".

        I know that I wouldn't have bought the 2 Xbox's that I did if it weren't for the fact that I could hack them and put XBMC on them.

      • by XSforMe (446716)

        I recognize my case might be fairly unique, but I was looking for an affordable DVP for my living room, and XBMC filled in the description nicely. The second day after I got my XBox I chipped it and loaded XBMC into it. Ironically enough, out of the 30 games I ended up buying for the XBox only two were pirates (and one of them sucked, so I basically threw it to the garbage can three days after I got it).

        Had it not been for the XBox hackability and the development of XBMC, I would have never bought the box (

    • by Kagato (116051)

      Well, older machines you could run linux with out much hassle. But locking out the Hypervisor meant that Linux based software was locked out of the accelerated graphics. Which is why the common uses for the PS3 on linux has been more for computational activities. In theory this makes it possible to make home brew games and DVRs, etc.

      I don't know if this has any effect on things like copy protection.

    • by NitroWolf (72977)

      If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

      It would definitely be a bad thing for the PS3, just like it was for the original XBox. If people start buying the consoles, but NOT buying any games or content (since they'd be using the PS3 for something else) - then the PS3 becomes a major loss and drain on company profits. It's the razor and the content is the blades - sell the razor for cheap and rape them on the blades. If there are no blades being purchased then selling the razor is pointless.

    • by nmb3000 (741169)

      If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

      The problem with this is that Sony doesn't want you to buy a PS3 just so they can sell you the hardware. Sony wants you to buy a PS3 so they can sell you games, movies, downloadable content, accessories such as remotes and controllers, and other stuff like that.

    • I know that many PS3 owners use it mostly as a Blu Ray owner but as a gamer, I'm concerned about opening up console platforms. Online PC gaming has been ruined by aimbot, wallhacks, and other cheats. Console gaming so far has been less prone to these hacks because the systems are closed. Whenever a console is hacked, there is a risk that online gaming will suffer from cheaters that make the game unplayable. The Xbox 360 was eventually hacked, but this required a hard hack that allowed these systems to be ke

  • Takedown notice in 3, 2, 1...

    pastie.org: registered in KY, USA

    blogspot.com registered in CA, USA

    • by fandingo (1541045)

      Sorry to reply to my own post...

      geohot.com (where the exploit is actually hosted) registered to godaddy.com --> USA

    • too late.

      This has been online for what, 12 hours? It was posted on /.. Good luck in getting all copies back.

  • by b1t r0t (216468) on Wednesday January 27, 2010 @12:12PM (#30918536)

    * This is based on a Linux kernel module, so NO SLIM already, okay?
    * All it does is poke a hole in the hypervisor allowing memory access. This means it's not going to give you homebrew quite yet, but it's going to make it possible for people to start exploring and tinkering further.
    * It requires hardware that generates a 40ns pulse on some point on some version of the board. Apparently it introduces a hardware glitch that allows the hole to be opened. And it doesn't persist after a reboot.
    * The top level of security in the PS3 is in that one reserved SPU. Apparently it is given the root key during startup, holds all the other keys, and is responsible for decrypting and checking everything. But it's going to be very hard to get into.
    * Now that it's possible to get into the hypervisor, people can start poking at that SPU. But Sony's security model was supposed to include the possibility of the hypervisor being compromised in just this way.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Indeed, the 7th SPU is in isolated mode at this point, and cannot be accessed even by the hypervisor. But it may be possible to reflash the system and take over the isolated setup code.

    • by MBCook (132727)

      The important thing about this hack is that they can dump the hypervisor (which has now been done). Obviously this would be a pain to use to load homebrew.

      But with the hypervisor code, they can disassemble it and try to find bugs. If they find one, then they can exploit that. That method may make it possible to find a way to root any console, including the slim.

      This is certainly interesting, but it's not at the "download this and you have root" stage.

    • I swear your bullet points sound like the plot to Tron.

      "Tron: My User has information that could... that could make this a free system again! No, really! You'd have programs lined up just to use this place, and no SPU looking over your shoulder. "

      ... Bring in the logic probe!
  • The only reason for that I like this is if they can get a different way to play media files such as XMBC to work so I can play MKV files without conversion on my PS3. Also I didn't download these MKV files I have the disks, but this will prevent my son from ruining them and also allow me to change shows faster when one is done.
  • by Superken7 (893292) on Wednesday January 27, 2010 @12:15PM (#30918582) Journal

    While indeed this opens the door for PS3 hacking, the PS3 has not yet been fully "hacked".
    See http://streetskaterfu.blogspot.com/2010/01/ps3-is-hacked-urban-legend-continues.html [blogspot.com]

    The security architecture of the PS3 is designed in a way to prevent hacks like this to fully compromise the system.

    Another interesting read, by Kanna Shimizu, http://dslab.lzu.edu.cn:8080/members/zhangwei/doc/Cell_Broadband_Engine_processor_vault_security_architecture.pdf [lzu.edu.cn]

    • Re: (Score:2, Insightful)

      by rob13572468 (788682)
      The glitch attack is a pretty powerful attack in that the proof-of-concept he worked out is most of what is needed for a mod chip. Now all that is needed is to find the least expensive microcontroller to deliver the glitch pulse. He uses 40 nS but it may well turn out that even a larger (wider) pulse works which then means a standard 3 dollar 10 Mhz microcontroller can be used to control the glitch. connect the glitch modchip to any line that is controllable under the hypervisor and you have the ability to
    • I mean, he needs to block the HV correcting the tables, and presses a button to do that. But... that requires serious timing, as the call is made and directly after that he has to block the memory access with the pulse. To me this seems impossible to do, or he can start jamming the signal BEFORE the call is made, but that would potentially ruin the call in the first place.

  • by Broken Bottle (84695) on Wednesday January 27, 2010 @12:29PM (#30918806)
    "It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry" Well shit, when you put it like that it's a wonder this thing wasn't cracked by a kindergartner two and a half years ago. :)
    • by Joucifer (1718678)
      "It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry" I consider myself somewhat a nerd (hence being here on /.), but I had to google 2/3 of that statement.
    • by nutshell42 (557890) on Wednesday January 27, 2010 @04:52PM (#30924290) Journal

      "Mr La Forge, how did you manage to disable the Borg Cube?"
      "Sir, it seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry."

      Honestly, if Star Trek had fed me that as techno babble I would've called bullshit. I'm deeply impressed that it actually means something and works.

  • Oh, shit, I hope Sony has heard about this!

The Universe is populated by stable things. -- Richard Dawkins

Working...