PlayStation 3 Hack Released Online 164
itwbennett writes "On Friday, George Hotz, best known for cracking Apple's iPhone, said he had managed to hack the PlayStation 3 after five weeks of work with 'very simple hardware cleverly applied, and some not so simple software.' Days later, he has now released the exploit, saying in a blog post that he wanted to see what others could do with it. 'Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released,' he wrote. 'I have a life to get back to and can't keep working on this all day and night.'"
Reader MBCook points out an article written by Nate Lawson "explaining how the hack bypasses the hypervisor to gain unrestricted access to memory. It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry."
Re:Do I care? (Score:3, Informative)
Do you understand that the hack right now isn't very useful?
I have no doubt eventually keys will be extracted, and the thing will be hacked based on this hack here, but, until that happens, Sony's still winning.
Until you can get hypervisor access with out glitching the memory bus, or get homebrew working in the XMB, Sony still wins.
Summary of what I've seen so far (Score:5, Informative)
* This is based on a Linux kernel module, so NO SLIM already, okay?
* All it does is poke a hole in the hypervisor allowing memory access. This means it's not going to give you homebrew quite yet, but it's going to make it possible for people to start exploring and tinkering further.
* It requires hardware that generates a 40ns pulse on some point on some version of the board. Apparently it introduces a hardware glitch that allows the hole to be opened. And it doesn't persist after a reboot.
* The top level of security in the PS3 is in that one reserved SPU. Apparently it is given the root key during startup, holds all the other keys, and is responsible for decrypting and checking everything. But it's going to be very hard to get into.
* Now that it's possible to get into the hypervisor, people can start poking at that SPU. But Sony's security model was supposed to include the possibility of the hypervisor being compromised in just this way.
Nice step forward, but no full compromise (Score:5, Informative)
While indeed this opens the door for PS3 hacking, the PS3 has not yet been fully "hacked".
See http://streetskaterfu.blogspot.com/2010/01/ps3-is-hacked-urban-legend-continues.html [blogspot.com]
The security architecture of the PS3 is designed in a way to prevent hacks like this to fully compromise the system.
Another interesting read, by Kanna Shimizu, http://dslab.lzu.edu.cn:8080/members/zhangwei/doc/Cell_Broadband_Engine_processor_vault_security_architecture.pdf [lzu.edu.cn]
Re:This sounds just like the GBC ROM dump hack (Score:2, Informative)
Re:I care! (Score:4, Informative)
It doesn't support the mkv container, which it should, since it's now reconized by DivX (v7) and the PS3 is DivX certified.
http://www.divx.com/en/mkv [divx.com]
http://support.divx.com/faq/view/supportFAQen038/DivX%20on%20the%20Sony%20Playstation%203 [divx.com]
Until included natively, PS3MediaServer is the best solution - real time transcoding as the GP said.
Re:Do I care? (Score:2, Informative)
This exploit isn't going to get you keys. The keys are stored in an entirely different core with secure local storage. The word "hypervisor" is overhyped (pun intended); it isn't the primary target in order to own the system. That's why it was so easy to hack (this hack is fairly trivial). Geohot just did a knee-jerk trick and only later realized it wasn't nearly as useful as he imagined.
Re:What could this mean for Blue-Ray (Score:4, Informative)
I wonder what this means for Blue-Ray. It could be a major blow to Blue-Ray protection if this somehow allowed the interception of the encryption keys.
Umm... what rock have you been living under? Blu-Ray protection is an utter failure all on it's own. A hack PS3 isn't going to make a bit of difference to Blu-Ray protection; The BR encryption keys are already easily acquired.
Re:This guy is a hack, not a hacker. (Score:2, Informative)
The memory is by definition not secure (it's not encrypted nor signed). Therefore reading out all the memory isn't a hack, it's just a cute trick. Sure, the PS3 isn't designed to let you do that, but it's also designed such that doing it doesn't gain you much.
Re:Works on PS3 slim? (Score:3, Informative)
This is because of the restrictions applied. Without these restrictions the PS3 could be a very powerful Linux box with excellent home theatre possibilities.
Probably but the PS/3 "as is" provides pretty much exceptional home theatre possibilities out of the box. Including licensed codecs and BD support. Not sure I would use Linux on the PS/3 for that. I'd probably build a HTPC with XBMC which is quite impressive.
Re:What could this mean for Blue-Ray (Score:2, Informative)
> Blu-Ray has, to date, been sufficiently designed to prevent an open source player, right?
Not [doom9.org] really [makemkv.com].
Re:I care! (Score:1, Informative)
No, the new certification is known as DivX Plus HD. PlayStation 3 doesn't support that. DivX Plus HD and DivX certifications are two different things.
Re:Do I care? (Score:3, Informative)
You cannot get the root key. It's in hardware, it's used by hardware, software can't see it or touch it. Besides that, SPE code is encrypted, which means the hypervisor is never going to see the code. Sure, the hypervisor can talk to the isolated SPE, and if you found a hole in the SPE code you could exploit it and do fun stuff, but without access to the SPE binary finding and crafting and exploit is going to be nigh impossible.
Re:This guy is a hack, not a hacker. (Score:3, Informative)
Hah, thanks for the heads up! Googled him, and there's some brilliant entertainment there :D
Quote - a random comment from him:
Comment by HighGuy ....hahaha fuck well ya anyways I will let ya in on this much cod 4 ufo .......fuck lots of code ....and I hate reading ..........not saying how I get console or nuthin.g but I do crash my ps3 and hard lol so far it seems to boot my code and still leaves me in the ps3 iitself (xml) but the game ps its not cod4 crashes and drops me into my shell ......I got basic basic damb basic commands aka dir and that's about it ......im thinking of poring dos into this next but thers the issue I've bricked my outher ps3 and my wife wants to kill me..and I don't wana brick my 60 so I lost the best working copy need to go back and rewright what I lost and ya so stay high but I have had luck ps no game name is the same and some details may be alterd for the sake of us hackers
2009-10-16 15:27:27
hey guys a update it seems console is visibule but I don't know the ps3 core commands or adresses
Either a very good troll (judging by the other comments), or he's a poser :)
More entertainment at http://www.ps3-hacks.com/2009/10/15/homebrewed-ps3-system-file-editor-v0-80-released/ [ps3-hacks.com]
Re:Works on PS3 slim? (Score:3, Informative)
Pointless?
A PS3 with a Linux install on it adds even more functionality to the thing. GameOS's Netfront is sucky, but under Linux you've got Firefox and Opera. GameOS can't view and print PDF's but you can under Linux. You've got all the usual 'nix tools and whatnot, LaTeX, vim, gcc, nethack. One of the first things I did when I got my PS3 was download YDL and install it.
Though I freely admit I had Linux on my PS2 as well.