Technological discussion on PS3 security and crack.*

eastmen said:
some are reporting that this happens before syscon kicks in. If true then sony can't do anything to it.
Click to expand...

What you are saying is that Sony can´t update the boot-part of the PS3 firmware. I find that highly unlikely. That would be a monumentally stupid design.

If I was Sony I would not hurry to get a fix out for this problem. I would carefully design a patch with a time delay so that first everyone would think that the new firmware was compatible with the Jailbreak. But at a certain date or after a fixed number of days after the firmware installation the patched firmware would detect the installed mod software, disable it and fix the boot software to disable boot from the modded USB-stick.
 
obonicus said:
No one said Sony would report actual users. If Sony has the ability to ban consoles from PSN, they'll do that, and they'll probably be checking and voiding warranties for people who have this installed. What they will do, though, is go after suppliers because they're easier targets. They'll push for the courts to place a ban on the sales of these devices and push it all into the black market. People will still sell them, but they'll do their best to make it a real trade-off. And meanwhile, at some point this won't work on new consoles anymore. And this is independent of whether Sony can block this for existing consoles.
Click to expand...
Maybe then, after the new firmware, they will stop taking other more restrictive measures.

I am wondering if this method will give access to smart hackers, like the guy who was "almost there" months ago, to some piece of key information allowing a whole new set of privileges.

If so not even the Goddess of Fate could stroll along and help Sony in a lost battle.
 
DieH@rd said:
There is a lot of PS3 in the market already. Ppl just need to stop updating their console, and consoles with preloaded safe FW will come in a few months.
Click to expand...

What will happen when the new games (which are the most selling ones) require a higher firmware? The pirates can stop the update from being applied, but they can't make the game run, so what good is your PS3 if it can't play the new games that are coming out? The existing library has sold most of its lifetime sales that it's going to sell anyway, and they're getting cheap to buy as well. You also need to go online to register your trophies, which won't work with the modded console anyway.

You can bet GT5 and LBP2 won't work on these consoles. All this is going to prevent is a few people from buying older games.
 
Crossbar said:
What you are saying is that Sony can´t update the boot-part of the PS3 firmware. I find that highly unlikely. That would be a monumentally stupid design.

If I was Sony I would not hurry to get a fix out for this problem. I would carefully design a patch with a time delay so that first everyone would think that the new firmware was compatible with the Jailbreak. But at a certain date or after a fixed number of days after the firmware installation the patched firmware would detect the installed mod software, disable it and fix the boot software to disable boot from the modded USB-stick.
Click to expand...

Or even sneakier... Do what you propose from inside a game that the pirate thought would work just fine with the mod... No new firmware needed as all the detection and timing code can be hidden inside game.
 
obonicus said:
No one said Sony would report actual users. If Sony has the ability to ban consoles from PSN, they'll do that, and they'll probably be checking and voiding warranties for people who have this installed.
Click to expand...
That might be illegal. It's my business what I plug into my PS3's USB port. However, it may also be that where bricking someone's PS3 is illegal, for them to complain they'd have to admit to owning the USB hub with it copyright-theft code, and as we all know, the punishments for copying DVDs are 1000x worse than those for embezzlement and mugging, it being second only to murder in terms of a crime against humanity...

Crossbar said:
What you are saying is that Sony can´t update the boot-part of the PS3 firmware. I find that highly unlikely. That would be a monumentally stupid design.
Click to expand...
It'll be the BIOS. One would hope the BIOS is flashable, but in a closed-box situation that might not be the case as there'd be no need to change it.

corduroygt said:
What will happen when the new games (which are the most selling ones) require a higher firmware?
Click to expand...
Is the hack code patchable to different firmwares? The boot code's being executed before the firmware, in this case changing PS3 to debug unit. Could be they can patch in an old firmware, even easier on the Slims as that resides on HDD, and could be redirected to a file on the USB flash, allowing you to update your PS3 but boot back to an older firmware when wanted.
 
Shifty Geezer said:
Is the hack code patchable to different firmwares? The boot code's being executed before the firmware, in this case changing PS3 to debug unit. Could be they can patch in an old firmware, even easier on the Slims as that resides on HDD, and could be redirected to a file on the USB flash, allowing you to update your PS3 but boot back to an older firmware when wanted.
Click to expand...

My understanding is that the USB doesn't actually contain any kind of firmware, and all the retail PS3 firmware has built in flags that will make it run in debug mode. It's just booting the PS3 firmware with different boot options than the standard, which undoubtedly requires a challenge response, which they've been able to clone.

Easy way to fix it is to take away the "running unsigned code" option in debug mode of the next firmware. The USB sticks will still work, but they'll be useless without having the option to run unsigned code. The only people who need to run unsigned code should be developers, not service centers, and the devs can get devkit units to do this.
 
Shifty Geezer said:
That might be illegal. It's my business what I plug into my PS3's USB port. However, it may also be that where bricking someone's PS3 is illegal, for them to complain they'd have to admit to owning the USB hub with it copyright-theft code, and as we all know, the punishments for copying DVDs are 1000x worse than those for embezzlement and mugging, it being second only to murder in terms of a crime against humanity...
Click to expand...

I think bricking a console is different from banning it from Sony's online service, which is something Microsoft does on a regular basis modded XBoxes and Live.

It'll be the BIOS. One would hope the BIOS is flashable, but in a closed-box situation that might not be the case as there'd be no need to change it.
Click to expand...
The boot sequence for the PS3 has been modified via firmware before. Network boot was added with remote play, typically a BIOS-level feature.

Is the hack code patchable to different firmwares? The boot code's being executed before the firmware, in this case changing PS3 to debug unit. Could be they can patch in an old firmware, even easier on the Slims as that resides on HDD, and could be redirected to a file on the USB flash, allowing you to update your PS3 but boot back to an older firmware when wanted.
Click to expand...

The boot code is most likely the same thing as the firmware. From what I can tell (and what I've heard) is that everything's flashable on the PS3. That includes parts like the blu-ray drive and even a secondary embedded CPU that handles the system clock and front panel (remember the clock bug? That's fixed now). Besides, even on the Slims I'm pretty sure there's still a small part of the firmware that resides in flash on the motherboard; it's just not the entire firmware like in launch units.

I'd expect that you'd be able to downgrade from 3.41 to whatever with this, but I doubt it'll be able to downgrade (or operate at all) past 3.41. And oddly enough, one site's reported that it doesn't work with firmware 2.85.


I'm still amazed that Sony apparently didn't learn anything from the Pandora mess with the PSP. I wouldn't be surprised if there's a limit to how many times a system can be booted into debug mode with the same key though...

edit:
Easy way to fix it is to take away the "running unsigned code" option in debug mode of the next firmware. The USB sticks will still work, but they'll be useless without having the option to run unsigned code. The only people who need to run unsigned code should be developers, not service centers, and the devs can get devkit units to do this.
Click to expand...
Real devkits are rare; a lot of people need to have debug units, from reviewers to QA staff. If it's possible to differentiate "real" debug units and retail units in debug mode, then I agree. But in that case, why do retail units have the capability of turning into debug mode so easily?
 
Originally Posted by corduroygt
What will happen when the new games (which are the most selling ones) require a higher firmware?
Click to expand...
sony sometime reducing the memory reserved for PS3 OS with fw updates. if new game use this new "free" memory. Then even if the game can be fooled to run, isn't that will bring glitch/crash/out-of-ram error ?
 
corduroygt said:
My understanding is that the USB doesn't actually contain any kind of firmware, and all the retail PS3 firmware has built in flags that will make it run in debug mode. It's just booting the PS3 firmware with different boot options than the standard, which undoubtedly requires a challenge response, which they've been able to clone
Click to expand...

Retail and debug firmwares are mutually exclusive and have different features - you cannot install one on another. I find it extremely hard to believe that Sony would leave any kind of ability to run unsigned code on a system where there is absolutely no need for it do so. It's just asking for trouble.

It makes much more sense that the chip is patching modules with the debug equivalents.
 
grandmaster said:
Retail and debug firmwares are mutually exclusive and have different features - you cannot install one on another. I find it extremely hard to believe that Sony would leave any kind of ability to run unsigned code on a system where there is absolutely no need for it do so. It's just asking for trouble.

It makes much more sense that the chip is patching modules with the debug equivalents.
Click to expand...

The technical details might be just like you said, but the existence of the usb jigkick suggests that there was some sort of need to run unsigned code on a retail ps3, otherwise they wouldn't have made it in the first place. I'm saying just like on-disc DLC, it might have already been in the encrypted firmware but disabled unless you enable it as a boot option. Think of windows 64-bit and the option to press F8 at boot and disable driver signature checking option...
 
No, the "jig" doesn't have any high level functions like booting unsigned code as it doesn't do anything in GameOS - as far as I know. It's a BIOS-level tool designed to boot from an external device, and flash a base-level firmware in the event of a corrupt NAND due to a bad system update or similar.
 
grandmaster said:
No, the "jig" doesn't have any high level functions like booting unsigned code as it doesn't do anything in GameOS - as far as I know. It's a BIOS-level tool designed to boot from an external device, and flash a base-level firmware in the event of a corrupt NAND due to a bad system update or similar.
Click to expand...

I never said it has any high level functions, but the firmware it boots still seems to be the same one installed on the PS3 with extra options, not a custom one that has nothing to do with it. However, it only working with 3.41 gives more credilibility to your suggestion that it patches certain modules,,,
 
grandmaster said:
No, the "jig" doesn't have any high level functions like booting unsigned code as it doesn't do anything in GameOS - as far as I know. It's a BIOS-level tool designed to boot from an external device, and flash a base-level firmware in the event of a corrupt NAND due to a bad system update or similar.
Click to expand...

That actually makes some sense, and it ties in with some of what geohot and the others were working on towards the end of that whole mess. But iirc, one of the things they uncovered while looking for a way to make a custom firmware was a debug mode boot flag. Enabling that flag on the flash apparently didn't do anything, but that might be because it was missing a special USB key to authorize debug mode...

However, if it's patching modules, why do the changes not persist after the key is removed? If it's doing the module replacement on the fly, that seems a little too sophisticated for a first-effort hack; especially one that relies on an old leaked SDK. Hardly anything is known about how GameOS works publicly, except that it's apparently vaguely BSD based. I just don't see how they'd be able to make the USB key look like the system drive to the OS knowing so little.

Unfortunately, I think it's more likely Sony made another Pandora-style screwup that this exploits. I guess it's better this time since they didn't ship the key with every system...
 
Shifty Geezer said:
That might be illegal. It's my business what I plug into my PS3's USB port. However, it may also be that where bricking someone's PS3 is illegal, for them to complain they'd have to admit to owning the USB hub with it copyright-theft code, and as we all know, the punishments for copying DVDs are 1000x worse than those for embezzlement and mugging, it being second only to murder in terms of a crime against humanity...
Click to expand...

I'm not saying Sony should brick people's PS3s, as that probably is illegal. What I'm saying is that broken PS3s that come in with the software installed will probably have their warranty voided. Nintendo does this already, I believe, with the homebrew channel -- either that or they add some punitive charges when they find that stuff on the Wii, but the end result is very similar.
 
Okay, but this hack doesn't change the content of your PS3 AFAIK, and removing the dongle leaves it clean. You need both the dongle and a BRD game to be able to run a game from HDD.

Oh, hang on...it creates the backup games folder. If deleting all the games doesn't remove that, it's a giveaway! Then yeah, they could void warranty for those who've used the hack, but then again the savings on games will still make it more economical to buy a new PS3 rather than seek a repair and buy gamea legit, so this action wouldn't materially affect the pirates.
 
From what I gather it installs a program that is non-removable unless early reports are completely wrong. That would be a dead giveaway.
 
obonicus said:
From something Commenter I think posted earlier, the application it installs do your PS3 can't be deleted.
Click to expand...
Is it ? The guy in video did mention that its clean once you remove the usb stick, whether or not the backup folder storing games can be deleted is yet to be known.
 
Does this dongle block firmware check? If it doesn't then there's no way to play games without installing inevitable pre-GT5 firmware, right?
 
Last edited by a moderator:
You must log in or register to reply here.

Similar threads

C
FAO Linux users on PS3
Replies
12
Views
3K
patsu
P
H
Cell's Security Architecture: Ibm's Prize And Sony's Achilles Heel
2
Replies
28
Views
5K
SPM
S
U
  • Locked
IGN on 360 and PS3 versions of MLB2K7: "So much for spending $600 dollars".
Replies
13
Views
2K
techhead77
T
M
(Simple?) questions about Xbox 360 and PS3 bandwidths
Replies
8
Views
2K
marconelly!
M
T
  • Locked
Some developer comments on PS3/X360 (Edge Magazine)
7 8 9
Replies
162
Views
22K
MonkeyLicker
M
Back
Top