Alright, I get the point.
OtherOS is not coming back. Ever. T_T
I went back to look at mmendez' post:
What is the so-called "Cell security wall" ?
Technological discussion on PS3 security and crack.*
- Thread starter senas8
- Start date
Alright, I get the point.
OtherOS is not coming back. Ever. T_T
I went back to look at mmendez' post:
What is the so-called "Cell security wall" ?
It's this http://streetskaterfu.blogspot.com/2010/01/ps3-is-hacked-urban-legend-continues.html
Better read it as whole as the security is multilayered and not explainable in single quote without pasting all the stuff from that link.
Never say never. After all it's just a matter of investing resources to implement drivers. Perhaps there is use case in some future time that causes sony to invest again to linux support. Or better yet, perhaps the application sdk would circumvent any need for linux... Yeah I know, one can always dream about it
This is probably the part that got geohot:
... and how could you miss out the most important tidbit:
This Shimizu ?
http://www.linkedin.com/in/kannashimizu
Sorry... you're not authorized to look at her resume. ^_^
There is a postage-stamp sized photo of her on the page.
At least I know one of the reasons the Air Force and Army like to muck around with Cell.
EDIT: Went back and read the last few pages. Someone else has already highlighted Kanna Shimuzu's profile here: http://forum.beyond3d.com/showpost.php?p=1386316&postcount=149
This incident/solution may have some implications on PS4 architecture, and may be future media player devices.
... and how could you miss out the most important tidbit:
This Shimizu ?
http://www.linkedin.com/in/kannashimizu
Sorry... you're not authorized to look at her resume. ^_^
There is a postage-stamp sized photo of her on the page.
At least I know one of the reasons the Air Force and Army like to muck around with Cell.
EDIT: Went back and read the last few pages. Someone else has already highlighted Kanna Shimuzu's profile here: http://forum.beyond3d.com/showpost.php?p=1386316&postcount=149
This incident/solution may have some implications on PS4 architecture, and may be future media player devices.
from gaf, her face book page is kanna.shimizu . And apparently, she likes dancing.
I think the one that claimed to have the key was someone pretending to be George Hotz.
Anybody care to explain this whole "PS3 hacked" story less technical? He hacked the HV and had full control over it? If so, that means nothing according to Shimizu & IBM docs , if I'm not mistaken ;
[ The Cell Broadband Engine processor security architecture ].
[ http://crypto.stanford.edu/seclab/sem-05-06/shimizu.html ],
[ The Cell Broadband Engine processor security architecture ].
The none technical version would be that he can do whatever he wants to do with the machine inluding accessing RSX. But due to the additional layers of security running backups/third party stuff on gameos is not at the moment possible(and might never be due to the security implementation being robust and anticipating the breach of this first level).
So he can access all parts of hardware, but can't actually do anything with it. No game pirating or reverse engineering of GameOS. Round one (or whatever round we're on), Cell BBE!
Last edited by a moderator:
Prophecy2k
Veteran
So in short Geohotz was premature and got own'd by CELL BE?
grandmaster
Veteran
I don't think so. I think he mis-read the reaction his hack would have. He wanted a technical blog, but instead got no technical feedback whatsoever. By dialling back the updates, the story will die out and he can continue at his own pace.
In the meanwhile, you can bet that the reverse-engineers out there (including Datel - who, let's not forget, can sign their own PSP executables) will be all over this exploit. You can also bet that those with access to devkits will be seeing what else the exploit brings to the table in terms of that hardware.
History is packed full of so-called impenetrable security schemes that have been overcome by hackers and it seems to me that people are reading these IBM docs and concluding that the hackers' cause is entirely hopeless... as if the docs will document any weaknesses in the system!
I really wouldn't be surprised to see a Datel Action Replay product by the end of the year at the very least.
In the meanwhile, you can bet that the reverse-engineers out there (including Datel - who, let's not forget, can sign their own PSP executables) will be all over this exploit. You can also bet that those with access to devkits will be seeing what else the exploit brings to the table in terms of that hardware.
History is packed full of so-called impenetrable security schemes that have been overcome by hackers and it seems to me that people are reading these IBM docs and concluding that the hackers' cause is entirely hopeless... as if the docs will document any weaknesses in the system!
I really wouldn't be surprised to see a Datel Action Replay product by the end of the year at the very least.
Also, irc private pm's. Math is the OP in there. Dev's are talking to one another. There seems to be a way to glitch the bus without hardware, thru linux. Although this method has not been released public yet. Geo is also in the room silent, but work is being done. And it will take time. LOL @ wheres the hello world. Small steps .. small steps.
Here is another way of looking at what's been done: Good article.
http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/
It's just that read/write access to memory doesn't do anything that would give one access inside the isolate spu/master key. It's not as easy as on some other systems where you can extract encryption keys from ram or some bus.
Definately it might be possible to hack the isolated spu and gain access to encryption keys, run backups, whatnot, but it's not going to be trivially easy which was implied on geohotz blog who said something along the lines "it's just some software now, I did the hard part".
You insist on this story, but it's not true. Read his updates, read the frequency of them, his comments. He didn't tweet 'I've found an exploit in the PS3, come to my blog to get tech info'. He tweeted 'fine, one tweet... i just hacked the PS3...'. And then talked about controlling the hypervisor completely. He may get somewhere still, but he's not very far.
Signing PSP executables, if you mean the mini route to PS3 is a dead-end, last I heard. I don't think this exploit is, necessarily, but when it comes to GameOS it seems that this exploit and 2 dollars gets you a cup of coffee.
And the internet is just as full of people who ignore all technical evidence and think that sheer pluck and man's dogged persistence will get them anywhere they want.
The end of 2010? I would. Especially if Datel is apparently depending on unpaid researchers.
Overly optimistic view of the situation... The bottomline is after getting the hack injected into gameos is that if the isolated SPU notices system is breached(potentially any os call can check for this) the system can be run down. And if he kicks out the isolated SPU as he was saying then again no functionality using that spu works(try bringing up xmb while gaming or whatnot). It's not as easy as he makes it sound... If he goes and changes the binaries in memory it most likely becomes detectable to the SPU responsible of drm/security/loading binaries/whatnot. (all this assuming you would do dumps of games, patch binaries/memory and try to run them).
Ideally the pirates would want to gain access to the encryption keys so they could just sign their own binaries and the gameos/spu would happily run "cracked games". But for now the encryption keys seem to be safe inside hw and not accessible to any sw.
edit. So at least I'm guessing that if you run a game X and inject ISO loader or whatnot via buffer overflow and start to load a new game the isolated SPU would figure out that now we are in a state we should not be and would reboot the device or something like that. If you kick out the isolated SPU you cannot execute any binaries from your ISO image as they are encrypted.
Last edited by a moderator:
grandmaster
Veteran
Little point arguing any more about the rest of your post since we're just going around in circles. However, on the points above, I'm not referring to PSP as a way into PS3. I'm referring to Datel signing their own executables to run on unmodified hardware. In short, they have replicated Sony's private key for creating encrypted software. Nobody else has done that, certainly not unpaid researchers. It won't help on PS3, but puts their operation on a different plane to the homebrew hackers. While Datel may well be considered to have leeched a lot of work from them, I've seen their factories and labs, spoken with "Mr Datel" (one of the richest men in the UK btw) and his engineers and they are a formidable operation.
Let's wait for the done deal, then.
Similar threads
- Locked