Technological discussion on PS3 security and crack.*

Installing CFW without glitching the hardware?? Good Lord... things will get very ugly pretty soon.
Sony shouldve just silently fixed all holes with subsequent Firmwares. I know I would`ve upgraded to 3.21 by now if this was the case.
 
Yes, this will get ugly for sure. Units bricking and then Sony refusing to touch them, even if they're under warranty since he mentioned the possibility of using this with slims.

I wonder if people actually realize that manufacturers refuse to support units with CFW. It's no different than mod chips of yesteryear.
 
Okay, I think I am a bit of here, but did he not just re-install a "module" on the 3.21 fw?
I am not familiar with the PS3 filesystem, but that is what it sounded like to me when he wrote "just by restoring a custom generated PUP file".
 
No idea, but there may be issues if someone uses an outdated firmware to try to play a new game, or connect to a new PSN infrastructure.
 
Some new games won't even boot up without the latest firmware and they're on disc. I actually had to updated to 3.15 from 3.10 to play Tekken 6.

This will work fine until the next firmware update or if Sony figures out a way to lock out users with CFW out of PSN.
 
JPT said:
Okay, I think I am a bit of here, but did he not just re-install a "module" on the 3.21 fw?
I am not familiar with the PS3 filesystem, but that is what it sounded like to me when he wrote "just by restoring a custom generated PUP file".
Click to expand...
I have no clue what PUP means (Playstation Updater package?). I understood this as as installing a modified 3.21 FW, which is disastrous if this is possible without messing with the hardware. The SPU Isolation facility should prevent exactly this, having a trusted facility for the most important duties which remains intact even if the rest of the system is compromised.

Even if its "just" adding/changing some modules (which would be surely be bound to get complicated to ensure everything stays compatible).. its still horrible if patching in GameOs is that easy.
 
Last edited by a moderator:
He's shown before that he can change what is displayed on the screen in gameos. It's entirely possible he's just taking an old firmware and changing what version is being displayed.
Nite_Hawk
 
Nite_Hawk said:
He's shown before that he can change what is displayed on the screen in gameos. It's entirely possible he's just taking an old firmware and changing what version is being displayed.
Nite_Hawk
Click to expand...
Yeah, its possible hes just faking it, but I`m giving him the benefit of doubt.

Its one thing if he can break in via his OtherOS exploit, requiring opening the PS3 and glitching the hardware to gain access.
Its an entirely different thing if he found a hole in GameOS which doesnt require any hardware-"hacking" and works even on Slims.
 
Npl said:
Yeah, its possible hes just faking it, but I`m giving him the benefit of doubt.

Its one thing if he can break in via his OtherOS exploit, requiring opening the PS3 and glitching the hardware to gain access.
Its an entirely different thing if he found a hole in GameOS which doesnt require any hardware-"hacking" and works even on Slims.
Click to expand...

I came to think of one thing, if he actually hacked the firmware, ie. the real 3.21, then he must have done something very clever since that Firmware removed the Other OS function and he got it back. In my opinion there is 3 options:

1: He just changed the version number
2: Sony did not remove it completely, but let the function stay and only "disabled" it from the menu.
3: He actually created his own firmware that would boot the OtherOS
 
-tkf- said:
I came to think of one thing, if he actually hacked the firmware, ie. the real 3.21, then he must have done something very clever since that Firmware removed the Other OS function and he got it back. In my opinion there is 3 options:

1: He just changed the version number
2: Sony did not remove it completely, but let the function stay and only "disabled" it from the menu.
3: He actually created his own firmware that would boot the OtherOS
Click to expand...

Giving the guy the benefit of the doubt, I think we are talking about #2.
 
Npl said:
Yeah, its possible hes just faking it, but I`m giving him the benefit of doubt.

Its one thing if he can break in via his OtherOS exploit, requiring opening the PS3 and glitching the hardware to gain access.
Its an entirely different thing if he found a hole in GameOS which doesnt require any hardware-"hacking" and works even on Slims.
Click to expand...

Yeah, I'm going to reserve judgment until he releases his work. We'll see.

Nite_Hawk
 
Breaking down and extracting the PUP file, changing or replacing a signed module is basically Sony's worst nightmare and that's exactly what he's saying he's done here. My guess would be it's a straight component swap from one firmware to the next, but it still shouldn't be possible.
 
Maybe there's some kind of loophole which enables someone to mix and match signed modules? So he's basically taken a module from an older update and somehow injected it into the new update?

Regards,
SB
 
It the Sony engineers over-rely on the Cell security framework, they may get sloppy with their implementation (e.g., leave certain stuff unsigned). If the hackers have access to the hypervisor and GameOS code, then they can analyze the code for such weaknesses.
 
Silent_Buddha said:
Maybe there's some kind of loophole which enables someone to mix and match signed modules? So he's basically taken a module from an older update and somehow injected it into the new update?

Regards,
SB
Click to expand...

He said that he has read and write privileges everywhere. After the cell boots up, loads, decrypts the firmware, I would imagine his pulse is sent. Then he simply rewrites the memory location of where the firmware version string is?

I really wish someone who knows about this stuff could write up an article.
 
draconian said:
He said that he has read and write privileges everywhere. After the cell boots up, loads, decrypts the firmware, I would imagine his pulse is sent. Then he simply rewrites the memory location of where the firmware version string is?

I really wish someone who knows about this stuff could write up an article.
Click to expand...

I feel the same way, this is all over the place for me, if he can "patch" the firmware then how deep is he actually into the system. I would say neck deep, but then, if i understand it correct, it´s more of a OS running some basic stuff like Friend lists etc. The more complex stuff is programs that is started from the XMB, like gallery, Vidzone, Home etc...

But it does have access to the Account information, it includes a video player, music player and stuff like that. The important Protection in regards to games seems to be decoupled completely from the XMB, it essentially starts games that then has to run though the build in protection.

But maybe it opens up Region free Blu-Rays since the Blu-Ray player is a part of the firmware.

Maybe Eastman could really get what he wants here, access to features that he can´t live without and noway of playing pirate games :)
 
Maybe he'll fix what Sony broke over a year ago. The ability to play UK Blu Ray's that are encoded in 1080i 50.
 
You must log in or register to reply here.

Similar threads

C
FAO Linux users on PS3
Replies
12
Views
4K
patsu
P
H
Cell's Security Architecture: Ibm's Prize And Sony's Achilles Heel
2
Replies
28
Views
5K
SPM
S
U
  • Locked
IGN on 360 and PS3 versions of MLB2K7: "So much for spending $600 dollars".
Replies
13
Views
3K
techhead77
T
M
(Simple?) questions about Xbox 360 and PS3 bandwidths
Replies
8
Views
2K
marconelly!
M
T
  • Locked
Some developer comments on PS3/X360 (Edge Magazine)
7 8 9
Replies
162
Views
23K
MonkeyLicker
M
Back
Top