Technological discussion on PS3 security and crack.*

How come he isn´t sued to hell and back?, shouldn't Sony be able to dig whatever they want out of the closet and just clear him of money on lawyer fees?

I mean, copy 10 MP3 files and you got hell to pay, break a protection by reverse engineering and tampering with hardware in order to enable illegal use of a console and you are ok?
 
He says he's got the root key. If true, surely it's basically game over?

http://news.bbc.co.uk/2/hi/technology/8478764.stm

The only mention of root key:
Mr Hotz said that he was continuing to work on the hack and, once finished, would publish details online in a similar way to his previous iPhone exploits.

In particular, he said, he would publish details of the console's "root key", a master code that once known would make it easier for others to decipher and hack other security features on the console.
Doesn't sound like he has it yet, but rather that he'd post the key, as was done with HD-DVD.

His blog doesn't mention that he's gotten the key, and he's stopped tweeting. The last things he's replied to are essentially backbiting between him and the ps3news community (if we filter out all the sycophantic 'wooo, h4ckz! stfu haters' comments).

Fake edit: I say we start a rumor that Sony's paid him off, that's why he's kept quiet.
 
The guy might be a hacker genius, but the guy lacks common sense. He has pretty much admitted to breaking copyright laws by downloading miley cyrus mp3 and Lost episodes. He has pretty much opened himself up to lawsuits by Disney and ABC.

more quotes from him
the stupid hypervisor is PPC and C++
if it were C and ARM, maybe i'd have a public sw exploit already.
January 25, 2010 11:47 AM

ps3news, are you serious???

Are you really that jealous? Or do you work for Sony?

People have been hacking video game systems for a long time, back to Bunnie and the Xbox. If I am hit with a lawsuit, I will fight it. I have not, nor do I plan to, circumvent any DRM, which is what the DMCA targets. Get your facts straight. A kid running around posting on a blog that he hacked the PS3 is nothing warranting a lawsuit.
January 25, 2010 1:34 PM
 
Last edited by a moderator:
To be fair, there's the "filter" of the BBC reporter you need to factor in...

The PS2 compatibility question appears a few times on his blog, with people talking about "PS2 emulator". If he's not familiar with PS3 gaming, it's not unreasonable to say: Sure, if someone writes a PS2 emulator, you can do it. These are not so important details. :p He doesn't have to go investigate the feasibility. The more interesting things are his techniques, and what he can and is going to do with his findings.

EDIT: I wonder how many people start saving for a PS3 since the news broke.
 
The guy might be a hacker genius, but the guy lacks common sense. He has pretty much admitted to breaking copyright laws by downloading miley cyrus mp3 and Lost episodes. He has pretty much opened himself up to lawsuits by Disney and ABC.

more quotes from him

not only copyright laws, this guy has broken MAN LAWS!

downloading Miley Cyrus music?

mandatory 40 year sentence per "song".....and he had the nerve to get 3 songs, put him away!

but seriously, I have never seen a person who openly breaks laws......be so open about himself.

I mean his name is known, and he has his picture on his tweeter page.

maybe that is why Sony and company are giving him time to speak more...its like the more he speaks the more he leaves himself vulnerable to have to eventually shut down his whole operation.
 
Last edited by a moderator:
not only copyright laws, this guy has broken MAN LAWS!

downloading Miley Cyrus music?

mandatory 40 year sentence per "song".....and he had the nerve to get 3 songs, put him away!

but seriously, I have never seen a person who openly breaks laws......be so open about himself.

I mean his name is known, and he has his picture on his tweeter page.

maybe that is why Sony and company are giving him time to speak more...its like the more he speaks the more he leaves himself vulnerable to have to eventually shut down his whole operation.

Sounds like you listened to a lot of Cyrus' music....

Anyway, he does not seem to be doing anything illegal. And saying that you like to smoke weed is not enough (I think at least) for you to be convicted of possetion of narcotics.
 
No, but rule #1 of the internet is pretty much 'don't incriminate yourself'. Especially don't incriminate yourself when your real name is known and you've posted your address on twitter.
 
His last post is actually a rather sarcastic "Everyone can already run unsigned code, it's called OtherOS" when pushed about whether he has code running or not.

So...uh...yeah. I dunno what to take from that. He seems quite evasive on the subject.

He should hurry up and show if he has arbitrary code running outside OtherOS. If he doesn't, the claims he's making (more forthrightly again on the BBC and The Register) are premature, and a bit unfair to any other hackers out there who've been working on it. Press outlets are taking his word for it because of his iPhone reputation, but he's being too coy on the bottom line of whether he's gained arbitrary execution rights or not.

If it's a matter of not yet having this milestone reached he should just come out and say that too. It would at least let people report accurately on things, and report claims about having full control as being speculative outcomes based on his work to date, rather than as done deals.

If it is a done deal then it doesn't take much to show that or to even say so.
 
Right, exactly my thoughts.

I would actually have given him the benefit of the doubt if he had a video and said "This 'Hello World' running on the PPU is executed via my hack and not via otherOs." Now, after the OtherOS comment, I'm not so sure. I'm pretty sure he shouldn't have tweeted a 'oh hey btw i just hacked the ps3'.
 
That's why I said 4850. Cell will eventually go away but right now it's still relevant. :)

Semantics, 4850 is just a slower clocked version with slower memory of the 4870 using the exact same chip. :)

As for XBMC, I think there are or soon will be very cheap stand alone XBMC boxes (like less than 100 USD).

Regards,
SB
 
Semantics, 4850 is just a slower clocked version with slower memory of the 4870 using the exact same chip. :)

As for XBMC, I think there are or soon will be very cheap stand alone XBMC boxes (like less than 100 USD).

Slower clocked doesn't go well with supercomputing ? Quoting a low end unit is not going to make Cell go away in supercomputing. It will be replaced quicker by the faster GPGPUs and newer CPU designs. For what it's worth, it's still in active use today.

Right, exactly my thoughts.

I would actually have given him the benefit of the doubt if he had a video and said "This 'Hello World' running on the PPU is executed via my hack and not via otherOs." Now, after the OtherOS comment, I'm not so sure. I'm pretty sure he shouldn't have tweeted a 'oh hey btw i just hacked the ps3'.

He might already have visits or contacted by interesting/intimidating people.
 
Are Sony ninjas scarier than Apple ninjas? (I sort of envision Sony DMCA ninjas as the Keystone Kops of the ninja universe.) Though Apple doesn't currently have as big a stake in keeping the iPhone inviolate as Sony does.
 
Big update on Geohot's blog:

That aside, I'll tell you what I have so far. I have added two hypercalls, lv1_peek and lv1_poke. peek reads memory in real space(including all the MMIO), poke writes it. I can also add other arbitrary hypercalls as I see fit.

The hypervisor is complicated, it is written in C++ and is PPC, which I am not that familiar with yet. At first I was trying to add a hypercall to add arbitrary real memory to the LPAR, but it kept crashing(because I can't code), which is really annoying, because I have to wait while Linux reboots.

Some people pointed out that I have not accessed the isolated SPEs. This is true. Although as far as doing anything with the system, it doesn't matter. The PPE can't read the isolated data, but it can kick the isolated SPEs out. Decrypt the PPE binary you need using the intact SPE and save the decrypted version. Kick out the SPE, and patch the decrypted version all you want. And interesting note, by the time you get to OtherOS, all 7 working SPEs are stopped.

Despite this, I am working on the isolated SPEs now(which I can now load), because what I'd really like to do is post decryption keys here so you guys can join the fun.

Again with the PPE being able to "kick out" the isolated SPEs. And what's this about all the SPEs being stopped in OtherOS? I know they're usable, does he mean they're reset or something?
 
Big update on Geohot's blog:



Again with the PPE being able to "kick out" the isolated SPEs. And what's this about all the SPEs being stopped in OtherOS? I know they're usable, does he mean they're reset or something?

I am scratching my head too. May be what he meant was: By the time he got to OtherOS, the PPE has already kicked out all the SPEs ? (i.e., his own PPE program or something stopped/crashed them progressively ?). Sounds comical though. Just wait for him to post the key. :)

May be the other SPUs were trying to contact the missing SPU and were blocked.
 
I wonder what geohot has really achieved.

To my knowledge the video memory has already been accessible(even though a bit tricky) http://lists.ozlabs.org/pipermail/cbe-oss-dev/2009-October/007057.html

I wonder if he is just confused and figured out stuff that was already known(without realizing it) or if he really has managed to do something new.

I think if he was able to access stuff that blocked gpu access would validate his claims nicely. Good starting point would be to start from here: http://forums.ps2dev.org/viewtopic.php?t=9479

edit. And this is interesting thread to follow http://forums.ps2dev.org/viewtopic.php?t=12794
edit2. Also his ramblings about spu's sound like he hasn't realised that spu's have been accessible always so there is possibility he is reinventing the already known wheel here too.
 
Last edited by a moderator:
He has added 2 hypervisor calls. Nobody has managed that so far.

The question is, has he really? ;) Well, I'm kind of skeptic his efforts will provide anything fruitful. There is so much nonsense in his blogposts that something has to sound right but the amount of crap just makes me think he might just be reinventing wheels/misinterpreting stuff.
 
Personally I hope he fails at this, or that the real world implementation
is difficult enough to prevent the PS3 from becoming a total software
hack like the Dreamcast and PSP.

I understand a hacker may be driven by challenge, or glory hunting.
However, it's fairly obvious that this man intends to gain notoriety not
from the hack itself, but by providing others with the keys for piracy.

From a technological standpoint the hack is interesting,
but for someone working in the game industry it's depressing.

Oninotsume
 
Back
Top