green.pixel
Veteran
Why is the technical thread moved from the tech forum btw? 
Technological discussion on PS3 security and crack.*
- Thread starter senas8
- Start date
Silent_Buddha
Legend
Why is the technical thread moved from the tech forum btw?
Probably because the thread got polluted with discourse on piracy. And rather split the post and merge them with the existing thread for that purpose was just moved here.
Regards,
SB
green.pixel
Veteran
But we already have the ethical thread, made from piracy-related posts in this one?
exploit has been released.
http://geohotps3.blogspot.com/
http://geohotps3.blogspot.com/
Here's your silver platter
In the interest of openness, I've decided to release the exploit. Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released. I have a life to get back to and can't keep working on this all day and night.
Please document your findings on the psDevWiki. They have been a great resource so far, and with the power this exploit gives, opens tons of new stuff to document. I'd like to see the missing HV calls filled in, nice memory maps, the boot chain better documented, and progress on a 3D GPU driver. And of course, the search for a software exploit.
This is the coveted PS3 exploit, gives full memory access and therefore ring 0 access from OtherOS. Enjoy your hypervisor dumps. This is known to work with version 2.4.2 only, but I imagine it works on all current versions. Maybe later I'll write up how it works
Good luck!
Combined with: http://www.eurogamer.net/articles/digitalfoundry-ps3hacked-article
I think the conclusion is he hacked the PS3, and it might be possible to use the hardware for something interesting, but Pirate games seem to be far of. Unless it´s possible to load a game from where he is now and he can "shoot down" any security checks while loading the game?
Very long way to go...
i_am_interested
Newcomer
his research will most likely lead to homebrew, if anything
as for loading pirated games, that takes place in the actual OS (XMB), all of his work has been done in OtherOS (not sure which version of Linux) which already lacks RSX support,
im not sure if he even tried to launch a PS3 game
what he had control over was the hypervisor and apparently he loaded his own calls/code onto there, but the hypervisor doesnt launch games
For some definition of hacked, yes. What he achieved is a non-reliable non-trivial to reproduce privilege escalation that gains you little in terms of compromising the system's security. If that's enough to keep the "we want RSX access" crowd quiet it's fine in my book, but it's very very far from his first claims.
I wouldn't be surprised if more people got there in the past and hit the Cell security wall.
grandmaster
Veteran
There's no reason they would - a commercially insignificant amount of people used it. There are enough fat models in the wild to snap one up cheaply if you really want it.
So after all that fuss and bother what he basically managed to do something that that had already been done, enable OtherOS, and then just gave up when he realised he wasn't capable of actually hacking the CELL?
Woop!
Woop!
Scanned through the "exploit.c" file, I approve his coding style.
Now the worms are out, though the fact that you still need to glitch the hardware (old PS3 model) will limit the number of hackers taking on this, but there are probably enough of them to explore and document the memory dumps to get a lot of useful information about the HV.
If someone is able to turn that glitch mechanism into a reliable hardware mod, we may start seeing moded PS3s but we are still far away from seeing it play pirated games, but as I said now the worms are out.
Now the worms are out, though the fact that you still need to glitch the hardware (old PS3 model) will limit the number of hackers taking on this, but there are probably enough of them to explore and document the memory dumps to get a lot of useful information about the HV.
If someone is able to turn that glitch mechanism into a reliable hardware mod, we may start seeing moded PS3s but we are still far away from seeing it play pirated games, but as I said now the worms are out.
If the user base increases, some other company may be interested to partner with Sony -- assuming there is no security risk.
Scanned through the "exploit.c" file, I approve his coding style.
Now the worms are out, though the fact that you still need to glitch the hardware (old PS3 model) will limit the number of hackers taking on this, but there are probably enough of them to explore and document the memory dumps to get a lot of useful information about the HV.
If someone is able to turn that glitch mechanism into a reliable hardware mod, we may start seeing moded PS3s but we are still far away from seeing it play pirated games, but as I said now the worms are out.
I feel like polishing my FAT PS3 up and trial-eBay them to see how much I can fetch.
I assume you mean release an update that allows otherOS on the slims in which case a hacker could just enable it in the future if sony chooses not to.
Doesn't this hack mean that avenues of attack on the system are less opposed since the hypervisor (hinted to stop tiff exploits etc) is compromised? Even the psp's root key is still unknown so its not needed for this is it? even if the root key remains safe I am betting they can go around it. The forcefield is down, they are now bashing away at the hull of the ship!
Maybe they can enable OtherOS on the Slim, but they're certainly not there, or anywhere in the general vicinity of that.
The real prize is GameOS. Running homebrew in Linux isn't really a big deal, though inserting hypervisor methods is certainly interesting. I'm not fully sure what it means, though -- he's not even sure if they have full GPU access.
The real prize is GameOS. Running homebrew in Linux isn't really a big deal, though inserting hypervisor methods is certainly interesting. I'm not fully sure what it means, though -- he's not even sure if they have full GPU access.
I assume you mean release an update that allows otherOS on the slims in which case a hacker could just enable it in the future if sony chooses not to.
Doesn't this hack mean that avenues of attack on the system are less opposed since the hypervisor (hinted to stop tiff exploits etc) is compromised? Even the psp's root key is still unknown so its not needed for this is it? even if the root key remains safe I am betting they can go around it. The forcefield is down, they are now bashing away at the hull of the ship!
I have not been tracking this carefully.
Based on here: http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/
The glitching of the hash table setup relies on an OtherOS program to increase the chance of a successful "strike". Without the OtherOS hook, they will need to find other (more reliable) ways to hack the HTAB ?
The rest of the exploits rely on Linux kernel. Without OtherOS hooks, it is unclear if someone else can do this.
Not quite. OtherOS just makes the whole process easier/cheaper for injection. It's not necessary to use OtherOS, but it would be a lot harder (and probably more expensive) to do the injection from an external host. Also the Linux environment is known stable environment to run under, trying to do it to GameOS is whole other kettle of fish.
Booting (an)other lpar isn't the problem, it's writing all the device drivers for the slim that becomes the headache. OtherOS support simply sucks resources away from GameOS development with little to no revenue potential.
mmendez's post pretty much sums everything up pretty nicely.
So, on the 23rd he claimed to have the root key and on the 27th he gives up telling us he's basically got nothing.
I guess he had enough publicity and is hoping no one remembers what he claimed because he spouted so much BS it got lost in the noise.
I guess lots of cheap people are crying into their 100 recently purchased blank blu-rays as we speak.
I guess he had enough publicity and is hoping no one remembers what he claimed because he spouted so much BS it got lost in the noise.
I guess lots of cheap people are crying into their 100 recently purchased blank blu-rays as we speak.
Similar threads
- Locked