Technological discussion on PS3 security and crack.*

Why is the technical thread moved from the tech forum btw?

 

Mod hasn't gotten to it. He posted some instructions to his exploit, by the way. As far as I'm concerned nothing's changed, though.

 

Probably because the thread got polluted with discourse on piracy. And rather split the post and merge them with the existing thread for that purpose was just moved here.

Regards,
SB

 

But we already have the ethical thread, made from piracy-related posts in this one?

 

exploit has been released.

http://geohotps3.blogspot.com/

 

Wait...has he actually got what he's looking for and released it? Almost sounds like he's given up and just offloaded the work to the public..

 

Sounds like that is exactly what he did right there.

 

Combined with: http://www.eurogamer.net/articles/digitalfoundry-ps3hacked-article

I think the conclusion is he hacked the PS3, and it might be possible to use the hardware for something interesting, but Pirate games seem to be far of. Unless it´s possible to load a game from where he is now and he can "shoot down" any security checks while loading the game?

Very long way to go...

 

his research will most likely lead to homebrew, if anything

as for loading pirated games, that takes place in the actual OS (XMB), all of his work has been done in OtherOS (not sure which version of Linux) which already lacks RSX support,

im not sure if he even tried to launch a PS3 game

what he had control over was the hypervisor and apparently he loaded his own calls/code onto there, but the hypervisor doesnt launch games

 

For some definition of hacked, yes. What he achieved is a non-reliable non-trivial to reproduce privilege escalation that gains you little in terms of compromising the system's security. If that's enough to keep the "we want RSX access" crowd quiet it's fine in my book, but it's very very far from his first claims.

I wouldn't be surprised if more people got there in the past and hit the Cell security wall.

 

Now Sony will never enable OtherOS. >_<

I was hoping they re-enable it when PS3 unit cost drops.

 

There's no reason they would - a commercially insignificant amount of people used it. There are enough fat models in the wild to snap one up cheaply if you really want it.

 

So after all that fuss and bother what he basically managed to do something that that had already been done, enable OtherOS, and then just gave up when he realised he wasn't capable of actually hacking the CELL?

Woop!

 

Scanned through the "exploit.c" file, I approve his coding style.

Now the worms are out, though the fact that you still need to glitch the hardware (old PS3 model) will limit the number of hackers taking on this, but there are probably enough of them to explore and document the memory dumps to get a lot of useful information about the HV.

If someone is able to turn that glitch mechanism into a reliable hardware mod, we may start seeing moded PS3s but we are still far away from seeing it play pirated games, but as I said now the worms are out.

 

If the user base increases, some other company may be interested to partner with Sony -- assuming there is no security risk.

I feel like polishing my FAT PS3 up and trial-eBay them to see how much I can fetch.

 

I assume you mean release an update that allows otherOS on the slims in which case a hacker could just enable it in the future if sony chooses not to.

Doesn't this hack mean that avenues of attack on the system are less opposed since the hypervisor (hinted to stop tiff exploits etc) is compromised? Even the psp's root key is still unknown so its not needed for this is it? even if the root key remains safe I am betting they can go around it. The forcefield is down, they are now bashing away at the hull of the ship!

 

Maybe they can enable OtherOS on the Slim, but they're certainly not there, or anywhere in the general vicinity of that.

The real prize is GameOS. Running homebrew in Linux isn't really a big deal, though inserting hypervisor methods is certainly interesting. I'm not fully sure what it means, though -- he's not even sure if they have full GPU access.

 

I have not been tracking this carefully.

Based on here: http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/

The glitching of the hash table setup relies on an OtherOS program to increase the chance of a successful "strike". Without the OtherOS hook, they will need to find other (more reliable) ways to hack the HTAB ?

The rest of the exploits rely on Linux kernel. Without OtherOS hooks, it is unclear if someone else can do this.

 

Not quite. OtherOS just makes the whole process easier/cheaper for injection. It's not necessary to use OtherOS, but it would be a lot harder (and probably more expensive) to do the injection from an external host. Also the Linux environment is known stable environment to run under, trying to do it to GameOS is whole other kettle of fish.

Booting (an)other lpar isn't the problem, it's writing all the device drivers for the slim that becomes the headache. OtherOS support simply sucks resources away from GameOS development with little to no revenue potential.

mmendez's post pretty much sums everything up pretty nicely.

 

So, on the 23rd he claimed to have the root key and on the 27th he gives up telling us he's basically got nothing.

I guess he had enough publicity and is hoping no one remembers what he claimed because he spouted so much BS it got lost in the noise.

I guess lots of cheap people are crying into their 100 recently purchased blank blu-rays as we speak.