PlayStation 3 Hack Released Online

itwbennett writes "On Friday, George Hotz, best known for cracking Apple's iPhone, said he had managed to hack the PlayStation 3 after five weeks of work with 'very simple hardware cleverly applied, and some not so simple software.' Days later, he has now released the exploit, saying in a blog post that he wanted to see what others could do with it. 'Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released,' he wrote. 'I have a life to get back to and can't keep working on this all day and night.'" Reader MBCook points out an article written by Nate Lawson "explaining how the hack bypasses the hypervisor to gain unrestricted access to memory. It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry."

This sounds just like the GBC ROM dump hack

[Ant+P.]

Even if your software security is perfect, if your hardware cuts corners then all it takes is 100mW in the wrong place at the wrong time...

Re:This sounds just like the GBC ROM dump hack

[mister_playboy]

Someone here needs to try it and report back... :)

Re:This sounds just like the GBC ROM dump hack

[noidentity]

Yeah, his rough description sounds similar. In this case, he's causing the hypervisor to constantly update the MMU page tables, then glitching the system during that, which gives him access to memory that the hypervisor thought it had protected.

Works on PS3 slim?

Does this work on the PS3 slim? Will I be able to install Linux on it now? If so, I will buy one. I have not had enough of a reason to buy a PS3 before, but this will pretty much do it for me. It will be interesting to see if there is a sales spike because of it.

Re:Works on PS3 slim?

[pnewhook]

You do realize that the PS3 is a GAMING console right? Sounds like you should be buying a PC if you want to run Linux.

Re:Works on PS3 slim?

[RoFLKOPTr]

Will I be able to install Linux on it now? If so, I will buy one.

Don't buy a PS3 simply for the sake of installing Linux on it. The PS3 only has 256MB of system RAM and Linux does not run well at all on it (I know this from personal experience with a PS3-specific Linux flavor). Just build a computer for $500.

Re:Works on PS3 slim?

I did the linux thing on a ps3. You are right it is horrible. If you were into hacking yeah it might be fun. But just to mess around with. Painful.

I bought a netbook put linux on it and am having a blast.

I could use my ps3 for linux but to run it solid 24/7 would cost me a fortune. Can do the same with my netbook for 1/10th the cost.

It was one of those things where someone could have done something interesting with it but sony locked out the interesting bits except cell.

It could have been a very capable media center type thing. But Sony killed that quick for some reason.

Re:Works on PS3 slim?

This is because of the restrictions applied. Without these restrictions the PS3 could be a very powerful Linux box with excellent home theatre possibilities.

Re:Works on PS3 slim?

[FireFury03]

I've just bought a Point Of View Intel Atom 330 / nVidia Ion motherboard, case and RAM - total cost was well under £200 and it does pretty well as a home theatre system.

Re:Works on PS3 slim?

[soupd]

Aye, being able to run LINUX on a console is an impressive feat but the limited RAM severely limits actual usability.

Re:Works on PS3 slim?

[LWATCDR]

funny but Sony supported installing Linux on earlier versions.
Why not install Linux if you can? The PS3 is also a really cheap way to play with writing code for the CELL.

Re:Works on PS3 slim?

[pozitron969]

FTA - Sony has stopped supporting the "OtherOS" feature in the PS3 slim. Mr. Hotz used a bit of code while running Linux as the "OtherOS." So initially it looks like No it won't work on the PS3 Slim. But this may lead to other exploits which may work on that model.

Re:Works on PS3 slim?

[dimeglio]

This is because of the restrictions applied. Without these restrictions the PS3 could be a very powerful Linux box with excellent home theatre possibilities.

Probably but the PS/3 "as is" provides pretty much exceptional home theatre possibilities out of the box. Including licensed codecs and BD support. Not sure I would use Linux on the PS/3 for that. I'd probably build a HTPC with XBMC which is quite impressive.

Re:Works on PS3 slim?

[Khyber]

Th PS3 is far more than a GAMING console.

Otherwise it would not come with folding@home preinstalled, you wouldn't get the option of installing another OS on it, and you most certainly wouldn't get the social networking garbage that is sony@home, nor would you get web browsing access.

The PS3 is most certainly not just a gaming console.

Re:Works on PS3 slim?

[Khyber]

It is only slow because you're doing it wrong and the hypervisor has access restricted.

256MB of XDR has enough bandwidth to match 2GB DDR.

Once the hack is properly applied/vetted and people actually get direct memory access, you can almost guarantee that PS3 specific Linux flavors will run much faster than you ever thought possible.

Re:Works on PS3 slim?

[Khyber]

The limited RAM does nothign to limit usability - this is all the hypervisor.

A decade ago a system with XDR and Cell, even with only 256MB of RAM, would've been considered insane excess.

Learn how to program, you likely don't need more than 128 megs of RAM anyways. Learning how to write tight code is the trick.

Re:Works on PS3 slim?

[RoFLKOPTr]

256MB of XDR has enough bandwidth to match 2GB DDR.

Wrong. It doesn't matter how fast your RAM is if you don't have enough... and 256MB isn't enough to do a whole lot.

Re:Works on PS3 slim?

[soupd]

Dude, for the record I learnt 6510 on the 64 and 68000 on an Amiga where hundreds and hundreds of lines of assembler rarely produced more than a couple of dozen kilobytes of code, but its not raw code that takes up in a modern OS.

Re:Works on PS3 slim?

[DuckDodgers]

"Learn how to program, you likely don't need more than 128 megs of RAM anyways. Learning how to write tight code is the trick."

Unless you expect me to rewrite KDE and Firefox, your advice is not too useful. Even if I make my own apps very tiny, the off-the-shelf applications I prefer are major memory hogs.

I'm impressed by what this fellow has done, and I want to learn more about hardware and memory manipulation because I'm very curious. My own formal and self-taught programming background is very weak on low level stuff, and while it doesn't hurt my web development skills it bothers me. But in terms of big news, hacking the PS3 near launch when 256 MB of RAM and multi-core CPUs were much more expensive would have been more noteworthy.

Re:Works on PS3 slim?

[pnewhook]

Yes, yes, and I use mine as a bluray/DVD player, media console and webbrowser.

Regardless it is NOT a PC, and I fail to see any benefit of installing Linux on it other than saying 'hey look what I can do!' Interesting academic exercise, but practically pointless.

Re:Works on PS3 slim?

You must be a shitty programmer is 256MB isn't enough to do a whole lot, especially given the bandwidth of XDR.

Re:Works on PS3 slim?

[CronoCloud]

Regardless it is NOT a PC, and I fail to see any benefit of installing Linux on it other than saying 'hey look what I can do!' Interesting academic exercise, but practically pointless.

Pointless?

[CronoCloud@mideel ~]$ cat /etc/redhat-release
Yellow Dog Linux release 6.2 (Pyxis)
[CronoCloud@mideel ~]$ uname -a
Linux mideel 2.6.29-3.ydl61.4 #1 SMP Mon Sep 7 14:50:27 PDT 2009 ppc64 ppc64 ppc64 GNU/Linux
 
Mozilla/5.0 (X11; U; Linux ppc64; en-US; rv:1.9.0.12) Gecko/2009072311 YellowDog/3.0.12-1.ydl6.2 Firefox/3.0.12

A PS3 with a Linux install on it adds even more functionality to the thing. GameOS's Netfront is sucky, but under Linux you've got Firefox and Opera. GameOS can't view and print PDF's but you can under Linux. You've got all the usual 'nix tools and whatnot, LaTeX, vim, gcc, nethack. One of the first things I did when I got my PS3 was download YDL and install it.

Though I freely admit I had Linux on my PS2 as well.

Re:Works on PS3 slim?

[pnewhook]

Yes, you just proved my point. Interesting but pointless.

What can you do with a Linux PS3 that you cannot do with a PC? And can you still play PS3 games, or watch bluray disks on it in that configuration? No.

So again, interesting but pointless.

Re:Works on PS3 slim?

[CronoCloud]

You do know that Linux on the PS3 works similar to a "dual-boot" sort of thing? You can boot between what Sony calls OtherOS (Linux) and GameOS (the PS3's regular functionality) as you desire.

It's all about added functionality. Imagine a 1 PC household, yes, it seems Slashdot readers have a dozen PC's and a rack of servers in the garage, but most families don't. Imagine the PC is occupied and you want to read your e-mail and print some documents yourself and say you've got a PS3. It essentially means you don't just have 1 PC, you have two.

Re:Works on PS3 slim?

[CronoCloud]

Which distro? Which window manager/desktop? You weren't trying to run a full KDE/Gnome environment on the thing, were you?

There's plenty of ways to optimize the PS3 Linux experience, shutting down unecessary services, not using GDM and booting straight into a text console, using Fluxbox, enabling VRAM swap, using lightweight applications, all sorts of easy things. I know because I've done it, and have Yellow Dog Linux 6.2 installed on mine.

It's also kind of funny that people are saying 256MB isn't enough when that was a common amount for WinXP machines to have not so many years ago.

Re:Works on PS3 slim?

[CronoCloud]

Usability for what purposes? I've done all sorts of things on mine. Edited photos, created documents, etc.

Re:Works on PS3 slim?

[RoFLKOPTr]

Well I installed Linux on my PS3 so that it could be a little more useful... running lightweight applications simply because those are the only things I can run (as opposed to because the applications I want to run happen to be lightweight) is more of a hassle than it's worth.

It's also kind of funny that people are saying 256MB isn't enough when that was a common amount for WinXP machines to have not so many years ago.

Yeah, and it wasn't enough.

Re:Works on PS3 slim?

[lmnfrs]

Don't buy a PS3 simply for the sake of installing Linux on it.

I can't disagree, but I think it should be viewed as a gaming system. Installing Linux may be like the pre-alpha version of a PC's live disc, but it has the relatively new, obscure game with a cult-following - messing with 'nix on a console.

Installing Ed's Debian on my Xbox served no purpose, but it sounded like a good way to fill my afternoon. Lacking a keyboard, all interaction was done via SSH instead of using the controller's limited bash interactivity; so I did a classic ifdown eth0..oh wait..crap. Then it was pure puzzle, making the lock picking in more recent games feel like pipe dream.

You're presented with a screen's worth of command history and output, the ability to copy, paste, and an Enter key. All you have to do is find your option, or path(s) of options, accurately predicting the output to know how much backlog will be flushed. Difficulty modes are set via router configuration, e.g. disabling DHCP, blocking communication between certain class 3 subsets, etc.

Was there a point? I have no idea, but it's a great game :)

Re:Works on PS3 slim?

[pnewhook]

Ok sure - I can see once in a blue moon where you may be able to trick yourself into thinking the waste of time was justified. But if I had to read and print an email that urgently, I'd boot whoever was on the PC off for the 30 seconds it took to do that instead of trying to dual boot a PS3 and kicking off whoever was watching the TV.

So if PS3 already supports Linux, then what is the point of hacking it?

Re:Works on PS3 slim?

[CronoCloud]

Installing Linux on a PS3 is reasonably quick and easy, and once you've done it, you've got more functionality. If you can't think of uses for a "second computer" then I'll have to revoke your geek card. In 1 PC households people can become protective of their computer time and can/do refuse to relinquish the PC. Also, booting into Linux on the PS3 is a menu option in GameOS, it's fast and easy.

Personally, my PS3 setup is probably different from most folks, it isn't hooked up the main TV in the living room but sits on a desk with a 19" HDTV, with keyboard, mouse, external USB drive and laser printer attached. (And my SNES, NES and a PS2, also sit on shelf on that desk)

What's the point in hacking the PS3 if it runs Linux? Well the new slims don't have the option to install or boot into Linux. Some people also don't like the hypervisor restrictions Though I did figure that when the OtherOS support was removed from the slim, that's when the hacking attempts would really get going, since many of the things people hack their consoles for like playing SNES ROMS and the like, one can already do that under Linux.

Do you know what I think the worst thing about Linux on the PS3 is? It's the hard drive partition options in GameOS. You can either give 10GB to Linux and the rest to GameOS, or 10GB to GameOS and the rest to Linux. Neither one is optimal and I'd prefer to split the drive in half or have a custom partition option.

Re:Works on PS3 slim?

I've tried getting into that discussion with the Linux-guys once, and trust me, it's not worth it. They will point you at some nutcase, somewhere in the world, who hacked 15 PS3s together and cured some type of cancer with it, that only he had.
Linux-geeks want to install their fetish-OS on anything that has any kind of processing power, even if it's a smart toaster

Re:Works on PS3 slim?

[exomondo]

Learn how to program, you likely don't need more than 128 megs of RAM anyways. Learning how to write tight code is the trick.

what makes 128mb the magic number? or was that just a random selection?

Re:Works on PS3 slim?

[Khyber]

"So if PS3 already supports Linux, then what is the point of hacking it?"

Turn your geek card in, NOW. Better access to the hardware to allow for full exploitation of the hardware capabilities so you essentially have a pretty good mid-range PC (given the graphics chipset) for like $250.

Linux is pretty good at making use of available RAM - even moreso when you're NOT RESTRICTED.

Re:Works on PS3 slim?

[pnewhook]

But so? What can you do with it?

This seems as useful as a flying toaster or geothermally powered airplane.

Re:Works on PS3 slim?

Well, he could dedicate even more power from the system into folding@home, or maybe use it as an extended media center. Is your imagination that limited?

Re:Works on PS3 slim?

[pnewhook]

Well, he could dedicate even more power from the system into folding@home

I doubt you would see any difference in processing power.

or maybe use it as an extended media center

How is that different from what the PS3 can already do?

Is your imagination that limited?

Yours seems to be if thats all you can come up with..

'I have a life to get back to'

How dramatic

Re:'I have a life to get back to'

[Vanderhoth]

Yeah, he thinks he's all special because he has a life or something.

Re:'I have a life to get back to'

[Sir_Lewk]

Only a slashdotter would think someone claiming to have a life is being dramatic.

Re:'I have a life to get back to'

Only a Slashdotter would think that "Vanderhoth's" post is anything less than a tongue-in-cheek comment and attempt to belittle the poster!

Re:'I have a life to get back to'

[Sir_Lewk]

And only a dumbass AC would be unable to tell that I was responding to the same person Vanderhoth was responding to, and that my post as well was tongue in cheek.

Re:'I have a life to get back to'

you are so GAY! tongue in cheek? more like COCK in cheek!

Does this open the floodgates?

[ACK!!]

If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

Re:Does this open the floodgates?

[decipher_saint]

I often wonder if part of the success of the original XBox was it's "hackability".

Anyone care to weigh in?

Re:Does this open the floodgates?

[Sir_Lewk]

If by "hackability", you mean Halo...

I think the GP isn't suggesting that this will make the PS3 fair better to any significant degree in the market at large, but rather make it more popular with nerd types you might find on places like slashdot.

Who knows though, it probably wouldn't be too out of line to claim that iphone unlocking made those more desirable, plenty of my non-nerd friends have unlocked iphones.

Re:Does this open the floodgates?

[Kagato]

Well, older machines you could run linux with out much hassle. But locking out the Hypervisor meant that Linux based software was locked out of the accelerated graphics. Which is why the common uses for the PS3 on linux has been more for computational activities. In theory this makes it possible to make home brew games and DVRs, etc.

I don't know if this has any effect on things like copy protection.

Re:Does this open the floodgates?

I often wonder if part of the success of the original XBox was it's "hackability".

Anyone care to weigh in?

It absolutely was. Think of how many people you know with XBoxes. Then think of how many of those were hacked. Then think about how many of those people are generally non-geeks (assuming you have non-geek friends). There you go.

Re:Does this open the floodgates?

Except, sony loses money on every ps3 sale in hopes of getting it back in overpriced games. So, if it's more popular, it's a loss for sony if those people don't buy games.

Re:Does this open the floodgates?

[flabordec]

At least in some places that was the case. People in less developed countries do not have as much money to spend on videogames, some of my friends in Mexico pay about $50 monthly rent, so paying more for a single game than for a whole month of housing does not make much sense. Paying $5 for essentially the same thing, on the other hand, is much more manageable.

Re:Does this open the floodgates?

[ShiftyOne]

You must have not heard of Halo.

Re:Does this open the floodgates?

[petermgreen]

ofc people who "pirate" all thier games aren't making MS any money so whether you can call being popular among "pirates" a success is open to interpretation (working on the assumption that console manufacturers either make a loss or a very small profit on the consoles and make up for it on the games)

Re:Does this open the floodgates?

I can vouch for this. We had an xbox lying around from the first batch to be released (I think my brothers and I got one on preorder one christmas).

I played it a bit, (Halo, as mentioned...) but only really used it alot once I decided to put a mod chip in. The whole project was actually really enjoyable. I researched for weeks, and opened the case up several times to poke around, detach and reattach, etc.

Once the chip arrived in the post and I flashed a new BIOS, I had even more fun playing around with different homebrew, apps, and "operating systems". A little later I discovered XBMC, installed a new hard drive, and started running games off the drive as well as FTP'ing movies and TV to it.

I don't know how many people bought an Xbox as a result of the mod chip capabilities, but im certain there are plenty. Some sites even offered pre-chipped console bundles.

It was definitely a key activity in my eventual career choice of computer engineering.

Re:Does this open the floodgates?

[NitroWolf]

If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

It would definitely be a bad thing for the PS3, just like it was for the original XBox. If people start buying the consoles, but NOT buying any games or content (since they'd be using the PS3 for something else) - then the PS3 becomes a major loss and drain on company profits. It's the razor and the content is the blades - sell the razor for cheap and rape them on the blades. If there are no blades being purchased then selling the razor is pointless.

Re:Does this open the floodgates?

[Hatta]

The original Xbox was a success? The Xbox sold about as much as the Gamecube, and about as fifth as many as the PS2. The gamecube made Nintendo a few hundred million dollars, while the Xbox lost microsoft a few billion dollars. The only success there is that it made Microsoft a legitimate name in console gaming, providing footing for the Xbox 360.

Re:Does this open the floodgates?

Look at the PlayStation (PS1), CDs were easier to pirate than cartridges.

Can you remember the PlayStation's main rival?

Re:Does this open the floodgates?

[nmb3000]

If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

The problem with this is that Sony doesn't want you to buy a PS3 just so they can sell you the hardware. Sony wants you to buy a PS3 so they can sell you games, movies, downloadable content, accessories such as remotes and controllers, and other stuff like that. Large numbers of people running hacked and modded consoles that can use homebrew software and games, cracked/pirated games and downloads, and pirated BluRay movies and DVDs is the exact opposite of what Sony really wants to see happen.

As other pointed out, Halo was a huge part of the popularity of the Xbox and was, in fact, the initial reason I personally bought one. As useful as a modded Xbox is (games on the hard drive and XBMC especially), Microsoft doesn't like people modding the Xbox any more than Sony likes them modding the PS3. After all, there's a reason these companies invested what probably amounted to millions of dollars in the (doomed to fail) anti-tampering software and hardware which guards the platform.

Re:Does this open the floodgates?

Will it fuck.

Let's face it, >70% of people who even use hacks are usually doing it for piracy.

This will be terrible for PS3 if it does actually lead to it being opened up, yes, even with the large 15+ GB games.

Re:Does this open the floodgates?

[navyjeff]

Seconded.

I've had my XBox since '02. I've modded it, fixed it, upgraded it since then. Oddly enough, it's still the number one source for my TV. I haven't played games on it in months, but I frequently watch movies and tv shows from my network server (>3TB). The box is indispensable, and to date I still haven't found a machine to adequately replace it. If the PS3 can be modded to run XBMC, I might be convinced to finally retire it from primary duty.

It's also nice to be able to play all my old SNES and N64 games without having to drag both of those consoles out of storage. If it had been impossible to mod, I would've stopped using it years ago. It still amazes me what the old hardware is capable of doing, such as 720p and 1080i video.

Re:Does this open the floodgates?

[flabordec]

It isn't making them money on software, but there are still tons of console sales (you still have to play your pirate games somewhere). The console was sold a lot in Mexico because it was easily hackable.

By "success" I had thought of console sales, if by "success" we mean profit then the numbers would probably look pretty bad even though there were a lot of console sales.

Re:Does this open the floodgates?

[omnichad]

I bought a used one for that purpose alone. I needed a MythTV frontend cheap. I never used it to play games except to load a saved game as part of the hacking process.

Re:Does this open the floodgates?

[herring0]

The only reason that I bought the original Xbox was for all the media center functionality. I like playing games and such, but that was not my primary interest.

I know there are and were plenty of media center PCs, but I never found one that I liked the look of and wouldn't require me to do all kinds of work. With the xbox I installed a mod-chip in about 15 minutes, loaded XBMC and was streaming music and movies inside an hour start to finish. I can even still watch Hulu from it.

Plus I got the xbox used with a couple controllers and games for less than I could even buy one of the little Nvidia pc boards. Best $100 I ever spent on a piece of electronics.

Re:Does this open the floodgates?

[darkmeridian]

I know that many PS3 owners use it mostly as a Blu Ray owner but as a gamer, I'm concerned about opening up console platforms. Online PC gaming has been ruined by aimbot, wallhacks, and other cheats. Console gaming so far has been less prone to these hacks because the systems are closed. Whenever a console is hacked, there is a risk that online gaming will suffer from cheaters that make the game unplayable. The Xbox 360 was eventually hacked, but this required a hard hack that allowed these systems to be kept offline so that wasn't a really big deal. (More freedom with hardware WITHOUT hurting gaming! Perfect!) It sounds like the PS3 hack is a softhack, which raises the possibility of aimbots and the like being introduced into online game play. That's not necessarily a good thing for the PS3 as a gaming platform.

Re:Does this open the floodgates?

[demonlapin]

I can even still watch Hulu from it.

Link for something that works with the Xbox and not just XBMC on PC?

Re:Does this open the floodgates?

[Winckle]

The Nintendo 64?

Re:Does this open the floodgates?

[pak9rabid]

I often wonder if part of the success of the original XBox was it's "hackability".

I know that I wouldn't have bought the 2 Xbox's that I did if it weren't for the fact that I could hack them and put XBMC on them.

Re:Does this open the floodgates?

[Again]

The original Xbox was a success? The Xbox sold about as much as the Gamecube, and about as fifth as many as the PS2. The gamecube made Nintendo a few hundred million dollars, while the Xbox lost microsoft a few billion dollars. The only success there is that it made Microsoft a legitimate name in console gaming, providing footing for the Xbox 360.

And Microsoft has only lost 1 billion dollars on that so far.

Re:Does this open the floodgates?

afaik they don't make a profit on consoles, they make a profit only after accessories are taken into account

Re:Does this open the floodgates?

[XSforMe]

I recognize my case might be fairly unique, but I was looking for an affordable DVP for my living room, and XBMC filled in the description nicely. The second day after I got my XBox I chipped it and loaded XBMC into it. Ironically enough, out of the 30 games I ended up buying for the XBox only two were pirates (and one of them sucked, so I basically threw it to the garbage can three days after I got it).

Had it not been for the XBox hackability and the development of XBMC, I would have never bought the box (which is nothing more than a PC, and an obsolete one at the time I got it).

Re:Does this open the floodgates?

[DuckDodgers]

Microsoft has the resources to keep trying until they get it right. If it takes two more generations of Xbox until it's profitable, so what? They aren't likely to implode any time soon.

Re:Does this open the floodgates?

[MrNiceguy_KS]

I second this request. The only way I've found to watch Hulu on an XBox is by running some software on a Windows box that basically re-streams to the XBox.

Re:Does this open the floodgates?

[theArtificial]

Thirded.

I've had mine since '03 and it's still going strong. The only hardware mod I've installed is a larger hard drive (which still uses the softmod which I bought a copy of Mech Assault specifically for) and it's great to take to a buddy's house - simply load it up with a few flicks and/or music. It's just a bonus it plays games.

Re:Does this open the floodgates?

[wamerocity]

Isn't "overpriced" in the eye of the beholder? I'm glad I payed the 60$ for uncharted 2 and resistance 2. I got so many hours from those games.

Re:Does this open the floodgates?

[Bert64]

Being popular among pirates diminishes the mindshare of your competitors if nothing else...
Games consoles are often owned by kids who don't have a lot of money to spend on games, but plenty of time to spend playing them.

Re:Does this open the floodgates?

[Bert64]

I got mine for the same reason, i bought a cheap "broken" xbox - broken in that the dvd reader didn't work...
Chipped it, replaced the hd, borrowed a friend's to install stuff on the hd and primarily ran XBMC on it... I still use it to watch movies in bed where i don't have an hdtv.

Re:Does this open the floodgates?

[Bert64]

They must be turning a profit on the hardware by now, I believe both Nintendo and MS are...

And why not release a more expensive un-crippled version?

Re:Does this open the floodgates?

[herring0]

That was how it is managed for me and the functionality is suitable for my uses. Sorry, I didn't intend to mislead anybody in this regard.

Re:Does this open the floodgates?

[demonlapin]

Thanks. Can you re-stream without sitting at the PC? Or can you remote control?

Do I care?

Yes because it will show companies like Sony that hardware designed to prevent a person using a device they bought in the way they want will always fail.

but

No because the PS3 is a dead-end lump of obsolete hardware that is best used as a glorified media player or a cheap number cruncher.

Re:Do I care?

[RyuuzakiTetsuya]

Do you understand that the hack right now isn't very useful?

I have no doubt eventually keys will be extracted, and the thing will be hacked based on this hack here, but, until that happens, Sony's still winning.

Until you can get hypervisor access with out glitching the memory bus, or get homebrew working in the XMB, Sony still wins.

Re:Do I care?

[marcansoft]

This exploit isn't going to get you keys. The keys are stored in an entirely different core with secure local storage. The word "hypervisor" is overhyped (pun intended); it isn't the primary target in order to own the system. That's why it was so easy to hack (this hack is fairly trivial). Geohot just did a knee-jerk trick and only later realized it wasn't nearly as useful as he imagined.

Re:Do I care?

[bill_mcgonigle]

I have no doubt eventually keys will be extracted, and the thing will be hacked based on this hack here, but, until that happens, Sony's still winning.

And production costs should be below sales costs by then, so Sony will continue to win. Kudos to the Sony security team for developing a sufficiently secure system to support the business model.

Now, let's build some clusters...

Re:Do I care?

[RyuuzakiTetsuya]

Probably not directly, I don't imagine the HV allowing *direct* access to the isolated SPEs, but I do imagine an exploit through the hypervisor being the key to get those encryption keys.

Re:Do I care?

[marcansoft]

You cannot get the root key. It's in hardware, it's used by hardware, software can't see it or touch it. Besides that, SPE code is encrypted, which means the hypervisor is never going to see the code. Sure, the hypervisor can talk to the isolated SPE, and if you found a hole in the SPE code you could exploit it and do fun stuff, but without access to the SPE binary finding and crafting and exploit is going to be nigh impossible.

Re:Do I care?

[sznupi]

So, waiting for somebody with full access to electron or even scanning force microscope? Still no go even then?

Re:Do I care?

[marcansoft]

You also need access to fun and deadly chemicals (HF) to strip the top layers, and a lot of time on that microscope. But sure, that might work.

This guy is a hack, not a hacker.

He tried to retrieve the keys and failed miserably, so he gave up and released this half assed attempt. He might be a big fish in the iphone scene but the fact is, he is just a hack. What's even funnier, all of this was accomplished more than one year ago by other people.

I want to send a big fuck you to geofail, all the warez scene (particularly the imbeciles at Paradox) and the people who pirate games.

Glass.

Re:This guy is a hack, not a hacker.

[MBCook]

He figured out a way to read all of the memory. Can you provide a link to someone who did that last year?

Re:This guy is a hack, not a hacker.

[Sir_Lewk]

Trying and failing where none have succeeded before does not a "hack" make.

If indeed he simply duplicated what someone else has done before then that does diminish this acheivement, but I have heard nothing of the sort, you are an AC, and have not provided any citations.

Your ad hominem attack, and your unprovoked lashing out at game piraters makes me think that you have a personal stake in this somehow. Without citations, I'm going to go ahead and say you are full of shit.

Re:This guy is a hack, not a hacker.

The OP made a good point. George Hotz does not understand how Cell BE security vault works. You cannot just "kick the SPU" and hope it will magically work. He became overconfident and had to face reality. Compromising the HV was considered during the Cells design, that's why security relies on pure hardware means. It doesn't really matter if the HV is dumped and disassembled, that will never lead to a compromised key. And no, you cannot, by any means, read the LS of the isolated Cell.

He is no hero. Thanks to this guy your OtherOS might be removed pretty soon, and don't think about Linux on the PS4. Thank you for nothing, George.

Re:This guy is a hack, not a hacker.

Not only is he a hack on this (this is not an exploit), but even in the iPhone scene, he took credit for *a lot* of other peoples work. The kid is an attention whore and a tool, and surely had hopes this would get him pussy.

We're going to get you GeoFagz. You've fucked with the wrong people.

Re:This guy is a hack, not a hacker.

[Sir_Lewk]

With no linux on the slim, I think it is a pretty safe assumption that Sony has not been planning on allowing linux on the PS4. I highly doubt that Sony can effectively retroactively remove linux support from older PS3's, and if this hack really means nothing, then I really doubt Sony would go out of their way to punish PS3 users in general.

Either this hack is worth something, and will positively aid the PS3 hacking comunity, or it is worthless and nothing will change.

Re:This guy is a hack, not a hacker.

Awww, AC iphone 'hacker' tough guys.

How cute.

Re:This guy is a hack, not a hacker.

Right on target. His handling of the situation is on par with his handling of the early iPhone. That is to say, the one thing he really knows how to hack is media coverage.

He walked two steps into a mile-long walk, and announced each one to the world. Then he realized that he wasn't going to get past the third step, so he's trying to abort in the most graceful manner for his ego, announcing his two steps as a breakthrough that others should pick up and improve upon.

The reality of the situation is that geohot doesn't really know what he's doing here, and in fact did not develop this hack alone (he has discreetly acknowledged other people somewhere in the middle of his blog's comments). He thought he was onto something, but now he's stuck. The Cell BE is quite a bit more secure than he thought, and the "holy grail" (the isolated SPE) is still completely secure, hypervisor hack or no hypervisor hack.

The sad part is that he'll probably take credit for anything done to the PS3 now, especially if it's even remotely related to what he did.

Re:This guy is a hack, not a hacker.

[marcansoft]

The memory is by definition not secure (it's not encrypted nor signed). Therefore reading out all the memory isn't a hack, it's just a cute trick. Sure, the PS3 isn't designed to let you do that, but it's also designed such that doing it doesn't gain you much.

Re:This guy is a hack, not a hacker.

[Anubis350]

With no linux on the slim, I think it is a pretty safe assumption that Sony has not been planning on allowing linux on the PS4.

Cant say i agree with you there, the larger PS2 had a linux distro (which came with a keyboard and hard drive as a kit) - it was unavailable for the ps2 slim. They did something similar with the ps3, no reason to believe they wont on the ps4.

Re:This guy is a hack, not a hacker.

[canajin56]

There's an illiterate buffoon called "HighGuy" who runs around all of the PS3 forums claiming to have hacked the PS3, but his hacks are always a few weeks from release. He spits out jargon like j-tags, hello-worlds, grub, linux, ubuntu, but he obviously doesn't know what any of those things are. He claims to have hacked a CoD4 save game and installed grub in it using Ubuntu, that way when you load the game it will use DOS to boot into whatever code you want. But, he even admits, he doesn't know any programming so he can't really do much with that, just basic "helloworlds". Then, right when he was about to release, look, it melts his PS3 chips. "But I think some soldier and maybe it works again. But we can't really use this hack it overloads the chips and makes them melt the boards". Anybody who calls him on his bullshit gets flamed by his legions of fans, plus gets him to threaten to never release it as punishment for doubting him and being jealous of his hacker skills. Meanwhile, people who make legitimate strides are shat all over by his legion of fans, for ripping him off, "HighGuy was doing this a year ago, poser!" Just like Mr. AC here ;)

Re:This guy is a hack, not a hacker.

[svanheulen]

Exactly. The only thing this does is remove the HV restrictions on the OtherOS. That will in no way allow any sort of manipulation of the GameOS. The sad thing is that George actually believes he unlocked it saying... "The system isn't locked, you have access to everything now. The root key can't be dumped, it can only be used, and is similar to many other crypto engines on platforms that have widely been considered hacked, such as the iPhone and PSP" Obviously he didn't read up on how the Cell BE works and is completely delusional if he thinks it's anything like the iPhone or PSP. It's really not that hard for even a non-technical person to see that getting past the HV doesn't do any good by reading this http://www.ibm.com/developerworks/power/library/pa-cellsecurity/

Re:This guy is a hack, not a hacker.

[Terrasque]

Hah, thanks for the heads up! Googled him, and there's some brilliant entertainment there :D

Quote - a random comment from him:

Comment by HighGuy
2009-10-16 15:27:27
hey guys a update it seems console is visibule but I don't know the ps3 core commands or adresses ....hahaha fuck well ya anyways I will let ya in on this much cod 4 ufo .......fuck lots of code ....and I hate reading ..........not saying how I get console or nuthin.g but I do crash my ps3 and hard lol so far it seems to boot my code and still leaves me in the ps3 iitself (xml) but the game ps its not cod4 crashes and drops me into my shell ......I got basic basic damb basic commands aka dir and that's about it ......im thinking of poring dos into this next but thers the issue I've bricked my outher ps3 and my wife wants to kill me..and I don't wana brick my 60 so I lost the best working copy need to go back and rewright what I lost and ya so stay high but I have had luck ps no game name is the same and some details may be alterd for the sake of us hackers

Either a very good troll (judging by the other comments), or he's a poser :)

More entertainment at http://www.ps3-hacks.com/2009/10/15/homebrewed-ps3-system-file-editor-v0-80-released/

Re:This guy is a hack, not a hacker.

They've already removed OtherOS, and who cares about comprimising the key. He's lifted the hood on the GPU and other parts finally allowing Linux to use the full power avaliable. It's a great day for homebrew and Linux on the PS3, not so great for weenie piwates.

Re:This guy is a hack, not a hacker.

[Jedi+Alec]

I swear to God, just reading that little blurb made part of my brain melt. If your link leads to more of *that* I'd humbly request we classify your post as a weapon of potential mass destruction.

Re:This guy is a hack, not a hacker.

[hemlock00]

comment by HighGuy 2009-10-16 09:36:22 or rilly your all on the ball and plz (sony rep) if ur reading this you better run to ur boss for that big raze u want cuz we will hack this fucking thing with passion this new system mod is butifule make my shit work .if you haven’t been keeping up with me I have now thismorning got a console mode in gta 4 woot woot time for a hoot but im not realesing shit for the fact I want time to play and work with this befor sony can ever fuck me up so the un hackuble ha fuck you ..sorry to be rude but im a idiot rilly but I have worked hard and will need help soon so dave get lerning im 26 past my prime liike alex but kid ull take my shit to were wee need it .give me a month and I will give uu my shit ok be pationt and if sony thinks they have any idea on what I got ha fuckem just have faith in me the unhackuble coment motevated me more so stay high and sorry for beeing a hipocrit but you know Reply to this comment Comment by alex 2009-10-16 09:59:15 OH HighGuy WHYYY would you name the game bro. hopefully you are lying about the game because sony can just make a new patched GTA 4. they did it with gta vice city for psp and lumines for psp. so just watch what you say bro. you got to be all ninja about these things Reply to this comment Comment by Dave 2009-10-16 13:29:47 Yea alex is right. It’s okay tho, u didn’t say HOW or WHAT udid with the game, but Sony will pull the game apart if they want LOL And highguy, I still need to learn how to make hello worlds, I’m only good at working with hacks that were already made. BUT I have a friend my age that can help me out as well in this. A couple ppl actually, one of it friends hacked his cable box and he gets free movies and shit he’s maaaaaad good with that kind of stuff. He has the blue tooth hack on his moto razr look it up haha but yea high guy ur right. ” hack the unhackable ” pissed me off. Not pissed at greg, but the fact that technically it’s true. [ FOR THE TIME BEING ] [[ fuk Sony ]] I’m going to spend time with c++ tools and find an exploit.

DMCA

[fandingo]

Takedown notice in 3, 2, 1...

pastie.org: registered in KY, USA

blogspot.com registered in CA, USA

Re:DMCA

[fandingo]

Sorry to reply to my own post...

geohot.com (where the exploit is actually hosted) registered to godaddy.com --> USA

Re:DMCA

[Kong+the+Medium]

too late.

This has been online for what, 12 hours? It was posted on /.. Good luck in getting all copies back.

Re:DMCA

[ubersoldat2k7]

Yeah, and in some countries this sort of things are legal or not illegal, so good luck with that DMCA.

Re:I care!

Now I'll be able to use my PS3 as a media player without transcoding everything to its preferred format

Summary of what I've seen so far

[b1t+r0t]

* This is based on a Linux kernel module, so NO SLIM already, okay?
* All it does is poke a hole in the hypervisor allowing memory access. This means it's not going to give you homebrew quite yet, but it's going to make it possible for people to start exploring and tinkering further.
* It requires hardware that generates a 40ns pulse on some point on some version of the board. Apparently it introduces a hardware glitch that allows the hole to be opened. And it doesn't persist after a reboot.
* The top level of security in the PS3 is in that one reserved SPU. Apparently it is given the root key during startup, holds all the other keys, and is responsible for decrypting and checking everything. But it's going to be very hard to get into.
* Now that it's possible to get into the hypervisor, people can start poking at that SPU. But Sony's security model was supposed to include the possibility of the hypervisor being compromised in just this way.

Re:Summary of what I've seen so far

Indeed, the 7th SPU is in isolated mode at this point, and cannot be accessed even by the hypervisor. But it may be possible to reflash the system and take over the isolated setup code.

Re:Summary of what I've seen so far

[MBCook]

The important thing about this hack is that they can dump the hypervisor (which has now been done). Obviously this would be a pain to use to load homebrew.

But with the hypervisor code, they can disassemble it and try to find bugs. If they find one, then they can exploit that. That method may make it possible to find a way to root any console, including the slim.

This is certainly interesting, but it's not at the "download this and you have root" stage.

Re:Summary of what I've seen so far

[Lunix+Nutcase]

Except you can't use the hypervisor to get at the decryption keys even if some exploit is found for it.

Re:Summary of what I've seen so far

[Sir_Lewk]

Presumably getting the keys and pirating games is not the only thing someone might want to do with a PS3.

Unless the keys are somehow related to allowing linux to use the GPU, which I have not seen indicated anywhere, then anyone bitching about how this hack is worthless because he still can't get the keys seems terribly singleminded.

Re:Summary of what I've seen so far

[hitchhacker]

I swear your bullet points sound like the plot to Tron.

"Tron: My User has information that could... that could make this a free system again! No, really! You'd have programs lined up just to use this place, and no SPU looking over your shoulder. "

... Bring in the logic probe!

Re:Summary of what I've seen so far

[Narishma]

Except people could already access the GPU from Linux before (See http://wiki.ps2dev.org/ps3:rsx). It's not useful because nobody bothered to write a driver for it as far as I know. This new "hack" won't change anything about the situation.

Re:Summary of what I've seen so far

[svanheulen]

Clearly you don't understand. The isolation is hardware based, there is no "setup code." Once it has been isolated there is no way to access it through software. Theoretically the code running in isolation could leak it's valuable information to the outside world, but unfortunately the code has to be signed to run in isolation and is checked by the hardware root key. In other words you can't "unlock" the isolation with software, and you can only run what's already there, nothing new.

Re:Summary of what I've seen so far

[Lunix+Nutcase]

Presumably getting the keys and pirating games is not the only thing someone might want to do with a PS3.

But to think that isn't what the majority of people are going to use it for is incredibly naive.

Re:Summary of what I've seen so far

[Superken7]

That is not possible since everything that runs (from BIOS to the process which runs the isolated SPE) is hardware-checked for being unaltered and genuine.

I wonder if this hardware checks could be bypassed by a similar glitching technique, too...

Could be useful

[ndavis]

The only reason for that I like this is if they can get a different way to play media files such as XMBC to work so I can play MKV files without conversion on my PS3. Also I didn't download these MKV files I have the disks, but this will prevent my son from ruining them and also allow me to change shows faster when one is done.

Re:Could be useful

Install linux ?

Re:Could be useful

[BoogeyOfTheMan]

Theres a an app called "PS3 Media Server" for Linux and Windows that will convert mkv files on the fly and allow them to be viewed by the PS3.

Its running fine on my Ubuntu 9.10 box (C2D 2.4ghz w/4GB ram). Though some avi's still wont work, most of all my other media will.

Re:Could be useful

[toastar]

I'd Like to play the Files without Maxing out one of my cores, What if I want to play crysis and watch a movie at the same time? Will the movie Skip?

Re:Could be useful

[BoogeyOfTheMan]

To be honest, I have no idea. I have my pc and my PS3 hooked up to the same tv right now. I only use the media server so I can access my whole library from my PSP (and before you ask, mkv playback PS3mediaserver->PS3->PSP is choppy as all get out on my netowrk).

Nice step forward, but no full compromise

[Superken7]

While indeed this opens the door for PS3 hacking, the PS3 has not yet been fully "hacked".
See http://streetskaterfu.blogspot.com/2010/01/ps3-is-hacked-urban-legend-continues.html

The security architecture of the PS3 is designed in a way to prevent hacks like this to fully compromise the system.

Another interesting read, by Kanna Shimizu, http://dslab.lzu.edu.cn:8080/members/zhangwei/doc/Cell_Broadband_Engine_processor_vault_security_architecture.pdf

Re:Nice step forward, but no full compromise

[rob13572468]

The glitch attack is a pretty powerful attack in that the proof-of-concept he worked out is most of what is needed for a mod chip. Now all that is needed is to find the least expensive microcontroller to deliver the glitch pulse. He uses 40 nS but it may well turn out that even a larger (wider) pulse works which then means a standard 3 dollar 10 Mhz microcontroller can be used to control the glitch. connect the glitch modchip to any line that is controllable under the hypervisor and you have the ability to turn it on and off and you can now build an automated package. The only problem is that you will start by running some software that allows you to place arbitrary code even under the control of the hypervisor... So you install the modchip, load the approved linux distro, run the special exploit program and you now have complete read/write control, which in turn reloads a full uncontrolled linux distro (or any other unsigned code). of course the hypervisor dump may well lead to an implementation flaw that allows access without a modchip being needed which is even better. Its all just cat and mouse from here...

"It seems the trick is to use a pulse..."

[Broken+Bottle]

"It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry" Well shit, when you put it like that it's a wonder this thing wasn't cracked by a kindergartner two and a half years ago. :)

Re:"It seems the trick is to use a pulse..."

[Joucifer]

"It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry" I consider myself somewhat a nerd (hence being here on /.), but I had to google 2/3 of that statement.

Re:"It seems the trick is to use a pulse..."

[nutshell42]

"Mr La Forge, how did you manage to disable the Borg Cube?"
"Sir, it seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry."

Honestly, if Star Trek had fed me that as techno babble I would've called bullshit. I'm deeply impressed that it actually means something and works.

Re:"It seems the trick is to use a pulse..."

The difference is that in Star Trek, he'd have had it done in 15 minutes.. an hour tops. Probably half the ship could have come up with it, too.

Re:"It seems the trick is to use a pulse..."

[EvilXenu]

Red alert! Shields Up! All hands brace for impact! New Internet meme inbound in 5.. 4.. 3..

Re:"It seems the trick is to use a pulse..."

[tingeber]

"It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry"

But that's the same technique Cereal Killer used to hack the Gibson!

How It's Done

Dang, I was just going to try this... (ha ha) geohot: well actually it's pretty simple geohot: i allocate a piece of memory geohot: using map_htab and write_htab, you can figure out the real address of the memory geohot: which is a big win, and something the hv shouldn't allow geohot: i fill the htab with tons of entries pointing to that piece of memory geohot: and since i allocated it, i can map it read/write geohot: then, i deallocate the memory geohot: all those entries are set to invalid geohot: well while it's setting entries invalid, i glitch the memory control bus geohot: the cache writeback misses the memory :) geohot: and i have entries allowing r/w to a piece of memory the hypervisor thinks is deallocated geohot: then i create a virtual segment with the htab overlapping that piece of memory i have geohot: write an entry into the virtual segment htab allowing r/w to the main segment htab geohot: switch to virtual segment geohot: write to main segment htab a r/w mapping of itself geohot: switch back geohot: PWNED geohot: and would work if memory were encrypted or had ECC geohot: the way i actually glitch the memory bus is really funny geohot: i have a button on my FPGA board geohot: that pulses low for 40ns geohot: i set up the htab with the tons of entries geohot: and spam press the button geohot: right after i send the deallocate call

...Okay, cool.

Release _your_ PS3 hack, then.

Don't have one, do you?

Jackoff. Again, some Slashdotter thinks they're so much smarter than people who actually DO newsworthy things, but does nothing but post online as an armchair expert.

Sony VS SGC!

[flayzernax]

Anyone have any feeling that after years of finally unraveling the PS3 hardware Sony is going to beam you up to their stolen Ghoa'uld space ship and tell you their the Illuminati and they plan to release an upgraded version of J.C. Denton on the world, but they need you to program his nanobots first?

I have a life to get back to...

Nope, I think not.

If you consider...

I have a life to get back to and can't keep working on this all day and night.

If you consider bitching on Twitter a life, sure!

Re:I care!

The PS3 supports MPEG-4 ASP, VC-1, H.264 for video and AC-3, MP3, LPCM, DTS-HD, Dolby TrueHD, etc for audio. What formats are you trying to play that you have to transcode?

What could this mean for Blue-Ray

[bigdweeb]

I wonder what this means for Blue-Ray. It could be a major blow to Blue-Ray protection if this somehow allowed the interception of the encryption keys.

Re:What could this mean for Blue-Ray

[jgtg32a]

It wasn't already cracked?

Re:What could this mean for Blue-Ray

[NitroWolf]

I wonder what this means for Blue-Ray. It could be a major blow to Blue-Ray protection if this somehow allowed the interception of the encryption keys.

Umm... what rock have you been living under? Blu-Ray protection is an utter failure all on it's own. A hack PS3 isn't going to make a bit of difference to Blu-Ray protection; The BR encryption keys are already easily acquired.

Re:What could this mean for Blue-Ray

[SScorpio]

Or you could just use the program MakeMKV which is out for Windows, Linux, and OSX. It lets you rip a BluRay directly to MKV without any other software. It also allows you to stream the video with the program so you can actually play BluRay on Linux now.

Re:What could this mean for Blue-Ray

[bill_mcgonigle]

Blu-Ray protection is an utter failure all on it's own.

Blu-Ray has, to date, been sufficiently designed to prevent an open source player, right?

Re:What could this mean for Blue-Ray

[BitterOak]

The BR encryption keys are already easily acquired.

All the encryption keys, or just the encryption keys for software based players? If software player encryption keys are someday all revoked, will existing Blu-Ray cracks still work on new releases? Remember with DVD the encryption keys were all 40 bits, so once the algorithm was discovered it was relatively easy to brute force all the keys, making the crack effectively permanent. I don't think that Blu-Ray has been similarly cracked yet.

Re:What could this mean for Blue-Ray

[Rennt]

Much like DVD before it, the law may have been sufficiently designed to prevent distribution of an open source player, but Blu-Ray encryption is not an obstacle to developing one.

Re:What could this mean for Blue-Ray

> Blu-Ray has, to date, been sufficiently designed to prevent an open source player, right?

Not really.

Re:What could this mean for Blue-Ray

Good! Care to give some pointers how to play blu-ray movies (MKB v14 or whatever the latest is) using only open source software on Linux?

Re:What could this mean for Blue-Ray

[Raptor851]

I was going to mod you up (hopefully someone else will!) but figured I'd chime in. Many of us are already playing blu-ray using mplayer for YEARS now...and it's easy to do straight from the disk. Heck...before i got a blu-ray drive for my PC...i was ripping and playing them on the PS3 :)

No corners cut as far as I can see

[Viol8]

If you have physical access to the circuit board then frankly short of encrypting every single data and address line theres not much any company can do to prevent hack attempts.

Re:No corners cut as far as I can see

[rob13572468]

It depends on what context the hack is used... Sony may have thought ahead and written and anti hacking API that simply needs to be enabled... They more than likely included the ability to perform hypervisor integrity checks with code triggered remotely (as in if/when connected to playstation network) and can start booting/banning people from playing online.

Re:No corners cut as far as I can see

[Viol8]

"code triggered remotely"

If you have complete control of the machine you can just intercept and vet anything that comes from the ethernet interface. Once any remote operation/update ability had been discovered it would soon be disabled and results spoofed back to the sender.

Re:No corners cut as far as I can see

[Khyber]

No cut corners that you can see?

Hahaha. Let's see. We've got at least 5 different PS3 models, with varying hardware capabilities. Somewhere, in the name of making money, they most certainly did cut corners.

Now the question is - which model was hacked? I can almost guarantee the new Slim wasn't used, so which fat model? With or without PS2 BC? Full hardware PS2 or hardware/software?

We already knew we could glitch the memory bus with properly applied current to get some signals past the hypervisor, it was really dependent upon the model.

Re:No corners cut as far as I can see

And if the thing you're intercepting is a key negotiation using the still-isolated SPU? There's a reason that every DRM scheme hasn't been trivially cracked this way.

Re:I care!

[Troed]

It doesn't support the mkv container, which it should, since it's now reconized by DivX (v7) and the PS3 is DivX certified.

http://www.divx.com/en/mkv
http://support.divx.com/faq/view/supportFAQen038/DivX%20on%20the%20Sony%20Playstation%203

Until included natively, PS3MediaServer is the best solution - real time transcoding as the GP said.

Xbox success?

[WiiVault]

Success? The Xbox cost MS millions, and from what I can tell they are still trying to pay it back with the 360 which just recently *may* have turned a profit. The reason I say may is because of the way MS has it's divisions organize group Mac software (highly profitable) with Xbox HW.

Oh noes!

[Aphoxema]

Oh, shit, I hope Sony has heard about this!

How is this possible?

[Superken7]

Can somebody please explain to me why a kernel module (with fewer privileges than the HV) is able to create a "virtual segment, indicating that the hypervisor should store the HTAB associated with it at a specific address."?

I guess that functionality is needed somehow, and therefore accessible to kernel modules;
  otherwise it would not make sense to me that they exposed unnecessary calls that mess with sensible stuff like the HTAB location (which contains the main segment, etc..) and ultimately lead to exploits like this.

Any insight, thoughts?

Re:How is this possible?

Part of the hack involves actually blinding the hypervisor with a pulse signal then futzing with the page tables while it's confused. The kernel module is there to exploit that, since it's not otherwise available to userspace.

In other words, the kernel would normally have fewer privileges, but with a little hardware help, it can temporarily assert extra privs. The security folks at Sony are no dummies though, and they anticipated this could happen, so they kept the keys in the SPU so even the hypervisor can't effectively get at them. So no cracked blu-ray discs, games or otherwise. I don't think Sony is all that concerned.

Linux runs a bit better these days...

[Dr.+Manhattan]

Don't buy a PS3 simply for the sake of installing Linux on it.

I would certainly agree with that. As you say, there are much better deals, price/performance-wise.

The PS3 only has 256MB of system RAM and Linux does not run well at all on it...

...but this is a little overstated. Clever people figured out how to use the video ram as ultra-fast swap, which brings the effective RAM up to around 512MB. Still not awesome, but it makes Linux quite a bit more usable on the PS3.

Re:Linux runs a bit better these days...

[sznupi]

And isn't number crunching on the Cell the most interesting thing to do with Linux PS3 anyway? That might be optimized for small RAM, not needing interactivity, optimally running headless and without GUI anyway...

It's also a little fishy...

[Otis_INF]

I mean, he needs to block the HV correcting the tables, and presses a button to do that. But... that requires serious timing, as the call is made and directly after that he has to block the memory access with the pulse. To me this seems impossible to do, or he can start jamming the signal BEFORE the call is made, but that would potentially ruin the call in the first place.

Re:It's also a little fishy...

[rob13572468]

its actually not as difficult as you would think... The typical method is to set up a loop: allocate memory, write the code, de-allocate, glitch, and test to see if you still have access. This method worked exeedingly well for years on all sorts of secure processors. The only difference here is that everything runs faster so your timing needs to be better but even if you only have a 1 in 10000 shot of getting the timing right it only takes 10000 tries to be successful (well statistically)

Analogue

Ironic that a modern digital device succumbs to an analogue hack.

Re:I care!

No, the new certification is known as DivX Plus HD. PlayStation 3 doesn't support that. DivX Plus HD and DivX certifications are two different things.

Re:I care!

[Raptor851]

Not to mention ".ogm" ...which almost all of my media is in (i couldn't imagine converting all of it either...it would probably kill my hard drives). I've been using MediaTomb to transcode though.

AYBABTU

[God_TM]

In AD 2010, War was beginning...
SONY President: What happen?
Kanna Shimizu: Somebody set up us the bomb.
Kanna Shimizu: We get 40ns signal.
SONY President: What?
Kanna Shimizu: Main screen turn on.
SONY President: It's you!
GeoHot: How are you gentlemen!!
GeoHot: All your base are belong to us.
GeoHot: You are on the way to destruction.
SONY President: What you say!!
GeoHot: You have no chance to survive make your time.
GeoHot: Ha Ha Ha Ha.

Re:AYBABTU

Geohot: All your PS3 Keys are belong to me

fixed that for you