Slashdot Mirror
PlayStation 3 Hack Released Online
itwbennett writes "On Friday, George Hotz, best known for cracking Apple's iPhone, said he had managed to hack the PlayStation 3 after five weeks of work with 'very simple hardware cleverly applied, and some not so simple software.' Days later, he has now released the exploit, saying in a blog post that he wanted to see what others could do with it. 'Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released,' he wrote. 'I have a life to get back to and can't keep working on this all day and night.'"
Reader MBCook points out an article written by Nate Lawson "explaining how the hack bypasses the hypervisor to gain unrestricted access to memory. It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry."
How dramatic
If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.
ACK
Do you understand that the hack right now isn't very useful?
I have no doubt eventually keys will be extracted, and the thing will be hacked based on this hack here, but, until that happens, Sony's still winning.
Until you can get hypervisor access with out glitching the memory bus, or get homebrew working in the XMB, Sony still wins.
Non impediti ratione cogitationus.
* This is based on a Linux kernel module, so NO SLIM already, okay?
* All it does is poke a hole in the hypervisor allowing memory access. This means it's not going to give you homebrew quite yet, but it's going to make it possible for people to start exploring and tinkering further.
* It requires hardware that generates a 40ns pulse on some point on some version of the board. Apparently it introduces a hardware glitch that allows the hole to be opened. And it doesn't persist after a reboot.
* The top level of security in the PS3 is in that one reserved SPU. Apparently it is given the root key during startup, holds all the other keys, and is responsible for decrypting and checking everything. But it's going to be very hard to get into.
* Now that it's possible to get into the hypervisor, people can start poking at that SPU. But Sony's security model was supposed to include the possibility of the hypervisor being compromised in just this way.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
While indeed this opens the door for PS3 hacking, the PS3 has not yet been fully "hacked".
See http://streetskaterfu.blogspot.com/2010/01/ps3-is-hacked-urban-legend-continues.html
The security architecture of the PS3 is designed in a way to prevent hacks like this to fully compromise the system.
Another interesting read, by Kanna Shimizu, http://dslab.lzu.edu.cn:8080/members/zhangwei/doc/Cell_Broadband_Engine_processor_vault_security_architecture.pdf
"It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry" Well shit, when you put it like that it's a wonder this thing wasn't cracked by a kindergartner two and a half years ago. :)
Trying and failing where none have succeeded before does not a "hack" make.
If indeed he simply duplicated what someone else has done before then that does diminish this acheivement, but I have heard nothing of the sort, you are an AC, and have not provided any citations.
Your ad hominem attack, and your unprovoked lashing out at game piraters makes me think that you have a personal stake in this somehow. Without citations, I'm going to go ahead and say you are full of shit.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Yeah, his rough description sounds similar. In this case, he's causing the hypervisor to constantly update the MMU page tables, then glitching the system during that, which gives him access to memory that the hypervisor thought it had protected.
Will I be able to install Linux on it now? If so, I will buy one.
Don't buy a PS3 simply for the sake of installing Linux on it. The PS3 only has 256MB of system RAM and Linux does not run well at all on it (I know this from personal experience with a PS3-specific Linux flavor). Just build a computer for $500.
If you have physical access to the circuit board then frankly short of encrypting every single data and address line theres not much any company can do to prevent hack attempts.
It doesn't support the mkv container, which it should, since it's now reconized by DivX (v7) and the PS3 is DivX certified.
http://www.divx.com/en/mkv
http://support.divx.com/faq/view/supportFAQen038/DivX%20on%20the%20Sony%20Playstation%203
Until included natively, PS3MediaServer is the best solution - real time transcoding as the GP said.
it's in my head
I wonder what this means for Blue-Ray. It could be a major blow to Blue-Ray protection if this somehow allowed the interception of the encryption keys.
Umm... what rock have you been living under? Blu-Ray protection is an utter failure all on it's own. A hack PS3 isn't going to make a bit of difference to Blu-Ray protection; The BR encryption keys are already easily acquired.
I would certainly agree with that. As you say, there are much better deals, price/performance-wise.
PHEM - party like it's 1997-2003!
There's an illiterate buffoon called "HighGuy" who runs around all of the PS3 forums claiming to have hacked the PS3, but his hacks are always a few weeks from release. He spits out jargon like j-tags, hello-worlds, grub, linux, ubuntu, but he obviously doesn't know what any of those things are. He claims to have hacked a CoD4 save game and installed grub in it using Ubuntu, that way when you load the game it will use DOS to boot into whatever code you want. But, he even admits, he doesn't know any programming so he can't really do much with that, just basic "helloworlds". Then, right when he was about to release, look, it melts his PS3 chips. "But I think some soldier and maybe it works again. But we can't really use this hack it overloads the chips and makes them melt the boards". Anybody who calls him on his bullshit gets flamed by his legions of fans, plus gets him to threaten to never release it as punishment for doubting him and being jealous of his hacker skills. Meanwhile, people who make legitimate strides are shat all over by his legion of fans, for ripping him off, "HighGuy was doing this a year ago, poser!" Just like Mr. AC here ;)
ASCII stupid question, get a stupid ANSI
This is because of the restrictions applied. Without these restrictions the PS3 could be a very powerful Linux box with excellent home theatre possibilities.
Probably but the PS/3 "as is" provides pretty much exceptional home theatre possibilities out of the box. Including licensed codecs and BD support. Not sure I would use Linux on the PS/3 for that. I'd probably build a HTPC with XBMC which is quite impressive.
Views expressed do not necessarily reflect those of the author.
Much like DVD before it, the law may have been sufficiently designed to prevent distribution of an open source player, but Blu-Ray encryption is not an obstacle to developing one.
> Blu-Ray has, to date, been sufficiently designed to prevent an open source player, right?
Not really.
I was going to mod you up (hopefully someone else will!) but figured I'd chime in. Many of us are already playing blu-ray using mplayer for YEARS now...and it's easy to do straight from the disk. Heck...before i got a blu-ray drive for my PC...i was ripping and playing them on the PS3 :)
Yes, yes, and I use mine as a bluray/DVD player, media console and webbrowser.
Regardless it is NOT a PC, and I fail to see any benefit of installing Linux on it other than saying 'hey look what I can do!' Interesting academic exercise, but practically pointless.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
You cannot get the root key. It's in hardware, it's used by hardware, software can't see it or touch it. Besides that, SPE code is encrypted, which means the hypervisor is never going to see the code. Sure, the hypervisor can talk to the isolated SPE, and if you found a hole in the SPE code you could exploit it and do fun stuff, but without access to the SPE binary finding and crafting and exploit is going to be nigh impossible.
Hah, thanks for the heads up! Googled him, and there's some brilliant entertainment there :D
Quote - a random comment from him:
Comment by HighGuy ....hahaha fuck well ya anyways I will let ya in on this much cod 4 ufo .......fuck lots of code ....and I hate reading ..........not saying how I get console or nuthin.g but I do crash my ps3 and hard lol so far it seems to boot my code and still leaves me in the ps3 iitself (xml) but the game ps its not cod4 crashes and drops me into my shell ......I got basic basic damb basic commands aka dir and that's about it ......im thinking of poring dos into this next but thers the issue I've bricked my outher ps3 and my wife wants to kill me..and I don't wana brick my 60 so I lost the best working copy need to go back and rewright what I lost and ya so stay high but I have had luck ps no game name is the same and some details may be alterd for the sake of us hackers
2009-10-16 15:27:27
hey guys a update it seems console is visibule but I don't know the ps3 core commands or adresses
Either a very good troll (judging by the other comments), or he's a poser :)
More entertainment at http://www.ps3-hacks.com/2009/10/15/homebrewed-ps3-system-file-editor-v0-80-released/
It's The Golden Rule: "He who has the gold makes the rules."
Pointless?
A PS3 with a Linux install on it adds even more functionality to the thing. GameOS's Netfront is sucky, but under Linux you've got Firefox and Opera. GameOS can't view and print PDF's but you can under Linux. You've got all the usual 'nix tools and whatnot, LaTeX, vim, gcc, nethack. One of the first things I did when I got my PS3 was download YDL and install it.
Though I freely admit I had Linux on my PS2 as well.