Slashdot Mirror
Sony Has Lost the PS3 Hacking War
YokimaSun writes "Sony may have dealt a major blow to the PSjailbreak sellers, but the release last week of PSGroove, an open source version of the hack, has now opened the floodgates of ports to mobile phones such as the Nokia N900 and Palm Pre. The final kick in the teeth is that a port of the exploit has been released by Waninkoko of Wii custom firmware fame for the Dingoo Handheld, which is a homebrew console that is very popular amongst emulation fans. It makes you smile that you can use one homebrew console to hack another to get homebrew on that console. Awesome."
pudge notes that you can apparently do the same with a TI-84 Plus graphing calculator (YouTube video).
Maybe this battle was a loss, but as long as Song can force firmware updates, the war is far from over.
There's aslo an iOS version being made that'll run from a jailbroken iPhone.
You underestimate the consequences of this. To do anything exotic you would need to change the shellcode to launch your own unsigned bootloader instead of tricking the Sony system software into thinking we have a Jig; but if you do, you have complete control.
With more development, you could fake it perfectly - the PS3's own security capabilities (that were used to such effect in the OtherOS hypervisor that needed a hardware glitch to even come close to breaking) can also be used against it, to stealth DNAS and firmware updates and make any changes we like to the running code, undetectably.
An SPU in security mode is latched off the bus so that the CPU and other SPUs can't tamper with it. DNAS has to blindly trust it is running signed code - and that trust root is now gone, because if it isn't, and it lies, it lies convincingly. This is a design flaw in the trust root of Sony's DNAS ("Dynamic Network Authentication System") DRM - which actually encompasses the entire corpus of copy protection technologies on the PS3, including the clock (really), code signing, anti-cheat, disc authentication, rental timeouts (hence the clock), online store, update signing, (some) peripheral authentication, region lockouts (where enabled), console/disc unique IDs, Blu-Ray ROM-Mark, AACS and BD+ - and it's (of course) a fundamentally unfixable one. Once you've cracked the eggshell (so to speak), it's easier to root the PS3 on an ongoing basis than it is (say) the Xenon.
Plus, you now have complete firmware dumps for all components available without decapping, so you could maybe extend that hack to any future versions by simply finding new bugs in those dumps. This is the beginning, not the end, but it's the breakthrough that was being waited for, the one hole that opens the floodgates.
And let's face it, by being assholes and removing advertised features like OtherOS (and, I suppose, PS2 compatibility when the software is fully capable of it), Sony had it coming.
Even worse, he's directly responsible for bricking hundreds of consoles due to shoddy code (his "custom updater" and "custom downgrader" saga; at one point running one of his tools bricked your console 100% of the time) and generally speaking hasn't made any contributions to homebrew, instead opting to cobble together pieces of homebrew code to make pirac^H^H^H^H^Hbackup tools, often without following the licences.
He's only jumping on the PS3 bandwagon to get some attention, which is something he loves. If he ever releases anything halfway meaningful for the PS3, I can pretty much guarantee it'll be a port or simple combination of existing tools in a slightly more "marketable" way, with a "healthy" dose of his sponsor's logos, as his Wii releases always have been.
True story: he released his USB loader about 20-30 days after someone actually wrote a high-speed USB driver, which was the final piece of the puzzle. For kicks, after his announcement but before the release, I proceeded to independently create an equivalent USB loader, to gauge how much work had to go into it. ~200 lines of code and 6 hours, not counting time spent writing a silly menu and slapping in logos.