PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

January 26, 2010 // 1:02 pm - Today GeoHot has released sample PS3 Linux isolated SPU loader code for those with OtherOS to experiment with following his previous announcement of the PlayStation 3 being hacked.

To quote: "Right now, I'm playing with the isolated SPEs, trying to get metldr to load from OtherOS. Interesting thing, I am not using the exploit. I always assumed the enable isolation mode register was hypervisor privileged.

It's not, it's kernel privileged, which means using hypervisor calls you can all get to it. So, get to hacking. Here is the code I am playing with.

I'm not that opposed to releasing the exploit, but I think the majority of you are going to be disappointed, even if you do get it working. Unless you have pushed the HV to it's limits, this exploit really isn't going to do much for you... yet.

So install OtherOS and start playing around. If people start coming up with convincing reasons why they need the exploit to go further, I'll release it. It's just a waste to release if people can't make use of it.

As far as the GPU goes, I have full access to the GPU memory space 0x2800... But without a driver, it's useless. 3D video card drivers are notoriously hard to write, look at the ATI and NVIDIA ones for linux. The best are still the closed source manufacturer ones.

I'm not even sure I believe that the HV restricts video card access, just that the OtherOS driver is 2D. If someone skilled in video card driver development comes forward, and they can explain in detail what the HV is restricting, I'll send them the exploit."

GeoHot Releases Sample PS3 Linux Isolated SPU Loader Code

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#14 - Shrink - January 26, 2010 // 8:29 pm
Shrink's Avatar
Thanks for the refreshing answer! I'm curious...

#13 - veggav - January 26, 2010 // 8:29 pm
veggav's Avatar
A good thing came out of it, the scene seems to be unifying. People are testing the same code and sharing over the same thing.

Hope this continues, closed doors will not lead us to nothing.

#12 - PS4 News - January 26, 2010 // 8:23 pm
PS4 News's Avatar
Quote Originally Posted by Shrink View Post
Why can't he just release the exploit?

I mean... what's the deal? I just don't get it.

The deal is, it's slowly leaking out... just GeoHot is isolating himself from the fallout (which is safer for him).

He wants to see what people can do with what is available, because he may never have to release the exploit if other doors open within the community. There is another "leak" on Elotrolado, but I will start a new thread for that via the Site News shortly.

#11 - Shrink - January 26, 2010 // 8:20 pm
Shrink's Avatar
Man, I'm gettin tired of this!

Why can't he just release the exploit? What's the use holding it back? If it's really THAT big he will get his place in the hall of fame.
But for now there is only chitchat going on and that's really annoying since there is no obvious reason for this.

  • Did he just realize that he may not have hacked the system 100%?
  • Is he negotiating with Sony?

I mean... what's the deal? I just don't get it.

#10 - adrianc1982 - January 26, 2010 // 8:20 pm
adrianc1982's Avatar
baby steps, its going fast enough as it is and homebrew will come in due time..

#9 - PS4 News - January 26, 2010 // 8:16 pm
PS4 News's Avatar
Quote Originally Posted by XSamurai View Post
CJPC maybe?

CJPC is busy with classes and doing his own thing (with his new hardware) so he isn't getting overly involved with the GeoHot stuff like Mathieulh or others are, but I will try to get him to reply.

I know a few of the Devs on IRC gave this a try so maybe they can also comment on it.

Here is a snippet from IRC:
he's recreating SPE 0xb, one already owned by otheros and trying to map it with metldr contents.. well clearly he's putting it in isolation mode by modifying some obscure flags

printk(KERN_ERR "status: %lx\n", problem_mapped[0x4020/8]);
printk(KERN_ERR "privileged control: %lx\n", privileged_mapped[0x4040/8]);
privileged_mapped[0x4040/8] |= 4;
printk(KERN_ERR "privileged control: %lx\n", privileged_mapped[0x4040/8]);

well, with a lv1 dump, its easy to see obscure flags :P

Finally, Donatello I moved your post to a new thread in the Site News since this is the first GeoHot "release" but we won't necessarily start a new thread for all of his updates, only the bigger ones.

#8 - XSamurai - January 26, 2010 // 8:09 pm
XSamurai's Avatar
Sounds pretty interesting. Maybe one of the devs want to explain to us what can be done with this code. Seems like George knows that this method is very limited and full access is just possible with his exploit.

CJPC maybe?

#7 - playforfun - January 26, 2010 // 7:49 pm
playforfun's Avatar
i have read now he have access to isolate SPE and RSX memory, wow ! he explain also the access to the SPE is done with no exploit !

to finish, he say the RSX drivers is coded in 2d and say if someone have knowledges about drivers, he want to know some things about RSX drivers.

he have explained one important detail about exploit => his exploit is not useful if the HV is not pushed to limits, i think it's the bootloader or a control module to protect the console

#6 - hellospaceboy - January 26, 2010 // 7:37 pm
hellospaceboy's Avatar
My guess is he's getting sick of the people invading the blog with piracy comments, and there are few who posts knowledgable answers relating to coding/the exploit etc - although he did say he found some useful.

#5 - Tidusnake666 - January 26, 2010 // 7:35 pm
Tidusnake666's Avatar
In digital signature there is only ONE SPECIFIC pair of Public (decryption) and Private (Encryption and decryption) Keys.

Encrypting content with private key from one pair of keys and decrypting with public key of other pair is not possible.