Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links

Home PS4 News - Latest PlayStation 4 and PS3 News

GeoHot Resumes Sony PS3 Hacking, Opens PS3 Hacks Blog


Sponsored Links
270w ago - This weekend GeoHot, the hacker responsible for several Apple iPhone hacks, has returned to Sony PS3 hacking after his initial announcement a few months back and has opened a PS3 hacks blog (linked above).

He recently made this Tweet:

"I just pulled everything from the USB bus... http://pastie.org/757313 the Cell processor SPI bus, PS3 is going down :-)"

These are the latest posts on his new PS3 hacks blog:

Cell SPI

The Cell processor has an SPI port which is used to configure the chip on startup. Well documented here. It also allows hypervisor level MMIO registers to be accessed. In the PS3, the south bridge sets up the cell, and the traces connecting them are on the bottom layer of the board. Cut them and stick an FPGA between.

Quick theoretical attack. Set an SPU's user memory region to overlap with the current HTAB. Change the HTAB to allow read/write to the hypervisor! If that works it's full compromise of the PPU.


A Real Challenge

The PS3 has been on the market for over three years now, and it is yet to be hacked. It's time for that to change.

I spent three weeks in Boston working software only, but now I'm home and have hardware. My end goal is to enable unsigned code execution, making every unit into a test and opening up a third party development community, either through software or hardware (with a mod chip). The PS3 is a prime example of how security should be done, very open docs wise, and the thing even runs Linux. But it isn't unbreakable :-)

GeoHot Resumes Sony PS3 Hacking, Opens PS3 Hacks Blog

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!
Sponsored Links
Sponsored Links

Comments 152 Comments - Go to Forum Thread »

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#152 - PS4 News - 267w ago
PS4 News's Avatar
Use the new thread here for continued discussion: http://www.ps4news.com/forums/ps3-hacks/playstation-3-hacked-george-hotz-hello-hypervisor-im-geohot-109519.html

#151 - chipsy - 267w ago
chipsy's Avatar
geo congratulations, I knew you could do it

#150 - adrianc1982 - 267w ago
adrianc1982's Avatar
I know everyone will give me the look, but I really knew george would hack it sooner or later. I really feel this guy doesnt give up easily and when he wants to crack something he will. Congrats geohot.

#149 - Drakhen - 267w ago
Drakhen's Avatar
Congrats, I as I am sure Millions of others all look forward to things to come...

#148 - Starlight - 267w ago
Starlight's Avatar
Sounds promising and will see what happens in the near future and congrats so far but maybe not quite out of the woods just yet but very close maybe.

#147 - semitope - 267w ago
semitope's Avatar
Hello hypervisor, I'm geohot
I have full read/write access to the entire system memory, and HV level access to the processor.

In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me.

Took 5 weeks, 3 in Boston, 2 here, very simple hardware cleverly applied, and some not so simple software.

Shout out to George Kharrat from iPhoneMod Brasil for giving me this PS3 a year and a half ago to hack. Sorry it took me so long

As far as the exploit goes, I'm not revealing it yet. The theory isn't really patchable, but they can make implementations much harder. Also, for obvious reasons I can't post dumps. I'm hoping to find the decryption keys and post them, but they may be embedded in hardware. Hopefully keys are setup like the iPhone's KBAG.

A lot more to come...


Just like that it is done? lol We'll see what comes out of it but congrats to him!!

#146 - Preceptor - 267w ago
Preceptor's Avatar
But if he managed to dump the hypervisor, correct me if I'm wrong, I'm pretty sure the Devs would be able to properly decrypt the HDD using the keys stored in it. If I'm not wrong, using the Knightsolidus' method there are still some files that are inaccessible. So it could prove useful.

#145 - pirge - 267w ago
pirge's Avatar
He appears to be trying to access the memory where the hypervisor is resident. If he can dump the hypervisor then that should provide a lot of useful information.

But given the PS3 security architecture is seems unlikely the hypervisor could be modified and still run on the PS3. The Cell security design is supposed to prevent modification of signed code... so something else would also be needed for a full 'hack'.

#144 - PS4 News - 267w ago
PS4 News's Avatar
Not that I know of... although a few may have tried it on their own but never mentioned it in the channel due to nothing noteworthy being found on their end.

#143 - semitope - 267w ago
semitope's Avatar
Quote Originally Posted by PS3 News View Post
One of them said the following on IRC about it today: "fuzzing lv1 calls could be interesting" but that is about it. CJPC is busy with his latest "toy" which arrived today and will be covered in this weekend's Site News update.


So they've tried it?

 

Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News