PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

December 26, 2009 // 7:22 pm - This weekend GeoHot, the hacker responsible for several Apple iPhone hacks, has returned to Sony PS3 hacking after his initial announcement a few months back and has opened a PS3 hacks blog (linked above).

He recently made this Tweet:

"I just pulled everything from the USB bus... the Cell processor SPI bus, PS3 is going down :-)"

These are the latest posts on his new PS3 hacks blog:

Cell SPI

The Cell processor has an SPI port which is used to configure the chip on startup. Well documented here. It also allows hypervisor level MMIO registers to be accessed. In the PS3, the south bridge sets up the cell, and the traces connecting them are on the bottom layer of the board. Cut them and stick an FPGA between.

Quick theoretical attack. Set an SPU's user memory region to overlap with the current HTAB. Change the HTAB to allow read/write to the hypervisor! If that works it's full compromise of the PPU.

A Real Challenge

The PS3 has been on the market for over three years now, and it is yet to be hacked. It's time for that to change.

I spent three weeks in Boston working software only, but now I'm home and have hardware. My end goal is to enable unsigned code execution, making every unit into a test and opening up a third party development community, either through software or hardware (with a mod chip). The PS3 is a prime example of how security should be done, very open docs wise, and the thing even runs Linux. But it isn't unbreakable :-)

GeoHot Resumes Sony PS3 Hacking, Opens PS3 Hacks Blog

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.

#102 - imtoodvs - January 15, 2010 // 2:54 am
imtoodvs's Avatar
This is the type of progress i'm always referring to. not videos on youtube with fictitious claims of success. I wish geohot all the best in his REAL effort in cracking the ps3. If he finds an opening, i'm sure the devs will have a field day providing the community with full access to the ps3's full potential.

#101 - gtxboyracer - January 15, 2010 // 2:53 am
gtxboyracer's Avatar
MMIO over SPI doesn't appear to work

I have control over the BIC(Bus Interface Controller) through the FlexIO interface though. Now I just have to figure out what these things are.

This was amended in the 3rd Post to his blog.

#100 - gravesg - January 15, 2010 // 12:47 am
gravesg's Avatar
man this just got interesting... this kid might just see something... i still feel like our boys are the best tho.

hydra and Cerberus are always well.. you know what i'm saying here.

#99 - PS4 News - January 14, 2010 // 11:46 pm
PS4 News's Avatar
Another GeoHot update, via comments:
Yep, I have a full dump and that would make a mod chip super simple. The only possibly exploitable thing is the configuration ring, and I've looked over that a bunch of times, don't see anything that quickly leads to unsigned. And the config ring is only once after reset.

But theres a whole set of MMIO you can R/W too, which is why I built this injection rig. Just watched two episodes of Jersey Shore, we'll know in like an hour if the MMIO is locked down or not.

#98 - red8316 - January 14, 2010 // 11:01 pm
red8316's Avatar
Acronym Explainations ... Cause I didn't know what they meant. I'm not sure I understand what they mean now, haha.

SPI : Serial Peripheral Interface Bus
FPGA : Field-programmable gate array

I'm guessing from the picture that the FPGA is what you see sitting "below" the PS3's hard drive bay.

#97 - gtxboyracer - January 14, 2010 // 10:04 pm
gtxboyracer's Avatar
Yeap agreed.

He is definitely taking a hands on hardware type hacking approach this time. Good luck to him also.

#96 - PS4 News - January 14, 2010 // 10:03 pm
PS4 News's Avatar
If he taps the SPI BUS it will be interesting to see what type of data he gets out of it... possibly just configuration data but we'll see I suppose.

Here is wishing him luck though!

#95 - Ihatecompvir - January 14, 2010 // 9:53 pm
Ihatecompvir's Avatar
Looks like things are heating up on the GeoHot scene. We might actually have an early/late february hack.

#94 - semitope - January 14, 2010 // 9:09 pm
semitope's Avatar
what i want to know is if the devs so far have gone this far into gutting their PS3s.

#93 - gtxboyracer - January 14, 2010 // 9:00 pm
gtxboyracer's Avatar
On his twitter he announced a new Blog Entry:

SPI Hardware is done

Spent today rigging this up. Soldered to the bridge side of the SPI and the Cell side of the SPI. Cut the traces. The FPGA passes through the pins while the switch is on. So I power up the system with the switch on, chip gets configured, then turn the switch off to connect the Cell SPI to my USB parallel adapter. Now it's just a matter of the PC side SPI software and figuring out a way to use the myriad LV1 registers available to me to map the hypervisor.