Jump to content
Tuts 4 You
Sign in to follow this  
News Feeder

[ BBC Tech ] PS3 'hacked' by iPhone cracker

Rate this topic

Recommended Posts

News Feeder

A hacker who gained notoriety for unlocking the iPhone as a teenager says that he has now hacked Sony's PlayStation 3.

View the full article

Share this post


Link to post
Share on other sites
Teddy Rogers

It will be nice just to be able to get real hardware accelerated homebrew stuff running under Linux (or Windows) without that restrictive hypervisor. That has been my main gripe with the PS3. We may be able see some real homebrew development and software for the PS3 at last.

I just hope one of Sony's firmware updates won't kill it like they did with their 2.10 update killing off some work-a-rounds...

Ted.

Share this post


Link to post
Share on other sites
Blah

finally...

will be interesting to read up on other crackers comments etc who r following this stuff and what they find as well...

cheers

B

Share this post


Link to post
Share on other sites
Teddy Rogers

George Hotz has released the details of his work:

This is the coveted PS3 exploit, gives full memory space access and therefore ring 0 access from OtherOS. Enjoy your hypervisor dumps. This is known to work with version 2.4.2 only, but I imagine it works on all current versions. Maybe later I'll write up how it works :)


/>http://geohotps3.blogspot.com/2010/01/heres-your-silver-platter.html

You can download the details from here:


/>http://geohot.com/ps3_exploit.zip

Ted.

Share this post


Link to post
Share on other sites
Teddy Rogers
Today I verified my theories about running the isolated SPUs as crypto engines. I believe that defeats the last technical argument against the PS3 being hacked.

In OtherOS, all 7 SPUs are idle. You can command an SPU(which I'll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from pkgs to selfs. Including those from future versions.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

Ah, but you still didn't get the Cell root key. And I/we never will. But it doesn't matter. For example, we don't have either the iPhone or PSP "root key". But I don't think anyone doubts the hackedness of those systems.

I wonder if any systems out there are actually secure?


/>http://geohotps3.blogspot.com/2010/02/on-isolated-spus.html

Ted.

Share this post


Link to post
Share on other sites
xzonex

finally its cracked! already see a flood of iso flooding the scene

Share this post


Link to post
Share on other sites
Dragonluck4

Sweet even though i dont have a ps3.

Share this post


Link to post
Share on other sites
human

warning there is post on blog about firmware 3.21 that removes "Other OS" from fat ps3, new firmware will be on 1 april.

dunno if its april fool day bad joke or sony lied about never removing "Other OS".

Share this post


Link to post
Share on other sites
agentsil

whos that guy? he is a leet.. :woot: :woot: :woot:

Share this post


Link to post
Share on other sites
NeO

this dude is smart..

Share this post


Link to post
Share on other sites
security2009

sorry my noobism but how do you explain PS3 scene releases are published since 2008 and this news says its the first PS3 hack in 2010 ? there was no chip to read the older PS3 releases really?

Edited by security2009 (see edit history)

Share this post


Link to post
Share on other sites
Blah

Team Jungle Joins Team Hades in BD-ROM Drive Hacking

August 18, 2010

Nope — the PS3 still isn’t fully hacked — but it’s getting there… And according to a recent TeamJungle tweet — TeamJungle and C4E, who you may recognize from the Xbox360 scene, are working collab-style with Team/DemonHades — on hacking the PS3′s BD-ROM drive. If you didn’t already know: they have the drive connected to a PC and were able to successfully extract and decrypt the firmware off it. Now they just gotta analyze that, code this, patch and flash it back and we’re all playing BD backups. No I’m kidding; hackin’ ain’t easy. But if we’ve learned anything from hacking the 360, then it’s a step in the right direction. Good luck and Godspeed.

http://www.ps3-hacks.com/2010/08/18/team-jungle-joins-team-hades-in-bd-rom-drive-hacking/

1st Jailbreak PS3 Modchip

http://www.youtube.com/watch?v=ofkW5VCJ2ic
Edited by Blah (see edit history)

Share this post


Link to post
Share on other sites
Teddy Rogers

It looks like this jailbreak USB adapter is real. According to this article...


/>http://kotaku.com/5623505/sony-temporarily-blocks-sale-of-ps3-modchips

...Sony have filed for a temporary injunction on the sale of the devices in Australia. If this is true then the device itself must be real for Sony to worry about filing for an injunction.

I can't see this being of much use to anyone unless you have a spare PS3 you don't want to put online and have it connect to the PSN. I can easily see Sony releasing a firmware update to stop the device from working that and being banned from the PSN...

Ted.

Share this post


Link to post
Share on other sites
Teddy Rogers

PSJailbreak Reverse Engineered

Here is an article about the technique used for the USB dongle posted over at PS3Hax...

German website GameFreax has claimed to have successfully reverse engineered PS Jailbreak. They bring out some important information that was previously unknown. First off, PSJailbreak was apparently NOT a clone of Sony’s JIG, instead its a legitimate exploit that was developed. Second, we can NOT upgrade PSJailbreak without the use of additional hardware – maybe the company planned to sell another component to upgrade the unit?


/>http://www.ps3hax.net/2010/08/ps-jailbreak-reverse-engineered/

Ted.

Share this post


Link to post
Share on other sites
Teddy Rogers
This is the PSGroove, an open-source reimplementation of the psjailbreak exploit for AT90USB and related microcontrollers.

It should work on:

AT90USB162

AT90USB646

AT90USB647

AT90USB1286

AT90USB1287

ATMEGA32U4

... and maybe more.

This software is not intended to enable piracy, and such features have been disabled. This software is intended to allow the execution of unsigned third-party apps and games on the PS3.


/>http://github.com/psgroove/psgroove

Ted.

Share this post


Link to post
Share on other sites
Teddy Rogers

Analysis of the PSJailbreak Exploit

The PSJailbreak dongle is a modchip for the PlayStation3 that allows users to backup and play games off the harddrive. Unlike the modchips of the Previous generation, or the modchips so far for the Xbox360 and Wii, this modchip simply plugs into the USB port on the front of the PS3, avoiding the need for complex soldering and voiding of your warranty.

As the time of writing this document, the final PSJailbreak has not been released, but a number of samples were given out and at least one fell into the hands of someone who owned a USB sniffer. This analysis of the exploit is based on those USB sniffer logs, issues encountered during the development of the opensource PSGroove version of the exploit and a number of educated guesses. It will probably be updated as new information comes in.

The initial analysis by gamefreax.de suggested that it was a Stack overflow attack. After further analist it turns out that this exploit is a Heap Overflow attack. The exploit carefully manipulates the heap by plugging and unplugging fake usb devices with large device descriptors until the device on port 4 which misreports its size to overwrite one of malloc's boundary tags.


/>http://ps3wiki.lan.st/index.php/PSJailbreak_Exploit_Reverse_Engineering

Ted.

Share this post


Link to post
Share on other sites
Blah

PS3Hax launches Stealth Backup Manager

http://www.ps3exploits.com/2010/09/ps3hax-launches-stealth-backup-manager/

Share this post


Link to post
Share on other sites
vincy

As I am new i-phone user, I don't know about this.

Recently, I bought Blackberry bold mobile and i-phone.

I unlock my mobile from the site www.mobile-unlocker.com

Share this post


Link to post
Share on other sites
Teddy Rogers

Well this is neither surprising or took them long to do. Party poopers... :)

Sony has closed a loophole that allowed users to run software that enables pirated games to be played on the PS3 console.

The update blocks the PSJailbreak and PSGroove applications.


/>http://www.bbc.co.uk/news/technology-11213618

Ted.

Share this post


Link to post
Share on other sites
Blah

i think now that the reversers are "in there" its just gonna be a matter of patience...they must have better ideas of more loop holes to mess with etc...

can somebody that knows what there talking about explain why this protection took so long to get by etc??

you got to give it to sony (or whoever works for sony) for coming up with something that really took along time to work out...

Share this post


Link to post
Share on other sites
ttnweb

i think now that the reversers are "in there" its just gonna be a matter of patience...they must have better ideas of more loop holes to mess with etc...

can somebody that knows what there talking about explain why this protection took so long to get by etc??

you got to give it to sony (or whoever works for sony) for coming up with something that really took along time to work out...

Sony encrypt everything from HDD to executables. And have a special dedicated space to decrypt the files (which is an isolated SPU), even the firmware for the BD drive is stored encrypted on a chip. The problem is that currently there is A LOT of work to be done in order to fully defeat the system protection. The only way to get decrypted contents is to sniff RAM while the console is doing its job, but this by far is tedious and you have to be extremely patient.

Share this post


Link to post
Share on other sites
Blah

PS3 security is an epic fail, dongle-less jailbreaking on the way from fail0verflow


/>http://www.maxconsole.net/content.php?43800-PS3-security-is-an-epic-fail-dongle-less-jailbreaking-on-the-way-from-fail0verflow

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...