View Full Version : ps3 hack?
PEPEDA
26th January 2010, 12:10 AM
http://geohotps3.blogspot.com/
ProblemSolver
26th January 2010, 04:18 AM
Not a real hack as of now. He was able to dump the Hypervisor straight from the
system, but the Hypervisor's system-calls are already known and public. He is
trying to modify some of those calls to make it possible to run unsigned code
using his method. Having the possibility to run unsigned code would give one a
plain naked PS3 without any interruption (Sony ;)), which is good for Linux! :)
However, the PS3 isn't exploited, yet, and the Cell processor takes care of this
via its unique security architecture;
// The Cell Broadband Engine processor security architecture
http://www.ibm.com/developerworks/power/library/pa-cellsecurity/
Geohot also stated that he as no access to the root-key. But the root-key isn't
necessary in order to write an exploit to run unsigned code if the Hypervisor
allows to do so due to a software bug. However, having the ability to run
unsigned code does not mean that one can run backups or modify PS3 games or the
XMB. Currently, under the fat PS3, we already have the possibility to run
unsigned code, it's called; OtherOS. But it would be cool if this code can be
made running without being restricted by the Hypervisor, which actually locks
out the RSX graphics accelerator and also adds some latency to the overall
system under PS3Linux. :| I would be very pleased if someone can achieve this
since Sony took away the OtherOS feature from the PS3 Slim. :evil
Gaining access to the root-key would entirely screw up the system altogether,
since one would be able to gain full access to the GameOS and might be able to
run backups and to modify games to gain whatever advantage. But as long as
Cell's security architecture holds, which is rock solid for over three years
now, every issue with the Hypervisor can patched away by Sony, neglecting
hardware modifications like for example a mod-chip that would keep the door
open.
AG-wolf
26th January 2010, 04:23 AM
http://www.xbox-scene.com
^ Lemme know when the PS3 scene gets to this point ;3
And yeah, it sucks that Sony blocked stuff when running linux... it kinda defeats the point of using it for linux in the first place facepalm.jpg
ProblemSolver
26th January 2010, 04:52 AM
Na, it doesn't defeats the point. The primary purpose is an educational one and
its pretty good within that regard. The (fat) PS3 is the cheapest Cell / PowerPC
development system in existence.
The major downside of the Hypervisor is that you can't use the full system. The
PS3 has a lot of features that could be put to good use but unfortunately you
can't, since Sony doesn't allow for it. For example, the Cell processor has a
hardware debug unit to support application development, which isn't accessible
under PS3Linux. :rolleyes:
ProblemSolver
27th January 2010, 08:43 AM
From Geohot's blog: Here's your silver platter (http://geohotps3.blogspot.com/2010/01/heres-your-silver-platter.html).
It's in line with what I've written before, the fat PS3 becomes free but neither
the GameOS nor the Cell is hacked in anyway. And the method to poke around
in the PS3's memory is, in general, not very user-friendly ;) but may lead to
something more useful for the general public as time goes by.
ProblemSolver
29th January 2010, 06:29 PM
How the PS3 hypervisor was hacked (http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/).
ProblemSolver
18th February 2010, 07:12 AM
Here is a new patent from an Sony / IBM employee which is believed to be an
reaction to Geohot’s PS3 hack.
// Method to Protect Secrets Against Encrypted Section Attack
{
Abstract:
A method, system, and computer-usable medium are disclosed for
controlling unauthorized access to encrypted application program code.
Predetermined program code is encrypted with a first key. The hash value of an
application verification certificate associated with a second key is calculated
by performing a one-way hash function. Binding operations are then performed
with the first key and the calculated hash value to generate a third key, which
is a binding key. The binding key is encrypted with a fourth key to generate an
encrypted binding key, which is then embedded in the application. The
application is digitally signed with a fifth key to generate an encrypted and
signed program code image. To decrypt the encrypted program code, the
application verification key certificate is verified and in turn is used to verify
the authenticity of the encrypted and signed program code image. The
encrypted binding key is then decrypted with a sixth key to extract the binding
key. The hash value of the application verification certificate associated with
the second key is then calculated and used with the extracted binding key to
extract the first key. The extracted first key is then used to decrypt the
encrypted application code. ...
} [Ref (http://www.faqs.org/patents/app/20100037068#ixzz0feEg2cT4)]
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.