Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PlayStation 3 Hack Released Online

Soulskill posted more than 4 years ago | from the let-the-games-begin dept.

PlayStation (Games) 164

itwbennett writes "On Friday, George Hotz, best known for cracking Apple's iPhone, said he had managed to hack the PlayStation 3 after five weeks of work with 'very simple hardware cleverly applied, and some not so simple software.' Days later, he has now released the exploit, saying in a blog post that he wanted to see what others could do with it. 'Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released,' he wrote. 'I have a life to get back to and can't keep working on this all day and night.'" Reader MBCook points out an article written by Nate Lawson "explaining how the hack bypasses the hypervisor to gain unrestricted access to memory. It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry."

Sorry! There are no comments related to the filter you selected.

This sounds just like the GBC ROM dump hack (1)

Ant P. (974313) | more than 4 years ago | (#30918322)

Even if your software security is perfect, if your hardware cuts corners then all it takes is 100mW in the wrong place at the wrong time...

Re:This sounds just like the GBC ROM dump hack (1)

mister_playboy (1474163) | more than 4 years ago | (#30918464)

Someone here needs to try it and report back... :)

Re:This sounds just like the GBC ROM dump hack (2, Informative)

noidentity (188756) | more than 4 years ago | (#30918940)

Yeah, his rough description sounds similar. In this case, he's causing the hypervisor to constantly update the MMU page tables, then glitching the system during that, which gives him access to memory that the hypervisor thought it had protected.

No corners cut as far as I can see (2, Insightful)

Viol8 (599362) | more than 4 years ago | (#30919190)

If you have physical access to the circuit board then frankly short of encrypting every single data and address line theres not much any company can do to prevent hack attempts.

Re:No corners cut as far as I can see (1)

rob13572468 (788682) | more than 4 years ago | (#30919434)

It depends on what context the hack is used... Sony may have thought ahead and written and anti hacking API that simply needs to be enabled... They more than likely included the ability to perform hypervisor integrity checks with code triggered remotely (as in if/when connected to playstation network) and can start booting/banning people from playing online.

Re:No corners cut as far as I can see (1)

Viol8 (599362) | more than 4 years ago | (#30919608)

"code triggered remotely"

If you have complete control of the machine you can just intercept and vet anything that comes from the ethernet interface. Once any remote operation/update ability had been discovered it would soon be disabled and results spoofed back to the sender.

Re:No corners cut as far as I can see (1)

Khyber (864651) | more than 4 years ago | (#30921968)

No cut corners that you can see?

Hahaha. Let's see. We've got at least 5 different PS3 models, with varying hardware capabilities. Somewhere, in the name of making money, they most certainly did cut corners.

Now the question is - which model was hacked? I can almost guarantee the new Slim wasn't used, so which fat model? With or without PS2 BC? Full hardware PS2 or hardware/software?

We already knew we could glitch the memory bus with properly applied current to get some signals past the hypervisor, it was really dependent upon the model.

Works on PS3 slim? (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30918328)

Does this work on the PS3 slim? Will I be able to install Linux on it now? If so, I will buy one. I have not had enough of a reason to buy a PS3 before, but this will pretty much do it for me. It will be interesting to see if there is a sales spike because of it.

Re:Works on PS3 slim? (1)

pnewhook (788591) | more than 4 years ago | (#30918786)

You do realize that the PS3 is a GAMING console right? Sounds like you should be buying a PC if you want to run Linux.

Re:Works on PS3 slim? (1)

LWATCDR (28044) | more than 4 years ago | (#30919668)

funny but Sony supported installing Linux on earlier versions.
Why not install Linux if you can? The PS3 is also a really cheap way to play with writing code for the CELL.

Re:Works on PS3 slim? (2, Interesting)

RoFLKOPTr (1294290) | more than 4 years ago | (#30918954)

Will I be able to install Linux on it now? If so, I will buy one.

Don't buy a PS3 simply for the sake of installing Linux on it. The PS3 only has 256MB of system RAM and Linux does not run well at all on it (I know this from personal experience with a PS3-specific Linux flavor). Just build a computer for $500.

Re:Works on PS3 slim? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30919158)

I did the linux thing on a ps3. You are right it is horrible. If you were into hacking yeah it might be fun. But just to mess around with. Painful.

I bought a netbook put linux on it and am having a blast.

I could use my ps3 for linux but to run it solid 24/7 would cost me a fortune. Can do the same with my netbook for 1/10th the cost.

It was one of those things where someone could have done something interesting with it but sony locked out the interesting bits except cell.

It could have been a very capable media center type thing. But Sony killed that quick for some reason.

Re:Works on PS3 slim? (0)

Anonymous Coward | more than 4 years ago | (#30919188)

This is because of the restrictions applied. Without these restrictions the PS3 could be a very powerful Linux box with excellent home theatre possibilities.

Re:Works on PS3 slim? (1)

FireFury03 (653718) | more than 4 years ago | (#30919348)

I've just bought a Point Of View Intel Atom 330 / nVidia Ion motherboard, case and RAM - total cost was well under £200 and it does pretty well as a home theatre system.

Re:Works on PS3 slim? (2, Informative)

dimeglio (456244) | more than 4 years ago | (#30920450)

This is because of the restrictions applied. Without these restrictions the PS3 could be a very powerful Linux box with excellent home theatre possibilities.

Probably but the PS/3 "as is" provides pretty much exceptional home theatre possibilities out of the box. Including licensed codecs and BD support. Not sure I would use Linux on the PS/3 for that. I'd probably build a HTPC with XBMC which is quite impressive.

Re:Works on PS3 slim? (1)

soupd (1099379) | more than 4 years ago | (#30919430)

Aye, being able to run LINUX on a console is an impressive feat but the limited RAM severely limits actual usability.

Linux runs a bit better these days... (2, Interesting)

Dr. Manhattan (29720) | more than 4 years ago | (#30920238)

Don't buy a PS3 simply for the sake of installing Linux on it.

I would certainly agree with that. As you say, there are much better deals, price/performance-wise.

The PS3 only has 256MB of system RAM and Linux does not run well at all on it...

...but this is a little overstated. Clever people figured out how to use the video ram as ultra-fast swap [psubuntu.com] , which brings the effective RAM up to around 512MB. Still not awesome, but it makes Linux quite a bit more usable on the PS3.

Re:Works on PS3 slim? (1)

pozitron969 (539857) | more than 4 years ago | (#30919800)

FTA - Sony has stopped supporting the "OtherOS" feature in the PS3 slim. Mr. Hotz used a bit of code while running Linux as the "OtherOS." So initially it looks like No it won't work on the PS3 Slim. But this may lead to other exploits which may work on that model.

'I have a life to get back to' (2, Funny)

Anonymous Coward | more than 4 years ago | (#30918352)

How dramatic

Re:'I have a life to get back to' (5, Funny)

Vanderhoth (1582661) | more than 4 years ago | (#30918624)

Yeah, he thinks he's all special because he has a life or something.

Re:'I have a life to get back to' (2, Funny)

Sir_Lewk (967686) | more than 4 years ago | (#30918636)

Only a slashdotter would think someone claiming to have a life is being dramatic.

Re:'I have a life to get back to' (0)

Anonymous Coward | more than 4 years ago | (#30919414)

Only a Slashdotter would think that "Vanderhoth's" post is anything less than a tongue-in-cheek comment and attempt to belittle the poster!

Re:'I have a life to get back to' (1)

Sir_Lewk (967686) | more than 4 years ago | (#30919546)

And only a dumbass AC would be unable to tell that I was responding to the same person Vanderhoth was responding to, and that my post as well was tongue in cheek.

Does this open the floodgates? (2, Insightful)

ACK!! (10229) | more than 4 years ago | (#30918360)

If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

Re:Does this open the floodgates? (4, Insightful)

decipher_saint (72686) | more than 4 years ago | (#30918544)

I often wonder if part of the success of the original XBox was it's "hackability".

Anyone care to weigh in?

Re:Does this open the floodgates? (2, Interesting)

Sir_Lewk (967686) | more than 4 years ago | (#30918722)

If by "hackability", you mean Halo...

I think the GP isn't suggesting that this will make the PS3 fair better to any significant degree in the market at large, but rather make it more popular with nerd types you might find on places like slashdot.

Who knows though, it probably wouldn't be too out of line to claim that iphone unlocking made those more desirable, plenty of my non-nerd friends have unlocked iphones.

Re:Does this open the floodgates? (0)

Anonymous Coward | more than 4 years ago | (#30918802)

I often wonder if part of the success of the original XBox was it's "hackability".

Anyone care to weigh in?


It absolutely was. Think of how many people you know with XBoxes. Then think of how many of those were hacked. Then think about how many of those people are generally non-geeks (assuming you have non-geek friends). There you go.

Re:Does this open the floodgates? (2, Insightful)

flabordec (984984) | more than 4 years ago | (#30918848)

At least in some places that was the case. People in less developed countries do not have as much money to spend on videogames, some of my friends in Mexico pay about $50 monthly rent, so paying more for a single game than for a whole month of housing does not make much sense. Paying $5 for essentially the same thing, on the other hand, is much more manageable.

Re:Does this open the floodgates? (1)

petermgreen (876956) | more than 4 years ago | (#30919038)

ofc people who "pirate" all thier games aren't making MS any money so whether you can call being popular among "pirates" a success is open to interpretation (working on the assumption that console manufacturers either make a loss or a very small profit on the consoles and make up for it on the games)

Re:Does this open the floodgates? (1)

flabordec (984984) | more than 4 years ago | (#30919526)

It isn't making them money on software, but there are still tons of console sales (you still have to play your pirate games somewhere). The console was sold a lot in Mexico because it was easily hackable.

By "success" I had thought of console sales, if by "success" we mean profit then the numbers would probably look pretty bad even though there were a lot of console sales.

Re:Does this open the floodgates? (1)

ShiftyOne (1594705) | more than 4 years ago | (#30918918)

You must have not heard of Halo.

Re:Does this open the floodgates? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30919156)

I can vouch for this. We had an xbox lying around from the first batch to be released (I think my brothers and I got one on preorder one christmas).

I played it a bit, (Halo, as mentioned...) but only really used it alot once I decided to put a mod chip in. The whole project was actually really enjoyable. I researched for weeks, and opened the case up several times to poke around, detach and reattach, etc.

Once the chip arrived in the post and I flashed a new BIOS, I had even more fun playing around with different homebrew, apps, and "operating systems". A little later I discovered XBMC, installed a new hard drive, and started running games off the drive as well as FTP'ing movies and TV to it.

I don't know how many people bought an Xbox as a result of the mod chip capabilities, but im certain there are plenty. Some sites even offered pre-chipped console bundles.

It was definitely a key activity in my eventual career choice of computer engineering.

Re:Does this open the floodgates? (1)

navyjeff (900138) | more than 4 years ago | (#30919524)

Seconded.

I've had my XBox since '02. I've modded it, fixed it, upgraded it since then. Oddly enough, it's still the number one source for my TV. I haven't played games on it in months, but I frequently watch movies and tv shows from my network server (>3TB). The box is indispensable, and to date I still haven't found a machine to adequately replace it. If the PS3 can be modded to run XBMC, I might be convinced to finally retire it from primary duty.

It's also nice to be able to play all my old SNES and N64 games without having to drag both of those consoles out of storage. If it had been impossible to mod, I would've stopped using it years ago. It still amazes me what the old hardware is capable of doing, such as 720p and 1080i video.

Re:Does this open the floodgates? (1)

omnichad (1198475) | more than 4 years ago | (#30919580)

I bought a used one for that purpose alone. I needed a MythTV frontend cheap. I never used it to play games except to load a saved game as part of the hacking process.

Re:Does this open the floodgates? (1)

Hatta (162192) | more than 4 years ago | (#30919412)

The original Xbox was a success? The Xbox sold about as much as the Gamecube, and about as fifth as many as the PS2. The gamecube made Nintendo a few hundred million dollars, while the Xbox lost microsoft a few billion dollars. The only success there is that it made Microsoft a legitimate name in console gaming, providing footing for the Xbox 360.

Re:Does this open the floodgates? (1)

Again (1351325) | more than 4 years ago | (#30920516)

The original Xbox was a success? The Xbox sold about as much as the Gamecube, and about as fifth as many as the PS2. The gamecube made Nintendo a few hundred million dollars, while the Xbox lost microsoft a few billion dollars. The only success there is that it made Microsoft a legitimate name in console gaming, providing footing for the Xbox 360.

And Microsoft has only lost 1 billion dollars on that so far.

Re:Does this open the floodgates? (0)

Anonymous Coward | more than 4 years ago | (#30919452)

Look at the PlayStation (PS1), CDs were easier to pirate than cartridges.

Can you remember the PlayStation's main rival?

Re:Does this open the floodgates? (1)

Winckle (870180) | more than 4 years ago | (#30919794)

The Nintendo 64?

Xbox success? (1)

WiiVault (1039946) | more than 4 years ago | (#30919456)

Success? The Xbox cost MS millions, and from what I can tell they are still trying to pay it back with the 360 which just recently *may* have turned a profit. The reason I say may is because of the way MS has it's divisions organize group Mac software (highly profitable) with Xbox HW.

Re:Does this open the floodgates? (1)

herring0 (1286926) | more than 4 years ago | (#30919616)

The only reason that I bought the original Xbox was for all the media center functionality. I like playing games and such, but that was not my primary interest.

I know there are and were plenty of media center PCs, but I never found one that I liked the look of and wouldn't require me to do all kinds of work. With the xbox I installed a mod-chip in about 15 minutes, loaded XBMC and was streaming music and movies inside an hour start to finish. I can even still watch Hulu from it.

Plus I got the xbox used with a couple controllers and games for less than I could even buy one of the little Nvidia pc boards. Best $100 I ever spent on a piece of electronics.

Re:Does this open the floodgates? (1)

demonlapin (527802) | more than 4 years ago | (#30919758)

I can even still watch Hulu from it.

Link for something that works with the Xbox and not just XBMC on PC?

Re:Does this open the floodgates? (1)

pak9rabid (1011935) | more than 4 years ago | (#30920084)

I often wonder if part of the success of the original XBox was it's "hackability".

I know that I wouldn't have bought the 2 Xbox's that I did if it weren't for the fact that I could hack them and put XBMC on them.

Re:Does this open the floodgates? (1)

Kagato (116051) | more than 4 years ago | (#30918732)

Well, older machines you could run linux with out much hassle. But locking out the Hypervisor meant that Linux based software was locked out of the accelerated graphics. Which is why the common uses for the PS3 on linux has been more for computational activities. In theory this makes it possible to make home brew games and DVRs, etc.

I don't know if this has any effect on things like copy protection.

Re:Does this open the floodgates? (0)

Anonymous Coward | more than 4 years ago | (#30918822)

Except, sony loses money on every ps3 sale in hopes of getting it back in overpriced games. So, if it's more popular, it's a loss for sony if those people don't buy games.

Re:Does this open the floodgates? (1)

NitroWolf (72977) | more than 4 years ago | (#30919380)

If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

It would definitely be a bad thing for the PS3, just like it was for the original XBox. If people start buying the consoles, but NOT buying any games or content (since they'd be using the PS3 for something else) - then the PS3 becomes a major loss and drain on company profits. It's the razor and the content is the blades - sell the razor for cheap and rape them on the blades. If there are no blades being purchased then selling the razor is pointless.

Re:Does this open the floodgates? (1)

nmb3000 (741169) | more than 4 years ago | (#30919476)

If they are able to bypass the hypervisor and then do hack mods for the PS3 this might open up a whole new avenue for modders and interest in the platform that was not there before. In other words, this might not be a bad thing for the PS3 overall.

The problem with this is that Sony doesn't want you to buy a PS3 just so they can sell you the hardware. Sony wants you to buy a PS3 so they can sell you games, movies, downloadable content, accessories such as remotes and controllers, and other stuff like that. Large numbers of people running hacked and modded consoles that can use homebrew software and games, cracked/pirated games and downloads, and pirated BluRay movies and DVDs is the exact opposite of what Sony really wants to see happen.

As other pointed out, Halo was a huge part of the popularity of the Xbox and was, in fact, the initial reason I personally bought one. As useful as a modded Xbox is (games on the hard drive and XBMC especially), Microsoft doesn't like people modding the Xbox any more than Sony likes them modding the PS3. After all, there's a reason these companies invested what probably amounted to millions of dollars in the (doomed to fail) anti-tampering software and hardware which guards the platform.

Re:Does this open the floodgates? (0)

Anonymous Coward | more than 4 years ago | (#30919482)

Will it fuck.

Let's face it, >70% of people who even use hacks are usually doing it for piracy.

This will be terrible for PS3 if it does actually lead to it being opened up, yes, even with the large 15+ GB games.

Re:Does this open the floodgates? (1)

darkmeridian (119044) | more than 4 years ago | (#30919684)

I know that many PS3 owners use it mostly as a Blu Ray owner but as a gamer, I'm concerned about opening up console platforms. Online PC gaming has been ruined by aimbot, wallhacks, and other cheats. Console gaming so far has been less prone to these hacks because the systems are closed. Whenever a console is hacked, there is a risk that online gaming will suffer from cheaters that make the game unplayable. The Xbox 360 was eventually hacked, but this required a hard hack that allowed these systems to be kept offline so that wasn't a really big deal. (More freedom with hardware WITHOUT hurting gaming! Perfect!) It sounds like the PS3 hack is a softhack, which raises the possibility of aimbots and the like being introduced into online game play. That's not necessarily a good thing for the PS3 as a gaming platform.

Do I care? (0)

Anonymous Coward | more than 4 years ago | (#30918362)

Yes because it will show companies like Sony that hardware designed to prevent a person using a device they bought in the way they want will always fail.

but

No because the PS3 is a dead-end lump of obsolete hardware that is best used as a glorified media player or a cheap number cruncher.

Re:Do I care? (2, Informative)

RyuuzakiTetsuya (195424) | more than 4 years ago | (#30918470)

Do you understand that the hack right now isn't very useful?

I have no doubt eventually keys will be extracted, and the thing will be hacked based on this hack here, but, until that happens, Sony's still winning.

Until you can get hypervisor access with out glitching the memory bus, or get homebrew working in the XMB, Sony still wins.

Re:Do I care? (1, Informative)

marcansoft (727665) | more than 4 years ago | (#30919316)

This exploit isn't going to get you keys. The keys are stored in an entirely different core with secure local storage. The word "hypervisor" is overhyped (pun intended); it isn't the primary target in order to own the system. That's why it was so easy to hack (this hack is fairly trivial). Geohot just did a knee-jerk trick and only later realized it wasn't nearly as useful as he imagined.

Re:Do I care? (1)

bill_mcgonigle (4333) | more than 4 years ago | (#30920140)

I have no doubt eventually keys will be extracted, and the thing will be hacked based on this hack here, but, until that happens, Sony's still winning.

And production costs should be below sales costs [kombo.com] by then, so Sony will continue to win. Kudos to the Sony security team for developing a sufficiently secure system to support the business model.

Now, let's build some clusters...

Re:I care! (0)

Anonymous Coward | more than 4 years ago | (#30918506)

Now I'll be able to use my PS3 as a media player without transcoding everything to its preferred format

Re:I care! (0)

Anonymous Coward | more than 4 years ago | (#30919130)

The PS3 supports MPEG-4 ASP, VC-1, H.264 for video and AC-3, MP3, LPCM, DTS-HD, Dolby TrueHD, etc for audio. What formats are you trying to play that you have to transcode?

Re:I care! (3, Informative)

Troed (102527) | more than 4 years ago | (#30919220)

It doesn't support the mkv container, which it should, since it's now reconized by DivX (v7) and the PS3 is DivX certified.

http://www.divx.com/en/mkv [divx.com]
http://support.divx.com/faq/view/supportFAQen038/DivX%20on%20the%20Sony%20Playstation%203 [divx.com]

Until included natively, PS3MediaServer is the best solution - real time transcoding as the GP said.

This guy is a hack, not a hacker. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30918422)

He tried to retrieve the keys and failed miserably, so he gave up and released this half assed attempt. He might be a big fish in the iphone scene but the fact is, he is just a hack. What's even funnier, all of this was accomplished more than one year ago by other people.

I want to send a big fuck you to geofail, all the warez scene (particularly the imbeciles at Paradox) and the people who pirate games.

Glass.

Re:This guy is a hack, not a hacker. (1)

MBCook (132727) | more than 4 years ago | (#30918724)

He figured out a way to read all of the memory. Can you provide a link to someone who did that last year?

Re:This guy is a hack, not a hacker. (1, Informative)

marcansoft (727665) | more than 4 years ago | (#30919648)

The memory is by definition not secure (it's not encrypted nor signed). Therefore reading out all the memory isn't a hack, it's just a cute trick. Sure, the PS3 isn't designed to let you do that, but it's also designed such that doing it doesn't gain you much.

Re:This guy is a hack, not a hacker. (4, Insightful)

Sir_Lewk (967686) | more than 4 years ago | (#30918882)

Trying and failing where none have succeeded before does not a "hack" make.

If indeed he simply duplicated what someone else has done before then that does diminish this acheivement, but I have heard nothing of the sort, you are an AC, and have not provided any citations.

Your ad hominem attack, and your unprovoked lashing out at game piraters makes me think that you have a personal stake in this somehow. Without citations, I'm going to go ahead and say you are full of shit.

Re:This guy is a hack, not a hacker. (-1)

Anonymous Coward | more than 4 years ago | (#30919010)

The OP made a good point. George Hotz does not understand how Cell BE security vault works. You cannot just "kick the SPU" and hope it will magically work. He became overconfident and had to face reality. Compromising the HV was considered during the Cells design, that's why security relies on pure hardware means. It doesn't really matter if the HV is dumped and disassembled, that will never lead to a compromised key. And no, you cannot, by any means, read the LS of the isolated Cell.

He is no hero. Thanks to this guy your OtherOS might be removed pretty soon, and don't think about Linux on the PS4. Thank you for nothing, George.

Re:This guy is a hack, not a hacker. (1)

Sir_Lewk (967686) | more than 4 years ago | (#30919172)

With no linux on the slim, I think it is a pretty safe assumption that Sony has not been planning on allowing linux on the PS4. I highly doubt that Sony can effectively retroactively remove linux support from older PS3's, and if this hack really means nothing, then I really doubt Sony would go out of their way to punish PS3 users in general.

Either this hack is worth something, and will positively aid the PS3 hacking comunity, or it is worthless and nothing will change.

Re:This guy is a hack, not a hacker. (1)

Anubis350 (772791) | more than 4 years ago | (#30919836)

With no linux on the slim, I think it is a pretty safe assumption that Sony has not been planning on allowing linux on the PS4.

Cant say i agree with you there, the larger PS2 had a linux distro (which came with a keyboard and hard drive as a kit) - it was unavailable for the ps2 slim. They did something similar with the ps3, no reason to believe they wont on the ps4.

Re:This guy is a hack, not a hacker. (0)

Anonymous Coward | more than 4 years ago | (#30919260)

Right on target. His handling of the situation is on par with his handling of the early iPhone. That is to say, the one thing he really knows how to hack is media coverage.

He walked two steps into a mile-long walk, and announced each one to the world. Then he realized that he wasn't going to get past the third step, so he's trying to abort in the most graceful manner for his ego, announcing his two steps as a breakthrough that others should pick up and improve upon.

The reality of the situation is that geohot doesn't really know what he's doing here, and in fact did not develop this hack alone (he has discreetly acknowledged other people somewhere in the middle of his blog's comments). He thought he was onto something, but now he's stuck. The Cell BE is quite a bit more secure than he thought, and the "holy grail" (the isolated SPE) is still completely secure, hypervisor hack or no hypervisor hack.

The sad part is that he'll probably take credit for anything done to the PS3 now, especially if it's even remotely related to what he did.

Re:This guy is a hack, not a hacker. (2, Funny)

canajin56 (660655) | more than 4 years ago | (#30920282)

There's an illiterate buffoon called "HighGuy" who runs around all of the PS3 forums claiming to have hacked the PS3, but his hacks are always a few weeks from release. He spits out jargon like j-tags, hello-worlds, grub, linux, ubuntu, but he obviously doesn't know what any of those things are. He claims to have hacked a CoD4 save game and installed grub in it using Ubuntu, that way when you load the game it will use DOS to boot into whatever code you want. But, he even admits, he doesn't know any programming so he can't really do much with that, just basic "helloworlds". Then, right when he was about to release, look, it melts his PS3 chips. "But I think some soldier and maybe it works again. But we can't really use this hack it overloads the chips and makes them melt the boards". Anybody who calls him on his bullshit gets flamed by his legions of fans, plus gets him to threaten to never release it as punishment for doubting him and being jealous of his hacker skills. Meanwhile, people who make legitimate strides are shat all over by his legion of fans, for ripping him off, "HighGuy was doing this a year ago, poser!" Just like Mr. AC here ;)

...Okay, cool. (0)

Anonymous Coward | more than 4 years ago | (#30918978)

Release _your_ PS3 hack, then.

Don't have one, do you?

Jackoff. Again, some Slashdotter thinks they're so much smarter than people who actually DO newsworthy things, but does nothing but post online as an armchair expert.

Re:This guy is a hack, not a hacker. (0)

Anonymous Coward | more than 4 years ago | (#30919054)

Not only is he a hack on this (this is not an exploit), but even in the iPhone scene, he took credit for *a lot* of other peoples work. The kid is an attention whore and a tool, and surely had hopes this would get him pussy.

We're going to get you GeoFagz. You've fucked with the wrong people.

Re:This guy is a hack, not a hacker. (0)

Anonymous Coward | more than 4 years ago | (#30919248)

Awww, AC iphone 'hacker' tough guys.

How cute.

DMCA (1)

fandingo (1541045) | more than 4 years ago | (#30918484)

Takedown notice in 3, 2, 1...

pastie.org: registered in KY, USA

blogspot.com registered in CA, USA

Re:DMCA (1)

fandingo (1541045) | more than 4 years ago | (#30918518)

Sorry to reply to my own post...

geohot.com (where the exploit is actually hosted) registered to godaddy.com --> USA

Re:DMCA (1)

Kong the Medium (232629) | more than 4 years ago | (#30918576)

too late.

This has been online for what, 12 hours? It was posted on /.. Good luck in getting all copies back.

Re:DMCA (1)

ubersoldat2k7 (1557119) | more than 4 years ago | (#30918792)

Yeah, and in some countries this sort of things are legal or not illegal, so good luck with that DMCA.

Summary of what I've seen so far (5, Informative)

b1t r0t (216468) | more than 4 years ago | (#30918536)

* This is based on a Linux kernel module, so NO SLIM already, okay?
* All it does is poke a hole in the hypervisor allowing memory access. This means it's not going to give you homebrew quite yet, but it's going to make it possible for people to start exploring and tinkering further.
* It requires hardware that generates a 40ns pulse on some point on some version of the board. Apparently it introduces a hardware glitch that allows the hole to be opened. And it doesn't persist after a reboot.
* The top level of security in the PS3 is in that one reserved SPU. Apparently it is given the root key during startup, holds all the other keys, and is responsible for decrypting and checking everything. But it's going to be very hard to get into.
* Now that it's possible to get into the hypervisor, people can start poking at that SPU. But Sony's security model was supposed to include the possibility of the hypervisor being compromised in just this way.

Re:Summary of what I've seen so far (2, Interesting)

Anonymous Coward | more than 4 years ago | (#30918696)

Indeed, the 7th SPU is in isolated mode at this point, and cannot be accessed even by the hypervisor. But it may be possible to reflash the system and take over the isolated setup code.

Re:Summary of what I've seen so far (1)

MBCook (132727) | more than 4 years ago | (#30918702)

The important thing about this hack is that they can dump the hypervisor (which has now been done). Obviously this would be a pain to use to load homebrew.

But with the hypervisor code, they can disassemble it and try to find bugs. If they find one, then they can exploit that. That method may make it possible to find a way to root any console, including the slim.

This is certainly interesting, but it's not at the "download this and you have root" stage.

Re:Summary of what I've seen so far (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#30919200)

Except you can't use the hypervisor to get at the decryption keys even if some exploit is found for it.

Re:Summary of what I've seen so far (3, Insightful)

Sir_Lewk (967686) | more than 4 years ago | (#30919440)

Presumably getting the keys and pirating games is not the only thing someone might want to do with a PS3.

Unless the keys are somehow related to allowing linux to use the GPU, which I have not seen indicated anywhere, then anyone bitching about how this hack is worthless because he still can't get the keys seems terribly singleminded.

Re:Summary of what I've seen so far (1)

hitchhacker (122525) | more than 4 years ago | (#30921790)

I swear your bullet points sound like the plot to Tron.

"Tron: My User has information that could... that could make this a free system again! No, really! You'd have programs lined up just to use this place, and no SPU looking over your shoulder. "

... Bring in the logic probe!

Could be useful (1)

ndavis (1499237) | more than 4 years ago | (#30918552)

The only reason for that I like this is if they can get a different way to play media files such as XMBC to work so I can play MKV files without conversion on my PS3. Also I didn't download these MKV files I have the disks, but this will prevent my son from ruining them and also allow me to change shows faster when one is done.

Re:Could be useful (0)

Anonymous Coward | more than 4 years ago | (#30918830)

Install linux ?

Re:Could be useful (1)

BoogeyOfTheMan (1256002) | more than 4 years ago | (#30919006)

Theres a an app called "PS3 Media Server" for Linux and Windows that will convert mkv files on the fly and allow them to be viewed by the PS3.

Its running fine on my Ubuntu 9.10 box (C2D 2.4ghz w/4GB ram). Though some avi's still wont work, most of all my other media will.

Re:Could be useful (1)

toastar (573882) | more than 4 years ago | (#30920856)

I'd Like to play the Files without Maxing out one of my cores, What if I want to play crysis and watch a movie at the same time? Will the movie Skip?

Nice step forward, but no full compromise (5, Informative)

Superken7 (893292) | more than 4 years ago | (#30918582)

While indeed this opens the door for PS3 hacking, the PS3 has not yet been fully "hacked".
See http://streetskaterfu.blogspot.com/2010/01/ps3-is-hacked-urban-legend-continues.html [blogspot.com]

The security architecture of the PS3 is designed in a way to prevent hacks like this to fully compromise the system.

Another interesting read, by Kanna Shimizu, http://dslab.lzu.edu.cn:8080/members/zhangwei/doc/Cell_Broadband_Engine_processor_vault_security_architecture.pdf [lzu.edu.cn]

Re:Nice step forward, but no full compromise (2, Insightful)

rob13572468 (788682) | more than 4 years ago | (#30919320)

The glitch attack is a pretty powerful attack in that the proof-of-concept he worked out is most of what is needed for a mod chip. Now all that is needed is to find the least expensive microcontroller to deliver the glitch pulse. He uses 40 nS but it may well turn out that even a larger (wider) pulse works which then means a standard 3 dollar 10 Mhz microcontroller can be used to control the glitch. connect the glitch modchip to any line that is controllable under the hypervisor and you have the ability to turn it on and off and you can now build an automated package. The only problem is that you will start by running some software that allows you to place arbitrary code even under the control of the hypervisor... So you install the modchip, load the approved linux distro, run the special exploit program and you now have complete read/write control, which in turn reloads a full uncontrolled linux distro (or any other unsigned code). of course the hypervisor dump may well lead to an implementation flaw that allows access without a modchip being needed which is even better. Its all just cat and mouse from here...

It's also a little fishy... (1)

Otis_INF (130595) | more than 4 years ago | (#30920404)

I mean, he needs to block the HV correcting the tables, and presses a button to do that. But... that requires serious timing, as the call is made and directly after that he has to block the memory access with the pulse. To me this seems impossible to do, or he can start jamming the signal BEFORE the call is made, but that would potentially ruin the call in the first place.

"It seems the trick is to use a pulse..." (4, Funny)

Broken Bottle (84695) | more than 4 years ago | (#30918806)

"It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry" Well shit, when you put it like that it's a wonder this thing wasn't cracked by a kindergartner two and a half years ago. :)

Re:"It seems the trick is to use a pulse..." (2)

Joucifer (1718678) | more than 4 years ago | (#30919602)

"It seems the trick is to use a pulse to glitch the hypervisor while it's unmapping memory, leaving a favorable page table entry" I consider myself somewhat a nerd (hence being here on /.), but I had to google 2/3 of that statement.

How It's Done (0)

Anonymous Coward | more than 4 years ago | (#30918872)

Dang, I was just going to try this... (ha ha) geohot: well actually it's pretty simple geohot: i allocate a piece of memory geohot: using map_htab and write_htab, you can figure out the real address of the memory geohot: which is a big win, and something the hv shouldn't allow geohot: i fill the htab with tons of entries pointing to that piece of memory geohot: and since i allocated it, i can map it read/write geohot: then, i deallocate the memory geohot: all those entries are set to invalid geohot: well while it's setting entries invalid, i glitch the memory control bus geohot: the cache writeback misses the memory :) geohot: and i have entries allowing r/w to a piece of memory the hypervisor thinks is deallocated geohot: then i create a virtual segment with the htab overlapping that piece of memory i have geohot: write an entry into the virtual segment htab allowing r/w to the main segment htab geohot: switch to virtual segment geohot: write to main segment htab a r/w mapping of itself geohot: switch back geohot: PWNED geohot: and would work if memory were encrypted or had ECC geohot: the way i actually glitch the memory bus is really funny geohot: i have a button on my FPGA board geohot: that pulses low for 40ns geohot: i set up the htab with the tons of entries geohot: and spam press the button geohot: right after i send the deallocate call

Sony VS SGC! (1)

flayzernax (1060680) | more than 4 years ago | (#30918984)

Anyone have any feeling that after years of finally unraveling the PS3 hardware Sony is going to beam you up to their stolen Ghoa'uld space ship and tell you their the Illuminati and they plan to release an upgraded version of J.C. Denton on the world, but they need you to program his nanobots first?

I have a life to get back to... (0)

Anonymous Coward | more than 4 years ago | (#30919070)

Nope, I think not.

If you consider... (0)

Anonymous Coward | more than 4 years ago | (#30919076)

I have a life to get back to and can't keep working on this all day and night.

If you consider bitching on Twitter a life, sure!

What could this mean for Blue-Ray (1)

bigdweeb (204273) | more than 4 years ago | (#30919136)

I wonder what this means for Blue-Ray. It could be a major blow to Blue-Ray protection if this somehow allowed the interception of the encryption keys.

Re:What could this mean for Blue-Ray (1)

jgtg32a (1173373) | more than 4 years ago | (#30919360)

It wasn't already cracked?

Re:What could this mean for Blue-Ray (3, Informative)

NitroWolf (72977) | more than 4 years ago | (#30919462)

I wonder what this means for Blue-Ray. It could be a major blow to Blue-Ray protection if this somehow allowed the interception of the encryption keys.

Umm... what rock have you been living under? Blu-Ray protection is an utter failure all on it's own. A hack PS3 isn't going to make a bit of difference to Blu-Ray protection; The BR encryption keys are already easily acquired.

Re:What could this mean for Blue-Ray (1)

bill_mcgonigle (4333) | more than 4 years ago | (#30920262)

Blu-Ray protection is an utter failure all on it's own.

Blu-Ray has, to date, been sufficiently designed to prevent an open source player, right?

Re:What could this mean for Blue-Ray (3, Insightful)

Rennt (582550) | more than 4 years ago | (#30921424)

Much like DVD before it, the law may have been sufficiently designed to prevent distribution of an open source player, but Blu-Ray encryption is not an obstacle to developing one.

Re:What could this mean for Blue-Ray (2, Informative)

Anonymous Coward | more than 4 years ago | (#30921544)

> Blu-Ray has, to date, been sufficiently designed to prevent an open source player, right?

Not [doom9.org] really [makemkv.com] .

Re:What could this mean for Blue-Ray (1)

BitterOak (537666) | more than 4 years ago | (#30921330)

The BR encryption keys are already easily acquired.

All the encryption keys, or just the encryption keys for software based players? If software player encryption keys are someday all revoked, will existing Blu-Ray cracks still work on new releases? Remember with DVD the encryption keys were all 40 bits, so once the algorithm was discovered it was relatively easy to brute force all the keys, making the crack effectively permanent. I don't think that Blu-Ray has been similarly cracked yet.

Re:What could this mean for Blue-Ray (1)

SScorpio (595836) | more than 4 years ago | (#30919510)

Or you could just use the program MakeMKV which is out for Windows, Linux, and OSX. It lets you rip a BluRay directly to MKV without any other software. It also allows you to stream the video with the program so you can actually play BluRay on Linux now.

Oh noes! (1)

Aphoxema (1088507) | more than 4 years ago | (#30919652)

Oh, shit, I hope Sony has heard about this!

How is this possible? (1)

Superken7 (893292) | more than 4 years ago | (#30920030)

Can somebody please explain to me why a kernel module (with fewer privileges than the HV) is able to create a "virtual segment, indicating that the hypervisor should store the HTAB associated with it at a specific address."?

I guess that functionality is needed somehow, and therefore accessible to kernel modules;
  otherwise it would not make sense to me that they exposed unnecessary calls that mess with sensible stuff like the HTAB location (which contains the main segment, etc..) and ultimately lead to exploits like this.

Any insight, thoughts?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?