Apple iPhone Unlocker GeoHot Begins Hacking Sony's PS3

[PS3 News]

Over the weekend http://en.wikipedia.org/wiki/George_Hotz, famous for unlocking Apple's iPhone, has posted a few tweets on his http://twitter.com/geohot account that he has began looking into hacking Sony's PS3 console.

He has also dropped by our Forums to enquire about the PS3 Hypervisor Decryption Keys, and has been in touch with CJPC via IRC as well.

To date, geohot has reported the following via tweets:

"ooo got access to a couple more pages of ram...still no hypervisor there tho. it's hiding in the top 2 MB.

anyone know if the 360 guys had a pt hypervisor to reverse?

my goal is to break out of the hypervisor... then see what my morals will allow.

gotta flip one little bit to hack the ps3. unfortunately the ps3 doesn't want me to flip it.

so, the hypervisor is in the first 0x1000 pages of RAM...think I could just pull an address line down and dump? not from kernel tho

PS3 memory map http://pastie.org/589218 ... why did I think this would be useful again? i really want these dumps @ bootloader

Code:

PS3 memory as seen from kernel space

the kernel:
c00000000xxxxxxx -> 0000408f92c94xxxxxxx
  c: 0  l: 1  n: 0  kp: 1  ks: 0
  c000000000000000 - c000000000f00000

vmalloc regions:
d00000000xxxxxxx -> 0000f09b89af5xxxxxxx
  c: 0  l: 0  n: 0  kp: 1  ks: 0
  d000000000000000 - d000000000004000
  d000000000008000 - d00000000000c000
  d000000000038000 - d000000000044000
  d000000000048000 - d000000000054000
  d00000000005c000 - d000000000074000
  d000000000078000 - d0000000000a8000
  d0000000000ac000 - d0000000000c0000
  d0000000000c4000 - d000000000130000
  d000000000134000 - d000000000140000
  d000000000144000 - d000000000150000
  d000000000154000 - d000000000164000
  d000000000168000 - d000000000178000
  d00000000017c000 - d00000000019c000
  d0000000001a0000 - d0000000001f4000
  d0000000001f8000 - d000000000208000
  d00000000020c000 - d000000000224000
  d000000000228000 - d00000000023c000
  d000000000240000 - d000000000254000
  d00000000025c000 - d000000000270000
  d00000000027c000 - d0000000002d8000
  d0000000002dc000 - d00000000032c000
  d000000000330000 - d00000000033c000
  d000000000340000 - d000000000430000
  d000000000434000 - d000000000520000
  d000000000524000 - d000000000558000
  d00000000055c000 - d000000000598000
  d00000000059c000 - d0000000005e0000
  d0000000005e4000 - d000000000618000
  d00000000061c000 - d000000000638000
  d00000000063c000 - d00000000064c000
  d000000000650000 - d000000000664000
  d000000000668000 - d000000000678000
  d00000000067c000 - d00000000068c000
  d000000000690000 - d0000000006e4000
  d0000000006e8000 - d000000000728000
  d00000000072c000 - d00000000075c000
  d000000000768000 - d000000000794000
  d000000000798000 - d0000000007ac000
  d0000000007b0000 - d0000000007f0000
  d0000000007f4000 - d0000000008c4000
  d0000000008c8000 - d000000000960000
  d000000000964000 - d0000000009d4000
  d0000000009d8000 - d0000000009f8000
  d000000000a00000 - d000000000a1c000
  d000000000a20000 - d000000000a2c000
  d000000000a44000 - d000000000a50000
  d000000000a58000 - d000000000abc000
  d000000000ac0000 - d000000000b20000
  d000000000b24000 - d000000000b3c000
  d000000000b40000 - d000000000b60000
  d000000000b64000 - d000000000b78000
  d000000000b7c000 - d000000000bc0000
  d000000000bc8000 - d000000000c48000
  d000000000c4c000 - d000000000d3c000
  d000000000d40000 - d000000000d68000
  d000000000d6c000 - d000000000d90000
  d000000000d94000 - d000000000d9c000
  d000000000da0000 - d000000000da8000
  d000000000db0000 - d000000000dc4000
  d000000000dc8000 - d000000000df0000
  d000000000df4000 - d000000000e10000
  d000000000e14000 - d000000000e2c000
  d000000000e30000 - d000000000e44000
  d000000000e48000 - d000000000e60000
  d000000000e64000 - d000000001014000
  d000000001018000 - d00000000105c000
  d000000001060000 - d000000001068000
  d00000000109c000 - d0000000010c8000
  d0000000010cc000 - d0000000010ec000
  d000000001174000 - d0000000011d8000
  d0000000011dc000 - d000000001224000

Bolted regions
f00000000xxxxxxx -> 0000dc19498bexxxxxxx
  c: 1  l: 0  n: 0  kp: 1  ks: 1
  f000000007aa8000 - f000000007aac000
  f000000007ac4000 - f000000007acc000
  f000000007b48000 - f000000007b4c000
  f000000007ba4000 - f000000007bb0000
  f000000007ecc000 - f000000007ed0000
  f000000007f2c000 - f000000007f84000
  f000000007f88000 - f000000007fac000
  f000000007fb0000 - f000000007fd8000
  f000000007fdc000 - f000000007fe4000
  f000000007fec000 - f000000007ffc000

The HTAB
d00008008xxxxxxx -> 0000d3df8b595xxxxxxx
  c: 1  l: 0  n: 0  kp: 1  ks: 1

Mappings in user area:
000000000xxxxxxx -> 0000dc19498bexxxxxxx
  c: 1  l: 0  n: 0  kp: 1  ks: 1
  0000000007aa8000 - 0000000007aac000
  0000000007ac4000 - 0000000007acc000
  0000000007b48000 - 0000000007b4c000
  0000000007ba4000 - 0000000007bb0000
  0000000007ecc000 - 0000000007ed0000
  0000000007f2c000 - 0000000007f84000
  0000000007f88000 - 0000000007fac000
  0000000007fb0000 - 0000000007fd8000
  0000000007fdc000 - 0000000007fe4000
  0000000007fec000 - 0000000007ffc000
00000000fxxxxxxx -> 0000d3df8b595xxxxxxx
  c: 1  l: 0  n: 0  kp: 1  ks: 1
000000004xxxxxxx -> 0000d1a140344xxxxxxx
  c: 1  l: 0  n: 0  kp: 1  ks: 1
  0000000040000000 - 000000004001c000
  0000000040028000 - 0000000040034000
  0000000040074000 - 00000000400a4000

it'd be nice if that worked, linux accesses sandboxed part of nand... 4mb of uselesses.

hacking the PS3, not hacked in three years how long will it take me?"


More PlayStation 3 News...

[semitope]

But how likely is this guy to matter and is the info in his tweets important in the opinion of the devs?

[chacalhh]

I really hope he can do it, because the ps3 is a console with so much potential just imagine the things that could be done with a hello world!!

[PS3 News]

But how likely is this guy to matter and is the info in his tweets important in the opinion of the devs?

I will have CJPC reply on that later today, but from what I recall when I asked him the "PS3 memory map" is just old/known linux stuff.

However, keep in mind that geohot had to start somewhere... so he could get up to speed quickly depending on how much time he has to invest.

[semitope]

I really hope he can do it, because the ps3 is a console with so much potential just imagine the things that could be done with a hello world!!

Didn't we get hello world a long time ago?

[PS3 News]

Excluding the fakes (people who modded SAK, etc), there has never been a way to run unsigned code on retail PS3 consoles made public.

[JesusFMA]

Looks like he needs a girlfriend hehehe, just kidding (again )

I just hope this guy be able to hack the PS3 or, at least, give a good advance in the matter. I'm not sure if it's possible to do such a thing because, as he says, it's been three years since the PS3 release and a lot of people are being in the same thing since then.

We all know that it ain't easy to hack an Iphone (which is "bad" from its very design) but it's even harder to hack a PS3, which I think was designed to avoid that possibility.

Anyway, the best of luck for this guy with his "tremendous" goal

[adrianc1982]

Looks like he needs a girlfriend hehehe, just kidding (again )

Believe me Im a computer geek and have a barbie gf. My geekness and computer sessions will never go away even with my bimbo gf :P

A geek is a geek and this guy likes his stuff, and probably has even more than a lot of us do.

[JeffJ]

Believe me Im a computer geek and have a barbie gf. My geekness and computer sessions will never go away even with my bimbo gf :P

A geek is a geek and this guy likes his stuff, and probably has even more than a lot of us do.

Nerdy dudes get all the hot chicks :P id post a pic but i dont want to gum up the works of this thread with all the hawtness comments bout my girl haha

[JesusFMA]

Believe me Im a computer geek and have a barbie gf. My geekness and computer sessions will never go away even with my bimbo gf :P

A geek is a geek and this guy likes his stuff, and probably has even more than a lot of us do.

Yeah,

I knew that posting that comment was a bad idea, but I didn't say that because of his geekness, but because the way he looks in that picture. Don't get me wrong, I respect guys like him who does a lot things that I can't even imagine, but (being honest) a good haircut would be nice .

I'm not exactly a geek, but I consider myself "smart enough", I'm more into the business management than the development department. I guess that, in the end of the day, everybody does whatever they wanna do with their time.

P.D. I love my girlfriend too