Page 2 of 29 FirstFirst 123412 ... LastLast
Results 11 to 20 of 290



  1. #11
    Senior Member ModderFokker's Avatar
    Join Date
    Mar 2008
    Posts
    280
    Indeed.. don't update anything for the coming weeks/months. Perhaps buy yourself another PS3 (phat one of course) new/used.

    I'm starting to think about it anyway

    Already have 2 Ps3's but one has a broken bluray player.

  2. #12
    Senior Member Pretikewl's Avatar
    Join Date
    Jun 2008
    Posts
    241
    Quote Originally Posted by Bakke View Post
    Question: This exploit will be tapped on the next PS3 fw update, right?
    Geohot himself said that it's unlikely Sony can "fix" this exploit, but he did say they could make it tougher to use it.

    Also, the fact it was done on older fw also makes me wonder if this is really any use at all as most people have 3.1+ (if they wanted to do anything online).

    Time will tell on this. I'm keeping my fingers crossed this leads to something useful. I want to play .mkv on my ps3 dang it!!

  3. #13
    Registered User fonzi09's Avatar
    Join Date
    Dec 2009
    Posts
    16
    From the man himself: http://pastie.org/795944
    geohot: well actually it's pretty simple
    geohot: i allocate a piece of memory
    geohot: using map_htab and write_htab, you can figure out the real address of the memory
    geohot: which is a big win, and something the hv shouldn't allow
    geohot: i fill the htab with tons of entries pointing to that piece of memory
    geohot: and since i allocated it, i can map it read/write
    geohot: then, i deallocate the memory
    geohot: all those entries are set to invalid
    geohot: well while it's setting entries invalid, i glitch the memory control bus
    geohot: the cache writeback misses the memory
    geohot: and i have entries allowing r/w to a piece of memory the hypervisor thinks is deallocated
    geohot: then i create a virtual segment with the htab overlapping that piece of memory i have
    geohot: write an entry into the virtual segment htab allowing r/w to the main segment htab
    geohot: switch to virtual segment
    geohot: write to main segment htab a r/w mapping of itself
    geohot: switch back
    geohot: PWNED
    geohot: and would work if memory were encrypted or had ECC
    geohot: the way i actually glitch the memory bus is really funny
    geohot: i have a button on my FPGA board
    geohot: that pulses low for 40ns
    geohot: i set up the htab with the tons of entries
    geohot: and spam press the button
    geohot: right after i send the deallocate call
    Fonz,

  4. #14
    Registered User ultrachez's Avatar
    Join Date
    Jan 2009
    Posts
    37
    Looks like this hack can't be implemented easily, if you dont have any "tools".

    Figured thats why he needed the digital logic analyzer.

  5. #15
    Senior Member Chivafighter's Avatar
    Join Date
    Jan 2009
    Posts
    248
    No Way... he released it... Time for the Devs to beign Investigating lol. Nice going to all the PS3 Devs and Geo Hot for putting much work to hacking the ps3.
    Last edited by Chivafighter; 01-26-2010 at 08:05 PM

  6. #16
    Registered User Dibblah's Avatar
    Join Date
    Oct 2005
    Posts
    36
    Interesting. A guess as to what he's doing is mapping an area of virtual memory which exists above the "target" (the area protected by the HV) and writing to it. The hardware hack is to quickly toggle one of the address pins during this write interval, so instead of writing to the unprotected (allocated by the HV for user-mode access) memory, the write actually goes to the allegedly inaccessible RAM.

    This could be patched by Sony very easily for this specific case by just changing the layout of the memory map. However, this does not actually close the hole - Just moves it, so that this specific incarnation of the hack won't work.

  7. #17
    Registered User ZimZi's Avatar
    Join Date
    Sep 2009
    Posts
    5
    .MKV suport is woot i'm hoping for!!!

  8. #18
    Registered User Raze1988's Avatar
    Join Date
    Dec 2009
    Posts
    221
    Quote Originally Posted by fonzi09 View Post
    From the man himself:
    geohot: i have a button on my FPGA board
    geohot: that pulses low for 40ns
    geohot: i set up the htab with the tons of entries
    geohot: and spam press the button
    geohot: right after i send the deallocate call
    Hahaha, I lol'd when I imagined that
    Last edited by Raze1988; 01-26-2010 at 08:10 PM

  9. #19
    Registered User xxLindenxx's Avatar
    Join Date
    Jul 2008
    Posts
    137
    Please tell me this is true! We need word from Ps3news and CJPC.

  10. #20
    Registered User Dibblah's Avatar
    Join Date
    Oct 2005
    Posts
    36
    Quote Originally Posted by ZimZi View Post
    .MKV suport is woot i'm hoping for!!!
    You do realize that at this time this hack gives no access whatsoever to Game or Update mode, right?

    The protection that exists on the disk for the PS3 system partition is still unbroken. At this time, the ONLY thing this might affect is allowing better access to some of the hardware from Linux.

 


 
Page 2 of 29 FirstFirst 123412 ... LastLast