112w ago - Today Myce.com (linked above) interviewed PS3 hacker KaKaRoToKS, who states that a PS3 Firmware 3.60 solution is indeed coming after reports and videos of a 3.60 JailBreak running code circulated last week.
Below is the the KaKaRoToKS interview in full, to quote:
What are your thoughts on the recent PS3 3.60 firmware cracking video that was uploaded and removed over the course of a day last week? Many dubbed it fake and said it was a debug PS3, but when we chatted with the guy who uploaded it he defended it as real and said it was a retail unit.
I’ve seen the videos, and I also talked to the people who did it. Whether it’s fake or not, I cannot tell as I have not been authorized by the authors to divulge what they did. All I can say is that they said they would never release it, so whether it’s fake or not has no importance, since in the end no one will have access to it.
However, as I’ve said to a few people on Twitter, the hack that was used on 3.55 and lower was unique and Sony fixed it. So, that’s finished and we can’t use that method anymore, but it doesn’t mean that there are no other methods to jailbreak. A solution for 3.60+ will be available soon, so no worries — people just need to be patient.
Most people associate “hacking” with “piracy.” You admit to taking steps to lock out piracy. Is that getting lost in the shuffle here? People assume “hacking” automatically means “pirating.” It seems like piracy is often a “necessary evil” that comes along with the process but then overtakes any other points.
There are four words that people keep confusing: “hacker,” “cracker,” “pirate” and “cheater.” But it’s not the same thing at all.
A hacker is basically someone who “innovates and finds solutions to a problem.” A cracker is someone who uses his skills to steal, scam or harm others. A pirate is someone who just steals copyrighted works without paying for it. And a cheater is someone who uses other’s skills in order to cheat in games and thinks he’s awesome for clicking on a button.
Yes, people unfortunately associate a hacker with a pirate, but it’s not the case at all. In my case for example, I’ve never pirated a PS3 game. I have bought over 150 games for my PS3 in the last 3 years, and I don’t think any of the hackers in the scene want piracy to happen. We all just want to find challenges and bring back the freedom that we are meant to have on our machines.
Piracy isn’t a “necessary evil.” It’s not necessary at all. The only reason piracy happened on the ps3 is because Sony were arrogant and they thought no one could get inside the PS3. But once you install a homebrew application, it has full access to everything. There is no protection inside the PS3 to prevent piracy. The only protection they have is to prevent you from installing a “non-authorized” application. If they secured the PS3 internally, piracy would probably never have happened because no one skilled enough to hack the PS3 would spend time on it!
We take steps to avoid piracy, but in the end, there’s always someone who will implement “backups support”, which is legitimate in many countries but unfortunately used for piracy too.
What has been the public’s reaction to your recent work on cracking the PS3’s firmware? Is it equal amounts scorn and appreciation? Are you getting hate mail from fanboys?
I do get/see hate mail, but it’s quite minimal. There was a huge reaction of appreciation and happiness. Recently though I’m seeing a lot of “stupidity” and “annoyance” : people asking everyday about a 3.60 CFW even though I’ve said 1,000 times that I’m not working on that.
Do you think GeoHot/FailOverflow’s PS3 jailbreaking will have an industry-wide impact come the next round of game consoles? If so, how? Any predictions on how Sony might try to block hacking in the future?
Yes, I think it will. For one, I think that the industry will try harder to make the consoles more secure. Sony will probably try to hire a real security expert, because as we’ve seen from Fail0verflow’s analysis the PS3 was not secure at all. It almost looks like they hired 5-year-olds to build their security! The Cell processor’s architecture is secure however, since IBM designed it, but in terms of implementation of security by Sony, they completely failed.
Honestly, the only reason the PS3 wasn’t hacked earlier is because it supported Linux from the start. Because of how arrogant Sony was – boasting about their unbreakable security – a lot of hackers abandoned it even before trying.
The one effect I’m looking forward to from the Geohot lawsuit is that I believe it will bring attention to the hacking community from the lawmakers in the U.S. and that jailbreaking a game console will be made legal — just like what happened with the iPhone.
Do you believe it’s futile at this point for Sony to combat the hacking?
Yes, it’s futile. Their code is full of bugs, and they can’t fix it fast enough. We have full access to the machines and we will keep creating solutions to whatever they come up with. However, it is understandable that they want to protect their investment and they will of course continue to fight.
I think the only solution for them to close this whole issue is if they bring back Linux support with full hardware access and add a new protection against piracy inside the PS3 so even if a homebrew application is installed it wouldn’t be allowed to do piracy. Then, they will have secured their system, because we’d have no more reason to try to hack it and all the hackers would simply stop.
Considering their reaction to the scene (suing geohot, grafchokolo and others, sending threats to every hacker and trying to enforce the message ‘if you touch your own property, we’ll make your life hell’, they got a lot of people pissed at their scare tactics. I think some people will try to get revenge anyways, so maybe it’s too late for them.
We already saw one hacker who was offered a job by SCEA (Ed: Android hacker Koushik Dutta) and refused it because of their reaction to the community, and a lot of people are now boycotting Sony. They are already getting payback thanks to their poor community skills. Of course they’ll just blame the loss of sales on piracy, but they should really think of the fact that most of their losses will not be because of piracy but a reaction to their tactics.
How did you feel when your name was listed in a legal motion by Sony for a Twitter subpoena?
Well, I must say it wasn’t a happy feeling. I was quite pissed at Sony for trying to get information on me knowing quite well that they already know all there is to know.
All information about me – my name, email address, where I live and what my job is – are well known already, so I saw no point in them doing that. And considering that all my tweets are public, it makes no sense.
What pissed me off the most was about the Paypal subpoena, because that contains more personal information: credit card information, bank accounts, addresses, etc. But not for me; it was about getting that information from anyone I have had contact with through Paypal. I use Paypal for personal transactions, with friends and family, and having that kind of information sent to Sony simply because they want to screw with us is completely unacceptable. It violates my basic privacy rights as well as the rights of many unrelated people.
Seeing that got me a bit scared of course, but I’d say that mostly it got me very angry. I was thankful to see the judge quash their subpoena. I do not agree to my personal information, as well as the personal information of my friends, to be made available to a corporation like Sony.
Would the allure of hacking games consoles disappear if, as you predict, hacking them becomes legal under the DMCA? Or do you believe that would lead to more interest in hacking them?
I don’t think it would change anything. On the contrary, it might give the opportunity to those who are scared of Sony to actually step up and provide their help.
I don’t think anyone is hacking the games consoles because it’s supposedly illegal under the DMCA. It’s not about going against the system, or revolting. It’s more about freedom and about tinkering with our property– learning and gaining knowledge.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Today PS3 hacker Mathieulh reports finding a PlayStation 3 Firmware 3.56 exploit, although he states he has no plans to give any further details about it.
To quote from PSX-Scene (linked above): Well-known hacker Mathieu Hervais has reportedly found a bug that allows exploiting metldr, the bootloader and firmware version 3.56. Unfortunately, he refuses to release it.
Originally Posted by Mathieulh (via http://twitter.com/Mathieulh/status/44199017273507840):
I hesitated a lot before tweeting about it, but a bug allows exploiting metldr, the bootloader and 3.56+. I don't intent to ever unveil it.
So much for "unhackable" PS3s though... I am not giving any further details about it. Sorry.
Actually the revocation list exploit doesn't allow you to exploit isoldr, you could however sign a revoke list if you had the revocation list keys and knew the sign fail, and use that to dump isoldr. Metldr does not load revocation lists.
This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys) This has been tested, how do you think I could release the lv2ldr and appldr keys ? (about 24hrs before Geohot showed up with metldr keys)
You can also dump any loader using a signed metadata (including metldr) though that means you need to have the keys for it in the first place (kinda kills the purpose)
Your entire purpose is to get the isolated process (the code running inside the spu) to jump to your instructions
For exemple the following instructions will dump the isolated LS to the SPU mailbox:
Of course you'll need a ppu payload to fetch the mailbox data. Metldr is trivial to dump now that you can sign your loader, but I wont say anything more on this.
Finally the problem with isoldr and the revoke list exploit isn't so much that the exploit doesn't work (it actually does) It's that the payload from the crafted revoke list overwrites isoldr keys (which kinda kills the whole purpose), You can however get the revoke list keys from lv2ldr or appldr using the revoke list exploit and then sign a revoke list metadata to exploit isoldr later on. (There are other ways to get isoldr though, including the 3.60+ exploit I have (but there is at least another I know of) Again, good luck in your endeavor.
There is more than one npdrm key. It's not been released because the ones who have the skills to do it do not remotely care about pirating PlayStation store games (obviously).
Finally, in related PS3 homebrew news today a PS3 FW Downloader application has been released which includes Official PS3 Firmware 2.50 - 3.55 and has Geohot, Kmeaw, Wutangraz PS3 Custom Firmware and 3.55 Downgrader support.