To quote: As I'm sure everybody heard, the memory access exploit for the PS3 hypervisor was released recently by geohotz. I was finally able to replicate his hack so I thought I'd take the time to help out others who may also have trouble due to being linux n00bs like me.
If I were to post everything at once it would be too much work and I'd never get around to it, so I'll post bits at a time to ensure I actually do post it heh. Today's post will talk about the software side of the exploit.
Please note that the geohotz exploit software was hardcoded for the v2.42 firmware, I have made a small fix that attempts to dynamically support all firmware versions. I have only tested and used it on v3.15 however.
The first step is to install Linux on your PS3 which means of course that this will not work on a slim PS3. I tried a few different Linux distros and after various different issues I settled on using Ubuntu v8.10 since this is the same version that geohotz used.
I suggest using the "alternate" version since it includes a gui which the "server" version does not. You can download the 636MB image below, I suggest using the legal torrent below to save the bandwith of the Ubuntu servers.
After downloading, burn the image to a CD-R and install as you would any OtherOS install. There are many generic and also Ubuntu specific guides for doing this, so I won't cover that here.
Once you have Linux up and running you should log in using the username you created during install. Now open a terminal (Applications->Accessories->Terminal). You can enable the root account by creating a password for it by typing "sudo passwd". You then enter your current users password once and then the new root password twice. The root account will now be usable.
Now type "su" and then enter the new root password to get root access. Create a dir to put everything in. You could probably create this in your home directory, but I created it in the root of the filesystem so that I can share it between root and my user account as well as setting up access to it via samba from my PC.
To create the dir do "mkdir /ps3share", you can call it anything you want, I call it ps3share because I share it with my PC over samba. Now allow all users to read and write to it by doing "chmod a+rw /ps3share". Finally give ownership of it to your normal user account by doing "chown username:username /ps3share" where username is your username.
Next you need to get the "fixed" exploit software onto your PS3. Using a USB flashdrive is easiest. Copy the extracted files onto it from your PC, then insert it into your PS3. It should automount and bring up an icon on your desktop.
Double click the icon to open the file browser. Right click on the USB drive in the filebrowser and choose to "Open in New Window". Then on the left side of the file browser select "File System" and then "ps3share". Now drag the files from the USB drive into your "ps3share" directory.
I have included a binary of the exploit file for those of you who don't want to build it yourself, but for those who do here is how. First you need to fix the location of the kernel headers so they can be found by the build scripts, so do "mv /usr/src/linux-ports-headers-2.6.25-2/ /usr/src/linux-headers-2.6.25-2/".
Now change to the directory with the exploit source in it "cd /ps3share/ps3_exploit_fixed/src" and then build it by typing "make". There will be a lot of warnings but it should create the file "exploit.ko".
You are now set to run the software side of the exploit. DO NOT run it from this terminal while in the GUI, it should only be run from console mode. If you do run it you will not see anything happening, but your PS3 will suddenly become really slow and you will have to turn it off. More about the running of it in a future post.
A summary of the commands to enter at the terminal is below:
(then enter users password once, then the new password for root twice)
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
to Sony: I really hope your PS3 is going to be fully hacked soon!! because you never listen to your customers... Most of us don't want to see it hacked because of the ability to play pirated games.. no.. Because we all want the ability to play our own purchased games since ps1 from the HDD..
The ones who are the real pirates is sony: hey the PS2 is getting old.. lets release a PS3 and ad some new stuff.. and lets laugh our ass off when we'll charge our loyal customers for the games they already own a hardcopy of.. that way we can earn back all the money we've lost trough piracy.. yes of course we could release PS1/PS2 emulator.. but than well earn less money through PSN.. so lets release that at the end of the PS3 lifecycle..
sorry... guys its just how I feel about sony
I bet the PS4 will include all the functions we want the PS3 to have (with some strings atached of course)
Correct, it's all about economics really as once it is used to obtain the PS3 HV dump it won't be needed again. CJPC has been doing some pricing online and (assuming you have no materials handy) the GeoHot FPGA way runs in the $150-200 range while the xorloser SX28 way runs in the $50-100 range for parts... so neither is as friendly on the wallet for a "one-time use" as what they have been trying to work out in the 555 timer thread but the xorloser way definitely is cheaper than the GeoHot way.
Finally, you are correct that the Hypervisor is dumped to the PS3 HDD via Linux.
The "average joe" would not know what to do with it anyway. This does not magicly enable you to play pirate games or somethings like that. It just make it possible to modify the memory (and dump it) so it can be analyzed in search for useful info. Then we'll see what the smart people can do with the new info.