GeoHot Resumes Sony PS3 Hacking, Opens PS3 Hacks Blog

Category: PS3 Hacks & JailBreak  By: semitope - (geohotps3.blogspot.com)
Tags: geohot ps3 hack resumes sony ps3 hacking opens ps3 hacks blog

178w ago - This weekend GeoHot, the hacker responsible for several Apple iPhone hacks, has returned to Sony PS3 hacking after his initial announcement a few months back and has opened a PS3 hacks blog (linked above).

He recently made this Tweet:

"I just pulled everything from the USB bus... http://pastie.org/757313 the Cell processor SPI bus, PS3 is going down :-)"

These are the latest posts on his new PS3 hacks blog:

Cell SPI

The Cell processor has an SPI port which is used to configure the chip on startup. Well documented here. It also allows hypervisor level MMIO registers to be accessed. In the PS3, the south bridge sets up the cell, and the traces connecting them are on the bottom layer of the board. Cut them and stick an FPGA between.

Quick theoretical attack. Set an SPU's user memory region to overlap with the current HTAB. Change the HTAB to allow read/write to the hypervisor! If that works it's full compromise of the PPU.


A Real Challenge

The PS3 has been on the market for over three years now, and it is yet to be hacked. It's time for that to change.

I spent three weeks in Boston working software only, but now I'm home and have hardware. My end goal is to enable unsigned code execution, making every unit into a test and opening up a third party development community, either through software or hardware (with a mod chip). The PS3 is a prime example of how security should be done, very open docs wise, and the thing even runs Linux. But it isn't unbreakable :-)



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 152 Comments - Go to Forum Thread »

Quick Reply Quick Reply

  • Decrease Size
    Increase Size
  • Wrap [QUOTE] tags around selected text
semitope's Avatar
#147 - semitope - 174w ago
Reply
Quote Hello hypervisor, I'm geohot
I have full read/write access to the entire system memory, and HV level access to the processor.

In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me.

Took 5 weeks, 3 in Boston, 2 here, very simple hardware cleverly applied, and some not so simple software.

Shout out to George Kharrat from iPhoneMod Brasil for giving me this PS3 a year and a half ago to hack. Sorry it took me so long

As far as the exploit goes, I'm not revealing it yet. The theory isn't really patchable, but they can make implementations much harder. Also, for obvious reasons I can't post dumps. I'm hoping to find the decryption keys and post them, but they may be embedded in hardware. Hopefully keys are setup like the iPhone's KBAG.

A lot more to come...


Just like that it is done? lol We'll see what comes out of it but congrats to him!!

Preceptor's Avatar
#146 - Preceptor - 174w ago
Reply
But if he managed to dump the hypervisor, correct me if I'm wrong, I'm pretty sure the Devs would be able to properly decrypt the HDD using the keys stored in it. If I'm not wrong, using the Knightsolidus' method there are still some files that are inaccessible. So it could prove useful.

pirge's Avatar
#145 - pirge - 174w ago
Reply
He appears to be trying to access the memory where the hypervisor is resident. If he can dump the hypervisor then that should provide a lot of useful information.

But given the PS3 security architecture is seems unlikely the hypervisor could be modified and still run on the PS3. The Cell security design is supposed to prevent modification of signed code... so something else would also be needed for a full 'hack'.

PS3 News's Avatar
#144 - PS3 News - 174w ago
Reply
Not that I know of... although a few may have tried it on their own but never mentioned it in the channel due to nothing noteworthy being found on their end.

semitope's Avatar
#143 - semitope - 174w ago
Reply
Originally Posted by PS3 News View Post
Quote One of them said the following on IRC about it today: "fuzzing lv1 calls could be interesting" but that is about it. CJPC is busy with his latest "toy" which arrived today and will be covered in this weekend's Site News update.


So they've tried it?

Page 2 of 31 «123456789LAST »

Related PS3 News and PS3 CFW Hacks or JailBreak Articles

Guide to Install multiMAN PS3 Themes via USB from a PKG File
Simple PS3Updates v1.6 Build 2 Final PS3 Homebrew App Updated
Video: Super Pixel Jumper v1.2 PS3 Homebrew Game is Released
Video: Pointman: The Akkadian Wars PS3 Homebrew Game Arrives
PSPMinis / PS3Minis / Bite v1.5.1 Update for PS3 is Now Released
PS3 Fan Control Utility v1.7 for PS3 CFW CEX 3.41 to 4.41 Arrives
Affiliates  NewsNow  Privacy  PS3 CFW & MFW  PS3 Hacks & JailBreak  PS3 Reviews  PS3 Videos  © 2013 PlayStation 3 News

PlayStation 3 Links

Contact Us E-Mail
PS3 Affiliates
PS3 CFW & MFW
PS3 Debug Firmware
PS3 Decrypted PSN Links for CFW
PS3 Downloads
PS3 EBOOT.BIN Original File Links
PS3 Firmware
PS3 Game Releases List
PS3 Guides & Tutorials
PS3 Hacking Guides and Tutorials
PS3 Hacks & JailBreak
PS3 Help & Support
PS3 JailBreak Game Compatibility List
PS3 JB2 / True Blue (TB) Game Links
PS3 multiMAN Updates
PS3 News Forums
PS3 News Site FAQ
PS3 News Site Advertising FAQ
PS3 News Site Posting FAQ
PS3 News Site Privacy FAQ
PS3 News Site Rules
PS3 News Site Tag Cloud
PS3 News Site Terms
PS3 Resources
PS3 Reviews
PS3 Save Files Repository
PS3 Themes
PS3 Trophies List
PS3 Videos
PS Vita Trophies List

PlayStation 3 News Discussions
PS3 Unbricking and Downgrading Service - 25m ago

floaties's Avatar
Quote I'd like to get my ps3 downgraded, how much does it cost?...
By floaties with
 696 Comments »
How to Check the PS3 Base Firmware Version with MinVerChk - 3h ago

drdr3133's Avatar
Quote hi dude my ps3 is 320G. cech 3004B. base version 4.10 but now update to 4.41 can i downgrade and hack it if yes how can i do that plz thx...
By drdr3133 with
 31 Comments »
What Are You Most Looking Forward To? - 3h ago

Natepig's Avatar
Quote With the super charge in power and ram, what are you looking forward to most, that will be possible with PS4? I would like to see a massively detai...
By Natepig with
 0 Comments »
Sony India Leaks Rumored PlayStation 4 / PS4 250 GB Retail Pricing - 3h ago

Natepig's Avatar
Quote I love how its coming in time for Christmas. I have 2 young sons so my wife won't object to buying 2, because I tell her the kids will be freaks if w...
By Natepig with
 6 Comments »

Latest PlayStation 3 Trophies
 Move Street Cricket II: Ace of all trades
 Move Street Cricket II: Veteran
 Move Street Cricket II: 5 Star
 Move Street Cricket II: Velcro Hands

Latest PlayStation Vita Trophies
 Men's Room Mayhem: Toilet Trouble
 Men's Room Mayhem: Mayhem Master
 Men's Room Mayhem: Hygiene Award
 Men's Room Mayhem: Sand in the Face

Latest PlayStation 3 Releases
Kamen Rider Battride War Premium TV Sound Edition JPN PS3-HR - 05-24-2013
Tom Clancys H A W X EUR PS3-Googlecus - 05-23-2013
Terraria JPN PS3-HR - 05-23-2013
Kamen Rider Battlide War JPN PS3-Caravan - 05-21-2013

Latest PlayStation 3 Themes
 Wolverine Origins PS3 Theme - 05-19-2013
 Heavy Rain (Official) Dynamic PS3 Theme - 05-09-2013
 Wipeout HD Fury Dynamic PS3 Theme - 05-06-2013
 Batman Arkham City Dynamic PS3 Theme - 05-04-2013