Phrack Magazine: Hacking the Cell Broadband Engine Architecture

Category: PS3 Hacks & JailBreak By: PS3 News - (phrack.com)
Tags: phrack magazine hacking cell broadband engine architecture

205w ago - To quote from SKFU's recent find:

"A few days ago the new Phrack Issue had its street date including an article about Hacking the Cell Broadband Engine Architecture.

The author BSDaemon who works for RISE Security used a PlayStation 3 system for his tests and got very interesting information for you; definitely worth reading!"

The article covers topics including: Debugging Cell, Debugging the SPE, Finding/Exploiting Software Vulnerabilities on Cell SPE, Memory Overflows, SPE memory layout, Avoiding Null Bytes and more on the PS3.

Those interested can check it out linked above in full!

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

7 Comments - Go to Forum Thread »

#7 - PS3 News - 204w ago

I noticed xorloser commented on this article at his blog today: http://xorloser.com/?p=119#comments

It is a nice introduction and overview of the cell for anyone who is new to it.

Unfortunately the "hacking/exploit" section takes up about 1 paragraph among the pages and pages of general info. If you were to read the official docs that this was based upon then the hacking/exploit information is pretty self evident. Basically it comes down to no memory protection, so you can write to "code" sections and execute "data" sections which is the requirements for buffer overflow style exploits that have existed for a long time. The wrap around memory addressing is a bonus that makes this even easier.

What they don't mention is the secure isolated SPU mode that anything of consequence runs in on the SPUs. In this mode the only access to the internals of the SPU is through an interface that is defined inside the isolated SPU module. Also these modules are encrypted and signed so that you cannot see how they work or alter how they work, making exploiting them very tricky.

#6 - red8316 - 205w ago

Very interesting read, thank you. I'm not very technical but I love to try and learn more. Cheers.

#5 - Dibblah - 205w ago

It is an interesting read - It's a beginners guide to writing code on the Cell. However, it contains no real surprises and definitely no exploits as such.

It's also concentrating on SPE vulnerabilities. Exploiting this is difficult, since the hypervisor (running on a SPE) protects main memory used by both the SPE and PPE. The hypervisor is essentially self-contained after boot - If it has been properly designed (and the lack of a hack after this amount of time suggests nothing else) it has only well defined external interfaces that can't be exploited by any obvious method.

So, to get an exploit in OtherOS or GameOS, you need to cause the hypervisor SPE to run your own code. There are also symptoms which would tend to indicate that there is a "watchdog" to ensure that the hypervisor is still active - If I was implementing this, it would be an external device to the processor that accepts some sort of signed message at 5 second or so intervals which resets the CPU in case of a missed heartbeat.

#4 - shummyr - 205w ago

this could lead to some good stuff!

#3 - walidahmadi - 205w ago

This looks interesting.. but whether anything rises from this or not is another question ?

Page 1 of 2 12 ›LAST »

Related PS3 News and PS3 CFW Hacks or JailBreak Articles

• Guide to Install multiMAN PS3 Themes via USB from a PKG File
• Simple PS3Updates v1.6 Build 2 Final PS3 Homebrew App Updated
• Video: Super Pixel Jumper v1.2 PS3 Homebrew Game is Released
• Video: Pointman: The Akkadian Wars PS3 Homebrew Game Arrives
• PSPMinis / PS3Minis / Bite v1.5.1 Update for PS3 is Now Released
• PS3 Fan Control Utility v1.7 for PS3 CFW CEX 3.41 to 4.41 Arrives

PlayStation 3 Links
• Contact Us E-Mail
• PS3 Affiliates
• PS3 CFW & MFW
• PS3 Debug Firmware
• PS3 Decrypted PSN Links for CFW
• PS3 Downloads
• PS3 EBOOT.BIN Original File Links
• PS3 Firmware
• PS3 Game Releases List
• PS3 Guides & Tutorials
• PS3 Hacking Guides and Tutorials
• PS3 Hacks & JailBreak
• PS3 Help & Support
• PS3 JailBreak Game Compatibility List
• PS3 JB2 / True Blue (TB) Game Links
• PS3 multiMAN Updates
• PS3 News Forums
• PS3 News Site FAQ
• PS3 News Site Advertising FAQ
• PS3 News Site Posting FAQ
• PS3 News Site Privacy FAQ
• PS3 News Site Rules
• PS3 News Site Tag Cloud
• PS3 News Site Terms
• PS3 Resources
• PS3 Reviews
• PS3 Save Files Repository
• PS3 Themes
• PS3 Trophies List
• PS3 Videos
• PS Vita Trophies List

PlayStation 3 News Discussions

Call Of Duty: Black Ops 2 Game Spoofer for PS3 3.55 CFW Out - 36m ago

I HAVE 1.11 update an i have black screen how can i fix it ?...

By pakistanos with

18 Comments »

Video: The Witness on PlayStation 4 / PS4: Creator Conversations - 51m ago

If I saw this as a launch title on the PS1 it would not look out of place. This isn't exactly pushing any boundaries is it?...

By ricopico with

1 Comment »

Codemasters Unveils Grid 2 Mono Edition, Ultimate Collector's Item - 2h ago

Codemasters Community Manager Ben Walke has officially unveiled Grid 2 Mono Edition today, which he touts as the ultimate collector's item for ...

By PS3 News with

0 Comments »

Ice-cool Skate Em Up OlliOlli Kickflips Onto PS Vita This Year - 2h ago

Roll7 Creative Director John Ribbins announced today that the ice-cool skate 'em up OlliOlli video game kickflips onto PS Vita later this year....

By PS3 News with

0 Comments »

Latest PlayStation 3 Trophies