63w ago - Following up on his PS3 SCETool update and PS3 Dump_Rootkey code, today Sony PlayStation 3 hacker Naehrwert has posted some details on exploiting the PlayStation 3 lv2_kernel and has made available a sample 3.41 implementation below.
To quote from his blog: Exploiting (?) lv2
A long while ago KaKaRoTo pointed me to a stack overflow he found while reversing lv2_kernel. But there are two problems:
1. The vulnerability is in a protected syscall (the SELF calling it got to have the 0x40... control flags set). So you’d first need to find a suitable usermode exploit (don’t ask us), that gives you code execution with the right privileges.
2. The payload data is copied to lv2 heap first and the function will do a free call on it before the payload has any chance to get executed. This might not sound like a problem but it looks like lv2′s heap implementation will overwrite the free’ed space with 0xABADCAFE and thus destroy the payload.
Here (pastie.org/4755699) is my sample implementation for 3.41 lv2_kernel...
153w ago - Update: As planned, today Marcan42 has showed a Fail0verflow live demo (videos below) of him booting up a PS3 Slim to a Linux Kernel during the Lightning Talks as part of Day 4 at the 27C3 PS3 Exploit Hacker Conference.
Below are the fail0verflow PS3 exploit details along with related 27C3 (Chaos Communication Congress) Hacker Conference 2010 PlayStation 3 highlights.
Currently it includes an outline and details on PS3 SELF Crypto and PS3 SELF File Format and Decryption, and will be updated throughout the day as new details and video footage (full video now HERE- Thanks zeromx) arrive.
As previously reported, the PS3 hacking segment took place today at 16:00 (local time) in Saal 1 and a live stream was available in the following formats:
155w ago - Update: The 27C3 PS3 Hacker Conference date has been changed to 12/29 as reported HERE, with live streams available HERE for those interested.
At this years 27C3 (Chaos Communication Congress) Hacker Conference on December 28 videogame console hackers marcan, bushing, and sven will be lecturing on the recently hacked PS3 system and plan to share a some new exploits details as well!
From PSGroove (linked above): In addition to PS3 security, the lecture will also touch on other consoles, such as the Xbox 360 and Wii.
"We will also go over hacks for the other consoles, including the JTAG hack for the Xbox 360 which made running homebrew code more convenient, and the cat-and-mouse games that Nintendo played with us to combat Wii hacks. We might also check out the security of their 'new' handheld console - the DSi."
For those of you unfamiliar with the Chaos Communication Congress, it is an annual meeting of the international...
158w ago - Today HKKory has shared a video of what he calls a PlayStation Move demo disc exploit via PS3 JailBreak, however, as PSGroove points out the console is already JailBroken so this isn't really an exploit and won't likely lead to anything.
To quote: "The PS3 homebrew news has seemed to slow down, a lot. So I thought I would start making some news. I noticed the demo disc that came with my move, runs off the XMB, and installs demos.
I pondered if the same method could be used for homebrew, or whatever. I backed it up with my manager, and looked in the files. I realized the installs were DATA000.PKG so I renamed a emulator to that, copied it over to move folder, and installed it.
Now I'm not a coder, so I would like to turn this news over to anyone that could make some use of it to further our efforts. But please, remember to credit me, if you work further upon this discovery.
Here are the details:
• Back up Move Demo Disc (10GB)
• Select Install Disc
• Make sure a Disc is in the Drive
• Open Your File Manager
• Open Dev0HD
• Go to folder with rips
• Navigate to BCUS-98263
• D001 - D012 have the pkg files.
• Rename desired .pkg to DATA000.PKG (USE CAPITALS ON THE .PKG)
159w ago - Today DemonHades (and Jack90 at Spanish site Elotrolado.net) have reported a rumor of a possible PS3 kernel exploit discovered in the FIFA Soccer 09 game for PlayStation 3.
Currently there are no plans to publicly disclose the exploit, however, if it does surface there is a good chance it will still be present in PS3 Firmware 3.50 so only time will tell for sure.
To quote DemonHades, roughly translated: "I do not think showing more are demonstrated, but helping others and providing information.
I am not a coder "hopefully" would dawn, I'm ideologue and analyze the details.
What the exploit as I said in my private message that was copied to EOL (without my consent) was a reply to the question suggested by maee, who kindly responded.
As I said the FIFA09 has a kernel exploit not want to publish for several reasons, including neglecting the business model wave dependence on "x" groups, including Math.
Having the information is to have the power to handle situations as you saw when they released the code in the groove ("as if you throw rice to the pigeons go all at once and do not separate from you, but if they see anything they do not strip is piran "), I for personal reasons...