Sponsored Links

Sponsored Links

 

PS3 Hack Exploit SX28 Hardware Arrives, Bring on the Hypervisor!

1300°
236w ago - Today the PS3 hack exploit SX28 hardware arrived, so we can begin work on dumping the PlayStation 3 Hypervisor to examine!

Up to now, both GeoHot and xorloser have successfully performed the PS3 hack while a few others simply obtained GeoHot's PS3 Hypervisor dump to study privately.

Needless to say, the rest of the PS3 scene including most of us here, have been waiting to take a peek at the unencrypted bootloader and Hypervisor lv0 and lv1 dumps.

We started by writing a Ubuntu Guide (as did titanmkd HERE) and attempted to use a 555 timer to obtain the 40ns pulse required to trigger the...
 

How the PS3 Hypervisor was Hacked and Dumped by GeoHot

750°
238w ago - A few days ago GeoHot Hacked the PS3 and dumped the PlayStation 3 hypervisor lv0 and lv1, and has now updated his blog with a technical writeup [Register or Login to view links] on how it was done written by Nate Lawson at rdist.root.org.

To quote from the article: "The PS3, like the Xbox360, depends on a hypervisor for security enforcement. Unlike the 360, the PS3 allows users to run ordinary Linux if they wish, but it still runs under management by the hypervisor. The hypervisor does not allow the Linux kernel to access various devices, such as the GPU. If a way was found to compromise the hypervisor, direct access to the hardware is possible, and other less privileged code could be monitored and controlled by the attacker.

Hacking the hypervisor is [Register or Login to view links] required to run pirated games. Each game has an encryption key stored in an area of the disc called [Register or Login to view links]. The drive firmware reads this key and supplies it to the hypervisor to use to decrypt the game during loading. The hypervisor would need to be subverted to reveal this...
 

PS3 is Hacked by George Hotz - Hello Hypervisor, I'm GeoHot!

1350°
239w ago - The PS3 is hacked, at least according to [Register or Login to view links] on his latest blog entry (linked above)!!!

This news comes just under a month after he resumed PlayStation 3 hacking!

To quote: "Hello hypervisor, I'm geohot

I have full read/write access to the entire system memory, and HV level access to the processor.

In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me.

Took 5 weeks, 3 in Boston, 2 here, very simple hardware cleverly applied, and some not so simple software.

Shout out to George Kharrat from [Register or Login to view links] for giving me this PS3 a year and a half ago to hack. Sorry it took me so long

As far as the exploit goes, I'm not revealing it yet. The theory isn't really patchable, but they can make implementations much harder. Also, for obvious reasons I can't post dumps. I'm hoping to find the decryption keys and post them, but they may be embedded in hardware. Hopefully keys are setup like the iPhone's KBAG.

A lot more to come..."
 

Some Easter PS3 Development Updates!

400°
334w ago - We have a few PS3 development updates for the new week, including some PS3 KeyVault Project and PS3 Flash news.

To start, resident PS3 Dev subdub has been a bit busy, so he has yet to put the finishing touches on our PS3 KeyVault Server Application. In his absence, both ggparallel and mainman have picked up the slack, and are finishing up the server application. While they are finishing up the app, they are also optimizing the code so it is more versatile as it can auto-update clients, and it will also be able to handle more requests.

Below is a picture of the client application's Web interface that runs on any PS3, including retail consoles via OtherOS. It basically lets you configure the PS3's IP address, check the status of the program, the kernel, and transmitted packets.

Another resident PS3 Dev, who recently received a PS3 TEST unit, is currently awaiting some new hot air rework tools. His PS3 TEST (see HERE) then has an appointment with some solder and wire. We expect to have the flash dumped soon, barring any unforseen circumstances, and then we can analyze the differences in the IPL as well as the mystery detection bits.

Finally,...
 
Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Sponsored Links