- This weekend GeoHot
, the hacker responsible for several Apple iPhone hacks, has returned to Sony PS3 hacking after his initial announcement
a few months back and has opened a PS3 hacks blog (linked above).
He recently made this [Register or Login to view links]
"I just pulled everything from the USB bus... [Register or Login to view links]
the Cell processor SPI bus, PS3 is going down :-)"
These are the latest posts on his new PS3 hacks blog:
The Cell processor has an SPI port which is used to configure the chip on startup. Well documented [Register or Login to view links]
. It also allows hypervisor level MMIO registers to be accessed. In the PS3, the south bridge sets up the cell, and the traces connecting them are on the bottom layer of the board. Cut them and stick an FPGA between.
Quick theoretical attack. Set an SPU's user memory region to overlap with the current HTAB. Change the HTAB to allow read/write to the hypervisor! If that works it's full compromise...