PS3 hacked!

There is very little information out at the moment, but [geohot] has successfully hacked the PS3 to have full read and write access, bypassing the Hypervisor. At the moment he’s not revealing the exploit, but with this knowledge it wont be long before the PS3 finally gets whats coming. Keep track of [geohot's] progress on his twitter, @geohot, and blog.

[Thanks Jack, Julio, Jeremy, Squisso, and Vor]

Comments

  1. kirov says:

    only to be patched within 5 minutes of him actually releasing the exploit by sony, ensuing a many year long game of cat and mouse before sony can’t really do anything

  2. wdfowty says:

    this is amazing. i had a feeling he would crack it. keep the good stuff coming!

  3. RoboGuy says:

    He says on his blog (link in article): “The theory isn’t really patchable, but they can make implementations much harder.”

    Think you might be wrong, kirov.

  4. Alec says:

    @kirov It’s a hardware hack…geohot says it’s not patchable.

  5. wdfowty says:

    …was just reading through the comments on his blog…half the kids commenting are already begging for iso loaders for “backups”. can’t believe it, the scene isn’t even a week old and these rtards are already trying to kill it…

  6. InsanityOnToast says:

    Yes but couldn’t “but they can make implementations much harder” mean that they could make the exploit process vary for each system (address randomization for example), meaning the exploit would have to be crafted slightly differently for each system and so a single generic exploit wouldn’t work for everyone?

  7. jamieriddles says:

    Finally,
    This was the only thing making me consider a 360 and keeping me back from getting a PS3

  8. minxo says:

    He glitched RAM through lvl1 allocation calls cause there is no ECC on the RAM, it can be done on bus too if you can work out RF issues. He has r/w to the upper 2MB that was locked by PPC LPAR and dumped all the functions code that was seen in the kernel.

    He actually documented everything but the specific exploit.

  9. Marvin says:

    See Sony?

    That’s what you get for pulling Linux support…

  10. newb says:

    <3 geohot

  11. eric says:

    I wonder if he has other motives. He was briefly looking at the PS3 as a key cracker, but was upset that the hypervisor didn’t allow him to use the full cell chip or the GPU for calculations ( up to a 10x jump in processing power ). A few hundred hacked PS3’s running key cracking calculations could allow him access to all sorts of hardware that is “protected” by cryptography including things like a possible universal unlock for cell phones.

  12. nubie says:

    @ eric, why is it a 10x jump on processing power?

    It is just a 7800/7900 nVidia chip, if anyone wanted the processing power of that wouldn’t they just buy a few faster nVidia cards, like the 9600GT for example? Or maybe the GT250/GT260?

    Neat hack, I hope this lets full use of the PS3, shame waiting this long for full access.

  13. Alphathon says:

    I’m interested in seeing what comes from this. I really don’t know what homebrew the PS3 would benefit from, but there’s plenty of creative stuff on the PSP and Wii so we’ll see.

    You never know, we may even see ps2 a emulator. Half the work has been done by Sony anyway (I forget which chip is already done, but I’m sure you know what I mean).

    Let’s just hope pirates don’t ruin it for everyone.

  14. eric says:

    @nubie

    The cell itself provides ~218 gflops while the RSX GPU provides ( depending on who you ask ) upward of 1800 gflops. So that’s upwards of 2 tflops for 193 used, 299 new. As opposed to the 9800 GT which provides 756 gflops for $99 ( before system costs ).

  15. carlton says:

    If this could lead to graphical (opengl) acceleration, PS3 Linux could actually be useful. StepMania on the PS3 would be sweet.

  16. Haku says:

    Looking at the replies to the blog post I’ve not seen so much arse licking and sucking up since Steve Jobs released his last over-priced shiny object, it’s almost unreal.

  17. blizzarddemon says:

    Man Kirov is like the Negetive Nancy of Hack of Day <.<

  18. tim says:

    Awesome, cant wait to have a hacked PS3 sitting next to my hacked Falcon Xbox 360.

    Full linux support on the PS3 should be a lot less glitchy than the 360 since it was natively supported (although crippled) for a while.

    I hope this exploit works on the slim version too :)

  19. pixelwhip says:

    Anyone reading this most likely also thinks Geohots is a legend & agree’s that we really need more hackers like him to help take on the DRM lovin’ corps..

  20. Spazed says:

    Haku, when was the last time you accomplished such a daunting undertaking? When was the last time you waged a hostile takeover of your own former company and brought it from the brink of death to one of the biggest companies in the US?

    Oh, you haven’t done anything of that caliber? Well, that’s ok, I’m sure you’re meaningless rants on a relatively small website devoted to software and hardware hacks are making the world a better place.

    Congrats to Geohot, that is some pretty crazy hacking. I hope he gets the encryption keys soon.

  21. jjrh says:

    full opengl + linux should really open the door for some great homebrew and pretty visual effects.

  22. M4CGYV3R says:

    Where’s a good place to start with learning the ins and outs of cryptography?

    I’m a very good programmer in several common languages, and I’d love to be able to work on stuff like this. I honestly don’t know any cryptography theory that could get me started and most of the crap I find on the web is wannabes or doctoral-level papers on some extremely specific decryption.

    Any good reverse-engineering resources someone could point out?

  23. Haku says:

    Spazed, have you?

  24. nate says:

    its commendable since its more than people showing they can downgrade some ps3 firmware
    but it might not work because the hardware is different in the different ps3’s in minor or major (slim ps3) ways so it might not work for all
    im interested because i dont want a chance of being banned from psn if they can check your system, remember how M$ banned xboxes from live when they decided to find all hacked systems sony may do the same anyway good job sony for keeping it really secure for 4 years and possibly more

  25. anon says:

    Without seeing a working, hacked PS3, I am just too skeptical to believe it regardless of résumé.

  26. MysticShadow says:

    Kudos to geohot!!!!!!

    i have hacked ma bell(O), Dave, JP Morgan, Time Warner, Cox Cable, T-Mobile, Motorola, Verizon and many more… geohot prove them wrong… show the vuln.

    MS.’.

  27. greycode says:

    No reverse engineering needed, anyone with the chops knows about this book, http://www.schneier.com/book-applied.html Bruce can break this complex subject down in a way that makes it look easy and lets you think for a New York Minute that you are good enough to try it yourself.

    Cryptography is vast, it is complex, and it is easy to make a very serious mistake. But that book is the text book that everyone works from.

  28. greycode says:

    Sorry forgot to put @ M4CGYV3R

  29. minxo says:

    With the way the exploit works a POC would instantly reveal his method. The most he could do would be try to implement an inline protector with maybe macros or something, but stuff harder than that gets reversed every day. He’s wise to this.

    I don’t really think he cares if random people believe him, he’s got scientific awards and another high-demand DRM crack out there to prove his talent. He’s use to the haters too, he dealt with the same grit with the i-product unlocks.

    Anytime you do something significant or show wisdom on the network of pseudonyms(internet), some careless nobody or incompetent person in the same field with jealousy is going to try and shoot it down..

  30. sarsface says:

    @ M4CGYV3R

    read Cryptonomicon

  31. wdfowty says:

    lol @ spazed. im pretty sure haku was talking about the commenters kissin ass to get their hands on the exploit, not geohot or his ‘daunting undertaking’. calm down bro.

  32. anon says:

    @minxo

    You suck his dick too? You have some serious butthurt over the fact that I am skeptical of his results. I can’t see why you would nor why any reasonable person wouldn’t be a little suspicious considering how difficult the PS3 is.

  33. Taylor says:

    @kirov
    I would tell you to just go away, but what’s the point…trolls will be trolls.

    I agree with the commentors that think that this will likely lead to a move on Sony’s part like the mass X-box bans. Really sucks. If they would let it go, this would make the ps3 an automatic for me when I buy my next console. Would be great if they would let you use the hardware you bought and paid for the way you want.

  34. Haku says:

    Yes, I was talking about how so many posts were from people offering help to test unlocking code to run backups, ie:

    “I am willing to test for you if you feel the need!”
    “If you need betatesters!”
    “@geohot: i think, me, and others devs, are ready to help you if you need coders to make some softwares things :)”
    “Great work geohot. Let me know if you need anything.”
    “let me now if you need a help disasambing hv code, cheers :) You’re my hero!!! :)”
    etc. etc.

    I have no disrespect to geohot’s ability, exemplary is an understatement.

  35. tim says:

    @anon: seriously, what was the point of your post? To make yourself feel better? Really, nobody cares if you’re skeptical or not. It has no effect on whether or not the hack actually exists. We’ll find out soon enough, immature posts or not.

    This is a hacking site, meaning we should discuss HACKING, not pointless flame wars. Grow up, people.

  36. anon says:

    @tim

    So my skepticism of the hack, and commenting on this article as such, is somehow not relevant to the discussion?

    You might want to fix your reading comprehension.

  37. nubie says:

    @eric

    I don’t follow your logic, a 7800/7900 with 20-24 pixel shaders and 7-8 vertex shaders at 550mhz is nothing like a 9800GT with 98-112 Stream processors at 1500mhz.

    Or even frankly like a 9600GT with its 64 stream processors clocked at 1600mhz.

  38. Heratiki says:

    I’m with most in saying no matter how much is documented or how much is said it still comes down to I don’t believe it until I see it… And as much as I would love to use my Slim to do all sorts of things through Linux and see amazing Homebrew I don’t want to see the machine lose to pirates like the PSP has… You say all you want but the release schedule for the PSP vs the DS is silly and the PSP is basically a small form factor PS2 so developers aren’t stingy because of development costs like they say they are on the PS3… Sigh…

    I bought my PS3 because he hasn’t been hacked… Get on the 360 and you’ll see what I mean… Any multiplayer game you play has hackers… All day… Everyday… Booooo

  39. SophT says:
  40. supershwa says:

    @minxo

    I’m sure you’re right — this is the “unpatchable” part he’s referring to. Glitching non-ECC memory would definitely be the way to go in getting around PS3 security. Don’t mind the
    “anon” haters who use the “do you suck dick” strategy (obviously not very creative people with such unintelligible statements) — I think you’re 100% accurate in your theory.

    geohot certainly knows his way around hardware…props to ya, gh! Keep up the good work (I understand the discretion in releasing the details, so take your time!)

  41. minxo says:

    @anon: Nobody but you has the “butt hurt”. I was just stating the obvious, people like you with no talent and who make little effort in life are going to slander and attack his work. He has nothing to prove to his herd of haters.

    I don’t kiss his ass, I can do a lot of the stuff he can, I just respect his efforts. I know other people who are just as good as him if not better, they don’t do hardware often though.

    If he published ‘proof’ it’d be in binary which can effortlessly be reversed thus exposing his exploit details. It’s not rocket science why he doesn’t.

    All the haters cursing and slandering are the ones who obviously have “butt hurt”. They’re too lazy or greed-driven to acquire those skills and they want to slander those who have learned and show it publicly.

    This will be my last comment here..have fun trolling and flaming..

    @greycode: Did you read about side channel attacks? :p

  42. big dick don says:

    We want “VIDEO PROF”

  43. Glitch666 says:

    Eric:
    Hate to tell you. But your numbers are way wrong. I actually develop for ps3 and 360. The rsx can only put out roughly 400 gflops.

  44. Paul Potter says:

    This NEEDS to happen.

    I’m only interested in the original one as I want to Linux it.

    Oh yes, and I’m posting this from a Sony Vaio notebook. :)

  45. slong257 says:

    A step in the right direction finally, this guy is good, but all these kiddies starting to run to the loo and bash off there is alot more work to be done so dont expect to be playing backups anytime soon, and also it seems that every week some shit pops up saying its been hacked wouldnt surprise me if these results are shall we say a bit optimistic hehe

  46. bob says:

    @Heratiki

    The PSP and DS are both hacked so your reasoning is flawed. The PSP failed because they used UMD rather than flash and realised too late that people don’t want to buy the same films in yet another format.

    Not to mention PS controllers have always had 2 joysticks. How did they think that only having one on and then trying to port ps1/ps2 games to it was going to work well?

  47. Marty says:

    “Not to mention PS controllers have always had 2 joysticks. How did they think that only having one on and then trying to port ps1/ps2 games to it was going to work well?”

    Except for the first PlayStation controller which had none, which doesn’t deter at all from your very valid point :)

  48. Paul says:

    Nice of him to even post about it at this stage, I wonder if Sony will go all ony on their asses?

  49. nubie says:

    @ Glitch666

    Thanks, I knew a 7900 wasn’t 1.8 GFLOPS,

    Now with the advent of motherboards with 4 PCI-E slots you can put a lot of inexpensive GPU’s in a regular PC.

    I don’t see the PS3 being much use as a cracking tool, at least not a cost-effective one at this point. The future . . . Who knows?

  50. MysticShadow says:

    As an original member of ALT2600, I must say that over the 30+ years I have been hacking, why wouldn’t geohot show the vuln? If he is a true hacker he would know that our creed is “FREEDOM OF INFORMATION @ ANY COST” not the censorship of it!!!

    goehot… you seem to be a very bright individual with the talent to match. As a true fellow Brethern of the Craft, you owe it to the creed to share this information to the world(both novice and adept)

    MS.’.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,317 other followers