There’s now a method of using PIC microcontrollers to exploit the PlayStation 3. This is centered around a PIC 18F2550 which has been popular in past hacks because of its built-in USB serial port. This again makes use of the PSGroove open source exploit code and, like the TI calculator version, seeks to expand the selection of hardware the code runs on.
In addition to the chip and a PIC programmer you’ll need the CCS compiler as others cannot successfully compile this code. A licensed copy is necessary because the demo version of the CCS compiler doesn’t support this particular chip. Add to that the fact that because of the timing it may take several tries to achieve the exploit and you may find yourself disappointed by this development. But there’s always room for improvement and this is a proven first step on the new architecture.
[Thanks das_coach via PS3Hax via Elotrolado]
You can now download the exploit package for the PlayStation 3. [Geohot] just posted the code you need to pull off the exploit we told you about on Sunday, making it available on a “silver platter” with just a bit of explanation on how it works. He’s located a critical portion of the memory to attack. By allocating it, pointing a whole bunch of code at those addresses, then deallocating it he causes many calls to invalid addresses. At the same time as those invalid calls he “glitches” the memory bus using a button on his FPGA board to hold it low for 40ns. This trips up the hypervisor security and somehow allows read/write access to that section of memory. Gentleman and Ladies, start your hacking. We wish you the best of luck!
A new open source package called Lightning Rod will help to close security exploits in Adobe’s dirty Flash code. A presentation made at the 26th Chaos Communication Congress showed that the package does its job by reviewing incoming code before the browser executes it. Heise Online is reporting that this method can block over 20 different known attacks and can even be used to filter out malicious JPG attacks. As more vulnerabilities are discovered they can be added to Lightning Rod to close the breach. This amounts to a virus scanner for Flash code. It’s great to have this type of protection but why can’t Adobe handle its security problems?
There has been another development in the never-ending battle that is Microsoft trying to keep its gaming system closed to unauthorized use. Xbox-scene reports that a new hack called freeBOOT v0.01 allows the Xbox 360 to upgrade to the newer kernels, but allows the option of rebooting to an older kernel in order use the JTAG exploit and gain access to the hardware.
In case you missed it, the JTAG hack is a way to run homebrew code on an Xbox 360. Exploiting this hack makes it possible to boot a Linux kernel in about five seconds. We’ve long been fans of the homebrew work done with XBMC on the original Xbox and hope that advances like this will lead to that end. We want this because the older hardware cannot handle high definition content at full resolution but the Xbox 360 certainly can.
This exploit is still far from perfect. It currently requires that the Cygnos360 mod chip be installed on the system. A resistor also needs to be removed from the board to prevent accidental kernel updating. That being said, this is still progress. If you’re interested in step-by-step details, take a look at the text file instructions provided.
An Android App for “testing” the Windows SMB2 vulnerability we covered last week has been released. For testing? Yeah right! The availability of this kind of software makes it ridiculously easy for anybody to go out and cause some havoc. Go right now and double check that your machines that run Windows Vista or Windows Server 2008 are protected (see the “workarounds” section.)
The Twilight Princess hack doesn’t work on newer versions of the Nintendo Wii, but thanks to a new exploit for the Wii, homebrew is still possible. Using an SD card and a few files, you can have the homebrew channel up and running in no time. The folks at Lifehacker show us how it’s done. It’s good to see that the Wii modding community is still in full force. Hopefully, this won’t turn into a back and forth battle between modders and Nintendo, like it has with Sony and the PSP.
The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.