PS3 Hacked!

There is very little information out at the moment, but [geohot] has successfully hacked the PS3 to have full read and write access, bypassing the Hypervisor. At the moment he’s not revealing the exploit, but with this knowledge it wont be long before the PS3 finally gets whats coming. Keep track of [geohot’s] progress on his twitter, @geohot, and blog.

[Thanks Jack, Julio, Jeremy, Squisso, and Vor]

72 thoughts on “PS3 Hacked!

  1. …was just reading through the comments on his blog…half the kids commenting are already begging for iso loaders for “backups”. can’t believe it, the scene isn’t even a week old and these rtards are already trying to kill it…

  2. Yes but couldn’t “but they can make implementations much harder” mean that they could make the exploit process vary for each system (address randomization for example), meaning the exploit would have to be crafted slightly differently for each system and so a single generic exploit wouldn’t work for everyone?

  3. He glitched RAM through lvl1 allocation calls cause there is no ECC on the RAM, it can be done on bus too if you can work out RF issues. He has r/w to the upper 2MB that was locked by PPC LPAR and dumped all the functions code that was seen in the kernel.

    He actually documented everything but the specific exploit.

  4. I wonder if he has other motives. He was briefly looking at the PS3 as a key cracker, but was upset that the hypervisor didn’t allow him to use the full cell chip or the GPU for calculations ( up to a 10x jump in processing power ). A few hundred hacked PS3’s running key cracking calculations could allow him access to all sorts of hardware that is “protected” by cryptography including things like a possible universal unlock for cell phones.

  5. @ eric, why is it a 10x jump on processing power?

    It is just a 7800/7900 nVidia chip, if anyone wanted the processing power of that wouldn’t they just buy a few faster nVidia cards, like the 9600GT for example? Or maybe the GT250/GT260?

    Neat hack, I hope this lets full use of the PS3, shame waiting this long for full access.

  6. I’m interested in seeing what comes from this. I really don’t know what homebrew the PS3 would benefit from, but there’s plenty of creative stuff on the PSP and Wii so we’ll see.

    You never know, we may even see ps2 a emulator. Half the work has been done by Sony anyway (I forget which chip is already done, but I’m sure you know what I mean).

    Let’s just hope pirates don’t ruin it for everyone.

  7. @nubie

    The cell itself provides ~218 gflops while the RSX GPU provides ( depending on who you ask ) upward of 1800 gflops. So that’s upwards of 2 tflops for 193 used, 299 new. As opposed to the 9800 GT which provides 756 gflops for $99 ( before system costs ).

  8. Awesome, cant wait to have a hacked PS3 sitting next to my hacked Falcon Xbox 360.

    Full linux support on the PS3 should be a lot less glitchy than the 360 since it was natively supported (although crippled) for a while.

    I hope this exploit works on the slim version too :)

  9. Haku, when was the last time you accomplished such a daunting undertaking? When was the last time you waged a hostile takeover of your own former company and brought it from the brink of death to one of the biggest companies in the US?

    Oh, you haven’t done anything of that caliber? Well, that’s ok, I’m sure you’re meaningless rants on a relatively small website devoted to software and hardware hacks are making the world a better place.

    Congrats to Geohot, that is some pretty crazy hacking. I hope he gets the encryption keys soon.

  10. Where’s a good place to start with learning the ins and outs of cryptography?

    I’m a very good programmer in several common languages, and I’d love to be able to work on stuff like this. I honestly don’t know any cryptography theory that could get me started and most of the crap I find on the web is wannabes or doctoral-level papers on some extremely specific decryption.

    Any good reverse-engineering resources someone could point out?

  11. its commendable since its more than people showing they can downgrade some ps3 firmware
    but it might not work because the hardware is different in the different ps3’s in minor or major (slim ps3) ways so it might not work for all
    im interested because i dont want a chance of being banned from psn if they can check your system, remember how M$ banned xboxes from live when they decided to find all hacked systems sony may do the same anyway good job sony for keeping it really secure for 4 years and possibly more

  12. Kudos to geohot!!!!!!

    i have hacked ma bell(O), Dave, JP Morgan, Time Warner, Cox Cable, T-Mobile, Motorola, Verizon and many more… geohot prove them wrong… show the vuln.


  13. No reverse engineering needed, anyone with the chops knows about this book, Bruce can break this complex subject down in a way that makes it look easy and lets you think for a New York Minute that you are good enough to try it yourself.

    Cryptography is vast, it is complex, and it is easy to make a very serious mistake. But that book is the text book that everyone works from.

  14. With the way the exploit works a POC would instantly reveal his method. The most he could do would be try to implement an inline protector with maybe macros or something, but stuff harder than that gets reversed every day. He’s wise to this.

    I don’t really think he cares if random people believe him, he’s got scientific awards and another high-demand DRM crack out there to prove his talent. He’s use to the haters too, he dealt with the same grit with the i-product unlocks.

    Anytime you do something significant or show wisdom on the network of pseudonyms(internet), some careless nobody or incompetent person in the same field with jealousy is going to try and shoot it down..

  15. @minxo

    You suck his dick too? You have some serious butthurt over the fact that I am skeptical of his results. I can’t see why you would nor why any reasonable person wouldn’t be a little suspicious considering how difficult the PS3 is.

  16. @kirov
    I would tell you to just go away, but what’s the point…trolls will be trolls.

    I agree with the commentors that think that this will likely lead to a move on Sony’s part like the mass X-box bans. Really sucks. If they would let it go, this would make the ps3 an automatic for me when I buy my next console. Would be great if they would let you use the hardware you bought and paid for the way you want.

  17. Yes, I was talking about how so many posts were from people offering help to test unlocking code to run backups, ie:

    “I am willing to test for you if you feel the need!”
    “If you need betatesters!”
    “@geohot: i think, me, and others devs, are ready to help you if you need coders to make some softwares things :)”
    “Great work geohot. Let me know if you need anything.”
    “let me now if you need a help disasambing hv code, cheers :) You’re my hero!!! :)”
    etc. etc.

    I have no disrespect to geohot’s ability, exemplary is an understatement.

  18. @anon: seriously, what was the point of your post? To make yourself feel better? Really, nobody cares if you’re skeptical or not. It has no effect on whether or not the hack actually exists. We’ll find out soon enough, immature posts or not.

    This is a hacking site, meaning we should discuss HACKING, not pointless flame wars. Grow up, people.

  19. @eric

    I don’t follow your logic, a 7800/7900 with 20-24 pixel shaders and 7-8 vertex shaders at 550mhz is nothing like a 9800GT with 98-112 Stream processors at 1500mhz.

    Or even frankly like a 9600GT with its 64 stream processors clocked at 1600mhz.

  20. I’m with most in saying no matter how much is documented or how much is said it still comes down to I don’t believe it until I see it… And as much as I would love to use my Slim to do all sorts of things through Linux and see amazing Homebrew I don’t want to see the machine lose to pirates like the PSP has… You say all you want but the release schedule for the PSP vs the DS is silly and the PSP is basically a small form factor PS2 so developers aren’t stingy because of development costs like they say they are on the PS3… Sigh…

    I bought my PS3 because he hasn’t been hacked… Get on the 360 and you’ll see what I mean… Any multiplayer game you play has hackers… All day… Everyday… Booooo

  21. @minxo

    I’m sure you’re right — this is the “unpatchable” part he’s referring to. Glitching non-ECC memory would definitely be the way to go in getting around PS3 security. Don’t mind the
    “anon” haters who use the “do you suck dick” strategy (obviously not very creative people with such unintelligible statements) — I think you’re 100% accurate in your theory.

    geohot certainly knows his way around hardware…props to ya, gh! Keep up the good work (I understand the discretion in releasing the details, so take your time!)

  22. @anon: Nobody but you has the “butt hurt”. I was just stating the obvious, people like you with no talent and who make little effort in life are going to slander and attack his work. He has nothing to prove to his herd of haters.

    I don’t kiss his ass, I can do a lot of the stuff he can, I just respect his efforts. I know other people who are just as good as him if not better, they don’t do hardware often though.

    If he published ‘proof’ it’d be in binary which can effortlessly be reversed thus exposing his exploit details. It’s not rocket science why he doesn’t.

    All the haters cursing and slandering are the ones who obviously have “butt hurt”. They’re too lazy or greed-driven to acquire those skills and they want to slander those who have learned and show it publicly.

    This will be my last comment here..have fun trolling and flaming..

    @greycode: Did you read about side channel attacks? :p

  23. A step in the right direction finally, this guy is good, but all these kiddies starting to run to the loo and bash off there is alot more work to be done so dont expect to be playing backups anytime soon, and also it seems that every week some shit pops up saying its been hacked wouldnt surprise me if these results are shall we say a bit optimistic hehe

  24. @Heratiki

    The PSP and DS are both hacked so your reasoning is flawed. The PSP failed because they used UMD rather than flash and realised too late that people don’t want to buy the same films in yet another format.

    Not to mention PS controllers have always had 2 joysticks. How did they think that only having one on and then trying to port ps1/ps2 games to it was going to work well?

  25. “Not to mention PS controllers have always had 2 joysticks. How did they think that only having one on and then trying to port ps1/ps2 games to it was going to work well?”

    Except for the first PlayStation controller which had none, which doesn’t deter at all from your very valid point :)

  26. @ Glitch666

    Thanks, I knew a 7900 wasn’t 1.8 GFLOPS,

    Now with the advent of motherboards with 4 PCI-E slots you can put a lot of inexpensive GPU’s in a regular PC.

    I don’t see the PS3 being much use as a cracking tool, at least not a cost-effective one at this point. The future . . . Who knows?

  27. As an original member of ALT2600, I must say that over the 30+ years I have been hacking, why wouldn’t geohot show the vuln? If he is a true hacker he would know that our creed is “FREEDOM OF INFORMATION @ ANY COST” not the censorship of it!!!

    goehot… you seem to be a very bright individual with the talent to match. As a true fellow Brethern of the Craft, you owe it to the creed to share this information to the world(both novice and adept)


Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.