PS3 Hacked?


Recommended Posts

On a side note. I've always wondered about one thing with the console sales. If the 360 wasn't so easily modded, would the sales be that high? Especially that you don't even need a BDR for it.

Link to comment
Share on other sites

So the PS3 is hacked ? Well that's nothing more than an urban legend.

Altough it's nice to capture all these HV calls and stuff from a plain (not encrypted) lv1 binary, but this will never lead to a hacked PS3.

Let's have a look.

The major security architecture on the PS3 is called the "Secure Processing Vault" and is the most important thing regarding "hacking" the PS3.

There is NO WAY for the PPU or even the HV to gain access to the SPU, which is an application running inside of an isolated SPU.

Well you can kick out the isolated SPU, like geohot mentioned, but this gives you nothing, as ALL the encryption and execution of applications (HDD encryption, app encryption, decryption, executing, signature checking, root key extraction) happens inside the isolated SPU.

...

PS3 is hacked - The urban legend continues

Link to comment
Share on other sites

We will have to just wait and see and this is just the start....

I don't really know how your comment is meant, but that article is AGAINST the suppose hack all together finishing with

The PS3 is neither an PSP nor an iPhone. It's the most secure system architecture of this time !

The girl behind this stuff, Kanna Shimizu, is not somebody. Messing around with this is not like saying Bruce Schneier is a n00b.

Btw.: forget about all those stories, that certain hackers are or will be employed by SONY. That's nothing more than another urban legend.

@geohot It is OBVIOUS that the HV is PPC. The Cell BE is a PPC architecture, you know ;-) Better read those IBM papers in first place !

He's dissin on geohot.

I think you mean 'just the start' though as in there could be more to come :p

edit: Just awake, understand you now.

Link to comment
Share on other sites

Could this mean somone could make a third party PS2 emulator for the PS3?

No because the exploit hasn't lead anywhere, and it looks like Sony are releasing their own PS2 emulator sometime anyway.

Anyone trying to program/port something to the CELL architecture even if it were hacked fully would probably have to be a mad scientist seeing as game developers even struggle to port games at times.

Link to comment
Share on other sites

I doubt they would for the same reason MS doesn't. If people have a lot of trophies or have previously purchased anything legitimatly via the store then they are quite likely to want to gain access to them again. If you delete their account and everything they had worked for they have no real reason to remain a customer and can more easily justify getting an XBox instead.

i personally know 2 people who jumped to ps3 after they got banned for having modded xbox 360's, modders aint loyal in the 1st place, why would they stick around after getting banned?

i dont know if sony has a dedicated system in place that can monitor online activity like that, i think their bannings come from complaints from other users

Link to comment
Share on other sites

Read this quote from another forum (found this in the comments on geohot's blog)

"So the PS3 is hacked ? Well that's nothing more than an urban legend.

Altough it's nice to capture all these HV calls and stuff from a plain (not encrypted) lv1 binary, but this will never lead to a hacked PS3.

Let's have a look. The major security architecture on the PS3 is called the "Secure Processing Vault" and is the most important thing regarding "hacking" the PS3.

There is NO WAY for the PPU or even the HV to gain access to the SPU, which is an application running inside of an isolated SPU.

Well you can kick out the isolated SPU, like geohot mentioned, but this gives you nothing, as ALL the encryption and execution of applications (HDD encryption, app encryption, decryption, executing, signature checking, root key extraction) happens inside the isolated SPU.

To run homebrew on the PS3 you would have to reassemble the whole functionality from the SPU inside a binary running on the PPU. For this you will need the root key.

The root key is stored in hardware (not even close to the things on the iPhone). The root key cannot be extracted by any software or hardware means and is essential to ALL encryption/decryption, executing and checking routines.

The only way to get the root key is inside of an isolated SPU, as it is kick-starting the hardware encryption facility. There is no other way to do that !

Let's just assume that geohot or some other guys are able to break into the local store of the isolated SPE. There they will just find some encrypted binaries.

The key for decryption is encrypted by the root key ! You won't get anywhere without the root key.

Let's assume that someone managed to do all those stuff from the isolated SPU on the PPU and creates a CFW.

There is still a secure booting environment. The first module loaded/bootet is integrity checked by the hardware crypto facility utilizing the root key. So you have also to address this booting stuff. Again, no root key, no booting.

So there's always runtime patching you might ask ? Not possible on the PS3 because the hardware crypto facility is able to check the signatures whenever it wants to.

And which part is responsible for this ? Exactly, the isolated SPU. So if you kick out the isolated SPU the system will not boot/run anymore.

The PS3 is neither an PSP nor an iPhone. It's the most secure system architecture of this time !

The girl behind this stuff, Kanna Shimizu, is not somebody. Messing around with this is not like saying Bruce Schneier is a n00b.

Btw.: forget about all those stories, that certain hackers are or will be employed by SONY. That's nothing more than another urban legend.

@geohot It is OBVIOUS that the HV is PPC. The Cell BE is a PPC architecture, you know ;-) Better read those IBM papers in first place !

- iQD"

Link to comment
Share on other sites

According to his latest blog post, Hotz sees the reserved SPU with its precious cache of decryption keys as his primary target now. "Some people pointed out that I have not accessed the isolated SPEs," he wrote on his blog. "This is true. Although as far as doing anything with the system, it doesn't matter. The PPE can't read the isolated data, but it can kick the isolated SPEs out. Decrypt the PPE binary you need using the intact SPE and save the decrypted version. Kick out the SPE, and patch the decrypted version all you want."

In short he's looking to the use the processor core (the PPE) where he does have access to emulate the isolated SPU (for those interested, strictly speaking, the "SPE" is the name given to the group of all the SPUs). Holding him back - for now - is Hotz's contention that the PowerPC implementation of C++ is being used at this level, and it's somewhat removed from the ARM coding he is used to when hacking mobile devices like the iPhone.

It is safe to say however that Geohot's hack will open the door to piracy by offering low-level access to any one technically minded to do with as they will. Right now, he's looking to extract the crucial decryption keys from the isolated SPU and post them on his blog so others can, as he puts it, "join in the fun" without him having to reveal details of his actual hack - which by his own admission is far from complete or stable.

However, Sony's attempts to secure the game delivery system and the Blu-ray drive itself mean that there'd still be a huge reverse-engineering job required to enable piracy. While PS3 might well be hacked today on a low-level, further levels of protection remain in place to prevent copying games, and will require a significant effort in terms of reverse-engineering to overcome. Those expecting working PS3 games to appear on torrents in the next days or weeks are going to be disappointed.

PlayStation 3's security on the Blu-ray drive itself is (was?) pretty much untouchable and was designed to foil the kinds of attack seen on competing systems. Xbox 360 was compromised owing to the unencrypted nature of the firmware on the original DVD drives. Wii was hacked because the system itself was so similar to the GameCube that when the old hardware was cracked, the new revision fell with it. PlayStation 3 is far smarter. Not only is the drive software itself encrypted, but it's widely believed that the mandatory firmware updates can also reflash the Blu-ray drive too - even if the drive was hacked (it never has been) it would be re-secured next time you updated your PS3.

Completing the puzzle is the file system encryption on the disc itself. While PS3 game dumps are as old as the system itself, they are almost entirely useless and a complete waste of internet bandwidth for those that have been uploading and downloading them - the dumps do not contain the encryption keys apparently hidden in Blu-ray's proprietary ROMmark copy protection system, which remains inaccessible. While Geohot's hack potentially opens the door to piracy, in any eventuality games would still need to be heavily patched to operate without the encryption even on a compromised system.

Geohot himself won't be coding anything that directly attacks these systems, and reckons that his hacking blog isn't intended for those looking for user-friendly Jailbreak-style software like his various iPhone unlocking tools.

"If you are expecting some tool to be released from this blog like blackra1n, stop reading now," he posted. "If you have a Slim and are complaining this hack won't work for you, stop reading now. WE DO NOT CONDONE PIRACY, NOR WILL WE EVER. If you are looking for piracy, stop reading now. If you want to see the direction in which I will take this blog, read the early entries in the iPhone one. Information on this blog is for research purposes only."

This protects Hotz from legal action on the part of Sony and allows him to present the hack itself as the key to making PlayStation 3 an open platform. However, assuming the hack itself is published, and decryption keys posted, it's only a matter of time before someone else takes on the challenge of peeling back the remaining security, and the first downloadable, copied games hit PS3.

http://www.eurogamer.net/articles/digitalfoundry-ps3hacked-article?page=2

It will be hacked.

See, not only do these hackers do this for research purposes, they do it because people (internet, news, street, etc) say "The PS3 is unhackable", he does this "It is", people find some stupid complete flaw which he already pointed out that is still there and he will continue. He will continue until it is fully hacked. :no:

Link to comment
Share on other sites

http://www.eurogamer.net/articles/digitalfoundry-ps3hacked-article?page=2

It will be hacked.

See, not only do these hackers do this for research purposes, they do it because people (internet, news, street, etc) say "The PS3 is unhackable", he does this "It is", people find some stupid complete flaw which he already pointed out that is still there and he will continue. He will continue until it is fully hacked. :no:

i still think we are a long long long way until that happens.

Link to comment
Share on other sites

I have a feeling it has been hacked underground and it hasn't hit mainstream yet. There are billions of people in this world. Just because the iphone jailbreak guy didn't do it yet doesn't mean it hasn't been done.

I hope it's never done, and I wish people wouldn't hack consoles to steal games :(

Link to comment
Share on other sites

No need to back up console games. At some point consoles will use a system similar to steam that will manage your game library. Until then, I think we can manage to protect our game discs long enough to enjoy the games we own.

Link to comment
Share on other sites

Speaking of damaged games. I have had one game damaged (my son got a hold of it many moons ago when he was younger). It was Rainbow Six Black Arrow. I contacted Ubisoft from the phone number in the game manual. They asked me to mail in my damaged disk with a return information, and they sent me out a new disk at no charge. I only had to pay the shipping to the address they gave me.

I assume that other good publishers probably do the same.

Personally, I am looking forward to the digital copies.

Link to comment
Share on other sites

the ps3 is a brick wall.

it's probably one of the most secure consumer hardware products ever released.

it will be hacked someday....

but it will either be too hard for most people to do (unlike modding say your 360 or iphone) or it will come sooo many years down the road we'll already be well into the ps4 generation.

Link to comment
Share on other sites

Update:

@geohot Today I validated my theories about running the isolated SPUs on the PS3 as crypto engines. The PS3 is 100% hacked. So where my homebrew at?

On the Isolated SPUs

Today I verified my theories about running the isolated SPUs as crypto engines. I believe that defeats the last technical argument against the PS3 being hacked.

In OtherOS, all 7 SPUs are idle. You can command an SPU(which I'll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from pkgs to selfs. Including those from future versions.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

Ah, but you still didn't get the Cell root key. And I/we never will. But it doesn't matter. For example, we don't have either the iPhone or PSP "root key". But I don't think anyone doubts the hackedness of those systems.

I wonder if any systems out there are actually secure?

Seems like progress is being made. May see unsigned code run yet.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.