Ah finally some proof of the mythical Playstation 3 exploit released publicly. Sadly as always the lack of sales on the PS3 can be partially attributed to the lack of a homebrew scene (aka ability to pirate games).
There have been rumours and some speculation about the PS3 finally being exploited with news breaking earlier this week about notorious iPhone hacker geohot (George Hotz) finally breaking the protection on the PS3.
I personally don’t own a PS3 so it’s not really news to me, but for some people it seems to have been a reason for them not to buy a PS3 yet.
On Monday, when we reported that the prolific hacker geohot had successfully penetrated the previously impervious PlayStation 3 gaming console, readers were understandably skeptical.
After all, the 20-year-old readily admitted his hack wasn’t reliable, and he provided no evidence he was able to do some of the things modders love to do most, such as run arbitrary code or peel open the device’s synergistic processing elements to take a peak at its most prized internal elements.
On Tuesday afternoon, geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn’t accomplish
If you’re interested in the extremely technical explanation of how geohot achieved this you can check it out here, I’d imagine to understand it properly though you’d need to be fairly familiar with the inner workings of the PS3 and how it manages memory allocation.
The hack isn’t really reliable but it does work to some degree and some of the time and this is enough for others to get started on breaking the PS3 further.
There’s another good write-up here explaining the ins and outs of the system and what repercussions this has:
According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3’s motherboard.
“Try this multiple times,” his instructions state. “I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited.”
While the idea is sound, this hack is clearly not for the faint of heart.
From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He’s now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.
His instructions conclude: “The PS3 is hacked, its your job to figure out something useful to do with it.”
It’ll be interesting to watch how this develops over the next 2-3 months and see if anyone is able to successfully modify the OS or even install a new one.
If you are so inclined you can keep up with what is happening on the psDevWiki.
I’d imagine we should be seeing some homebrew code based on this exploit by the middle of year and of course Sony scrambling to come out with a new firmware that blocks this.
Source: The Register
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD
- Google Expands Pwnium Year Round With Infinite Bounty
- Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far
- Sony Brings Back PSN & Gives Away Freebies After Hack
- Happy New Year Geohot – Court Orders Seizure Of PS3 Hacker’s Computers
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,589 views
- AJAX: Is your application secure enough? - 119,410 views
- eEye Launches 0-Day Exploit Tracker - 85,199 views