Playstation 3 (PS3) Finally Hacked & Exploit Released

Use Netsparker


Ah finally some proof of the mythical Playstation 3 exploit released publicly. Sadly as always the lack of sales on the PS3 can be partially attributed to the lack of a homebrew scene (aka ability to pirate games).

There have been rumours and some speculation about the PS3 finally being exploited with news breaking earlier this week about notorious iPhone hacker geohot (George Hotz) finally breaking the protection on the PS3.

I personally don’t own a PS3 so it’s not really news to me, but for some people it seems to have been a reason for them not to buy a PS3 yet.

On Monday, when we reported that the prolific hacker geohot had successfully penetrated the previously impervious PlayStation 3 gaming console, readers were understandably skeptical.

After all, the 20-year-old readily admitted his hack wasn’t reliable, and he provided no evidence he was able to do some of the things modders love to do most, such as run arbitrary code or peel open the device’s synergistic processing elements to take a peak at its most prized internal elements.

On Tuesday afternoon, geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn’t accomplish

If you’re interested in the extremely technical explanation of how geohot achieved this you can check it out here, I’d imagine to understand it properly though you’d need to be fairly familiar with the inner workings of the PS3 and how it manages memory allocation.

The hack isn’t really reliable but it does work to some degree and some of the time and this is enough for others to get started on breaking the PS3 further.

There’s another good write-up here explaining the ins and outs of the system and what repercussions this has:

PS3: Hacked

According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3’s motherboard.

“Try this multiple times,” his instructions state. “I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited.”

While the idea is sound, this hack is clearly not for the faint of heart.

From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He’s now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.

His instructions conclude: “The PS3 is hacked, its your job to figure out something useful to do with it.”

It’ll be interesting to watch how this develops over the next 2-3 months and see if anyone is able to successfully modify the OS or even install a new one.

If you are so inclined you can keep up with what is happening on the psDevWiki.

I’d imagine we should be seeing some homebrew code based on this exploit by the middle of year and of course Sony scrambling to come out with a new firmware that blocks this.

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

, ,


Latest Posts:


dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.


Comments are closed.