Playstation 3 (PS3) Finally Hacked & Exploit Released

Use Netsparker


Ah finally some proof of the mythical Playstation 3 exploit released publicly. Sadly as always the lack of sales on the PS3 can be partially attributed to the lack of a homebrew scene (aka ability to pirate games).

There have been rumours and some speculation about the PS3 finally being exploited with news breaking earlier this week about notorious iPhone hacker geohot (George Hotz) finally breaking the protection on the PS3.

I personally don’t own a PS3 so it’s not really news to me, but for some people it seems to have been a reason for them not to buy a PS3 yet.

On Monday, when we reported that the prolific hacker geohot had successfully penetrated the previously impervious PlayStation 3 gaming console, readers were understandably skeptical.

After all, the 20-year-old readily admitted his hack wasn’t reliable, and he provided no evidence he was able to do some of the things modders love to do most, such as run arbitrary code or peel open the device’s synergistic processing elements to take a peak at its most prized internal elements.

On Tuesday afternoon, geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn’t accomplish

If you’re interested in the extremely technical explanation of how geohot achieved this you can check it out here, I’d imagine to understand it properly though you’d need to be fairly familiar with the inner workings of the PS3 and how it manages memory allocation.

The hack isn’t really reliable but it does work to some degree and some of the time and this is enough for others to get started on breaking the PS3 further.

There’s another good write-up here explaining the ins and outs of the system and what repercussions this has:

PS3: Hacked

According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3’s motherboard.

“Try this multiple times,” his instructions state. “I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited.”

While the idea is sound, this hack is clearly not for the faint of heart.

From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He’s now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.

His instructions conclude: “The PS3 is hacked, its your job to figure out something useful to do with it.”

It’ll be interesting to watch how this develops over the next 2-3 months and see if anyone is able to successfully modify the OS or even install a new one.

If you are so inclined you can keep up with what is happening on the psDevWiki.

I’d imagine we should be seeing some homebrew code based on this exploit by the middle of year and of course Sony scrambling to come out with a new firmware that blocks this.

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

, ,


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


Comments are closed.