(adsbygoogle = window.adsbygoogle || []).push({}); "This is only really a concern if you're interested in modding - otherwise I'm not convinced there's a 'threat' as such," Boyd told El Reg. "I'm still waiting for someone to explain how this 'PS3 rootkit' could be used to run unsigned malicious code on a non-jailbroken box," he added.

Boyd's credibility just dropped to zero with that comment. The leaked keys give us the ability to sign our own code. He's quite the expert. We can all pretend to be masters on the subject and debate whether Sony can fix things or that the hackers are all powerful but it's pointless. Fact is since late December the PS3 was cracked in such a way that current models will never be completely secure again.

Experts and fanboys can deny that all they want but the day news reports state Sony is being blackmailed over the 1,000,000s of credit card number magically stolen over PSN I'll be laughing. Well, laughing as long as mine isn't one of them."

You must login or register to view this content.

The war is coming..


Wait for it....Wait for it....

The war is here

You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.

Now dev's don't get to crazy. But raise your hands if you like glitching the memory bus .

I can say it works on ps3 fat 40/60 and ps slim 320gb

Haven't tested with anything else yet.

Proof of the exploit is all above and if you want more information and proof on the concept. Here is an irc conversation

You must login or register to view this content.
geohot: well actually it's pretty simple
geohot: i allocate a piece of memory
geohot: using map_htab and write_htab, you can figure out the real address of the memory
geohot: which is a big win, and something the hv shouldn't allow
geohot: i fill the htab with tons of entries pointing to that piece of memory
geohot: and since i allocated it, i can map it read/write
geohot: then, i deallocate the memory
geohot: all those entries are set to invalid
geohot: well while it's setting entries invalid, i glitch the memory control bus
geohot: the cache writeback misses the memory
geohot: and i have entries allowing r/w to a piece of memory the hypervisor thinks is deallocated
geohot: then i create a virtual segment with the htab overlapping that piece of memory i have
geohot: write an entry into the virtual segment htab allowing r/w to the main segment htab
geohot: switch to virtual segment
geohot: write to main segment htab a r/w mapping of itself
geohot: switch back
geohot: PWNED
geohot: and would work if memory were encrypted or had ECC
geohot: the way i actually glitch the memory bus is really funny
geohot: i have a button on my FPGA board
geohot: that pulses low for 40ns
geohot: i set up the htab with the tons of entries
geohot: and spam press the button
geohot: right after i send the deallocate cal

Mmmm wonder whois going to be the first to take credit card #'s off the psn database Hah
the war is here

Peace

Bump: Update:

Today I verified my theories about running the isolated SPUs as crypto engines. I believe that defeats the last technical argument against the PS3 being hacked.

In OtherOS, all 7 SPUs are idle. You can command an SPU (which I'll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from pkgs to selfs. Including those from future versions.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

Ah, but you still didn't get the Cell root key. And I/we never will. But it doesn't matter. For example, we don't have either the iPhone or PSP "root key". But I don't think anyone doubts the hackedness of those systems.

I wonder if any systems out there are actually secure?.

People said it wasn't possible.

More updates to come in the next following days + i'll do some video of the exploit in action and more detailed.

Pretty much the easier way to exploit a ps3 console is a rigged FPGA button to send the pulse. I have tested this with one of my testing ps3s

Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!!
If the module exits, you are now exploited.

This adds two new HV calls,
u64 lv1_peek(16)(u64 address)
void lv1_poke(20)(u64 address, u64 data)
which allow any access to real memory.

The PS3 is hacked, its your job to figure out something useful to do with it.

Once something is hacked you get bored with it. So after my video releases to demonstrate this exploit further and show you a pretty much step by step video. I won't be releasing anything more. I'm stepping back was i've received *Sighs* Which in short is i've been given a DCMA Notice. Don't want taken to court by sony. Or anything in that aspect.

But i will still take part as a hobby. Who knows might get back into it when the ps4 is released.


The ps3 is yours. Don't worry you don't need to downgrade as you can install otheros with homebrew.

Go wild people can't wait to see what everyone does with this

Bump: Update:

Just finished a beer and talking with a few people according to someone i randomly let on IRC he has already made up a quick tutorial.

So Kudos dude thanks for saving me some work.

You must login or register to view this content.

Have had a read through it, All is legit (This method works as well as you don't need to butcher your ps3 to get it to get Kernal panic)

If you are interested in learning to program or you already know how to. This is a funny hobby. You've got the exploit and the ability to decrypt self files on any version.

So hey any firmware version is owned now.

3.56 anyone? I'd give it a week tops before someone releases it and continues the war with sony.

But just remember by me releasing this and helping a few people out i don't condone piracy in anyway. I support backing up games you already own and you are doing this for home brew and the ability to customise your ps3 in anyway you see fit.

*Slaps psn game hackers* Defeats the purpose of the game if you hack it. Just play it and hack the console instead

Peace

One last update i thought i would mention, just had an private message stating this was old news.

Umm yeah kinda old news in an aspect but the theory behind behind it has come back to bite sony in the ass.

3.56? No problem the above exploit will allow you to run homebrew again (Just off line so sony can't unsign your .pkgs)

Yada yada yada

Also not to mention the lvl0 access

***Posiblities***
1. Geohot wont give a **** what sony does
2. Geohot will not ever release
3. Geohot will pass over to another person to release???? <--- Possibly give credits inside the cfw?
either way idc, im not looking for a 3.56 cfw... sony just has more terms and agreements over your console, im looking for a downgrade and geohot! you never fail to impress me..."other than the fact there is no 4.2.1 cfw for ipod....jk!" hes the best man. Stop hating on him, without him there wouldent be ps3 hacks for quite a while longer imo maybe not even a ipod jailbreak? you never know. either way this guy deserves something!

---------- Post added at 12:56 AM ---------- Previous post was at 12:54 AM ----------




install it, downgrade and sony cannot console ban you, they can only regularly ban you, <--- scare? not to fear with a 3.55 homebrew you can unban yourself :wtf:

---------- Post added at 12:59 AM ---------- Previous post was at 12:56 AM ----------



uuuuuhhhh... cool story bro???? :n:

I think that it will be number 3.

as do i there is no way he wont release it, i dont know him like that but i do know he has this hidden "yeah im a badass" additude... sure sony will know it was him but.... no proof or they will have proof and that WILL be the end of him..

LOL wow this guy has got 6 pages of this thread fooled

everything pasted is news from 2009, then added his own words to make it sound recent hahahhahahhaha

this wont happen NOPE NO WAY

wen do we need to start looking for a thread on here that has the cfw for 3.56 on it? week? 2 weeks? im not asking for specifics lol just in week intervals. (non nerdy way of saying this) when do you think the cfw will officially be in this site and ready for download?

This thread was started 20 days ago....

yeah highley doubt he is going to release it, way to much legal shit, but hopefully it will be released. it sure will show sony whos boss. the hackers! not lame ass sony. props go to Geo. an fck u sony

i dont think geohot will do it but like this he proves that he has lots of skills