Post: how fail0verflow cracked the ps3 system (picture tutorial)
Options
03-15-2011, 11:21 PM
#1
kyskidz
Big Sister
Goto page 13 for the actual 0verflow confrence in berling
You must login or register to view this content.
You must login or register to view this content.
[multipage=who are fail0verflow]
Who are fail0verflow
• In 2008 at 25c3 these teams worked together as
'WiiPhonies'
• They won the 25c3 CTF
• They changed our name to 'Fail 0verflow'
• Not trademark infringing
• The domain was available
• The ratio of fail to win is high.
They have been collaborating on various embedded and thought expansive projects, the most famous of which that
hit the press last year was the full reconstruction of the $REDACTED allowing $REDACTED to be
completely broken, that was a fun couple of weeks.
You must login or register to view this content.
[multipage=PS3 Architecture]
this page explains the Architecture of the ps3
The Cell Broadband Engine
You must login or register to view this content.
SPU Isolation
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
[multipage=OtherOS (drawn attention)]
You must login or register to view this content.
Geohot Exploit:
XDR RAM Glitching Attack (hyper visor exposed)
You must login or register to view this content.
You must login or register to view this content.
[multipage=PSJailbreak Exploit]
jailbreak dongle
|
hub
/ / / \ \ \
PWN1 PWN2 PWN3 PWN4 JIG FINAL
You must login or register to view this content.
device 1
You must login or register to view this content.
Device 4
You must login or register to view this content.
Device 2
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
C++ Objects
You must login or register to view this content.
Device 3
You must login or register to view this content.
You must login or register to view this content.
NO W^X in LV2
Any old exploit == code execution
Hypervisor allows unsigned code
It happily marks pages as executable and plays no role
in enforcing that only trusted code runs
Results
• LV2 “GameOS” compromised
• LV1 Hypervisor NOT compromised
• Secure SPE NOT compromised
• Piracy
You must login or register to view this content.
[multipage=Fail Security Model]
Fail Security Model
• The hypervisor does not enforce LV2 and
game integrity
• You can just patch LV2 to run games from
HDD
You must login or register to view this content.
[multipage= Downgrades]
Downgrades
• Sony fixed the exploit
• Service mode triggered by USB “JIG”
• HMAC authenticated, keys dumped
• Leaked service app used to enable
downgrades
You must login or register to view this content.
[multipage=AsbestOS]
AsbestOS
• Replace LV2/GameOS in memory
• OtherOS mode and GameOS mode are
virtually identical
• Except GameOS can do more stuff, e.g. 3D
• Run Linux again (even on the Slim!)
• Use NetRPC to remote-control the PS3 and
experiment...
[multipage=SELFs]
SELFs
You must login or register to view this content.
[multipage=The Oracle]
The Oracle
• Sony‘s idea: “No one can see our code!”
• ... unless the PPE is compromised
• Decrypting all code possible from GameOS
• security coprocessor pointless!
• But we want keys!
You must login or register to view this content.
You must login or register to view this content.
[multipage=Chain of Trust]
Chain of Trust
You must login or register to view this content.
Breaking loaders
You must login or register to view this content.
You must login or register to view this content.
• „Only“ a bug in isolated loaders
• Chain of Trust already broken for all sold
consoles now.
• This is Fail™. But it‘s not Epic™ yet...
You must login or register to view this content.
You must login or register to view this content.
[multipage=ECDSA]
ECDSA
You must login or register to view this content.
These are public:
p, a, b, G,N (elliptic curve params)
Q = public key
e = hash of data
R, S = signature,
and these are private:
m = random
k = private key.
A signature is a pair of numbers R, S computed
by the signer as
R = (mG)x
S = e + kR
m
.
It is imperative to have a random m for every
signature: from a pair of signatures that use the
same m, we can compute m and k.
You must login or register to view this content.
there ECDSA code
Used for HBC’s network update function
def generate_ecdsa(k, sha):
k = bytes_to_long(k)
e = bytes_to_long(sha)
m = open(“/dev/random”,”rb”).read(30)
if len(m) != 30:
raise Exception(“Failed to get m”)
m = bytes_to_long(m) % ec_N
r = (m * ec_G).x.tobignum() % ec_N
kk = ((r * k) + e) % ec_N
s = (bn_inv(m, ec_N) * kk) % ec_N
r = long_to_bytes(r, 30)
s = long_to_bytes(s, 30)
return r,s
m = open(“/dev/random”,”rb”).read(30)
Sony’s ECDSA code
int GetRandomNumber()
{
return 4; //chosen by fair dice roll.
// guaranteed to be random
}
With private keys you can
SIGN THINGS
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
[multipage=chaos confrence"console hacking": 0overflow prensentation (youtube video)]
part 1
[ame]https://www.youtube.com/watch?v=HEFMAP0mTvY[/ame]
part 2
[ame]https://www.youtube.com/watch?v=X8ohOy8_XO4&feature=related[/ame]
part 3
[ame]https://www.youtube.com/watch?v=84WI-jSgNMQ&feature=related[/ame]
The following 42 users say thank you to kyskidz for this useful post:
1337UNO, acklamjoshua, Agentcell, albania123, anddrew, Asmel, Beta-, cbenj25, cdkane, Curt, Dardy_one, DaveedDB, deroad, djblade17, dreamkid58, Goldberg, GUESS_HU, ILovePie24!!, Infernape263, IRiSe_GodFather, ishauny, izyehboy, jkry_2_1_, Josh1210, jsrgaj, khalids19, killa skillz, oI xPozeD Io, Pablo2010, Press ►, s0ph0r, Solid Snake, Swade, thee3nd, theycallmeryan, ThwiX, VHS, vipervimal, weebobe, xCristian, xRafiq-, zxz0O0
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
