Tag Archives: copy protection

[PS3] PS Jailbreak and Clones To Be Released

Media have widely reported about the latest steps in hacking the Playstation 3 console. Obviously that tiny PS Jailbreak USB Dongle turns a consumer PS3 into a debug PS3, thus allowing to run games from the internal or from an attached USB harddrive. The price is said to be around 160US$. For legal reasons here in Germany we can’t like to PS Jailbreak supplyers.

Now PS3Hax.net reports that using PS Jailbreak on Sony’s Playstation Network is very likely to result in being banned:

According to SKFUand RichDevX, the Backup manager game ID (LAUN-12345) could be logged/recorded by Sony when logged into PSN (when online). This would obviously allow Sony to see who would be using the illegal PSjb/clone and we could very well see ban waves similar to the Xbox 360. Sony does currently ban PSN/consoles that results in the 8002A227 error code.

Redmondpie.com reports that latest rumors indicate that there are also chinese clones of the PS3 Jailbreak called X3Jailbreak on their way, priced at 40$.

It seems like the PS3 hacking as a business model is out of date even before it started. We suspect it it won’t take long until a free open source solution will be available on the net aswell…

[PS3] GeoHot Opens All HV’s SPUs / XorLoser Preps Manual

Obviously notorious George Hotz has managed to get all 7 SPUs of the Playstation 3’s CPU under his control. This means although he cannot access the CPU’s root key, he now can decrypt everything that’s going thru these SPUs like datastreams of (encrypted) commercial games.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

In the meantime another hacker going under the nick XorLoser has released a more detailed manual of how to use GeoHot’s exploitation files and how to do the glitching.

Besides that XorLoser maintains a plugin for reverser’s beloved Interactive Disassembler (IDA) that contains special PPC instructions for Xbox360 and PS3.

Congratulations to GeoHot. Kudos fly out to XorLoser.

Links

» GeoHot: On Isolated SPUs
» XorLoser: PS3 Exploit – Software
» XorLoser: PS3 Exploit – Hardware
» XorLoser: PS3 and Xbox360 IDA PlugIn
» Hex-Rays.com: IDA Pro

[PS3] GeoHot Hacks PS3’s Hypervisor Protection

Notorious iPhone hacker GeoHot has succesfully circumvented the Playstation’s security system. According to his latest blog entry, he has dumped LV0 and LV1 code, thus allowing him to (theoretically) run code on the processor, bypassing the hypervisor.

The Playstation’s hypervisor is intended to run third party software (like Yellow Dog Linux) on a virtualized level, thus maintaining system integrity and protection of the host system. Within this virtualized environment arbitrary access to certain hardware devices has been disabled, thus allowing only basic access to the graphic processing unit (GPU) for example.

GeoHot seems to have broken the chain of trust. This means he can bypass the hypervisor to directly access hardware like the GPU with his custom code. Anyway he has not released any further information or proof of his work. But hey, it is not anyone, it is GeoHot, so it seems solid.

We compiled some links for people being interested in the hypervisor protection topic.

» GeoHot: Hello hypervisor, I’m GeoHot
» WeboPedia.com: Virtualization – All About Hypervisors
» PS3News: Overview on Security architecture of the PS3
» PS2Dev Wiki: Details about hypervisor functions of the PS3 and Toshiba’s CellEB
» PS3News: A PS3 Game’s Flow of Execution; PS3’s base AIX


Massive Attack: Protection (1995)…

[iPhone] EFF sues Apple for wrong DCMA notice

EFF attorney Fred von Lohmann has filed action for a declaratory judgment against Apple. In october 2008, on Odioworks’ BluWiki portal pages have been released that explained in detail how Apple uses encryption to tie iPods solely to iTunes and how Apple bars third party software like Songbird.

Although the writers in the wiki were not able to circumvent Apple’s encryption algorithm, in november 2008, Apple demanded immediate removing and of course Odioworks followed their demand.

Apple argues the algorithms that calculate hashs to tie iPods to iTunes are part of Apples FairPlay protection, thus falling under the DMCA, that disallows circumventing or public discussion about circumventing.

In the view of the EFF and other IT professionals this is not true as the calculated hash is only required to access the iTunesDB. In the means of the YMCA the iTunesDB encryption is not part of a copy protection. Therefore releasing information about circumventing the hash cannot be illegal. Moreover the DMCA explicitly allows decryption for the purpose of compatibility.


» Heise.de:
Bürgerrechtler klagen gegen Apple (german)…
» TheRegister.co.uk:
EFF accuses Apple of muzzling iPhone hobbyists