Tag Archives: playstation 3

[PS3] Firmware 3.42 Breaks Jailbreaks

Sony tries to rearm their game console flagship. Most of you using your Playstations will likely have found out: since the end of last week Sony broadcasts a new firmware 3.42. They say it fixes security issues, which not quite wrong. But do we wanna have this issue fixed?

At the moment for online players there doesn’t seem to exist any other possibility but updating, so be aware you’re gonna lose root access to your fav console and it will possibly not come back anytime soon.

For all the others playing once in a while and mostly offline: just don’t update. We really suppose something is being worked on in the background to allow updating and not losing root access, but let’s see. Sony’s fighting with two armies: the army of technicians, and the army of darkness: they got aweful lawyers also out there ;-)

[Pre] Palm Pre Jailbreaks PS3

A coder going under the nick “black_zero” ported the PS3 jailbreak to the Palm Pre. Find his instructions for “PS3 Freedom for Palm Pre” on the PSX-Scene.com.

[Update] In contrast to “PS3 Groove” this version also seems to enable the possibility of backups – means circumventing of copy protections. It is legally not allowed to apply this in most european countries and the U.S.

Our Comment

Sony’s protection has been compromised, no matter what they’re gonna do in the future. It is likely that there will be an update soon to stop the stack overflows in the USB code. But it won’t help them anymore.

The reason is simple: Sony will not be able to make that insecure system secure again. Because of the jailbreak the PS3 now allows accessing all features. That means that any update to come will be decrypted first, analyzed, modified to re-enable debug backdoors and then installed with all the debug features enabled again. Custom modified firmwares are the next logical step.

So although this seems to be good news for the homebrew scene, since there is hope now for a universal media center based on the PS3, the downside is still that some versions of the jailbreak also enable to play illegal backups.And since Sony’s biz model is selling licenses and games they will fight the jailbreak by trying to detect it and to block jailbroken devices from accessing the Playstation Network. And this means: permanent updates. For people playing a lot this will not be an option as they will have to wait again and again for custom firmwares that are likely to not work very long.

In the meantime check the Palm Pre vid:

[PS3] GeoHot Reenables “Other OS” (Linux) Support

What happened so far?

GeoHot has had a reverse-engineerer’s look into Sony’s high tech gadget and Sony immediately declared war.

Obviously in panic, Sony announced to deactivate Linux (Other-OS) support with their latest firmware 3.21. This was the time when people were wondering how long it would take until GeoHot would reenable it.

The magic PUP files

So it did not take too long. That notorious hacking genious did it. He says he’s using a custom PUP file. A PUP file basically is an update file for the PS3. The interesting point is usually PUP files are signed by Sony.

Speculations

Could that mean there is a major flaw in Sony’s implementation of checking the authenticity of update files (at least until firmware 3.15, which GeoHot mentions is the latest that allows to install his custom PUP).

Anyway, the next weeks will be very interesting.

[PS3] Sony To Remove Linux Support for PS3

According to Sony’s Blog, the upcoming Playstation 3 firmware update 3.21 will cease to support the “Other OS” option. It will be released on April 1st, 2010.

Sony says disabling Linux comes from security concerns. This is an immediate result from the efforts of GeoHot’s attack on Sony’s hypervisor protection and the release of XorLoser’s PS3 Exploit Toolkit.

Consumers and organizations that currently use the “Other OS” feature can choose not to upgrade their PS3 systems, although the following features will no longer be available;

  • Ability to sign in to PlayStation Network and use network features that require signing in to PlayStation Network, such as online features of PS3 games and chat
  • Playback of PS3 software titles or Blu-ray Disc videos that require PS3 system software version 3.21 or later
  • Playback of copyright-protected videos that are stored on a media server (when DTCP-IP is enabled under Settings)
  • Use of new features and improvements that are available on PS3 system software 3.21 or later

For those PS3 users who are currently using the “Other OS” feature but choose to install the system software update, to avoid data loss they first need to back-up any data stored within the hard drive partition used by the “Other OS,” as they will not be able to access that data following the update.

Find Sony’s blog entry here

[PS3] XorLoser Releases PS3 Exploit Toolkit

Notorious XorLoser has fully rewritten GeoHot’s PS3 glitch attack programs, that allow more convenient exploiting. He names it XorHack.

It allows you to call lv1 syscalls (level 1 system calls) from a normal (userspace) program. It also lets you run the software required when triggering the PS3 exploit from a normal userspace program. To give an example of how it can be used I have included the following example programs:

  • ps3exploit – Runs the software required to exploit the ps3, it loops a number of times which can be specified as a parameter. (This still must be used along with the “button pressing”, it will not exploit the PS3 via software alone).
  • dumphv – Dumps the hypervisor to a file in the current directory.
  • dumpbl – Dumps the bootloader to a file in the current directory.
  • dumprom – Dumps the system  rom to a file in the current directory.

Links

» XorLoser: XorHack – The PS3 Exploit Toolkit
» GeoHot: Here’s Your Silver Platter

Picture is courtesy of XorHack

[PS3] GeoHot Opens All HV’s SPUs / XorLoser Preps Manual

Obviously notorious George Hotz has managed to get all 7 SPUs of the Playstation 3’s CPU under his control. This means although he cannot access the CPU’s root key, he now can decrypt everything that’s going thru these SPUs like datastreams of (encrypted) commercial games.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

In the meantime another hacker going under the nick XorLoser has released a more detailed manual of how to use GeoHot’s exploitation files and how to do the glitching.

Besides that XorLoser maintains a plugin for reverser’s beloved Interactive Disassembler (IDA) that contains special PPC instructions for Xbox360 and PS3.

Congratulations to GeoHot. Kudos fly out to XorLoser.

Links

» GeoHot: On Isolated SPUs
» XorLoser: PS3 Exploit – Software
» XorLoser: PS3 Exploit – Hardware
» XorLoser: PS3 and Xbox360 IDA PlugIn
» Hex-Rays.com: IDA Pro

[PS3] GeoHot Hacks PS3’s Hypervisor Protection

Notorious iPhone hacker GeoHot has succesfully circumvented the Playstation’s security system. According to his latest blog entry, he has dumped LV0 and LV1 code, thus allowing him to (theoretically) run code on the processor, bypassing the hypervisor.

The Playstation’s hypervisor is intended to run third party software (like Yellow Dog Linux) on a virtualized level, thus maintaining system integrity and protection of the host system. Within this virtualized environment arbitrary access to certain hardware devices has been disabled, thus allowing only basic access to the graphic processing unit (GPU) for example.

GeoHot seems to have broken the chain of trust. This means he can bypass the hypervisor to directly access hardware like the GPU with his custom code. Anyway he has not released any further information or proof of his work. But hey, it is not anyone, it is GeoHot, so it seems solid.

We compiled some links for people being interested in the hypervisor protection topic.

» GeoHot: Hello hypervisor, I’m GeoHot
» WeboPedia.com: Virtualization – All About Hypervisors
» PS3News: Overview on Security architecture of the PS3
» PS2Dev Wiki: Details about hypervisor functions of the PS3 and Toshiba’s CellEB
» PS3News: A PS3 Game’s Flow of Execution; PS3’s base AIX


Massive Attack: Protection (1995)…

[PS3] Playstation 3 für 190€

Man soll es kaum glauben, aber man kann die meistbegehrte Spielkonsole dieser Welt für unter 200€ bekommen. Es handelt sich hierbei um kein illegales Angebot und auch nicht um ein Angebot, bei dem man selbst von irgendwoher importieren muss. die PS3 steht hier in Deutschland und wird binnen einer Woche versandt. Wir selbst bieten dies nicht an, aber wir haben es auf Empfehlung ausprobiert und es funktioniert hervorragend.

Wie’s abläuft

Der Trick ist, dass durch Quersubventionen für neue Mobiltelefontarife rechnerisch am Ende die Playstation 3 für 180€ übrig bleibt. Faktisch schließt man zwei Mobiltelefontarife ab und bekommt dafür sogar noch zwei Handys dazu. Die sind nicht besonders umwerfend, aber es geht ja ohnehin nicht um die Handys, sondern um die PS3. Folgende Konstruktion kommt hier zum Tragen. Wir haben das Ganze der Einfachheit einmal beispielhaft tabellarisch dargestellt:

Grundgebühr pro Vertrag
Laufzeit in Monaten
Anzahl der Verträge
Gesamte Kosten
15,00€
24
2
720,00€
Gesamte Subventionierung
./. 11,00€
24
2
./. 528,00€
effektive Kosten
4,00€
24
2
1 9 2 , 0 0 €

Die Zahlen sind nicht ganz genau und demonstrieren nur die Funktionsweise der Subventionierung. In Wahrheit ist die Erstattung sogar noch ein wenig höher und die Grundgebühr ein wenig niedriger. Übrigens gibt es neben diesem Angebot auch die Möglichkeit eine XBox 360 über eine solche Vertragskonstruktion zu beziehen.

Wie kommen Sie in den Genuss dieses Angebots?

Sehr einfach. Klicken Sie einfach einmal hier :-).

Update 01.07.2008: das Angebot gibt es leider derzeit nicht mehr.

[PS3] Infectus Chip downgrades Playstation 3 Firmware

The first mod chip has been released a couple of days for the Playstation 3 (PS3). It allows installation of any firmware revision you prefer for your best gaming experience, means you can up- and downgrade to whatever firmware you like (see video below). And no: it does not allow playing backups of your games. Even if you could afford a blu ray burner you cannot backup PS3 games currently.

The interesting point is: this chip is platform independent and can also be installed into Nintendo’s Wii or Microsoft’s XBOX 360. Since we don’t know for sure about the legal situation for such a mod chip in our beloved Germanistan, we will not include any links in this article. You know how to find, otherwise you would not be here ;-) Thanks for your understanding.