Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PS3 Exploits - Liberation or downfall, you decide.

  • 18-01-2011 1:51pm
    #1
    Closed Accounts Posts: 33,733 ✭✭✭✭


    In an effort to clean up the current PS3 exploit scene in my own head, I thought maybe a thread would be a better way of doing it. I'll attempt to detail the five month history of PS3 exploit endeavours in a brief & simple post. Fell free to point out any mistakes, I'm no programmer, coder or dev, and everything I know & understand is from reading what's publically available.

    September 2009 - Sony release the PS3 Slim, a more cost effective production solution from the point of view of Sony. The console is smaller, much the same way as slimmer versions of the PS1 & PS2 were released during their life cycle. PS2 backwards compatibility was removed, but more importantly, OtherOS was also removed. This was an indication of Sony's planned direction for the older PS3 model also, as having different firmwares for different revisions of the same console would not be viable.

    Late 2009 - George Hotz (GeoHot), a well known hacker/dev/coder in the iPhone scene annouces his plans to investigate the security system of the PS3 with a view of having Linux available on all console revisions. While his motives may or may not be entirely that (he does like to boost his ego somewhat it seems to me).

    January 2010 - GeoHot reported he was successful using Linux under OtherOS. GeoHot claimed to have full access to the PS3 Hypervisor (LV1), which essentially is the boss of what's permitted to run on the console. The hack in his own words was messy, requiring additional hardware & actual opening & modification of the motherboard components. While choosing not to release to details of this for widespread use, he does vow to clean up the hack & adapt it so no additional hardware is needed, likely releasing that one to the public.

    March 2010 - Sony release firmware 3.21, removing the OtherOS function from all existing PS3 platforms. There is a big outcry from this, some blaming GeoHot for putting OtherOS into the spotlight, others blaming Sony for removing a feature that was used as a selling point of the PS3. Sony cite the removal reason as a security concern, others suggest that given the slim and fat models share a unified driver & firmware system, that it was inevitable for OtherOS to be removed eventually.

    April 2010 - GeoHot announces he will release a CFW (Custom Firmware) 3.21, with OtherOS enabled. Many people await eagerly, & his blog was often down due to traffic.

    May 2010 - GeoHot announces he is stepping down from the PS3 dev scene, citing the reason as too many people demanding from him, & he didn't like the attitude towards himself in general from people.

    At this point there is a big lull, & no developments are made from an exploit point of view. Additional firmware updates are released by Sony in that time, bringing us up to FW3.41.

    September 2010 - A report from psx-scene & a youtube video, show a new usb device capable of running unsigned code on the PS3. Called PSJailbreak, features internal processing abilities, and was found to imitate the official Sony Service Jig. This jig is used in Sony service centers, is used for various official functions. The jig was likely leaked & reverse engineered by a group, who were able to replicate some of it's functions & add some of their own. The product came with a hefty price tag (AU$170), but sold en masse. The device came with software called Backup Manager, which allowed one to read the contents of a game disc to the PS3 hard-drive (internal and external), and then play that game without the need for the disc any longer. The USB device had to be used on the PS3 every time the console booted, and even then, the console had to be booted via a special sequence of power & eject in order to look for the emulated jig on boot.

    Homebrew started to trickle out at this point, FTP managers, file browsers, nand backup tools & other managers were released by independant coders.

    October 2010 - Sony release FW3.42. The emulated jig no longer functions, & new game keys are added to the firmware in order to prevent people from modifying the game files to run on 3.41. Several unscrupulous makers of PSJailbreak type clones, falsely claim that their new upcoming product will get around the new restrictions. Many people pre-order & order these devices.

    Graf_Chokolo announces he can now decrypt eboot.bin files (the files which amongst other things, contain operating parameters for whichever game they belong to) though not yet game eboot.bin files. Various other dev's & coders look at 3.42 in detail, in an attempt to replicate the 3.41 exploit.

    November 2010 - The PSJailbreak team announce PSDowngrade. The first homebrew downgrading solution for those who were on 3.42. Again, this device came with a premium, & so started attempts to reverse engineer PSDowngrade into a free form for people. PSGrade was announced by a homebrew coder called zAxis, but it lacked the vital dongle master key, needed to send the PS3 into Service Mode, which allows installation of any firmware revision. He belived the code could be retrieved through a PS3 on FW3.15, under OtherOS. Eventually the key was retrieved & integrated into PSGrade, enabling anyone to downgrade from 3.42 at will.

    FW3.50 was released, downgrading was prevented. Again there were advertisements of new devices which could allow downgrading of 3.50. Again people bought them, & again people were let down.

    December 2010 - FW3.55 was released, followed very shortly by a report of something new which would be unveiled at a hacking conference. The something new was called fail0verflow. What it was, was a group of coders/dev's had successfully manager to calculate the PS3's master codes, all of them, through a flaw in the way the PS3's security system was designed. Put very simply, when asking for code validation, the ps3's return answer was always the same, where it was supposed to be completely random. E.g = 2 + x = 4. If you can figure out x, you've broken that security system. The PS3's equation is many many times more complex, but you get the picture.

    January 2011 - GeoHot returns to the scene, releasingthe Mtldr key. A key used for signing various things, such as game eboot.bin files. Now game eboot.bin files can be decrypted & resigned for other firmware variations. He follows this up with the first PS3 CFW. USB dongles are no longer required, although in 3.55 there are new security measures, which prevent the use of syscalls being implemented. This essentially means things like redirecting the mounting of BDROM to a folder is no longer possible. This is quickly bypassed, in Waninkoko's CFW (which currently is not comptaible with Phat PS3's), and Wutangrsz's CFW, although the latter still needs additional work in order to run various managers.

    That's it in a very small nutshell at this point.


Comments

  • Registered Users, Registered Users 2 Posts: 8,584 ✭✭✭TouchingVirus


    Great summary of the current state of the scene though you forgot the mention of AsbestOS :)

    I'll add more thoughts later including whether I see it as liberation or downfall, but I'll tell you here and now I think it's the former.


  • Closed Accounts Posts: 33,733 ✭✭✭✭Myrddin


    Great summary of the current state of the scene though you forgot the mention of AsbestOS :)

    I'll add more thoughts later including whether I see it as liberation or downfall, but I'll tell you here and now I think it's the former.

    If you wan't post up the things I've missed out on, & the appropriate place in the timeline - I'll then add them into the main body of the original post, so that it's not fragmented :)


Advertisement