Some PS3 Scene History

[Pretzel729]

Good morning, afternnoon, night, or whatever time it is where you are. I wrote some history about the PS3 scene and I thought some of you might like a good read

Summary

The Sony PlayStation 3 entertainment system, released November 11th, 2006 in Japan, was a console that most people believed was the most secure system of the 7th generation. It took years to get unsigned code to run on the system with the release of the PSJailBreak dongle. Then months later it was managed to decrypt, encrypt, and sign files with the public and private for use on retail official firmware. Sony response was to release updates that add new keys and blocks the jail-breakers once more, but for how long?.....

Pre-Geohot

Way before Geohot even touched a PS3, the ps3scene didn't have too much to offer. You were able to use OtherOS to play some emulators, but was that really considered homebrew since it was done through an included feature? There was a way to run PS2 back ups using swapmagic and do some physical modification to the BD in a painful process, it didn't last too long. There were many fake posts of people saying you have back ups working, or code running, but no of them ever showed it. It was really hard to believe much due to lots of skeptical posts, all they did was get people's hopes up. The InFeCtuS team had found a way to downgrade from 1.60 to 1.50 using their hardware to flash the NAND, but was blocked in the next update by adding hash checks, it was not mention that much for some time. Mid 2007 the official Sony SDK leaked, that was a big step for us, and help create the legal PSL1ght. The Service JIG was also leaked along with its related documents. A big hint that there is more to the PS3 then the made we play games in. There could be more then just that, a secret mode to 'unlock' the console...(Thanks Ben Jeremy for the info)

Geohot and OtherOS

Now Geohot. Early 2010, he attempts to 'hack' the PS3. He had a motivation of unlocking the RSX and the full power of the PS3 for use in Linux, OtherOS. He also wanted to bring Linux to everybody. The September before, Sony had launced the PS3 Slim. Which DID NOT included the OtherOS option. He knew it wasn't an incompatibility issue, it was rather for protection of the system instead. He did not condone priacy in any way, so get that out of your mind, he was all for Linux. To achieve his goal, he had found a way to glitch and dump the memory. Involving some soldering to softboot the PS3 and keep the RAM alive, then dumping the RAM using OtherOS. Was this exploit a step in the right direction? Maybe. But Sony didn't want to wait and see, so their response to protect the PS3's security was to put live update 3.21, which removed OtherOS from the Phat models, on April 1st, 2010

PSJailBreak

August 18th a video surfaced. http://www.youtube.com/watch?v=4jOEb...layer_embedded A simple "plug and play" solution. Plug in and play with the included simple back-up manager. People were really curious whether this was real or fake. I remember reading all 100+ pages of this thread some where late Aguest/early September. (Crazy, I know) Well after a couple days respectable sites received sample dongles and confirmed they were legit. PSJailbreak was up for preorders, for ~$150. The shipments were then delayed due to Sony taking PSJailbreak to federal court in Australia which banned all PSJB products from being sold in Australia.

Clones of the dongle began showing up like horny rabbits, for just a faction on the price! Then the free solution appeared. PSGroove(made by Mathieulh and others(?)) Open-sourced alternatives to PSJB and other dongle clones, soon to be ported to a list of many devices like Teeny boards, Dingo, Android, iOS etc...

By then Sony had already launched firmware 3.42 which had blocked out unauthorized USB devices from being used on the PS3. So JailBreak users would be out of luck for getting online until spoofing methods came up. All that was spoofed was the firmware version and Wa-La You could sign-in. Sony had to block them from accessing PSN once more so Sony took PSN down for maintenance. Once it came back online, people with spoofed PS3s got an error upon sign in. At first they thought they were banned, but it just turned out PSN had new protections. So once again JB'ers where stuck without PSN.

Sony released firmware 3.50 and new games that launched around that time required 3.50 or higher firmware to be played so you wouldn't be able to play great hits such as Gran Turismo 5 on your jailbroken PS3. No one had a solution to play those games. You had a choice to either keep your Jailbreak, or update and play your precious Gran Turismo 5 game online.

PSDownGrade

On November 12th a website appeared. psdowngrade.com PSDownGrade was from the PSJailbreak team saying that it can be used to downgrade from 3.42 and beyond,,, Provided by a software update exclusive to PSJB owners. Maybe it was their so called solution for playing the latest games. Upgrade, play, downgrade. As that was going on, Greg over at dashhacks began a $500 for an open-source downgrading solution. I remember an open-sourced project in the works right here on psx-scene called PSGrade. Everything was complete except for one thing, they were missing the USB authentication keys. The creator of PSG(Zaxis?) knew how to obtain the keys, but it required a 3.15 Phat PS3. One brave soul agreed to volunteer his PS3 and attempted to do the mission. He lost his PS3 during the process and was so close to getting the keys. Then many JB clones had released an update for their dongles that allowed to be used for downgrading. But firmware 3.55 came out, and downgrading was blocked. But one day after 3.55 cam out KaKaRoTo won the bounty for PSFreedom, and decided to give the money to graf_chokolo. So from their it was ported to Teensy, Calculators, phones, etc. So those how waited that horriable 24 hours were blessed with a free downgrading alternative(ME!!!) But like always, ignorant people updated their consoles and were begging for another solution, so wait we did....

PS3's Security

That December 27th the CCC 'hacker' conference was held in Germeny. That is where Failoverfl0w "opened" the PS3. It was very informative. It described the system's security and the "chain of trust" in great detail. How the PS3's secureness wasn't as great as we thought. And they talked how we can algebraically solve for unknown variables with known ones to retrieve the private keys to sign our 'unsigned' code. Having no difference between our code and Sony's. They had a demo PS3 Slim running Linux. They original planed for it to run Linux through software, but had to hardware flash it since they were experiencing some technical difficulties hours before the demo. They released many tools they help build CFW including the PS3 keys and related things. Here is a link to the conference http://www.youtube.com/watch?v=4loZGYqaZ7I

Custom Firmware

Then in January Geohot out of no where posted a video. It was of his CFW. It just included the install package files folder which only allowed signed .pkgs to be installed. He also released his POC homebrew. "Geohot does homebrew" All it was, was a jpeg saying. "Sup dawg, it's geohot." He said that he doesn't condone piracy and he will release the files to sign pkgs in a couple days. Geohot' CFW was the first CFW, actually acouple days before geohot, KaKaRoTo had relaesed a CFW thatadded the "install package files". Acouple days after Geohot's video he released the tools to sign .pkgs All the packages from 3.41 had to be signed one by one for 3.55. I remember this one guy in this one thread doing request for people when it first came out and all the MW2 hackers were waiting for a sign blackbox FTP for their patches So homebrew was signed. it would run, but backup managers didn't have the required 'peek&poke' calls need to perform their tasks, because Geohot didn't include that on purpose because of piracy. So you we had to patch lv2("OMGOMGOMG DON'T PATCH LV2!!!!!!!!!!" )

Well after that wutangrza released a CFW and so did waninkoko (within hours of each other, wutangrza getting it out first) Wutangrza's CFW DID NOT have patched lv2, but Waninkoko did, But the bad the about Waninkoko CFW was that it bricked all 256 NAND PS3s, that's where the term "Waninkoko Brick" came from, plus that CFW also needed specially sign packages. And because Wutangrza didn't have lv2 patched, people need a way to play their 'back ups' So Kmeaw made Lv2Patcher.pkg. (OMGOMGOMG LV2PATCHER!!!!!)Which patched lv2 and allowed 'P&P' till next reboot. Kmeaw also made his own CFW which is what most of us used today. It had install package files, app_home, LV2 patched, P&P, basically everything at the time. NOTE: since these packages are signed. they work on OFW (3.55) So you didn't necessarily need CFW to RUN homebrew (one 3.55)

Sony tries to block JB'ers

THEN 3.56 CAME ABOUT!!!!!!!!!!!!!!!!!!!!!
It had new keys, And we can't used the static random number to algebraically solve for the missing variables. None of our homebrew works on 3.56+ except for "test.pkg"(geohot homebrew POC) and "lv2diag.self"(geohot LV2 'helloworld') And also we can get into service mode, but if you do, you will be stuck there since we can't get out. And it once again blocked CFW users from PSN(after the DNS tricked weared out)
Rms, Adrianc and Kakaroto were able to retrieve the public keys for 3.56. Public keys are used for decrypting, and private keys are used for encrypting. So we can study files closely, but we can't sign them.
And around this time: Geohot gets sued by $ony. Rebug 3.41.1 comes out. Waninkoko V2 comes out. 3.56.2 OFW which fixes a harddrive brick they made. Thousands of people are permabanned from Black Ops for doing a 15th prestige eboot hack. Signed lv2diag.self for downgrading from 3.55.

February. Sony sues more devs and a linux heavy month. AsBestOS for 3.55CFW comes out and graf_chokolo (Thank you man for all your hard work) starts his project bringing back OtherOS, OtherOS++ His house then gets raided by police and his equipment get confiscated, then gets raided again!!!! Then an "advanced" way of getting onto PSN shows up, called F*CKPSN() Useing that program on your PC and adding a certificate on your PS3's Dev_Flash and using your PC as a proxy for you PS3. Then easier ways, to the user, are made. ITA CFW and rebug spoofer make the process 'automatic'.

Then with 3.60 comes out about now. It was a pretty ''nice' update internally'. All the loaders were moved into lv0, so it made things harder for us. (Thanks Adrianc for the info) As for the common user, it was Sony's normal add security patch plus a cloud saving for PS+ users. As with other new updates, the DNS trick comes back like always for ~ a week.

March, slowly, PS3scene news dies down abit. Then a 'real' 3.60 CFW pops up on Ps3 3.60 custom firmware (jailbreak) - YouTube but is pointless because it was never going to be released. And around this time Math starts being his ****y little self again (: Saying he has code running on 3.60, and give us vague technical hints to obtain keys. And at the end of the month, Cheat dongles and Cobra dongle are announced for 3.41. With Cobra having many new, amazing features, EXCLUSIVE to the dongle(even now) for ~$40
^That's around the time I got bored of PS3 so I traded my slim 3.55 CFW (no HDD) for my friend's slim 3.56.2 OFW (yea HDD) + $35. then sold it for $165 with one control, cables, MW2, and 120gbHDD. I made a $9 profit I bought it last September for $191. Then I bought my first pair of Air Force Ones

April 1st 2011, $ony launches a new ToS, Rebug 3.41.2 and 3.55.1 come out and we find a way to play on the DEV PSN servers, with the potential to do damage to the equvilent RETAIL PSN account. And are able to add 'fake money' to 'purchase' all the items off the PSN store. and early that month Anonymous starts there DDoS attacks on $ony. PSN gets errors due to the attacks. Mid of the month PSN goes down for the next month+ PSN info stolen, DoB, name, Credit Card number, and more! Then rumors of a new "hack proof" PS3 Slim being in the works...

May, PSN still down. Math mentions QA flags, which starts a month long thread trying to figure out how it is done. With hits from Math and an 'anonymous' leak of info and the button combo. OFW 3.61 is released and PSN is restored with a "welcome back" plan. A password recovery page is set up on playstation's website. Then an exploit on it is found that had the potential to take over someone's account with little know info.

Stuff dives down, slowly we grow

3.65 OFW is released, nothing new, then 3.66, still nothing new. Then people randomly remember about infectus to hardware downgrade their 3.56+FW PS3s. Rebug 3.42.3 and 3.55.2 released. Then a way of logging in to PSN with it pops out, but is useless because you weren't able to play online or see the store. And more NAND flashers pop up, and it is figured out that we could use a Teensy++ for NOR PS3s. And now, DualNAND hardware flashes are in the works. And Cobra 3.55CFW is released so you can use in on 3.55 to play some games without editing the pam.of(whatever it's called) Then we find a way to disableCinavia. The new 300A models are now shipping to stores and 3.70 OFW is released. Then yea, here we are.

If there is anything anyone wants to add or correct just post. Hope I informed you guys. Took me acouple hours writing and researching all this information, You better like!

[tthousand]

I am thinking about it. Great read so far, I am only just started.

EDIT: Well done indeed

[Pretzel729]

Thank you

[indirect76]

Great post. Very informative for those who haven't been here from the start. Should be required reading before you can post.

[adrianc]

3.56 did not have the loaders inside lv0, this was introduced in 3.60.

This is how rms, myself and kakaroto were able to get the 3.56 pub keys.

-adrianc

[Ben Jeremy]

IIRC, Geohot's motivation for hacking the PS3 using a memory glitch and Linux (around March 2010 timeframe) was to access the RSX and harness the full power of the PS3 for Linux users, as well as research how to bring Linux back to the systems that had been "updated".

I think this is important in context, since many in Sony's camp would have people believe otherwise (that he was just doing it for piracy).

It also might be mentioned that the memory glitch was probably what enabled the developers of the PS3 Jailbreak to create the device in the first place, along with the leak of the Service Jig and related files and documents (sometime around mid-2009? Maybe earlier?).

The leak of the Service Jig stuff was also significant in the PS3 scene, hinting at a magic key that could unlock the console. It wasn't all THAT magical, but did put toes in the door for the Jailbreak exploit to work.

[tthousand]

Thanks to everyone chiming in on this. Your support is appreciated, and I hope the author makes this looks pretty too

[Pretzel729]

Added the information Ben Jeremy and adrianc gave and added credit next to it.

[tthousand]

Looking real nice. Thanks again!

[purp987]

Great post indeed. I just got my first ps3 slim and had been trying to find answers until I found this website! I'm pretty bummed from missing all the fun by a couple of months lol. But still better than a 360.
Off to find a teensy++