PS3: SKFU's Exploit Loader + POC 0.1

[garyopa]

Over at http://streetskaterfu.blogspot.com/ he has released a neat little "Proof of Concept" program for the PS3 to act as loader of 100% PS3 code, using a "script" exploit from the PS3 custom theme feature. -- Anyhow to better explain it I use SKFU's words from his blog:

So here is the result of the simple idea. The first code which is 100% PS3 only compatible. No flash, no bd-java or similar. The actual exploit is not finished. This is just the loader you will need and a proof of concept of the method used to load it.

This is a beta version of the POC as I'm too tired to finish it now but I don't wanna' let you wait so long. Here you go:

How 2 Use:

1. Install loader.p3t like a common theme file.
2. Put loadme.fu on an USB stick's root dir.
3. Insert USB device into any PS3 USB port.
4. Enable the theme you just installed before.
5. Hello World.

How It Works:

The PS3 theme file is able to load the loadme.fu script from any USB port. The script is executed. The "loader" is for future-use as well to load any .fu files which I'll release.

What it is and what not:

Some of you may expect a little bit too much out of this. The code used runs in a very restricted area. Currently we test how far we can go into direction "overflow" and system param's we can access.

So far it's possible to command the script a bit via system parameters like the clock. The clock can be used as provider of input, for example to command simple textures in different directions or similar.

This is no exploit yet, if you may have missed that statement in the prior post. It's just a way to load scripts via USB now.

Further tests will show us what is possible at all. The information needed was given to several more devs so they can take part in the action.

I guess now Sony will have to disable the "custom theme" feature on their next firmware update, in the meantime find attached SKFU's POC v0.1 file!

[M tha MaN]

Perhaps this is just a dynamic theme ?

If not it's great!

[walidahmadi]

yeah! I think the same way as well.

But still a move in the right direction.

[yoshi314]

i don't have a ps3 so i don't know what happens when using this.

i wonder what kinds of xmb tweaks can be achieved with this.

[amp2006]

I guess now Sony will have to disable the "custom theme" feature on their next firmware update, in the meantime find attached SKFU's POC v0.1 file!

why they would do that .this method is not exploit or anyway to use a way to use backup or homebrew, right ?

[yoshi314]

why they would do that .this method is not exploit or anyway to use a way to use backup or homebrew, right ?

because sony is paranoid. we can be certain that the patch for it will be on included in the next update.

[amp2006]

well nothing has been done lately on hacking PS3 they are either fake or other incompatible progress like Geohot method about OtherOS .and Sony always is a step ahead of us.
so in this case i think Sony is winner .

thats what i think

[garyopa]

why they would do that .this method is not exploit or anyway to use a way to use backup or homebrew, right ?

Neither was the silly Geohot "button-mashing" of a data line to get the PS3 hypervisor to crash, this is just another form of the same thing but it uses the "custom theme" script to cause a crash, just like one of the early "photo" bugs.

Anything it seems matters to the Sony big security brass, even if it does nothing useful, it will get "plugged" ASAP by Sony, so I am sure this will be also.

I can just see if they force everyone to have standard XMB icons and backgrounds due to this, alot of people will be crying the "blues", just like when "Other OS" was removed.

Besides, guess what in Sept. the XMB is being re-tooled with a mass update to support the function and browsing of the XMB menu using the Playstation MOVE, so I am sure the whole "custom theme" thingie will need to change anyway for this big XMB "Look&Feel&Design" update.

[KICKinYaFACE]

The exploit doesn't start up when i choose the theme. I have installed the newest Firmware. What is wrong?