Hello Hypervisor - I'm Geohot

[garyopa]

NEWS FLASH

With big bold claims that he has DONE IT!
What noone else has done so, up to this point!
HACK THE PS3!
Full access to the Hypervisor, complete dumps have been made by him.
---------------------------------------------------------------------

It all started a few days ago when GeoHot (aka George Hotz), which did some amazing iPhone hacking in the past, started playing around with the PS3 late last year, after many trials and errors, and dead-ends, he finally built a amazing (picture-wise below) piece of hardware to try to override the start-up of the PS3 hypervisor via the currently unlocked SPI interface.



You can view the major increase in comments over at his blog (http://geohotps3.blogspot.com)!

Thanks to modrobert over at EurAsia, for bringing the original SPI progress news to my attention.

UPDATE: This just in! --- "We are investigating the report and will clarify the situation once we have more information," said the statement issued by Sony when contacted by "Inc Gamers" regarding Geohot's hack!

[Gradius]

Yeah, MMIO don't wanna works with SPI.

[EJM]

The latest update to his blog says that he did it. Pretty cool that someone finally figured it out.

[Peppers]

cool, I guess I got me a ps3 just in time.

[xiaNaix]

Don't expect a public release of any information.

[Peppers]

yeah i know....

[JNABK]

Im sure the world will wait a little longer for it. Heres his latest blog report for those who havent seen it:

Quote:

I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me, as I now have dumps of LV0 and LV1.

3 years, 2 months, 11 days...thats a pretty secure system

Took 5 weeks, 3 in Boston, 2 here, very simple hardware cleverly applied, and some not so simple software.

Shout out to George Kharrat from iPhoneMod Brasil for giving me this PS3 a year and a half ago to hack. Sorry it took me so long

As far as the exploit goes, I'm not revealing it yet. The theory isn't really patchable, but they can make implementations much harder. Also, for obvious reasons I can't post dumps. I'm hoping to find the decryption keys and post them, but they may be embedded in hardware. Hopefully keys are setup like the iPhone's KBAG.

A lot more to come...

[ps2stuff]

OMG the crazy son of a bitch actually did it he's hacked it.... wow bring on full access hopefully its possible

[Peppers]

To be fair what he did was gain read/wright access, nothing is hacked at this time, although good work and interesting to read.

edit: misread he dose apperintly have full access to the processor.

[garyopa]

Original thread regarding the Geohot's SPI playing, has been updated.

Everyone can stop PM'ing me. -- It is now front page news here.

Of course it is front-page news everywhere, going to watch 11pm news,

And see if they mention it there, as it already hit some online newspapers!

[woore]

Nice to see we are still alive. I dont think Sony is going to be happy. but then again

[barf]

I am dying to try

MacOS 9.2.1
Linux in full

[shagster]

5 weeks!,that guys a genius
Cant wait to see how the ps3 handles mame,hardware unrestricted

[Gradius]

Grats to him, he did it in few time.

What he needs to do is figuring out the crypto scheme used for updating firmware, once the system is defeated, it will be possible to flash a cracked/hacked firmware on any console and version (so far).

I wonder what's coming next.

http://3.bp.blogspot.com/_NJ4JFBfr1t...-h/iglitch.JPG

Comments about the link above:
"If you are able to hack the PS3 through Linux, something is wrong with the hypervisor, at least from what I have read, however maybe you are able to analyze some data from hardware that way...

From what I understand the hypervisor to be it’s shuts down the services that are not available to the chosen mode; rescue, dev, regular user, test user, OtherOS".


George Hotz: "I'm less opposed to piracy on the PS3 as I am on the iPhone. Obviously, it must not hurt the game manufacturers that bad, or they wouldn't continue to release PC versions of games. And if a modchip is required, that will eliminate a huge chunk of would be pirates. If you are willing to open up your system, learn some electronics, and solder, perhaps you deserve free games. I hate the tools who download blackra1n then ask me where their free apps are, and wish Apple had better DRM, which none of the top guys in the iPhone scene would touch.

Who cares about the strength of the encryption? Systems don't get hacked because the designers chose 1024-RSA instead of 2048-RSA, or 128-AES instead of 256-AES. If the system can decrypt it, you can decrypt it.

And yes, your understanding of the hypervisor is correct. If it's working properly, it shouldn't give me access to the resources I want...but thats what the hardware I add is for, to make the system not work so properly at exactly the right time."

[amp2006]

well hope this one is real because i read this is the guy who unlocked the Iphone in hardmod. and i am sure once its done the rest is easy .

[snake3]

I hope there is no soldering to IC legs

[barf]

Quote:

Originally Posted by amp2006

well hope this one is real because i read this is the guy who unlocked the Iphone in hardmod. and i am sure once its done the rest is easy .

He is good.

[noetikos]

i' am exited to hear that the PS3 has most likely been cracked!! geohot commented in his blog that his next task is to reverse engineer certain essential aspects of the console. he also said in theory, that the exploit is not 'patchable' (nice!). so it could that sony will not be able to easily release a mandatory firmware update to patch any leaks as it was done with the PSP via software.

this guy hacked the iphone which means that he has a good reputation that could back up his claim. this guy defitely blows the creator of the infamous hoax of the seeming z-pack game loader to smithereens!!!!!

i wonder which PS3 model geohot cracked? also, i'm thinking of not updating my PS3 to future fws if this hack is genuine. geohot did mention that the PS3 had an 'efuse' just like 360 has. i hope that sony won't try to start blowing fuses with fw updates just as microsuck started last year in august.

[Peppers]

I would hope a modchip team is paying attention and is working on there own version of this even now.

[Vegeta]

Quote:

Originally Posted by xiaNaix

Don't expect a public release of any information.

Which means no homebrew for the public or will he (Geohot) release the info to some modchip maker to make a modchip?

[yoshi314]

Quote:

I would hope a modchip team is paying attention and is working on there own version of this even now.

i hope that more than one does. otherwise we (or rather, you - i'm not planning to buy a ps3 any time soon ) can expect ridiculous ripoff prices.

i do hope this will allow to run linux on slim, and allow it to access hardware more directly.

[Vegeta]

Quote:

Originally Posted by yoshi314

i hope that more than one does. otherwise we (or rather, you - i'm not planning to buy a ps3 any time soon ) can expect ridiculous ripoff prices.

i do hope this will allow to run linux on slim, and allow it to access hardware more directly.

Softmod, if possible or even a DIY install like the 360's JTAG would be even better but time will tell.

And yes, Linux on PS3 Slim would be great but what I really want to know is if the hack Geohot has found is even possible on the Slim.

[und0]

Quote:

Originally Posted by noetikos

i wonder which PS3 model geohot cracked?

For sure not a "slim" model.

[Dante_Must_Die]

I never post! But this is really good news!

[yoshi314]

Quote:

I really want to know is if the hack Geohot has found is even possible on the Slim.

i doubt sony would re-invent its security system for new iteration of a console. especially that it hasn't been hacked so far.

when it finally does, they will start making changes in hardware/cpu, just like they did with psp.