Geohot has released his PS3 exploit to the masses… This particular exploit is for research purposes only; it won’t serve the average user any real purpose. So now it’s on you — all you hardcores out there.
A couple things you should know:
Once you’ve soldered the appropriate connections (see pokemehere.jpg) and have loaded whatever Linux distro with OtherOS, you’re all set… Download the exploit below and:
Compile and run the kernel module.
When the “PRESS THE BUTTON IN THE MIDDLE OF THIS” comes on, pulse the line circled in the picture low for ~40ns.
Try this multiple times, I rigged an FPGA button to send the pulse.
Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!!
If the module exits, you are now exploited.This adds two new HV calls,
u64 lv1_peek(16)(u64 address)
void lv1_poke(20)(u64 address, u64 data)
which allow any access to real memory.The PS3 is hacked, its your job to figure out something useful to do with it.
Download: geohot’s PS3 Exploit
- source: geohot’s blog
Comments (311)Update: One more update… And really, you should just go to geohot’s blog to see what’s up… He’s released some code for people to start playing with… Install OtherOS and have it.
Update: Geohot has shared a little status update concerning his PS3 hackjob… But first, know this: 1) Don’t expect any tool to be released by Geohot himself; 2) This hack does not work on the PS3 Slim; 3) The plan is to [hopefully] find and post the PS3 decryption keys so other hardcores can partake in the PS3 hacking fun. So thus far, here’s what’s up… To quote Geohot –
I have added two hypercalls, lv1_peek and lv1_poke. peek reads memory in real space(including all the MMIO), poke writes it. I can also add other arbitrary hypercalls as I see fit.
The hypervisor is complicated, it is written in C++ and is PPC, which I am not that familiar with yet.
Some people pointed out that I have not accessed the isolated SPEs. This is true. Although as far as doing anything with the system, it doesn’t matter. The PPE can’t read the isolated data, but it can kick the isolated SPEs out. Decrypt the PPE binary you need using the intact SPE and save the decrypted version. Kick out the SPE, and patch the decrypted version all you want. And interesting note, by the time you get to OtherOS, all 7 working SPEs are stopped.
Despite this, I am working on the isolated SPEs now(which I can now load).
Again, I suggest you keep your browser locked and loaded at Geohot’s PS3 blog. Much respect, George.
In yo face! Straight from Geohot himself… You know, the first person who successfully unlocked the iPhone, has again outdone himself: he’s hacked the PS3. Oooh — that must feel good.
Read it and weep… To quote Geohot verbatim –
I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me, as I now have dumps of LV0 and LV1.
3 years, 2 months, 11 days…thats a pretty secure system
Took 5 weeks, 3 in Boston, 2 here, very simple hardware cleverly applied, and some not so simple software.
The exploit itself isn’t released yet, but if you take a look here, you’ll see what’s up. It’s legit.
Stay tuned… Big things ahead. And you know that!
- source: geohotps3
Comments (250)You know, I had a real good time kicking ass two weeks ago when we ran our Tekken 6 / Fight Night Round 4 contest, and I thought, hey — lets do it again this weekend. Only this time: Modern Warfare 2!
So to keep it active, we’re gonna call this:
Shit’s simple:
What do you win? A license key ($60 value) to some pretty dope Windows software called, AudialsOne. What’s it do? All this:
Sounds awesome, right? It is. You may download a trial version of AudialsOne here to see what I’m talking about.
2nd and 3rd place runner-ups will receive a complimentary Dashhacks T-shirt.
We’ll keep you updated via Facebook and Twitter.
- source: dashhacks
Comments (15)Forget the PS3 keypad… Turn any Maemo-powered device into a Bluetooth keyboard/mouse combo with BlueMaemo. It works like this: you have a PS3 or PC running Windows, Linux, or Mac OS X. That PS3/PC is Bluetooth-ready and supports the HID Bluetooth profile. You have a Nokia Nseries phone with BlueMaemo loaded and look at that — you’re in control.
You can read more about the Maemo platform at maemo.org.
Download BlueMaemo at valeriovalerio.org.
Comments (18)It’s optional, but if you got two PS3’s like me, you’ll want it… Firmware 3.15 lets you transfer PS3 data from one to the other as detailed here.
PS3 Firmware 3.15:
*Some games from the “minis” category may not be playable on a PS3™ system.
Download: PS3 Firmware 3.15
Comments (45)To tell you the truth I didn’t really like Dragon Age Origins, but I put a shit load of my time into it… The game felt so linear in it’s options of what to do next like I was just reading a choose your own adventure novel, no open world feel. You’re always being pushed along to the next thing THEY want you to do and you HAVE to talk to soooo many fucking people… blah blah blah blah… At first it was interesting in that it added depth to the story and characters but I to start skipping all that bull shit dialog and boy am I glad I did, I must have saved myself 20 hours of not listening to inane chit chat.
Update: Oh wait, nevermind… I see Facebook now. PlayStation Network -> Account Management -> Facebook.
Update: All right… So where’s Facebook at? I don’t see anything in 3.10 for setting that up… Anyone? What I do see: you can change the colour of your profile box.
Out now… Get it, get it… You got too. It’s mandatory.
Main Features Revised in System Software Version 3.10
…so says the official update; however, I believe this adds some type of facebook integration too… Updating now.
Download: PS3 Firmware 3.10 (Coming Soon)
Comments (60)Current ORP Bounty: $1,515.
Update: All right; ORP the Bounty Hunter here… Dashhacks will put $1,000 towards the bounty, and should you want ORP on the iPhone as much as the next guy (or girl to be politically correct), then feel free to donate using the PayPal button below. The first person to deliver a working ORP iPhone client takes home the whole she-bang — $1,000 + all donations.
Are you a developer? Do you have skills? What about an iPhone: you have one of those? If you answered yes to all 3 questions then boy, do we have something for [one of] you…
Dashhacks is putting out a bounty… Be the first to port Open Remote Play (ORP) to the iPhone, creating a fully functional touch-enabled ORP experience, and get paid $1,000 CAD. That’s 10 cold hard Canadian brown skins.
The heavy lifting is already done… Check my main man, Dashhacker; he’s got the key to success over at the Open Remote Play project page — code and all.
Bounty rules and stipulations:
All right… You good? Good. Be the first — it’s success and nothin’ less.
svn checkout http://open-rp.googlecode.com/svn/trunk/ open-rp
Related links:
open-rp project page | dashhacks | iphone-hacks
I vaguely remember (so maybe I’m wrong) some PSP SFO editor or unpacker or something… Something that essentially paved the way for complete PSP hackage… Anyway, this isn’t the PSP obviously or else it’d be hacked by now… This is Hellcat, RichDevX, and SilverSpring’s PlayStation 3 System File Editor. And who knows — maybe it’ll get shit crackin’ too.
PS3 SFO Editor won’t serve the average Joe any real purpose, not yet anyway… But should these low-level dudes end up successful in their quest to hack the unhackable, then that’s a different story.
Download: PS3 SFO Editor v0.80
- source: RichDevX on Twitter
Comments (141)This just in… PS3 Firmware 3.01 has been released.
Eric Lempel writes –
…PS3 system software update 3.01 is now available for download. This is an optional update that improves system stability during use of some PlayStation 3 format software.
Darien217 provides some input too –
As for gaming Uncharted Drake’s Fortune appears to be working again, as it stopped working properly after firmware 3.00.
Anyone else?
Comments (139)
