back to article Once impenetrable PS3 cracked wide open

The first hacker to successfully jailbreak the iPhone says he has pulled off yet another modding marvel, this time penetrating the previously impervious PlayStation 3 gaming console. The hack by 20-year-old George Hotz, aka geohot, is significant because the PS3 was the only game console that hadn't been hacked, despite being …


This topic is closed for new posts.
  1. Yet Another Anonymous coward Silver badge

    Why is this necessary?

    I paid for a Wii (the wife wanted the fitness game)

    Apparently I can't hack this model to play movies because they fixed the loophole.

    Why? I don't want to hack it play pirate games - I don't really want to play any games!

    But if you let it run XBMC/Mplayer natively I would buy another for the bedroom.

    If you let it run skype I would buy one for my parents.

    Why aren't the makers building this in?

    Are sony afraid of undercuttign their DVD player business?

    What are Nintendo afraid of, undercutting BT's international call business ?

    1. Anonymous Coward
      Thumb Down


      *Maybe* consoles are usually cheaper than equivalent PC or other systems, because the manufacturer wants a low 'entry-price'. They're not interested in you buying the console. They're not selling you a console. They are selling you a ticket, which will allow you to spend countless dollars of money of stupid games you don't actually need, without you realizing it.

      Obviously, if the console gets hacked, you can use it pretty much as a normal PC system - and as I said above - it would cost you less as such. Therefore, if you make it do what YOU want, the manufacturer looses money.

      Another reason why I won't ever buy such a console.

      1. Annihilator

        Re: Huh?

        "Obviously, if the console gets hacked, you can use it pretty much as a normal PC system - and as I said above - it would cost you less as such. Therefore, if you make it do what YOU want, the manufacturer looses money."

        By your logic, the PC games industry doesn't make any money? Funny I didn't think that was the case.

        1. Anonymous Coward
          Anonymous Coward

          Different Pricing

          PC games cost less than they do on consoles, simply reason for this is the markup the console makers stick on every game sold.

          With piracy could argue that the majority of people that do it would never of bought the game in the first place, so games publishers dont lose any money from this type of piracy. Consoles are sold to start with at a loss and even after a couple of years the profit is very small, the money is made from games sales so if someone buys a ps3 to pirate games even if they had no intention of ever buying a game they will have cost Sony money.

      2. Anonymous Coward

        Double Huh?

        You say they are not selling me a console but a ticket to spend money on games. Well, in that case that is one hell of a ticket. Maybe Sony should think of the environment and make their tickets smaller. My one is quite heavy, came in a big box and also play CDs, DVDs and BD's!!

        Oh damn! Sony fecked up. I didn't get a ticket. What I got was a console. Do you think I should complain? And yes, I understand what you mean but I do not have to play games on my PS3!

        Being serious now. Everybody who buys a games console knows they have to go out and buy games for it. It has been that way for ages. The games are entertainment. Sometimes they keep the kids quiet for countless hours. Everybody realises this extra expense.

        If you won't buy a console for such a stupid reason then the manufacturers aren't targeting you. But to compare, why have you got a computer? Surely you realise that you need to obtain software for it. Some free, some not. Listen to the Microsoft fanbois and you will spend time configuring and learning it (whichs costs money according to them). Hell, computers are only a ticket by the energy companies to get you to spend money on electricity!! :oP

        I'm bored now!

    2. Anonymous Coward
      Anonymous Coward

      One closed, two opened

      Just look around, wii system menu 4.2 is hackable. It is just harder. For me, following a forum post meant that after 15 minutes I was able to back up the two games that came with it, so now my kids won't force me to re-buy them if they manage to scratch the DVDs. In fact, the DVDs are now stored, and the games run from the backup.

      So just look around, my WII was bought just after Christmas, and now has the homebrew channel, mplayer (for films and so on), and if there was a skype for it I would be running it now.

  2. James 12
    Thumb Up

    Have it

    Just because you can doesn't mean you should, but I did and it was good.

  3. Anonymous Coward

    xbox360 haxxxxx

    Sadly, the 849x System Update from August last year closed a hole that people were using to run Linux on the 360 :(

    Here's hoping the ps3 stays wide open for the foreseeable, a ps3 slim with a crazy freenix on would be a fun toy for propellerheads (ahem, what?)..

    Hell, it would be a more compelling reason for me to buy one than the current lineup of exclusives, until The Last Guardian comes out..

  4. Inachu


    I love news like this but I see no need to hack my ps3.

    Multiplayer is free.

    If I wanted to hack it then I would do it just to force it to play PS2 games.

    I wish SOny would fix the PS3 so it would once more allow Ps2 games via CD/DVD drive.

    maybe one day.

    1. Anonymous Coward
      Anonymous Coward


      but then they wouldnt be able to sell you downloads of ps2 games you own on disc!

      1. Monty Cantsin

        Not so

        Um, they don't sell PS2 games for download on the PlaystationStore - Just PSOne games, and if you have the disk, you can use that instead of downloading.

  5. Frostbite


    At last I can use a state of the art piece of hardware to play Manic Miner.

    Glad I sold my old Spektrum 48k for £10 on the boot sale and paid £200+ for my PS3 now.

    [Still playing MW2]

  6. Anonymous Coward
    Thumb Down

    Just think

    If he ever gets to kiss a real, human woman, all this hacking will probably come to an end.

    Sad guy, very sad.

    1. Anonymous Coward
      Thumb Up


      Why should he do something that you haven't done? If he does kiss a woman you'll only get jealous and depressed. Don't worry, some day you'll kiss a real woman - and your mum don't count. Neither does your sister(s), cousins or aunties.

      Besides, his hacking is giving him skills that could give him an illustrious career, or the skills to end up in gaol.

    2. Fuzz


      Have you never seen Hackers?

      Johnny Lee Miller gets into the Gibson Super Computer and ends up with Angelina Jolie.

  7. calagan

    Too early to call it

    I've been following GeoHo's blog and tweets for awhile now and I tend to share reknown PSP hacker mathieuh's pessimism about this project. GeoHot replies to mathieuh's very precise questions were hardly convincing.

    There's big chance that nothing would come out of this, due to unforseen security hurdles, so it's definitely too early to call victory.

    1. Highlander

      Definitely too early

      Agreed 'calgan' it's too early to call it wide open, or truly hacked.

      His answers were not convincing at all. There is so much about what he's done that is incomplete. It looks to me like all he's done is access the hypervisor on a running system in Linux mode. That's a far cry from cold booting into a custom hypervisor and running arbitrary code. He's made some statements claiming that it'd be impossible for Sony to block his method. Not sure how he figures that, Sony have been quite successful with the PSP-3000, and you just know that any lessons they learn there are in turn used to improve PS3 security.

  8. Eddy Ito


    How long before a cluster made from actual PS3s is on the supercomputer top 500 list?

    1. Yet Another Anonymous coward Silver badge


      You already can, the USAF has a cluster of 2200 of them.

      Running Linux on the PS3 is allowed, but there is a hypervisor that blocks access to the stuff you need to get a game to run.

      1. Anonymous Coward

        Isn't it the case

        ..that running linux on *older* PS3s is allowed, but not the more power-efficient slims? I could be wrong etc. etc.

        (Hence my comments about about running freenixes, which some dillhole took exception to)

        Worth noting that the ps3 is an in-order execution machine, btw, if your compiler doesn't optimise for that, performance sucks dead goats unless you can target those SPUs properly, which is where the real power is (seen that md5 program that uses them? whoosh)

      2. Lee Chong Yew


        No, not really. The new slim models does not have the ability to boot linux at all.

        Sony claims that they're doing to to cut costs. The exact same reason they removed PS2 compatibility from the PS3 years ago...

        I guess Sony opened a can of worms by removing the ability to run linux at all...

  9. Highlander

    Wide Open?

    I wandered over and read his blog. There are major elements of the PS3 security system that remain untouched by his efforts. What he has done is gain access to the hypervisor in Linux mode. He did this on an old model PS3 that still has the hypervisor to allow Linux to be installed. The newer models don't have that piece of software. It was suggested by some that removing the hypervisor and Linux ability was less to do with license fees and more to do with a possible security weakness that Sony had identified. So the Slim models may in fact not be subject to this 'hack' in any case.

    Considering the amount of hardware modification he had to do in order to affect his 'hack' I'm also not sure that we will be seeing a rush of users intent on bricking their PS3.

    However all that aside, assuming he can come up with a software only method, you will be able to run other versions of Linux on the PS3 - wow.

    I don't think you can really claim you cracked something 'wide open' if you've yet to do anything except poke around in a system with your hardware probes still integrated into it.

    It's like a brain surgeon who's operating on a patient, using a probe to stimulate a nerve that results in a hand twitching, and then a different nerve to make an eye twitch. The surgeon has 'hacked' that patient 'wide open' alright, and has complete access to everything. However he still can't re-write it, and huge parts of it remain hidden.

    If this hacker had managed to get the thing to run a copied game disk, then you could claim it was hacked wide open, but for now, all he has done is demonstrate that he can hijack the hypervisor of an active PS3 in Linux mode.

  10. Anonymous Coward


    I somewhat agree with what you have summarised about GeoHots claims, however, if he truely has HV access to the PS3 then it stands to reason that fairly soon he will be able to hijack the signing keys to the software.

    Intercept those and the game changes big time. Like with the Wii, the keys are the spine holding the whole thing together, and once published the genie is a bit harder to put back into the bottle.

    PSP's are the same as the exploits were found early on and one exploit was patched in firmware and another exploit introduced and patched and so on ad infinitum.

    This now becomes a cat and mouse game again for Sony and MS should be worried about their HV based system - coz if he goes after that no amount of banhammering is going to prevent the fallout. I distinctly remember that on the PS2 the disc protection (DNAS) was cracked to allow online play and with the Xbox a whole underground xbox live system cropped up.

    I agree the first AC post. Make something secure and offer as many innovative solutions as possible - and if you don't offer it make it or provide an alternative.

    Why the big N never stumped up a DVD decrytion licence of some sort is beyond me. And yet, like MS, Sony and SEGA before them they are surprised when ingenuity prevails and people make their own ways of getting the hardware to do the work they want.

    Mines the one with the uncensored copy of Manhunt 2 in the pocket.

    1. Highlander

      "Stands to reason"? Not really.

      Having access to the HV(hypervisor) isn't as great as it sounds. The security of th Cell and PS3 architecture isn't handled by the HV. In fact the HV isn't the highest level of authority in the PS3, so in effect he is hacking into a sandbox that is supervised by something that he really will have a hard time touching. The core of the security runs entirely internally on one of the CellBE's SPE units. The trouble is that the code loaded into the SPE is encrypted and only decrypts internally on the CellBE, you can't snoop for an unencrypted version of the binary that runs in the SPE, and the keys used for decryption are held within the Cell, they are not seen externally, so no amount of bus probing/snooping is going to get you that. Cell is designed specifically to be internally secure to prevent an external hack from compromising the Cell's own security.

  11. sT0rNG b4R3 duRiD

    It's a start

    Well done.

    Honestly, I am waiting for the day we have access to everything behind the hypervisor, not holding my breath, but nevertheless this is a step in the right direction. Hopefully there will be enough people interested in this to keep the momentum going.

    Be interesting, the compromise. If we start using the RSX for graphics, we stand to lose some or all of that really fast swap partition current status quo... And with not enough ram...

    Anyhow, lads, keep pushing... Go go go go go go go!

  12. Annihilator


    Liking this! I've still got my PS2 with a hard drive bolted in the back with all my games loaded on it. HD Advance does the rest. I still OWN these games, they're up the loft - but at my convenience they're playable in a flash.

    Likewise the PS3 would be perfect if I could forego the discs. Frankly I'd even accept a "validate the disc once a month" approach. Then hacks like this would have less reason to exist.

    Since Sony et al won't do this - go GeoHots.

  13. jdoe06

    Bogus claim - premature at least

    I have some hacker friends who've looked at PS3 before, and they're a bit annoyed geohot is claiming this at this point.

    A hypervisor hack IS NOT a PS3 hack. Claiming to have cracked the system wide open purely on the basis of a hypervisor hack is premature to say the least. There are a number of other issues to get around in order to obtain execution privledges for arbitrary code - the definition of a system hack!

    geohot has refused to show any unsigned code running with his hack. He has in fact not even confirmed that he has patched or unsigned code running with it. He seems to assume that with a hypervisor hack he can do anything, but this alone is not enough. If he CAN do anything, the fact that he hasn't even shown a simple hello world running with his hack (and not via OtherOS) speaks volumes.

    geohot is claiming this race is over and getting the plaudits for it based on his reputation with iphone. But he is so far writing cheques his ass hasn't cashed! Mr Register journalist, please go back to geohot and extract very specific answers from him on whether he can get unsigned code to run outside of otheros, on whether his patched hypervisor functions are executable. So far he has pointedly dodged these questions on his blog.

    Even if he does ultimately meet this goal, claiming it NOW is claiming a victory he hasn't yet achieved.

    No unsigned code running outside of otheros = no hack. Simple. as. that.

  14. Anonymous Coward
    Anonymous Coward

    I'm not so sure about iPhone

    He says that Sony did it "right" by introducing all the security at once, making the task hard, unlike iPhone. But it seems obvious to me that hackers were deliberately left with a key under the mat by Apple, so they'd swarm all over iPhone finding the flaws. That's the only way to be confident you haven't made a stupid mistake that'll be discovered when 50 million units have shipped, and you can do nothing about it.

  15. Anonymous Coward
    Anonymous Coward

    WRONG! DVDJon hacked the iPhone first.

    Look it up. Jon Lech Johansen (DVD Jon) from Norway hacked the 1G iPhone FIRST in the world on July 3rd 2007.

    George Hotz, aka geohot, was NOT first. Maybe just first in US.

  16. Martin 71 Silver badge

    I Guess I am out of touch...

    But, why, in the name of all that is unholy, would a company lock down a platform? Isn't this immoral? If I pay for something, I expect full rights to it. I remember when clock radios used to come with a circuit diagram in the manual. Kids these days...

    Seriously, Sony need to stop this 'fight' with their users. So do Apple. Gah. I'll stick with my PC and watch reruns of one foot in the grave

    1. sT0rNG b4R3 duRiD


      I thought this was clear.

      Sony get royaties from game titles and the machines are sold at almost a loss.

      If you can run unsigned code = you can pirate easily.

      If that is so, = no profit for Sony.

      Of course, poor linuxheads lose out because of this. I bought a PS3 to mess with the cell not play games. Nor to pirate - I wouldn't buy 99.9% of ps3 games on offer at present, nor play them if given them free, nor would I want them.

      But you see, they force us to run in a hypervisor so we can't get at the multimedia hardware and write our own free or otherwise games in which Sony doesn't have a piece of the pie.

      So now while I can cruch numbers pretty fast on the cell, my display is a dog.

      (One argument for the hypervisor is that it makes it easier to port the linux kernel to the PS3 but I am not buying that argument completely, what they really want to do is lock out the multimedia hardware ie Nvidia rsx chip - everytime there was a glimmer we could get at it they closed the gaps)

      So, I hope this guy really has done what he has done and spreads the knowledge around and it's easy to do and hard to circumvent and we have a kernel soon that boots on bare metal. I think this will mean a drastic change to the kernel/drivers as some devices currently abstracted will look totally different without the hypervisor but it is not an unsurmountable problem.

      Just get us a means of running unsigned code. I may not be able to tackle a kernel/driver rewrite on my own but together.... we can.

    2. Filippo Silver badge

      Re: I Guess I am out of touch...

      When you buy a console, the "something" you're paying for is a locked down platform. You are not paying for an open platform. That would be a whole lot more costly, because the fact that it's locked down is the only thing that allows the manufacturer to sell the hardware below the cost of production. This in turn is the only thing that allows them to sell enough consoles that game developers consider working on them.

      This whole "I expect full rights to it" is bullshit; if people started en masse to buy consoles to make supercomputing clusters, or to run Linux games, or to run media servers, or whatever else they were not built for - very soon, nobody would be making consoles any more, or they would be priced the same as an equivalent computer. Everybody loses.

    3. Anonymous Coward
      Anonymous Coward

      Because companies like to make a profit

      "But, why, in the name of all that is unholy, would a company lock down a platform? Isn't this immoral? If I pay for something, I expect full rights to it."

      Simply because they don't want people pirating software to run on it, which is what would happen (and does happen), when the platform is either open or cracked. Many consoles these days are sold at a loss and the money is made up in software sales.

  17. ratfox
    Thumb Up

    Will Apple have learnt their lesson?

    We will see after they make available the iSla^H^H^H^H thing that they are going to introduce in two days, whatever that is...

    Congratulations to GeoHot for doing well so far, and keep at it! (I do wonder if he still remembers about the big blue room)

  18. JaitcH
    Thumb Up

    George Hotz is ...

    today's Bluebox user, the people who blew away the mystery of long distance calling.

    He should be congratulated on his technical prowess and in demonstrating to dummies like Apple and Sony that nothing is infallible.

    1. Michael C

      had not heart that term in almost 20 years

      Wow, thanks for the flashback... I remember building that wonderful little device and using it at pay phones all over new england...

      Back in the days before cell phones were affordable, if you traveled more than a few miles from your house and wanted to call someone, it was either carry a pocket full of coins, or have a bluebox...

  19. Christian Berger

    So what do we learn from this:

    Let people run Linux on their boxes and nobody will take a serious look at your DRM systems.

    People who just want to copy games or produce modchips to allow that typically don't have the expertice to circumvent your DRM. People who port Linux typically have.

  20. Anonymous Coward
    Thumb Down

    All these nerdy posts

    Confirm that the vast majority of commenters have never kissed a real human lady. I bet you all use that 'Second Life' tragic gitfest.

  21. jake Silver badge

    Maybe because nobody really cares?

    "The hack by 20-year-old George Hotz, aka geohot, is significant because the PS3 was the only game console that hadn't been hacked, despite being on the market for more than three years."

    Seriously ... Who gives a rat's ass?

    George, there are a LOT more useful things you can do with your time.

    1. Anonymous Coward

      Like what?

      It's a fine hobby, and one that many other people benefit from. More productive than most hobbies.

  22. Anonymous Coward

    Hey heres an idea..

    don't like what the PS3 does or doesn't do... don't buy one. Simples. If you want a PC you can do what you like with, why the heck don't you just buy a PC instead of hacking it to shreds and making like you're "clever" for being able to follow some youtube instructions.

    The PS3 plays games, it plays videos, its a superb streamer, its got a browser, I honestly can't think of any real reason you'd want to hack it. For the "I wanna play PS2 games" crowd... meh.. go buy a PS2 then, ebay, £20, surely an awful lot easier than risking bricking your PS3!

  23. amanfromMars 1 Silver badge

    As hot as a frozen thing

    "he [geohot] said in an interview. "Right now, although the system is broken, I have great power. I can make they system do whatever I want.""

    Errr....... One has great power over nothing whenever the system is broken. Which you might like to consider is Sony Security kicking in.

  24. Matthew 17

    Potentially good news

    I still use my chipped Xbox 1 as an XBMC / Emulator box. It's nice but the wired controllers are a bit naff and it's not fast enough for HD or newer MAME ROMs. If the same functionality could be added to a modified PS3 it would have sufficient abilities and in a convenient package (far nicer than a typical media-PC too).

    Although ideally I'd have an HDMI equipped MacMini under my TV if only Apple would make such a thing.

    1. Anonymous Coward
      Anonymous Coward


      Not recommended, the PPC cores in the PS3 and the XBox 360 are in-order execution cores, and run a lot slower than you'd expect, if you build without special trick cycling compilers.

      You could spend 200 quid on an Asrock IONStar, which is a dual core 64 bit Atom-based machine, with NVidia ION graphics- those make cute media machines, and can play 1080p back with almost no CPU overhead using VDPAU-capable players...

      Otherwise, yes, a much pricier option would be a Mac mini with an El Gato TV reciever- that's a really nice, and very friendly solution, but it'd cost you.

      1. Matthew 17

        Re: Umm

        The PS3 is indeed PPC but the 360 is a triple-core Intel chip.

        The problem with media PC's for me (regardless of whether you run Linux or MS) is they're noisy and slow to boot up and generally a bit clunky.

        A dedicated XBMC machine would be nice (the Xbox 1 can boot up into that in about 10 seconds from hitting the power button), so a hacked 360 that ran XBMC would be ideal but still a long way off. my Apple TV box runs XBMC which is nicer than the Xbox 1 but isn't quite quick enough for HD content.

        1. Anonymous Coward
          Anonymous Coward

          Not really

          Those Atom-based IonSTAR boxes are a load quieter than any XBox- and they boot nice and fast- stick Ubuntu on with that crazy readahead stuff, and it comes out about as fast as my Freeview DVR booting. Power management is pretty good too, unsuspend or cold boot both are quicker than you'd expect.

          Also, have you tried that Boxee stuff on your AppleTV?

          There's a load of choice out there- lots of premade streaming decoder style boxes (like the popcorn hour stuff, only less sucky), if you don't like an actual media center computer type arrangement,

          If you've thought of all this before, feel free to ignore me :D

        2. Simon Preston

          Re: Umm

          "The PS3 is indeed PPC but the 360 is a triple-core Intel chip."

          Where have you got thta bit of information from? All 3 current Gen consoles (PS3, Xbox360 and Wii) ALL use a CPU derived from PowerPC technology. Only the first XBox used an Intel chip.

  25. Spudders
    Thumb Up

    How about...

    You buy a PS3 and you play games on it period no hack - amazing really

  26. Greg D

    Point being?

    My PS3 does everything a media device can or should do short of making the tea. Why do I need to install Linux?

    1. Anonymous Coward
      Anonymous Coward

      well, duh it can make the tea, also :)

  27. IndianaJ

    In a nutshell

    He broke his PS3 and isn't going to tell anyone how he did it.

  28. Ned Fowden

    @ the nerd/geek critics

    if not for people like this, technological advances would be even more repressed than they already are.

    don't forget that it's nerds & geeks that gave you the technology to be able to come here and comment in the first place.

    there may well be better things to waste time on, my suggestion is you go do them instead of irrelevantly criticising posts here

    1. Josh 15
      Thumb Up


      I have to agree. I have no technical knowledge, no programming skills and absolutely no interest in bricking any of my games consoles, but I'm fascinated that some individuals have the time and the skill to dedicate to these technical challenges. I can appreciate that on a purely personal level managing to gain entry to a closed system must be quite satisfying, whatever the intention.

      Kids like these should be snapped up by tech companies - I wish I'd been half as clever.

    2. Anonymous Coward
      Thumb Down

      All geeks

      have dandruff and spell of cat piss

      1. I didn't do IT.

        @AC: All geeks

        Really? Would that be in the liquidy, yellow-ish font, then?

  29. Satan P Coolsborough

    hack found for the PS3

    good job no one owns one then.

    1. JBH

      I got one free with a new phone!

      It sits next to my 360 and only gets used as a Blu-Ray player! ;)

  30. Joe K

    What moron wrote this story?

    Its obvious from Geohots blog posts, at least, that this "hack" doesn't do shit.

    He hasn't run a scrap of unsigned code, and the hardware level key vault in the SPE is still locked down tight.

    He may have breached the grounds, but the house safe is still inpenetrable.

    1. Anonymous Coward
      Anonymous Coward

      Re: Joe K

      That's what my girlfriend keeps telling her mates about me.

  31. JBH

    This reminds me of the good old days...

    ...when they said that the PSP couldn't be hacked or downgraded to a more 'friendly' version of the firmware.

    I bought my original PSP the day after release, and included in the box was an update disc. Great I thought... updates are always a good thing right? Excitedly upgraded to firmware 2.1 like an idiot... and BAM! No homebrew for me! D'oh! And no way to downgrade...

    I checked the forums often, knowing that someone would come up with a solution eventually. Sure enough, some bright spark discovered a flaw in the .tiff decoding library. All it did was crash the PSP, but it opened up the memory and it was a start.

    Lots of people presented fake downgraders, and many claimed it was impossible. But then... it happened. Someone came up with a working downgrader, using the above flaw. I was overjoyed to 'fix' my PSP and be able to run homebrew at last.

    Since then the PSP hacking scene has gone from strength to strength. Those hackers / nerds / geeks / whatever you want to call them, truly own the PSP and there's naff all Sony can do about it. I'm not suprised they felt the need to stir things up with the miserable abortion that is the PSP-Go!

    The point of this long, rambling tale is that from little acorns, mighty oaks grow. This guy may or may not have fully owned the PS3, but it's an interesting development and it's a start. People will learn from this and exciting things will happen, mark my words.

    In short, this is very very good news whatever he's done.

    1. Highlander

      PSP hacking? Really? Are you sure?

      PSP-3000 still has no permanent CFW because no one has found a way to make custom code of any kind persist through a cold boot. The PSP-Go similarly is unhacked, and I don't think that there is even an exploit on that yet since the exploit on the PSP-3000 depends on a specific game UMD.

      As for this 'hack' of the PS3, it's NOT a hack, it's an otherOS exploit. Nothing more. HV access from otherOS is nice if you want to run a different version of LInux, but his method involves modifying the motherboard on a specific PS3 model, and connecting a device to allow a memory glitch. This is the most basic 'hack' you can do, forcing a memory glitch to open a crack in the HV. But, the HV is subject to the whim of the PS3's security subsystem. The HV isn't the master in that relationship, the security subsystem is. It runs securely inside the Cell using encryption keys and hardware that are held within the Cell. The best this hack can do is force the SPE running the security subsystem to reset. This doesn't breach the security however, all it does is temporarily stop it. As soon as anything in the system has to use a secured resource, an SPE will be allocated and encrypted code loaded into the SPE where it is decrypted and executed in private.

      As an analogy, let's say that the PS3 is a ship, a cargo vessel. You command the ship from the bridge. All instructions for speed, course correction and other functions of the ship come from the bridge. To prevent hijack, the command and control system now requires that all orders are confirmed using a passcode that is generated using an encryption key that only the captain knows.

      Now, a group of Somali pirates attack and board the ship. Immediately the captain and the other men retreat to a safe room in the bowels of this ship. The safe room is impenetrable, and self contained, the captain and crew can remain safe indefinitely.

      The pirates take the bridge and set about making the ship do as they want. Immediately they realize that the command system requires a code that they don't have, so they send some guys to the engine room to control things manually. However they find that every time they try to do something there, the integrated command and control system requests a code from the captain - which they don't have and so the system refuses to comply. No amount of effort will get the pirates into the safe room, so they cannot get the codes. In the end in their frustration, they use explosives to try to get into the safe room, causing it to jettison from the ship. The captain and crew safe and sound are later rescued by the navy.

      Frustrated by this, the Pirates physically disconnect the command and control systems in the engine room, and eventually they gain rudimentary control of the ship. Basic rudder and speed are controlled by them. However nothing else on the ship works for them because the command and control system is no longer working. The ship no longer transmits the correct friend or foe signals, radar is down, navigation is down, communications are down, the lights are off, there is no control over the deck gear. Eventually the pirates could improvise and replace some of this equipment with their own, but no one will ever believe that the ship is the same ship it was.

      This is all that GeoHot has done to the PS3.

  32. John Sanders
    Thumb Up

    The PS3 cracking saga is far from over...

    But one thing is for sure, I do not have a PS3 already because it can not be pirated.

    And so does everybody I know, and in fact that is the very reason I have an XBOX 360 despite not likening the platform at all.

    Like most of the people who can afford those gaming beasts, I have two pairs of little hands that love to literally destroy anything expensive daddy has, specially if comes in 120 mm cute funny colored disks with a hole in the middle.

    They destroyed many CD's of my PS2 game collection, broke my light gun.

    I'm not buying a PS3 until I can make copies of the CD's. Will I pirate games? yes of course, I will not buy everything that gets published. But so far of the 40 games I have for the XBOX, I bought about 10 original games, and those I got them because a friend had tried them pirate at first. I would not have bought those if I did not have the console, I will probably buy some more during the lifetime of the console.

    Those tittles, and that console could have been Sony's.

  33. Anonymous Coward
    Black Helicopters

    I thought I read somewhere...

    ...that the HV on PPC (cell, xenon etc) and POWER was the same code?

    If he has bust in, then IBM are about to shit a brick. Maybe he'll just 'disappear' like those guys that allegedly did cold fusion in a test tube!

This topic is closed for new posts.

Other stories you might like