Geohot Wrote:Here's your silver platter
In the interest of openness, I've decided to release the exploit. Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released. I have a life to get back to and can't keep working on this all day and night.
Please document your findings on the psDevWiki. They have been a great resource so far, and with the power this exploit gives, opens tons of new stuff to document. I'd like to see the missing HV calls filled in, nice memory maps, the boot chain better documented, and progress on a 3D GPU driver. And of course, the search for a software exploit.
This is the coveted PS3 exploit, gives full memory access and therefore ring 0 access from OtherOS. Enjoy your hypervisor dumps. This is known to work with version 2.4.2 only, but I imagine it works on all current versions. Maybe later I'll write up how it works :)
Good luck!
Posted by George Hotz at 6:10 PM
Geohot Wrote:!!EXPLOIT IS FOR RESEARCH PURPOSES ONLY!!
Usage Instructions:
Compile and run the kernel module.
When the "PRESS THE BUTTON IN THE MIDDLE OF THIS" comes on, pulse the line circled in the picture low for ~40ns.
Try this multiple times, I rigged an FPGA button to send the pulse.
Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!!
If the module exits, you are now exploited.
This adds two new HV calls,
u64 lv1_peek(16)(u64 address)
void lv1_poke(20)(u64 address, u64 data)
which allow any access to real memory.
The PS3 is hacked, its your job to figure out something useful to do with it.
News over the weekend that iPhone hacker George Hotz has "hacked the PS3" has been met with shock, surprise and incredulity. Sony's console is undisputedly the most secure games machine ever made, yet Hotz claims to have achieved a full hack in just five weeks. PS3's security fail is generating incredible interest both inside and outside of the games industry, to the point where an interview he gave to the BBC became the most popular news story on the site last night.
However, despite the level of publicity, it remains unclear what the ramifications of the hack actually are: whether homebrew coding can actually be enabled, whether the deliberately hobbled implementation of Linux can be improved and - crucially - whether Hotz's work will open the door to piracy. It is interesting to note that despite the many claims, right now there has been no "hello world" homebrew code executed that typically demonstrates that the hacker actually has full control over the system.
What Hotz (hacker alias: Geohot) claims to have achieved is clearly important though. Posts on his blog put it blankly, revealing that he has "read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3".
In older systems, like the PSP, reverse-engineering code contained within that memory map was enough to find the decryption keys to game security and system software updates, and so the concepts of ISO loaders and custom firmware emerged.
"Basically, I used hardware to open a small hole and then used software to make the hole the size of the system to get full read/write access," Hotz told The Register. "Right now, although the system is broken, I have great power. I can make the system do whatever I want."
The HV in question is the so-called Hypervisor - low-level code that no-one outside of IBM and Sony should have access to. It controls access to the hardware and monitors the operating system running on it. It's also a key component of the security of both PlayStation 3 and Xbox 360. In theory, during run-time it can detect hacker attacks on the system - for example, the TIFF image exploits that have brought down some firmware revisions of the PSP. These typically worked by overrunning memory buffers, allowing hackers to implant code in memory where it really shouldn't be, where it would then be executed. The implementation of the Hypervisor makes such attacks almost certain to fail.
Hotz reckons that his control over the Hypervisor is so complete that when it attempts to run code designed to secure the system, he can simply stop the call from ever happening. More than that, he can create his own calls designed to access the system at the very lowest levels. He claims to have created two new calls so far, one to read from any point in system memory (Peek) and the other to write (Poke). As the code injection is happening at pretty much the lowest level, the only way Sony can effectively defeat it is to redesign the hardware - although firmware updates can seek to circumvent whatever brand of code he chooses to inject into the system.
Making matters difficult is the fact that Sony and IBM's security protocols were created to anticipate a worst-case scenario, and assumed that at some point someone like Geohot would gain access in this way. So even more layers of security were added to the design.
First up there's the matter of the all-important decryption keys. The PS3 has eight SPUs circling its PowerPC core. One of those is disabled (to improve yields in fabricating the expensive CELL chip - more "faulty" ones can be used if the defective element of the chip is disabled). Another SPU handles security, processing encrypted code, leaving six purely for game developer usage. While the hack gives access to the entire system memory, the all-important decryption keys are held entirely in the SPU and can't be read by Hotz's new Hypervisor calls.
The other security element is the so-called root key within the CELL itself. It's the master key to everything the PS3 processes at the very lowest level, and according to publicly available IBM documentation, it is never copied into main RAM, again making its retrieval challenging. While there is no evidence that Hotz has this, his BBC interview does make for alarming reading for Sony, particularly when he talks about publishing "details of the console's 'root key', a master code that once known would make it easier for others to decipher and hack other security features on the console".
Once the root key is available, it's essentially game over for the system's security for all-time, but it's here that some of the claims being made for the hack don't really add up. PSP has been compromised on many levels again and again, but its root key apparently remains unknown. The BBC report also quotes Hotz as saying that the hack opens up the PS3 to allow all models to run PS2 software: unless the original Graphics Synthesizer chip from the old console is in there, or a software emulator exists, this is almost certainly not the case. While elements of the story don't add up, it is clear that what Geohot has achieved is significant, leaving many commentators to wonder what happens next.
According to his latest blog post, Hotz sees the reserved SPU with its precious cache of decryption keys as his primary target now. "Some people pointed out that I have not accessed the isolated SPEs," he wrote on his blog. "This is true. Although as far as doing anything with the system, it doesn't matter. The PPE can't read the isolated data, but it can kick the isolated SPEs out. Decrypt the PPE binary you need using the intact SPE and save the decrypted version. Kick out the SPE, and patch the decrypted version all you want."
In short he's looking to the use the processor core (the PPE) where he does have access to emulate the isolated SPU (for those interested, strictly speaking, the "SPE" is the name given to the group of all the SPUs). Holding him back - for now - is Hotz's contention that the PowerPC implementation of C++ is being used at this level, and it's somewhat removed from the ARM coding he is used to when hacking mobile devices like the iPhone.
It is safe to say however that Geohot's hack will open the door to piracy by offering low-level access to any one technically minded to do with as they will. Right now, he's looking to extract the crucial decryption keys from the isolated SPU and post them on his blog so others can, as he puts it, "join in the fun" without him having to reveal details of his actual hack - which by his own admission is far from complete or stable.
However, Sony's attempts to secure the game delivery system and the Blu-ray drive itself mean that there'd still be a huge reverse-engineering job required to enable piracy. While PS3 might well be hacked today on a low-level, further levels of protection remain in place to prevent copying games, and will require a significant effort in terms of reverse-engineering to overcome. Those expecting working PS3 games to appear on torrents in the next days or weeks are going to be disappointed.
PlayStation 3's security on the Blu-ray drive itself is (was?) pretty much untouchable and was designed to foil the kinds of attack seen on competing systems. Xbox 360 was compromised owing to the unencrypted nature of the firmware on the original DVD drives. Wii was hacked because the system itself was so similar to the GameCube that when the old hardware was cracked, the new revision fell with it. PlayStation 3 is far smarter. Not only is the drive software itself encrypted, but it's widely believed that the mandatory firmware updates can also reflash the Blu-ray drive too - even if the drive was hacked (it never has been) it would be re-secured next time you updated your PS3.
Completing the puzzle is the file system encryption on the disc itself. While PS3 game dumps are as old as the system itself, they are almost entirely useless and a complete waste of internet bandwidth for those that have been uploading and downloading them - the dumps do not contain the encryption keys apparently hidden in Blu-ray's proprietary ROMmark copy protection system, which remains inaccessible. While Geohot's hack potentially opens the door to piracy, in any eventuality, games would still need to be heavily patched to operate without the encryption even on a compromised system.
Geohot himself won't be coding anything that directly attacks these systems, and reckons that his hacking blog isn't intended for those looking for user-friendly Jailbreak-style software like his various iPhone unlocking tools.
"If you are expecting some tool to be released from this blog like blackra1n, stop reading now," he posted. "If you have a Slim and are complaining this hack won't work for you, stop reading now. WEE DO NOT CONDONE PIRACY, NOR WILL WEE EVER. If you are looking for piracy, stop reading now. If you want to see the direction in which I will take this blog, read the early entries in the iPhone one. Information on this blog is for research purposes only."
This protects Hotz from legal action on the part of Sony and allows him to present the hack itself as the key to making PlayStation 3 an open platform. However, assuming the hack itself is published, and decryption keys posted, it's only a matter of time before someone else takes on the challenge of peeling back the remaining security, and the first downloadable, copied games hit PS3.