eurogamer Wrote:PS3: Hacked

January 26th, 2010

Page 1 of 2. Page 2 »

News over the weekend that iPhone hacker George Hotz has "hacked the PS3" has been met with shock, surprise and incredulity. Sony's console is undisputedly the most secure games machine ever made, yet Hotz claims to have achieved a full hack in just five weeks. PS3's security fail is generating incredible interest both inside and outside of the games industry, to the point where an interview he gave to the BBC became the most popular news story on the site last night.

However, despite the level of publicity, it remains unclear what the ramifications of the hack actually are: whether homebrew coding can actually be enabled, whether the deliberately hobbled implementation of Linux can be improved and - crucially - whether Hotz's work will open the door to piracy. It is interesting to note that despite the many claims, right now there has been no "hello world" homebrew code executed that typically demonstrates that the hacker actually has full control over the system.

What Hotz (hacker alias: Geohot) claims to have achieved is clearly important though. Posts on his blog put it blankly, revealing that he has "read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3".

In older systems, like the PSP, reverse-engineering code contained within that memory map was enough to find the decryption keys to game security and system software updates, and so the concepts of ISO loaders and custom firmware emerged.

"Basically, I used hardware to open a small hole and then used software to make the hole the size of the system to get full read/write access," Hotz told The Register. "Right now, although the system is broken, I have great power. I can make the system do whatever I want."

The HV in question is the so-called Hypervisor - low-level code that no-one outside of IBM and Sony should have access to. It controls access to the hardware and monitors the operating system running on it. It's also a key component of the security of both PlayStation 3 and Xbox 360. In theory, during run-time it can detect hacker attacks on the system - for example, the TIFF image exploits that have brought down some firmware revisions of the PSP. These typically worked by overrunning memory buffers, allowing hackers to implant code in memory where it really shouldn't be, where it would then be executed. The implementation of the Hypervisor makes such attacks almost certain to fail.

Hotz reckons that his control over the Hypervisor is so complete that when it attempts to run code designed to secure the system, he can simply stop the call from ever happening. More than that, he can create his own calls designed to access the system at the very lowest levels. He claims to have created two new calls so far, one to read from any point in system memory (Peek) and the other to write (Poke). As the code injection is happening at pretty much the lowest level, the only way Sony can effectively defeat it is to redesign the hardware - although firmware updates can seek to circumvent whatever brand of code he chooses to inject into the system.

Making matters difficult is the fact that Sony and IBM's security protocols were created to anticipate a worst-case scenario, and assumed that at some point someone like Geohot would gain access in this way. So even more layers of security were added to the design.

First up there's the matter of the all-important decryption keys. The PS3 has eight SPUs circling its PowerPC core. One of those is disabled (to improve yields in fabricating the expensive CELL chip - more "faulty" ones can be used if the defective element of the chip is disabled). Another SPU handles security, processing encrypted code, leaving six purely for game developer usage. While the hack gives access to the entire system memory, the all-important decryption keys are held entirely in the SPU and can't be read by Hotz's new Hypervisor calls.

The other security element is the so-called root key within the CELL itself. It's the master key to everything the PS3 processes at the very lowest level, and according to publicly available IBM documentation, it is never copied into main RAM, again making its retrieval challenging. While there is no evidence that Hotz has this, his BBC interview does make for alarming reading for Sony, particularly when he talks about publishing "details of the console's 'root key', a master code that once known would make it easier for others to decipher and hack other security features on the console".

Once the root key is available, it's essentially game over for the system's security for all-time, but it's here that some of the claims being made for the hack don't really add up. PSP has been compromised on many levels again and again, but its root key apparently remains unknown. The BBC report also quotes Hotz as saying that the hack opens up the PS3 to allow all models to run PS2 software: unless the original Graphics Synthesizer chip from the old console is in there, or a software emulator exists, this is almost certainly not the case. While elements of the story don't add up, it is clear that what Geohot has achieved is significant, leaving many commentators to wonder what happens next.

According to his latest blog post, Hotz sees the reserved SPU with its precious cache of decryption keys as his primary target now. "Some people pointed out that I have not accessed the isolated SPEs," he wrote on his blog. "This is true. Although as far as doing anything with the system, it doesn't matter. The PPE can't read the isolated data, but it can kick the isolated SPEs out. Decrypt the PPE binary you need using the intact SPE and save the decrypted version. Kick out the SPE, and patch the decrypted version all you want."

In short he's looking to the use the processor core (the PPE) where he does have access to emulate the isolated SPU (for those interested, strictly speaking, the "SPE" is the name given to the group of all the SPUs). Holding him back - for now - is Hotz's contention that the PowerPC implementation of C++ is being used at this level, and it's somewhat removed from the ARM coding he is used to when hacking mobile devices like the iPhone.

It is safe to say however that Geohot's hack will open the door to piracy by offering low-level access to any one technically minded to do with as they will. Right now, he's looking to extract the crucial decryption keys from the isolated SPU and post them on his blog so others can, as he puts it, "join in the fun" without him having to reveal details of his actual hack - which by his own admission is far from complete or stable.

However, Sony's attempts to secure the game delivery system and the Blu-ray drive itself mean that there'd still be a huge reverse-engineering job required to enable piracy. While PS3 might well be hacked today on a low-level, further levels of protection remain in place to prevent copying games, and will require a significant effort in terms of reverse-engineering to overcome. Those expecting working PS3 games to appear on torrents in the next days or weeks are going to be disappointed.

PlayStation 3's security on the Blu-ray drive itself is (was?) pretty much untouchable and was designed to foil the kinds of attack seen on competing systems. Xbox 360 was compromised owing to the unencrypted nature of the firmware on the original DVD drives. Wii was hacked because the system itself was so similar to the GameCube that when the old hardware was cracked, the new revision fell with it. PlayStation 3 is far smarter. Not only is the drive software itself encrypted, but it's widely believed that the mandatory firmware updates can also reflash the Blu-ray drive too - even if the drive was hacked (it never has been) it would be re-secured next time you updated your PS3.

Completing the puzzle is the file system encryption on the disc itself. While PS3 game dumps are as old as the system itself, they are almost entirely useless and a complete waste of internet bandwidth for those that have been uploading and downloading them - the dumps do not contain the encryption keys apparently hidden in Blu-ray's proprietary ROMmark copy protection system, which remains inaccessible. While Geohot's hack potentially opens the door to piracy, in any eventuality, games would still need to be heavily patched to operate without the encryption even on a compromised system.

Geohot himself won't be coding anything that directly attacks these systems, and reckons that his hacking blog isn't intended for those looking for user-friendly Jailbreak-style software like his various iPhone unlocking tools.

"If you are expecting some tool to be released from this blog like blackra1n, stop reading now," he posted. "If you have a Slim and are complaining this hack won't work for you, stop reading now. WEE DO NOT CONDONE PIRACY, NOR WILL WEE EVER. If you are looking for piracy, stop reading now. If you want to see the direction in which I will take this blog, read the early entries in the iPhone one. Information on this blog is for research purposes only."

This protects Hotz from legal action on the part of Sony and allows him to present the hack itself as the key to making PlayStation 3 an open platform. However, assuming the hack itself is published, and decryption keys posted, it's only a matter of time before someone else takes on the challenge of peeling back the remaining security, and the first downloadable, copied games hit PS3.