UPDATE 4/1/16 12:22pm: Fail0verflow's thoughts on its PS4 hack, why it ported Linux and how it found the required exploits on Sony's hardware are posted here. This is interesting:
- Linux on the PS4 actually makes a lot of sense, more than it ever did on any previous game console. It's close enough to a PC that getting 3D acceleration working, while rather painful (as we've learned), seems entirely possible without undue amounts of effort (in a timeframe of months, not years), to the level needed for real indie games and even AAA titles, not just homebrew. And many thousands of indie and AAA games already run on Linux. Yes, SteamOS on the PS4 should "just work" once the driver issues are sorted out.
Original story: Noted hackers fail0verflow - whose previous credits include PlayStation 3, Wii and Wii U hacks - have demonstrated a complete, low-level hack for PlayStation 4. The team hasn't just circumvented the system's security and booted unsigned code - a customised, work-in-progress version of Linux designed explicitly for PS4 is in development and is showcased in the video below.
A few morsels about the hardware make-up of the PlayStation 4 are also revealed - firstly that although the Sony hardware is based on PC technology, there are a lot of differences, necessitating over 7000 modifications (and counting) to the Linux kernel. The team notes that neither AMD or Sony seem to have given the console's APU a codename (fail0verflow have gone with Liverpool), but the machine's southbridge - responsible for communications with external peripherals - is known as Aeolia. Designed by Marvell, the southbridge varies significantly from PC architecture, leading the team to speculate that the developers were experimenting with their own version of the PCI protocol.
In putting together its Linux port - which is now publicly available though of little use to end-users - the team has made good progress in adapting the OS for the custom hardware, but notes that 3D acceleration and HDMI audio are still work-in-progress. On top of that, it seems that despite the actual hardware using a SATA interface, the PS4 itself appears to communicate with the hard drive via USB - a curious state of affairs. The Blu-ray drive does use the SATA AHCI standard, but is currently untested in the Linux build.
Fail0verflow is looking to release custom bootstrap code to get Linux running on the PS4, but is stopping short of releasing the actual exploit that gains low-level access to the hardware. "Bring your own exploit," the team says. "PS4 security is crappy enough that you don't need us for that."
The video gives away few hints about how this is actually done, but it does show Linux booting via the PlayStation 4's browser - and this in turn reveals that a keyboard is connected (which is promptly disconnected as the OS loads). Looking back at last month's exploit, it seems that gaining low-level access to the PlayStation 4 via its browser seems to be a common theme.2016: A year in review Recommended.
Back then, hackers had demonstrated that the PS4 system RAM could be dumped and that the hard drive's file system was accessible. Fail0verflow's work is far, far more advanced - the team hasn't just run unsigned code (any code that runs on PS4 usually requires encryption by Sony itself before it will run) but it has also reverse-engineered a good proportion of the PlayStation 4 hardware and has an intimate understanding of how it works.
In our last report, we suggested that piracy was a long way off based on what had been publicly revealed, but looking at the extent of the knowledge fail0verflow has accrued and its almost mocking dismissal of the PS4's security system, clearly that opinion needs to be reassessed. The big question is to what extent other hacking teams have managed to replicate the work (fail0verflow won't release its PS4 hack and never released its Wii U exploit, perhaps due to the piracy fallout of its PS3 work) and whether actual game code can be dumped, copied and booted. On top of that, questions also need to be asked about how quickly Sony can respond to any given breach to its security, and whether the exploits in question can be patched out via system software updates - or whether the vulnerabilities go deeper.