Hacker claims new PS3 breakthrough

By Richard Leadbetter Published 22 February, 2010

Geohot says he has GameOS access.

iPhone hacker George Hotz claims to have expanded the scope of his PS3 exploit, and reckons he now has complete access to the system's GameOS, the area of the console than runs the XMB and operates beneath game code.

"I believe that defeats the last technical argument against the PS3 being hacked," Hotz wrote on his blog.

Geohot's original PS3 hack concentrated on the attack and analysis of the Cell chip's so-called Hypervisor, the "guardian" code designed to oversee general system operation and prevent the types of assault that continue to compromise Sony's PSP.

However, despite the mass media coverage of Hotz's achievements, doubts remained over the usefulness of the exploit since the core encryption techniques used within the PS3 remained secure.

Typically PlayStation 3 dedicates an entire SPU for the purpose of decrypting code and the actual decryption keys never enter main RAM, making the process of retrieving them impossible using the typical hacking technique of dumping the system memory. But in OtherOS, with Linux installed and his exploit active, Hotz has a much more vulnerable system at his disposal.

"In OtherOS, all 7 SPUs are idle," Hotz explained. "You can command an SPU (which I'll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from PKGs to SELFs. Including those from future versions."

SELFs are best described as the PS3 equivalents to PC .EXE files - they contain game code, while PKGs are the containers in which game installs, PSN games and DLC are delivered. Think of them as encrypted ZIP files. We can assume that "metldr" is the code PS3 uses to set up the dedicated, security-focused SPU that descripts them.

Although he has not publicly confirmed it, it is widely believed that Geohot has not only established his own Linux-based decrypter, but that he has also decrypted GameOS, raising the possibility that the PS3 firmware could be patched to run homebrew code straight from the XMB.

Hotz himself maintains that he will never write code to directly enable piracy, and while attempts have been made to improve the somewhat unreliable nature of the original hack, actually getting the exploit to activate remains something of a haphazard process.

In short, if anything ever comes of this, chances are that Sony will have made a good attempt at updating its firmware to circumvent the hack in the meanwhile.

Just how Sony will choose to respond to this remains unknown. In a topic posted on the YellowDog Linux community board, an employee of Fixstar - the firm responsible for the Cell-accelerated CodecSys h264 encoder - reckons he has heard from a "reputable source" that OtherOS may be removed in the next PS3 system update.

However, this post has now been deleted, and the whole notion of OtherOS being removed sounds rather heavy-handed and extremely unfriendly to the consumer.

The chances are that Sony will move to close Geohot's loophole in a more elegant manner, leaving the potential pool of exploitable consoles to diminish as more and more people upgrade their firmware.

Picture of Richard.

About Richard Leadbetter

Rich has been a games journalist since the days of 16-bit and specialises in technical analysis. Commonly known around Eurogamer as the Blacksmith of the Future.

Read more articles from Richard by visiting the Richard Leadbetter archive page.

You may also like...

Comments (57) Latest comment 2 years ago

Comments threads automatically close after 30 days, but please feel free to continue chatting on the forum!

  • chukcyQ #1 2 years ago

    Oh goody, can't wait!

  • rprince #2 2 years ago

    I thought they already removed OtherOS from PS3slim?

    Or does this mean remove it from PS3fat as well (in a future firmware upgrade)? That would be massively unfair

  • insincere_dave #3 2 years ago

    Sony are finally returning to their halcyon days when every chav's living room contained a chipped ps2 console next to a messy pile of pirated game discs.

  • ukgamer #4 2 years ago

    It'd be cool if he gets access to the RSX, then we could run some better linux distros and maybe some higher end games/programs.

  • CaptainQuint #5 2 years ago

    For all the genius of this guy; he can't figure our how to make PS3 games look as good as their Xbox 360 counterparts, can he.

  • RobotRocker #6 2 years ago

    Doubtful this could ever be used for piracy. PS3 games normally average out at 15GB on a single layer BD-Rom which makes downloading out of the question unless you have an ISP which doesnt give a toss. BD-R discs are also ridiculously expensive. You would be paying £20 for a pack of 5 low quality writeable discs. The costs wouldn't add up.

    It's interesting in a homebrew perspective but as for actual damage to the console via piracy, not a chance.

    Interested if they can do the standard litmus for homebrew and get a good quake port running.

  • YobRenoops #7 2 years ago

    GAF begs to differ:

    [link url=http://www.neogaf.com/forum/showpost.php?p=1978 1037&postcount=729
    ]http://ww w.neogaf.com/forum/showpost.php...[/link]

    It seems he doesn't have GameOS access

  • Widge #8 2 years ago

    Unless, you grab a BR disc and wirelessly move it across to the PS3.
    Could also be a bit of a shit to the PSN games.

  • karooo #9 2 years ago

    "For all the genius of this guy; he can't figure our how to make PS3 games look as good as their Xbox 360 counterparts, can he."


    yet the graphical powerhouse games are only found on the PS3 why is that?

  • GamerG #10 2 years ago

    Why doesn't someone give this guy a well paid job doing sod all as long as it's not hacking systems?

  • karooo #11 2 years ago

    "3 years later and this 'exploit' is the closest we've got to a hacked PS3."

    lol

  • CaptainQuint #12 2 years ago

    @karooo

    What, like Lair?

    *watches as float bobs up and down a bit*
    Edited by 1 at 22/02/10 @ 11:30

  • karooo #13 2 years ago

    @captainquint.

    Most games are ported from 360 to PS3 and you know they have different architectures and cannot be equal right? lair? is that all you can come up with still living in 2007?

  • Widge #14 2 years ago

    *watches as float bobs up and down a bit before being violently tugged beneath the surface of the water*

  • karooo #15 2 years ago

    nooooooo

  • mingster #16 2 years ago

    Well OtherOS has already been removed from the firmware on PS3 slims.
    So its already limited in practicality.

  • Widge #17 2 years ago

    heh

  • CaptainQuint #18 2 years ago

    Here fishy fishy

  • MightyMouse #19 2 years ago

    Hacking is good for security in the long run. Making it public ensures that Sony (and everyone who comes after) will design their systems better and can act now to close the loopholes in the PS3 secuirty. Granted he's arrogant but hey.

  • Loser #20 2 years ago

    @MightyMouse

    Hacking is good for security but you can argue there is a moral imperative to inform the vendor and give them a reasonable chance to respond before going public.

  • Bennicus #21 2 years ago

    Yeah you tell me how you'd go about notifying Sony about this in a way that would actually get something done. You'd probably just get a generic canned reply about how modifying your console will invalidate the warranty and they won't provide any support.

  • sarcasmoidosis #22 2 years ago

    "Doubtful this could ever be used for piracy. PS3 games normally average out at 15GB on a single layer BD-Rom which makes downloading out of the question unless you have an ISP which doesnt give a toss"


    GTA4 on PC has 15 GB, was pirated. MW2 has 11.7 GB, was pirated to hell and back. Mass Effect 2 has 14.35 GB, again, pirated.

  • Loser #23 2 years ago

    @ Bennicus

    I've no idea about the structure of Sony but if you'd made the effort to contact them and after a period of time nothing had come back you could make the exploit public in good conscience.

  • Murton #24 2 years ago

    "Although he has not publicly confirmed it" - so he hasn't done it then. Call me cynical but I like to see proof/evidence of something rather than blindly accepting hearsay.

    After all I could claim to have cured cancer today but that doesn't make it so does it?

  • abigsmurf #25 2 years ago

    His first hack was widely denounced as being absolutely worthless, I doubt this is any better.

  • M_of_the_sys #26 2 years ago

    @sigmagoat

    FYI

  • drumbaby #27 2 years ago

    Give him a twatting peanut.

  • kangarootoo #28 2 years ago

    @MightyMouse

    So hancking is good, because it exposes security holes, that hardware developers can then close to protect themselves against hackers?

    Cyclical argument on toast anyone?

  • kangarootoo #29 2 years ago

    @sigmagoat

    I think you should take item G off your list. It seems a little out of place compared to the other items :)

  • kangarootoo #30 2 years ago

    @M_of_the_sys

    He is only 21 ?!?

    That there is a future millionaire, mark my words.

    As for the Frank Abignail comparison, I think personally he is a little young to be bothered getting a "proper job". Frank Abignail probably had a fair amount of fun before settling down to earn the wedge he is likely pulling in these days.

    My advice to Master Hotz is to live life for a few years more - its not like his future prospects aren't secure. He could probably roll up to the doors of the FBI in 5 years when he ready to settle down, and they would take him on at the drop of a hat.


    And yes he does appear a little arrogant, but he is 21 ffs. Show me a 21 year old that is good at something and NOT an annoying smug git about it. As much as this guy is smug, there are plenty of sour grape chomping tech people shooting him down purely because he is doing something they aren't.
    Edited by 1 at 22/02/10 @ 16:42

  • sarcasmoidosis #31 2 years ago

    Of course he only hacked the Phat. It took him 3 years to do it. Not so many PS3 Slims back then.

  • onezeonx #32 2 years ago

    Ah lots of fanboy CUNTS in here as usual

    sad frankly

  • MightyMouse #33 2 years ago

    @kangarootoo

    Straw man on toast?

    No, hacking is good because it reveals security flaws which you can then fix. Congratulations, your system is now more secure.

    It would be a circular argument if you managed to produce a less secure system at some point by this method. Hint: you don't

    edit: Whilst it might be reasonable under some circumstances to reveal the flaw to Sony first, there's a history in computer (and other) security of problems being covered up if not released publicly and improvements not made. Since in this case the damage that could result would require a lot more effort and Sony can fix the flaw then it seems like a perfectly rational decision.
    Edited by 1 at 22/02/10 @ 19:14

  • freakzilla #34 2 years ago

    Geohot is really fucking good at this shit. But sony have done an amazing job of defeating pirates on the PS3. I bet half the PSP2's development time is being spent on anti-piracy measures.

  • Dave797 #35 2 years ago

    Anyone else think Sony should hire him as senior piracy advisor?

    Just imagine the look on the architects faces as he strolled in to the office! worth the entrance fee alone.....

  • freakzilla #36 2 years ago

    @semitope
    Look at the PSP right now, yes it's lost the sales war against the DS but if it weren't for the pirates the PSP would have some genuine sofware support and thus allowing sony some flexibilty with the pricing; right now they cannot afford to sell PSPs for a loss because they're unlikely ever make the money back.

    Edit: do you see where I'm going with this?

    Also if the PS3 wasn't so secure SONY might have had to exit the console game, consindering the poor quality ports, high price etc.
    Edited by 1 at 22/02/10 @ 19:52

  • EntangledRage #37 2 years ago

    Great! When will I be able to recover 6 GB of personal photos off my YLOD Ps3 HDD? My dad refuses to buy me another one until I solve the problem.

  • carrotcake #38 2 years ago

    he doesnt condone piracy but then makes public the details of his hacks so other people can do the piracy enabled by his work. wouldnt hurt sony to get a friend of a friend to take this guy out.

  • aufi #39 2 years ago

    heh, talk about tall poppy syndrome.

    this fella appears to have a whole host of projects at hand. one of them - "project holodeck" - seems far more ambitious and interesting than hacking your precious gaming console and has earned him awards and praise from all kinds of people.

    plus he's only 21, give or take.

    the capacity of the average punter to climb the moral soapbox and screech invectives for some perceived wrongdoing, however minor or ephemeral, never ceases to amaze me.

  • kangarootoo #40 2 years ago

    @MightyMouse

    "Straw man on toast?"

    Errr, no. That isn't a strawman at all.


    There is nothing wrong with producing a more secure system, but to suggest that increased security is a justification for hacking rings somewhat hollow to me.


    /actual strawman arguments begin here, just for your reference ;)

    Would you ever suggest that burglars are good because their actions result in increased home security?

    Would you ever suggest that fatal street knifings are a good thing, because they increase the use of stab proof vests, which in turn reduce the number of fatal stabbings?

    /strawmen end.... Lesson learned I hope ;)


    There is this assumption that increased system security is good in and of itself, but in fact it is only good because it protects a system against hackers. If said hackers did not exist, the increased security would not be necessary. In other words, the benefit that results from the actions of hackers can ONLY be viewed as a benefit because it protects the system against the same actions of the hackers that are purported to have provided the benefit.

    /breathes in

    There is nothing what so ever strawmanish [sic] about that. It is a cyclical argument, plain and simple. Here is another.

    A lamp post stands in the street. Why is the post there, to hold up the lamp. Why is the lamp there, so you don't walk into the post in the dark.

    :)

  • kangarootoo #41 2 years ago

    @XrustynutsX

    The older I get, the more I realise just how young 21 really is. The "20 something" excuse is a great one, because 21 year olds are all the things you describe often as not. I'm not saying he deserves a pat on the bat, but I understand why he does what he does and wants attention for it as well. + I'd prefer he dick about with tech and act all important about it than sniff glue and burgle my house.

  • Widge #42 2 years ago

    I'm not patting anyone's bat

  • pickles4uk #43 2 years ago

    This guy seriously needs to get out more.

  • kangarootoo #44 2 years ago

    @Widge

    I was going to go back and edit the typo out of my post, but then your post would just look mental.

    Tempting a result as that is, I'll leave history intact :)

  • SpaceMidget75 Verified Senior Software Developer, Minerva Computer Services #45 2 years ago

    Sorry but I agree with Mightmouse on this Kangarootoo.

    There are two types of ideal situation:

    People being moralistic enough that piracy doesn't exist.
    or
    Manufacturers make unhackable or near unhackable systems.

    Option one is a fairy tale and option two is only possible with previous systems being hacked.

    It's not a circular arguement because with each iteration it appears to be becoming more difficult to hack a system (when the manufacturer gives it enough attention). The two key examples here being the PS3 which is this far into its lifecycle and still can't play pirated software, and Sky TV.

    Do you think Sky TV would be this secure and practically unhackable if it wasn't for all the previous hacks?

    It may have taken them some time, but they're now reaping the benefits of a system that everyone who wants it has to pay for it.

    EDIT: All the effort Sony have put into the security has paid off this gen it would seem.

    Like a said, I'm sure they'd have prefered it if people just didn't pirate because it was BAD ;) but that hasn't happened so this is the next best option.
    Edited by 2 at 23/02/10 @ 10:52

  • kangarootoo #46 2 years ago

    @SpaceMidget75

    I think a couple of viewpoints are getting confused here. I am not at all saying the logic you describe isn't true. It totally is. Hacking does in the end make systems more secure. I agree.

    What I sam saying is that is no moral defense for hacking. Maybe I'm making assumptions about the intent of the original posts on the matter, but I thought that "hackers do good because their actions make systems more secure" was the point being made.

    Again i say I don't deny the logiccal path, but I find it unusual to say that hackers are doing good by forcing platform vendors to take steps to increase security in ways that prevent hackers from hacking.

    To continue your Sky analogy, Sky would have ALWAYS reaped the benefits if it wasn't for people ripping off their service. No good has resulted, simply the removal of "bad".


    IF I was wrong in assuming a moral defense was being suggested, then I've been off down the wrong track all along :)

  • Murton #47 2 years ago

    Though I agree with Kangarootoo I also agree SpaceMidget too, it's a very tricky issue and one that can't be painted in simple black and white, it's very much a grey area.

    If there was no security then everyone would be free to exploit and abuse the system, that's obviously not sustainable from a business perspective. So we have security but that means that we'll eventually see hackers, who then break security and the exploits and abuses start, the company then fixes the flaws and increases security, the hackers then try their luck with that and the whole process turns cyclic.

    EDIT: All the effort Sony have put into the security has paid off this gen it would seem.

    And not just for them too. As a console manufacturer, games publisher and developer the benefits of that added security are beyond count, not only for themselves but everyone who works with the console. I'd go as far as to say the manufacturing royalties from third party publishers alone have probably made it more than worth their time and effort.

  • SpaceMidget75 Verified Senior Software Developer, Minerva Computer Services #48 2 years ago

    "To continue your Sky analogy, Sky would have ALWAYS reaped the benefits if it wasn't for people ripping off their service. No good has resulted, simply the removal of "bad". "

    I agree which is why I said in an ideal world people just wouldn't do it. More specifically though is that at least it requires a hacker nowadays! ;) If you regress this back, there was a day when we didn't even need the hackers, simply products sold by the same manufacturers themselves! Speccy games and music copied tape to tape, games burnt onto CD-R etc. It was that simple process of copying by the layman (who has no scruples with regards to pirating*) that led to them improving the systems that led to more and more tech savvy people required to break the systems.

    All good fun eh!

    * not all people obviously. :)
    Edited by 2 at 23/02/10 @ 11:43

  • SpaceMidget75 Verified Senior Software Developer, Minerva Computer Services #49 2 years ago

    "If there was no security then everyone would be free to exploit and abuse the system, that's obviously not sustainable from a business perspective. So we have security but that means that we'll eventually see hackers"

    Oops. Just seen your post Murton. Looks like I just duplicated some of what you said. :D

  • Beano #50 2 years ago

    I wonder if Sony are allread plugging the hole(s) as we speak now that Gethot has publshed the exploit?

    Would be a nasty situation for Sony if the PS3 ends up like the PSP where piracy is widespread.

  • Murton #51 2 years ago

    No problemo SpaceMidget, it's going to happen when you have a few people posting within a few minutes of each other.

    I wonder if Sony are allread plugging the hole(s) as we speak now that Gethot has publshed the exploit?

    A part of me suspects not. They'll have a plan to deal with it obviously but so far GeoHot hasn't posted sufficient evidence to back up his claims, more likely that Sony's own security experts are working on reproducing his hack with intent to assess the possibilities themselves. If Sony believe that the system has been compromised then they will move in to fix it, if not however they may be inclined to do nothing at this time and continue to monitor the situation as they appear to have been doing so far.
    Edited by 1 at 23/02/10 @ 12:15

  • Beano #52 2 years ago

    I thought he posted the method a while back?

    Just not for the new exploits...

  • Murton #53 2 years ago

    He's posted methods used to gain access but he claims to have gone further and not posted evidence of such. He failed to produce evidence of a "hello world" in his first hack and claims to have gained access to the GameOS with this one but didn't feel compelled to prove it.

    He's a talented hacker, there's no doubt there but this goes back to my original post, just because you say that you've done something doesn't make it true.

  • man.the.king #54 2 years ago

    @Beano

    "I wonder if Sony are allread plugging the hole(s) as we speak now that Gethot has publshed the exploit? "

    They might be. Take a look at this: http://www.qj.n et/qjnet/playstation-3/sony-responds-to-geohotz-ps3-exploit- with-a-new-patent.html

  • MightyMouse #55 2 years ago

    @kangarootoo

    It turns out that there can be more than one straw man argument. The fact that you made one does not in fact preclude others, but nice try.

    Your argument relies on the idea that only hackers are testing security, so without hackers any level of security is identical to any other level of security. Given the difference in piracy betweeen PS2 and PS3 systems I'd rather have to point out that that's not true.

    edit: I do apologise, clear drunken snarkery. Let's keep it civil!
    Edited by 1 at 24/02/10 @ 12:43

  • Quixz #56 2 years ago

    LOl my goodness so much hate for Geohot. Personally think what he is doing is pretty cool, his 21 FFS!

  • IneptPercy #57 2 years ago

    "You would be paying £20 for a pack of 5 low quality writeable discs. The costs wouldn't add up."

    I recently got a pack of 10 for £17.

    Will see how the burns go.

    As for a hack, Sony secretly want it to happen. The reason the PS1 and PS2 where so dominant is because you could games from the guy the pub for £3 init.