Hacker Unleashes PlayStation 3 Exploit
Geohot's cracked the PS3 wide open and he's showing everyone how he did it.
Earlier this week, famed iPhone hacker George Hotz proudly announced that he has successfully hacked the PlayStation 3.
It seems that Hotz progressed as far as he wishes to go and has released the details of his exploit for all to examine now. He writes: "In the interest of openness, I've decided to release the exploit. Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released. I have a life to get back to and can't keep working on this all day and night."
The documentation included in his .zip package reads as follows:
!!EXPLOIT IS FOR RESEARCH PURPOSES ONLY!!
Compile and run the kernel module.
When the "PRESS THE BUTTON IN THE MIDDLE OF THIS" comes on, pulse the line circled in the picture low for ~40ns.
Try this multiple times, I rigged an FPGA button to send the pulse.
Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!!
If the module exits, you are now exploited.
This adds two new HV calls,
u64 lv1_peek(16)(u64 address)
void lv1_poke(20)(u64 address, u64 data)
which allow any access to real memory.
The PS3 is hacked, its your job to figure out something useful to do with it.
Of course, this doesn't mean PS3 homebrew or wide open piracy; but it means that George Hotz work opens up many new doors for other PS3 hackers to continue poking through the hardware and software.
It's important to note that the hacking work thus far is meant to work on an original form factor PS3 that's capable of running Linux – so those with the new Slim model are currently excluded from the hacking fun.