“Hello hypervisor, I’m geohot”.
Probably the last thing we would expect to see on the PS3, after 3 years it seems legendary iPhone hacker George Hotz (Geohot) has managed to crack the PS3 security in under a month (Geohot was the first person to unlock the iPhone). He has posted on his blog that he has full hypervisor access and read/write access to the entire system memory. He also says that this is not patchable and plans to reveal the method soon. There is still more work to be done according to Geohot.
I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3. The rest is just software. And reversing. I have a lot of reversing ahead of me, as I now have dumps of LV0 and LV1. I’ve also dumped the NAND without removing it or a modchip.
3 years, 2 months, 11 days…thats a pretty secure system
Took 5 weeks, 3 in Boston, 2 here, very simple hardware cleverly applied, and some not so simple software.
Shout out to George Kharrat from iPhoneMod Brasil for giving me this PS3 a year and a half ago to hack. Sorry it took me so long
As far as the exploit goes, I’m not revealing it yet. The theory isn’t really patchable, but they can make implementations much harder. Also, for obvious reasons I can’t post dumps. I’m hoping to find the decryption keys and post them, but they may be embedded in hardware. Hopefully keys are setup like the iPhone’s KBAG.
A lot more to come…follow @geohot on twitter
Very good news for PS3 hackers who have waited very patiently for this day, and great job Geohot, we will bring you more updates as they are available.
UPDATE #1 (1-23-2010):
[I know some function names...]