• PS3 Hacks , 03.03.2010

    Xorloser has released his complete the PS3 exploit toolkit software called XorHack. XorHack allows you to call lv1 syscalls (level 1 system calls) from a normal (userspace) program. It also lets you run the software required when triggering the PS3 exploit from a normal userspace program.

    To quote:

    I finally found the time to complete the PS3 exploit toolkit software I mentioned to in my previous posts. I call it XorHack. It allows you to call lv1 syscalls (level 1 system calls) from a normal (userspace) program. It also lets you run the software required when triggering the PS3 exploit from a normal userspace program. To give an example of how it can be used I have included the following example programs:

    • ps3exploit – Runs the software required to exploit the ps3, it loops a number of times which can be specified as a parameter. (This still must be used along with the “button pressing”, it will not exploit the PS3 via software alone).
    • dumphv – Dumps the hypervisor to a file in the current directory.
    • dumpbl – Dumps the bootloader to a file in the current directory.
    • dumprom – Dumps the system rom to a file in the current directory.

    The XorHack package contains full sourcecode for everything including a rewrite of geohot’s exploit sourcecode to make it easier to read and understand (the new file is kmod/exploit.c). The rewrite doesn’t just fix the compilation warnings, it attempts to replace all “magic” values with the algorithms and reasoning as well as tidying up the code and commenting it all. I also added another syscall #21 to allow executing of code in hypvervisor context. Due to the associated complexities it is not available from usermode, it is for advanced users to make use of in kernel space. Some small changes were also made to the timing and the text that gets printed onscreen to make the exploit easier and hopefully more stable to use. I recommend XorHack when both looking into how the exploit works and when actually triggering the exploit.

    XorHack is made up of three parts. The kernel module, the userspace library file, and lastly the userspace programs themselves. To build all three parts you need to first extract the contents of the XorHack zip file to a directory on your PS3 harddrive. Next you need to navigate on the command line to the directory you extracted the files to. You should be either logged in as root or running as root thanks to the “su” command. Now type “make” to build all parts of XorHack. Then once that completes type “make install” to install all parts of XorHack. If you wish to you can type “make uninstall” in this same directory to remove all of XorHack from your system. When you install XorHack on your system it will always be ready for use, even after rebooting it will be automatically reloaded and ready for use.

    To use XorHack to perform the exploit on your PS3 first install it as per the directions above. You then need to switch to a console only mode (no GUI). This is required because it is the only way you can see the printed messages from the kernel module to know when to press the button. Once exploited all other programs can be run normally from a terminal window in GUI mode. To switch to console mode press Ctrl+Alt+F1 on your keyboard. To switch back to the GUI mode press Ctrl+Alt+F7. When you enter console mode you will be greeted with a login screen. Now login with your normal user account and password and type “ps3exploit 100″. This will start the exploit looping 100 times in which you need to successfully glitch the console by pressing the button on your glitch hardware. The idea is the perform the glitch when nothing else is occuring on your PS3. Therefore some things you may want to try when exploiting to help your chances are:

    • Only press the button once per loop.
    • Try to press the button around the middle of the pause between two concurrent prints of the “press button” message.
    • Don’t start pressing the button till after the 10th “press button” message (by this time the system should done loading and preparing the newly running code, so less likely to interfere with processes that occur during these stages)
    • Run the ps3exploit software after initially booting up the PS3 and switching to the console login without first logging into the GUI mode.
    • After booting the PS3 and switching to the console mode straight away, log in and then wait about a minute before running ps3exploit so that any processes that may occur upon login/startup have completed.
    • Don’t use any services that will cause more processes to be running until the exploit is completed. This includes things like accessing your PS3 over samba.
    • Once you have successfully exploited, stay in console mode as there is less chance of instabilities causing havoc and crashing your PS3.

    The PS3 Exploit Game!

    Once you can run the exploit it’s time to turn it into a game. Think of it as a cross between getting the turbo boost at the start of a Mario Kart race and Dance Dance Revolution with a finger pad. The aim of the game is to exploit your PS3 as quickly as possible without it crashing. Below is my highscore table picture showing my highscore of THREE!

    You can view and download XorHack and readme here.

    [VIA]

    Tags: , , , , , , , ,

    Discuss in Forums (14)


  • 14 Comments

    1. mcd1992
      03-03-2010
      04:07 PM
      1

      Keep up the good work!! :D

    2. intertweaker2
      03-03-2010
      05:27 PM
      2

      Ok, I've all set it up right, logged in right in console mode, but which "button" do you need to press when activating the ps3exploit?

    3. madshaun1984
      03-03-2010
      05:31 PM
      3

      You need to make and attach an FGPA button to the ps3's motherboard in order to trigger the exploit using this software.

    4. BobbyBlunt
      03-03-2010
      10:44 PM
      4

      How long does each pulse need to be? I have seen that you use a specific microcontroller and I can only gain access to equipment to program a PIC.

    5. levendi2nv
      03-04-2010
      12:01 AM
      5

      cool, shall we should see more progress with this? either way well done to xorloser

    6. solidsnakedz
      03-04-2010
      03:05 AM
      6

      honestly,i just wanna know how close we are to an ISOloader!

    7. GODVer3
      03-04-2010
      03:45 AM
      7

      Originally Posted by solidsnakedz
      honestly,i just wanna know how close we are to an ISOloader!
      We don't take kindly to yer type round hereabouts...

    8. GregoryRasputin
      03-04-2010
      03:49 AM
      8

      Originally Posted by GODVer3
      We don't take kindly to yer type round hereabouts...

      Just ignore him, he keeps posting the same thing, i think he just wants a rise out of people.

    9. levendi2nv
      03-04-2010
      05:54 AM
      9

      Originally Posted by GregoryRasputin
      Just ignore him, he keeps posting the same thing, i think he just wants a rise out of people.
      yeah i think he just wants to piss people off let him be, noobs like that will always pirate as much as they can.

    10. SuperDre
      03-04-2010
      01:56 PM
      10

      This will start the exploit looping 100 times in which you need to successfully glitch the console by pressing the button on your glitch hardware. The idea is the perform the glitch when nothing else is occuring on your PS3. Therefore some things you may want to try when exploiting to help your chances are:
      Well, how about triggering the Triggerhardware using USB, as USB is available under Linux..

    11. BobbyBlunt
      03-04-2010
      02:12 PM
      11

      Originally Posted by levendi2nv
      yeah i think he just wants to piss people off let him be, noobs like that will always pirate as much as they can.
      Well piracy isn't really an issue because we all know that about 85% of this scene pirates things. The problem with people asking about isoloaders is that it kind of tends to throw the whole thread off topic. The last 4 posts on this thread (except the one above me because he beat me to the post) have had no relevance to the topic, including most of this one, because of one person that doesn't have the respect of the work being done here. We are far from an iso loader, so you should show a little more respect than asking about a loader every time you post. One will come in time, so to answer your question again, we are not close.

      Back to topic: Thank you xorloser for you continued work on the geohot exploit. You have made this much easier for some people that have some electronics experience. Linux is still a roadblock for me, but running your script with the proper hardware now seems a lot easier. I have 3 ps3s in this house, 1 slim, 1 80 gig(no BC), and 1 BC 80 gig. I'm probably going to attempt this with bc 80 gig.Two reflows, and a drive replacement, I think that unit is seeing the end of its days.
      ************* [ - Post Merged - ] *************
      Originally Posted by SuperDre
      Well, how about triggering the Triggerhardware using USB, as USB is available under Linux..
      Because we would not be able to send the glitch we need to the memory bus via usb. We actually have to glitch a specific bus to keep the system from writing some things to ram. USB doesn't have direct access to this bus.

    12. SuperDre
      03-05-2010
      10:14 AM
      12

      Originally Posted by BobbyBlunt
      Because we would not be able to send the glitch we need to the memory bus via usb. We actually have to glitch a specific bus to keep the system from writing some things to ram. USB doesn't have direct access to this bus.
      I think you didn't understand what I meant.. Now you have to push a button (when there is a message on screen) to trigger some hardware for the glitch, but by replacing the button with an USB signal the 'softwarehack' can trigger the hardware for the glitch so you don't have to do it manual at the right time.. This ofcourse means you have to have an USB-enabled hardwaretrigger (microcontrollerboard).. So all it does is replace the button and someone having to push it at the right time, software is normally better at it hehe...

    13. BobbyBlunt
      03-05-2010
      11:18 PM
      13

      Originally Posted by SuperDre
      I think you didn't understand what I meant.. Now you have to push a button (when there is a message on screen) to trigger some hardware for the glitch, but by replacing the button with an USB signal the 'softwarehack' can trigger the hardware for the glitch so you don't have to do it manual at the right time.. This ofcourse means you have to have an USB-enabled hardwaretrigger (microcontrollerboard).. So all it does is replace the button and someone having to push it at the right time, software is normally better at it hehe...
      That is interesting and I understand what you are saying now, but the only problem there would be that the usb device would have to be coded into the script to turn on at the right time. A micro controller can be programmed to output the right pulse when triggered on the input pin (by usb) but the script would have to know to trigger USB to turn on to trigger the input pin at that specific time to get the desired affect on the output pin of the microcontroller.

    14. DKSE
      03-10-2010
      12:39 AM
      14

      Can't wait for custom firmware took long enough but it looks like this is the beginning of the PS3 hacking scene. Hopefully it reaches its peak before the PS4 comes out.