If you missed the Chaos Communication Congress conference, then we have the summary for you of all the goodies you missed right here.
We basically learned that the PS3 security is now “epic fail”, and the 360 is currently a more secure system compared to the PS3.
To quote:
The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot’s memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.
Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony’s security to be EPIC FAIL!
The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.
The team then displayed the website http://fail0verflow.com/ were we assume will host examples of the new exploits and further details. They stated that easy to use tools would be coming next month.
Sounds like great news for us 
.
Here are some of the latest Twitter updates for fail0verflow:
- @KushanTheCat our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.
- Our current PS3 goal: AsbestOS.pup
[More info at fail0verflow and fail0verflow Twitter, via PSGroove]
27C3 – Console Hacking 2010 from Yifan Lu on Vimeo.
12-29-2010
12:15 PM
Awww did Sony get Pxned? Someone needs to pull out the world's smallest violin for Sony. :musicus:
12-29-2010
12:18 PM
the site is still not live yet just checked it
12-29-2010
12:19 PM
Besides, lest we forget it took about 5 years for us to get a foot in the door. I think Sony did pretty well, all things considered. What other gaming platform remained so secure for so long?
12-29-2010
12:20 PM
This is amazing ! So nice ! Sony is going to be dog position just like a horse ! :musicus:
12-29-2010
12:22 PM
The security is an "Epic Fail"? I know we have more access than the 360 does, but we went 4 years without a hack, we have no online play, and the new games don't work...if the goal of the security was to prevent piracy for as long as possible, and then to make it inconvenient once it is available, then I'd say that it was a success.
12-29-2010
12:23 PM
.........................................
12-29-2010
12:27 PM
12-29-2010
12:31 PM
I think I need to save up for a new ps3 now to keep my 3.15 phat for hacking.
12-29-2010
01:09 PM
So the dongle wasnt even needed to find the exploit??? Wow, im so mad i wasted $$ on this dongle
12-29-2010
01:10 PM
So now theres hopE of downgradin or even moddin 3.55 =D
12-29-2010
01:36 PM
huh ,epic fail hein
so what took u 4 years to hack....i hate sony for what it does ...i love the PS3 ,mine is jailbroken and i support piracy
but i dont like braging ,we ve got to admit...sony kicked our asses this time ....its 4 years !!!!the record of security is beaten
12-29-2010
01:43 PM
Up until the Jailbreak-method, the security was very good, also Sony has learned a lot (and is still learning) with their PSP, every new Firmware has been shown to be harder to really hack..
Now, I'm very interested in the non-dongle jailbreak, I wonder how they are gonna do that (I still haven't bought myself a Teensyboard (and therefore still not jailbroken it), but I will buy it anyway because of the easy USB development stuff).
12-29-2010
01:47 PM
@ all the people who argue about the time it took to hack the ps3:
"Hacking" the PS3 began with the removal of OtherOS on the Slim. Before that, the scene (which is not the same to the "i wanna play gt5"-scene) had no reason to exploit it, as you were already able to use Linux. As it was stated in the lecture, the "real" time it took was about 12 months, which is the same time it took to gain control over the xbox.
The guys who do that work, give a s*** about playing backups, but the right to have full control over the hardware you own!
12-29-2010
01:50 PM
12-29-2010
01:50 PM
or even better, not we can sign ALL .pkg files & make them appear legitimt. so that means we could essentialy launch Blackbox or OM from the XMB (after they are modified & signed) with no JB
12-29-2010
02:08 PM
I wonder the hackers spent years gathering to hack the ps3.
And now they say that the island is fail safe.
Not really hacked anything only succeeded in handling something that sony already had something in the case that put the ps3 into service mode.
Regarding the safety of the ps3 it is still there where the blue ray running straight to console?
The PS3 console is still a very safe in my opinion.
12-29-2010
02:14 PM
let's make that Fat (Phat) PS3
12-29-2010
02:16 PM
@GregoryRasputin In the beginning of the lecture it was stated that the announcement of the slim and its missing linux functionality was responsible for people like geohot to work on it. Even though this might just be an excuse, at least for me it sounds really reasonable as I never shared a thought in hacking my console before otheros had been removed.
12-29-2010
02:21 PM
Sony used GeoHot as an excuse for removing OtherOS from fats and i guess, the hackers(i prefer the word circumventors) used the removal of OtherOS as an excuse to hack the PS3.
12-29-2010
02:28 PM
It sounds too good to be true! They actually said that users should have the ability to sign their own SELFs!!! Does anyone know what this means? It actually means we don't need jailbreak to run homebrew!
They kinda "promised" too much... Presentations are easy to made, but let's see if all this information are really true and ever going to be implemented. If only we could sign our own SELFs, that would be that PS3 is... hackable forever! Well... not hackable... But at least, "open"!
12-29-2010
02:44 PM
12-29-2010
03:22 PM
im worried what sony is going to do to these guys >.>
i would want to remain faceless in the scene sony is dirty >.>
12-29-2010
03:37 PM
As I said before, it was expected that in the end there would be a way to hack the PS3 without a dongle. But it is a total surprise at what rate this happens. I guess the biggest motivation behind this progress is the fact that it took so long to find a hole in the PS3's security. Because of this many people started to get interested. More interested people means more power to the scene.
Piracy is another motivation, but I'm not willing to say that it is the only one. Personally I am a game lover and a console lover. But I hardly play any games, I just admire them. I love hacking my consoles and I love bootleg and fake crap. Why I love the crappy stuff is hard to explain, but I'm sure there are other people like me who love the hacking but have no real interest in piracy itself. Maybe it's about power, or the ability to do something that was never meant to be done.
That's as far as I wish to go in this post since I don't wish it to become an off topic piracy post. I just wanted to state that this scene draws its power from different resources.
12-29-2010
03:47 PM
I am actually more interested on the possibilites of building SPRXs. Hopefully, since SELFs are possible (from what they say), then plugins should be possible too! And that would give us amazing possibilities.
Anyway, i am still a little sceptical about all this. As I already said, it sounds too good to be true. Let's see what this guys have on their pockets...
12-29-2010
03:47 PM
I am glad they say the came this far, I hope its true. I don't have reason to doubt but it is hard to believe.
This is Totally Rad Dudes!!!
12-29-2010
03:54 PM
This is the stuff I've been waiting 5 years for. If theres a possibility of signing elfs (selfs) and possibly creating sprxs custom firmware really is just around the corner. The great thing about it is that the internal private keys are just as good as the ones sony have in there vault somewhere guarded by Neil from the matrix... at least for signing elfs to selfs,... meaning that it could be possible down the line to package some custom signed selfs, rco's, and sprx's into a .pup file and install onto a completely untouched modern ps3. Talk about pwned. Anyway, still a ways to go and alot to look forward to. Lets keep this scene rolling like thunder!
12-29-2010
04:07 PM
I have to admit this is truly an astonishing discovery giving the fact that the ps3 has only been hacked for about 4 or 5 months! So much progress made in such a short amount of time is really good for any type of scene! im a big supporter of homebrew and unlocking the true potential of gaming systems (as for the piracy not so much). As such i applaud those who have worked hard in their research and although my ps3 is no longer jailbroken i will continue to follow the scene in hopes that i can jailbreak it along with online play so until then i shall wait.
p.s. SONY SUCKS FTL!!!! :aetsch: :thefinger:
12-29-2010
04:44 PM
I don't think everyone realizes how massive this is. Not even the Wii had its private keys leaked.
12-29-2010
05:00 PM
Thanks a gazillion.
Looking forward to run psubuntu through AsbestOS from /dev/sdax
************* [ - Post Merged - ] *************
12-29-2010
05:09 PM
check the twitter cuz it now says
"Whoever originally wrote something about "overflowing the bootup NOR flash" needs to be shot (after watching the talk and paying attention)"
12-29-2010
06:02 PM
If the PS3's security is such a big failure, then why did it take so f*ing long to even partially overcome it?
Also the new firmwares block ps3jailbreak, so it's still very secure. That's why I haven't bought one of those sticks yet. They can't seem to make it permanent.
12-29-2010
06:45 PM
you guys need to know why its taken 4 years for it to be hacked because
they and i quote "we only started looking at the ps3 after otheros was killed."
so it took them about 14 months
thats what sony gets for killing other OS :thefinger:
12-29-2010
07:40 PM
Sony should just sit back and watch as they sell more consoles than wii and 360 combined over the next year. "Win - Win"
Happy new year to everyone (Community and $ony)
12-29-2010
08:00 PM
#2 After Sony removed linux it only took 12 months to hack.
12-29-2010
08:31 PM
Can't Wait To Get The "fail0verflow" Trophy lol xD
12-29-2010
08:35 PM
@ Trott Lol too true. With the advent of the PS4 coming in the near future, Sony could use a hefty profit margin to drive its release as well as learn from what the hackers are doing to make the new system more secure.
I'm with the guys saying we should be thankful rather than spiteful that there are companies like Sony, MS and Nintendo making wonderful technology like the PS3 for us to enjoy and the games that come with their consoles ours to own. Seriously, if these major players adapt the OnLive model then all who love piracy are screwed at worst or be given a hard time at best.
I also thought that some of the initial ideals behind projects like PSGroove were sound in that we should open the system to do as we wish with it sans piracy. Honestly, for every 1 supporter of homebrew, we probably have 1000 who are in this for piracy and these are the guys who trawl through forums like these the most. Honestly, if the hackers want to be true to what they say about not doing this to enable piracy then all future developments (including on systems that come after this generation of consoles) should incorporate methods to actively deny piracy while opening up the system at the same time; even to go as far as eliminate current methods on future releases. That would be something wouldn't it? Forgive me for pissing some of you off, but whenever I think of the people who get the shortest end of the stick, the game developers, I really feel sorry for them when their IP gets royally screwed and other people benefit off of their hard work. No amount of justification (e.g. "saving my PS3's lens") or anger at Sony etc holds any water against that simple fact, so freeloaders should just keep their ugly thoughts to themselves.
@$n!pR I'm really curious about that. I kind of agree with Mr. Rasputin that OtherOS was used as an excuse to rally behind seriously breaking the system and even then success had been limited until an exploit was found and reverse engineered. We but need to trace the series of events and see that all we have now started to come out from that point in time. I could be wrong I know but it just seems logical to me to see it that way.
12-29-2010
09:15 PM
It only took 12-14 months to hack it and no one was working on it before that? BS!!! I remember reading about people using the infectus to mess with their NAND the week of release! People had been trying to hack the system from launch day. Sure, removal of linux was a catalyst, but it was not the start.
12-29-2010
10:24 PM
Is this going to help those of us with drives that work, but not married to the ps3? Revocation list?
12-29-2010
10:37 PM
No game devs = no games = death of ps3 use for games
And the average piracy loving joe, which im pretty sure you are, has NO REASON to buy a ps3. Only people who program would have any reason to buy it.
Honestly, think a little bit before posting.
12-29-2010
10:49 PM
12-29-2010
11:03 PM
For instance I imagine the first goal is to install AsbestOS to any standard ps3 simply by putting in a USB stick.
12-30-2010
12:46 AM
This is a really great development! I still wouldn't update to 3.55, because even though an exploit is sure to come, we don't know exactly when yet. Anyway I'm new to the PS3 hacks, but I've been following them for a while and finally bought a PS3 fat today.
12-30-2010
01:15 AM
If they truly are able to sign code, although great for the homebrew scene the implication of a singed backup manager will most likely be devastating to the console.
12-30-2010
01:54 AM
12-30-2010
02:20 AM
the PSP doesn't have much going for it but it never did even from launch.
12-30-2010
03:09 AM
I thanked Killer Bug for his post earlier and I do agree that it was secure enough to hold us out for four years, but once people got in what these guys are saying makes sense. They have systematically brock down the security wall. That one exploit in and as they made it seem it was pretty weak security. I still wouldn't call it weak, they just owned it. This is good news for all ps3 owners as of now. They way they made it seem an extreme hardware revision would have to be done, and that leaves about 35 million hackable units. Sony you should've never removed other os. The PS3 would probably still be unhacked and people would be happy because they had a way to run their own code as they said. You screw people over, you take an advertised feature, and the community takes it back plus now the one thing you didnt want to happen has happened, piracy, probably about to start in great mass all because you took linux. Seriously has anyone heard of these guys until the $h!t hit the fan? We knew Marcan from the ASbestOS project, but I think that project has been taken to a much higher level.
12-30-2010
03:40 AM
Oh wait, you cant. Because although some solid games DID come out, they were more or less all RPGs. The DS sells because of who it is marketed to. Im willing to bet a fourth of the games at you nearest gamestop are marketed, at least partly, by a company like disney.
Just my observations and 2 cents
12-30-2010
03:55 AM
The only reason they got this far was because of the Jailbreak method which was found by 'getting' a stick which was used by Sony themselves and reverse engineer it.
But we'll have to see what happens now, they say they have those methods, but seeing is believing, so until they actually show it I'm very sceptible..
12-30-2010
04:32 AM
Thanks for posting the video, it was informative and interesting!
Id love for them to have say Linux run on any firmware :D I will admit that most of it is way over my head but it would be awesome to not have to jb the console anymore.
12-30-2010
05:12 AM
12-30-2010
06:49 AM
Ive always loved these vids every year.Could someone answer me a question though?
We had Linux yeah? And all the hackers were happy then,why? We never saw anything good appear,Sony still had full control so what was it about a standard unhacked PS3 with Linux installed that kept Marcan etc so happy?
I mean you look at all the amazing stuff they have managed to achieve since its been hacked what could possibly have been achieved with jUST Linux????
Confused?!
12-30-2010
07:42 AM
i'm just thinking out loud here, when they release their signed pup file and you install it, then you should be able to reinstall any sony update pup after that. downgrading back and forth untill its released in a month or so.
12-30-2010
07:49 AM
On my sat receiver Dreambox based on linux I have an open system, I can even run a torrent program to let it download torrents (I never use torrent, to much viruscrap etc.) and run C64 emulator on it. Only the processor is holding it back for doing more.
My Ipod 3G is jailbroken so I can use it for almost anything the little thing can do. (only not jailbreak my PS3
My Android Galaxy S. is rooted and has the latest Darky 7.5 Gingerbread edition rom on it. I can use it for all things I want now (but also not jailbreak my PS3
Lol, I see my sharp TV is even based on Linux, haven't been in to that one though
And i can go on but the point of this is it is all a big game. just like fighting to an opponent in a virtual game this is fighting to an opponent in the real world.
Not for the money to spare on a silly commercial game but to win from a bigger and very arrogant company by showing you can do lots more with their stuff than they want you to do
12-30-2010
07:53 AM
Well for those of you that didn't see the demo it was rough demo, but he managed to ssh into the ps3 as root without a jailbreak. :D
12-30-2010
08:29 AM
Cool, I hope we get some awesome new homebrew happening. I borrowed 8 games from my brother and frankly, none of them were worth the effort of backing them up. I got more time out of the track builder from NeoRacer. Some people in here think piracy will be the end of the PS3. I say it will have more to do with the limits of the console and the unimaginative crap that keeps getting released. I played two unnamed games that were so similar it was like $ony handed out a game to two developers and they both just re-skinned it. Bring on the HACKS!
12-30-2010
11:51 AM
Pokemon SoulSilver/HeartGold
Professor Layton and the Unwound Future
Super Scribblenauts
Rock Band 3
The Sims 3
Ace Attorney Investigations: Miles Edgeworth
Golden Sun: Dark Dawn
Crafting Mama
WarioWare D.I.Y.
all came out in 2010 all appeal to various types of people
12-30-2010
12:20 PM
sony should just put other os back in on next update
12-30-2010
06:59 PM
we all know why they really removed it
12-30-2010
08:55 PM
Sent from my Velocity powered Ally
12-30-2010
09:09 PM
oh yes your correct. i was thinking about SONY's response to that class action lawsuit that was dismissed.
my mistake
12-31-2010
02:35 AM
posted on psx-scene by Geohot and confirmed via twitter by Mathieulh
12-31-2010
02:43 AM
Sent from my Velocity powered Ally