[advocatusdiaboli]

Originally Posted by badman1150 Did geohot did make any tutorial..???? About the hardware what will it be??? Wen I search on google they didn't mention about some hardware??...........I am good at soldering...!!!!!!!!!

Yes, but the page was removed, he used a glitch tool.

[tjhooker73]

Originally Posted by advocatusdiaboli Yes, but the page was removed, he used a glitch tool.

no he never released it. He even said he did not. He told sony how he did it though.

[TizzyT]

Originally Posted by JustThatDude Hey just wondering but did GeoHot ever release his method of doing it? And if not can't he tell us stuff. If i remember correctly he was never allowed to crack a Sony device but they never said he could give us information without cracking it

Geohot used a XDR memory glitch where he prevented a write what was supposed to happen using tiny pulses. It is somewhat explained in F0F ccc event video.

Geohot did other things as well but apparently that info was not public.

[JustThatDude]

Originally Posted by TizzyT Geohot used a XDR memory glitch where he prevented a write what was supposed to happen using tiny pulses. It is somewhat explained in F0F ccc event video. Geohot did other things as well but apparently that info was not public.

Wonder if he can tell us the method without getting fined

[baargle]

Troll feeding time at the zoo...chomp chomp.

[donglehater]

Originally Posted by baargle Troll feeding time at the zoo...chomp chomp.

Ya, I think I called it to begin with. Even if he isnt a troll he clearly does not possess the necessary skills,tools or mental acuity to accomplish the task.

No offense to the OP intended.......I too do not possess two of the aforementioned requirements.

[advocatusdiaboli]

About the glitch:

http:/ /www.**** ***.com/PS3-Hacks/geohot-releases-ps3-hack-exploit-your-system-and-enjoy/ geohot: well actually it's pretty simple geohot: i allocate a piece of memory geohot: using map_htab and write_htab, you can figure out the real address of the memory geohot: which is a big win, and something the hv shouldn't allow geohot: i fill the htab with tons of entries pointing to that piece of memory geohot: and since i allocated it, i can map it read/write geohot: then, i deallocate the memory geohot: all those entries are set to invalid geohot: well while it's setting entries invalid, i glitch the memory control bus geohot: the cache writeback misses the memory geohot: and i have entries allowing r/w to a piece of memory the hypervisor thinks is deallocated geohot: then i create a virtual segment with the htab overlapping that piece of memory i have geohot: write an entry into the virtual segment htab allowing r/w to the main segment htab geohot: switch to virtual segment geohot: write to main segment htab a r/w mapping of itself geohot: switch back geohot: PWNED geohot: and would work if memory were encrypted or had ECC geohot: the way i actually glitch the memory bus is really funny geohot: i have a button on my FPGA board geohot: that pulses low for 40ns geohot: i set up the htab with the tons of entries geohot: and spam press the button geohot: right after i send the deallocate call

On his personal blog, in which is now removed, he revealed how to do it.
Perhaps: http://archive.org/web/web.php or similar pages will still have it?

[Annelies]

Originally Posted by tjhooker73 no he never released it. He even said he did not. He told sony how he did it though.

Whether you're really trolling or not, you are horribly misinformed. Geohot described his method and it was a glitch. He didn't tell Sony a damn thing. Well, until they settled in court.

[DEFAULTDNB]

My reversing skills are amazing... Shame they only apply in a car :-(

[JustThatDude]

Why not attack the memory with so many commands and create a buffer overflow basically and be able to implement our code/exploit. Or is that what GeoHot had done? Lets explore timing attacks like on xbox 360. Even if we found a way to time attack it. It would still be good for the end user if we would be able to on the latest firmware.