Prolific hacker releases PlayStation exploit
Some memory-bus corruption required
On Monday, when we reported that the prolific hacker geohot had successfully penetrated the previously impervious PlayStation 3 gaming console, readers were understandably skeptical.
After all, the 20-year-old readily admitted his hack wasn't reliable, and he provided no evidence he was able to do some of the things modders love to do most, such as run arbitrary code or peel open the device's synergistic processing elements to take a peak at its most prized internal elements.
On Tuesday afternoon, geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn't accomplish.
According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3's motherboard.
"Try this multiple times," his instructions state. "I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited."
While the idea is sound, this hack is clearly not for the faint of heart.
From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He's now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.
His instructions conclude: "The PS3 is hacked, its your job to figure out something useful to do with it." ®
Cryptographer Nate Lawson provides an excellent technical analysis of the hack here.