Unexpected PS3 Mod Arrives
Sony's PlayStation 3 has so far been the only one of the current generation of gaming consoles that has not been hacked successfully. It hasn't been for lack of trying. In the years since the console was released, people have looked at using memory vulnerabilities, through to actual exploitation of the hardware (spiking voltages on certain traces on the PS3's main circuit board). While some attempts got closer than others, they all fell short.
It came as a massive surprise, then, to have USB dongles being offered for sale by OzModchips (unconfirmed on other sites, fake on others) at the end of the week, claiming to have successfully defeated the protection on the console. Because the announcement of a reliable successful hack came almost at the same time as it was being put on sale, there were many people scrambling to find out if the device was legitimate, and if it was, how did it work. When one of the highest profile console modders gave up in July, many thought it a significant milestone in the ability of the PS3 to withstand attack.
On the surface, achieving complete compromise of the console through nothing more than a USB key makes for simpler modding / demodding of the console, compared to previous console generations (and some current ones) where modding was essentially a one-way process - either by soldered mod chip or modified boot code. A simple USB key makes it difficult to lock out modded consoles, and it makes it difficult to prove a console was ever modded when being sold if Sony does find a way to block modded consoles permanently (Microsoft's permanent banning of modded XBox 360s makes resale of that console more risky, especially to a buyer who doesn't know the console has been banned from going online).
With so many people trying to find out how and why the mod works, the site belonging to the people claiming responsibility for the dongle has been hammered with traffic, as have many message boards linked to console modding, particularly PlayStation modding forums and message boards.
As information has come to light, it appears that the devices are legitimate, and Sony is going to have a difficult time overcoming their presence. Early information claimed that:
- The dongles are compatible with all versions of the PlayStation, in all regions,
- Forced software updates are disabled,
- Allows "backups" of games to internal hard drives (or external if no files are greater than 4GB [PS3 only supports FAT32 formatted USB hard drives])
- Allows games to be played directly from the hard drive, up to 2 times faster than disc-based
- Allows for homebrew content
- The dongle itself can be updated via a PC
Investigation of the expensive device suggests that there may be some profiteering being attempted by the group behind the release, with some analysis suggesting that they have taken various steps to prevent reverse engineering of their solution.
So far, the analysis indicates that it is a variation of the previously-released ZPack which allowed running of PS3 games from external hard drives, though it involved a disc in addition to a USB dongle. The actual software installed by the PSJailBreak dongle was initially hardcoded to prevent it from running on specialised Debug consoles, though it would on retail consoles. There are enough clues to indicate that the developers have made use of various earlier leaks of SDKs and other key console information to create a device that either replicates a test jig (used to repair retail consoles) or manages via another method to turn a retail console into a Debug console, which has always had the ability to run games from the hard drive.
Later analysis indicates that it appears to replicate a test jig, which apparently is capable of making a retail console a Debug console, something which had to be reverse engineered from a legitimate jig. While at least one jig is known to have been leaked / sold / stolen, and it's suspected that it loads prior to the device's firmware code, which would make it very difficult to block with a future firmware update. Some have suggested that Sony may be able to block the device in some sort of revoke list, or just disable USB booting (that would imply an updated test jig or another means of repairing the console).
There is still a fair amount of suspicion regarding this release, particularly as to how simple the mod actually is and the hard sell that accompanied the release of the initial use videos. Sony have modified their firmware in the past for far less. It is time to watch and see what Sony does in response.
21 August 2010
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.