A chat with a PS3 hacker who runs custom code on firmware 3.60

Yesterday, 2 videos uploaded to YouTube were receiving attention as they showcased a PS3 with firmware version 3.60 running custom code, specifically a File Manager “homebrew” app. Could it be that the supposedly re-secured PS3 (via firmware 3.60) is already susceptible to an exploit? It certainly seems as though that is the case, although many commenters were crying “fake” as the exploit details have not been divulged.

After viewing the videos, which showed the usage of the new 3.60 cloud storage feature as well as the execution of custom code, we were excited to find out more about this new PS3 exploit. After the 2 videos were taken down from the YouTube account named “ThatBoringHacker”, we reached out to the user via YouTube messaging to see if he would discuss the hack/exploit with us. We eventually received an invite to chat on an IRC channel.

Below is a collection of excerpts from that chat. And although there seems to be some contradictory statements and some toying with us, especially at the beginning, we still found it to be a fascinating discussion. Keep in mind that much of this cannot be confirmed, so take the information as you will.

[13:15] <MyCE> Many seem to be claiming that your 3.60 hack video is fake, is it legit?
[13:15] <ThatBoringHacker> yeah
[13:15] <ThatBoringHacker> they don’t like change is the thing
[13:15] <ThatBoringHacker> haha
01[13:16] <MyCE> Can you give us any details on the method you used to run homebrew on it?
01[13:16] <MyCE>  homebrew / file manager
[13:16] <ThatBoringHacker> just install the package and run
[13:16] <ThatBoringHacker> rofl
[13:16] <ThatBoringHacker> thats it
01[13:16] <MyCE> right but you can’t just do that without circumventing their security somehow, right?
[13:17] <ThatBoringHacker> not at all, i just installed the 3.60 firmware
[13:17] <ThatBoringHacker> and it did something odd to my ps3
01[13:17] <MyCE> Was it a modified 3.60 firmware?
[13:17] <ThatBoringHacker> not at all
[13:17] <ThatBoringHacker> im looking deeper into what my console did
01[13:17] <MyCE> so you think it was a fluke?
01[13:18] <MyCE> or is it something that you did to your console before installing 3.6?
[13:18] <ThatBoringHacker> no clue what happened
[13:18] <ThatBoringHacker> my eid changed
[13:18] <ThatBoringHacker> and i could run homebrew, debug apps all out of the box
01[13:19] <MyCE> is the console in the vid a retail unit or debug ?
[13:19] <ThatBoringHacker> its a retail
[13:19] <ThatBoringHacker> which had that weird thing happen to it
01[13:20] <MyCE> so why are you scared of being sued by Sony and removing the videos if it is nothing custom that you did to make this happen?
[13:20] <ThatBoringHacker> the lawyers can turn what i say against me
[13:20] <ThatBoringHacker> and i do not have the money to defend myself
01[13:20] <MyCE> so you have no idea how to reproduce this for another console?
[13:20] <ThatBoringHacker> i think i know
[13:20] <ThatBoringHacker> but it’s a very insane process
[13:20] <ThatBoringHacker> it requires some necromancy if you will
01[13:20] <MyCE> can you give us any details on it?
[13:21] <ThatBoringHacker> i’d rather not say
01[13:21] <MyCE> You are “ThatBoringHacker” from YouTube right?
[13:21] <ThatBoringHacker> yeah
[13:21] <ThatBoringHacker> the reason why i had closed the winocm account
[13:21] <ThatBoringHacker> was really
[13:21] <ThatBoringHacker> an email issue
01[13:21] <MyCE> Are you worried that someone else reposted your video on YouTube after you took it down?
[13:22] <ThatBoringHacker> yeah, somewhat
[13:22] <ThatBoringHacker> another reason why i took it down
[13:22] <ThatBoringHacker> was the general negative response
[13:24] <ThatBoringHacker> you see, these hacks affect game developers, and their profit
[13:24] <ThatBoringHacker> people love to pirate, and that’s a huge chunk
[13:24] <ThatBoringHacker> of the population
[13:24] <ThatBoringHacker> im against that
[13:24] <ThatBoringHacker> im also against the people who modify their games for cheating on the online network platform
01[13:24] <MyCE> what about people that just want to do what they want with hardware they purchased?
01[13:24] <MyCE> for legitimate reasons
[13:24] <ThatBoringHacker> i am fine with that
01[13:24] <MyCE> like running custom apps/games or running Linux like they used to be able to do?
[13:24] <ThatBoringHacker> its just that there are too many people using it for the wrong thing
[13:25] <ThatBoringHacker> im fine with linux
[13:25] <ThatBoringHacker> hell i use otheros a lot
[13:25] <ThatBoringHacker> i downgrade my console to 3.15 a lot
[13:25] <ThatBoringHacker> just to use otheros
01[13:25] <MyCE> so if you’re fine with that why not release the details on your 3.60 exploit?
[13:25] <ThatBoringHacker> since, that exploit has terrible ramifications
[13:25] <ThatBoringHacker> it’s just as bad as geohot’s metldr exploit
[13:25] <ThatBoringHacker> but it’s even worse
[13:26] <ThatBoringHacker> i think you can piece from that
[13:26] <ThatBoringHacker> piece it together*
01[13:26] <MyCE> anything else you want to tell the world?
[13:26] <ThatBoringHacker> sony, please make an open sdk for gameos/lv2. and add back otheros, and add rsx support to it, or support SPU isolation, i want to test my binaries
[13:27] <ThatBoringHacker> aaannnd
[13:27] <ThatBoringHacker> don’t sue the hackers
[13:27] <ThatBoringHacker> they will remember
01[13:27] <MyCE> k, what alias should we refer to you as in our posts?
[13:27] <ThatBoringHacker> anonymous would prefer
[13:27] <ThatBoringHacker> or ThatBoringHacker
01[13:28] <MyCE> okay
01[13:28] <MyCE> would really like to have SOME tidbit on the exploit
01[13:28] <MyCE> can you say anything else about it?
[13:28] <ThatBoringHacker> it’s really bad.
[13:28] <ThatBoringHacker> and it’s unfixable without new hardware again
[13:29] <ThatBoringHacker> this time, for real
01[13:29] <MyCE> but didn’t they say that about Geohot/fail0verflow’s exploit?
01[13:29] <MyCE> why is it different this time?
01[13:29] <MyCE> have you been working on this for a long time or did you discover it recently?
[13:30] <ThatBoringHacker> i sort of found it on accident
[13:30] <ThatBoringHacker> hm?
01[13:31] <MyCE> okay how do I install it? (kidding sortof)  😛
[13:31] <ThatBoringHacker> you can’t.
[13:31] <ThatBoringHacker> atleast, not without insanity
[13:32] <ThatBoringHacker> theres’ no easy way
[13:32] <ThatBoringHacker> yet
01[13:32] <MyCE> so what motivates you to work on PS3 hacking?
[13:33] <ThatBoringHacker> otheros, and i just want to prod with my own system
01[13:33] <MyCE> yep
[13:33] <ThatBoringHacker> i mean, i own it, it’s out of warranty
[13:33] <ThatBoringHacker> its years old
[13:33] <ThatBoringHacker> i have the right to run my own software on my hardware
[13:33] <ThatBoringHacker> i am not licensing it
01[13:34] <MyCE> I agree
01[13:34] <MyCE> So what about the haters, how will you prove to them that your exploit is real and works?
[13:34] <ThatBoringHacker> but the legal ramifications
[13:34] <ThatBoringHacker> the haters can go die, i dont care
[13:34] <ThatBoringHacker> my work is my work
[13:34] <ThatBoringHacker> but im just not going to release it just because of Sony vs Geohot et al
01[13:35] <MyCE> How about those who just want to run Linux and custom apps, don’t you want to share all your hard work with them?
[13:35] <ThatBoringHacker> not at the moment
01[13:35] <MyCE> So in a sense, Sony wins by bullying people into being scared by suing everyone in the PS3 scene?
[13:35] <ThatBoringHacker> yeah
[13:35] <ThatBoringHacker> im a student
[13:35] <ThatBoringHacker> how am i supposed to defend myself
[13:36] <ThatBoringHacker> from this multi-billion
[13:36] <ThatBoringHacker> global company
[13:36] <ThatBoringHacker> i just can’t
01[13:36] <MyCE> I definitely understand and sympathize
01[13:36] <MyCE> So what if Geohot is acquitted? Would that change your mind and allow you to release or would it still not be worth the risk?
[13:36] <ThatBoringHacker> maybe, but only if precedence is set
[13:36] <ThatBoringHacker> and the dmca and cfaa are revised
[13:37] <ThatBoringHacker> maybe, even abolished
01[13:37] <MyCE> ha, don’t hold your breath on that one eh?
[13:37] <ThatBoringHacker> heh
[13:38] <ThatBoringHacker> another reason i sympathize with ps3 game developers is
[13:38] <ThatBoringHacker> programming for ps3 is admittely, hard
[13:38] <ThatBoringHacker> you can’t do those masterpieces in one week, with only one man
[13:38] <ThatBoringHacker> they need their pay
[13:39] <ThatBoringHacker> i’ve developed my own homebrew game, but it’s just lying on my drive
[13:39] <ThatBoringHacker> it’s fun, but just, more complicated than it needs to be
[13:39] <ThatBoringHacker> incomplete socket implementation, no signals, limited RAM
[13:40] <ThatBoringHacker> incomplete OpenGL, slightly odd audio subsystem
01[13:40] <MyCE> Hmm, looking at Waninkoko’s “hackinblack” YouTube channel
[13:40] <ThatBoringHacker> hm?
01[13:40] <MyCE> seems he is giving it away?
01[13:40] <MyCE> http://www.youtube.com/watch?v=SO3PcBMzaVg&feature=channel_video_title
01[13:40] <MyCE> “Sub And Pm me for link, Im still in testing stages.”
[13:40] <ThatBoringHacker> that’s a big fat lie
[13:41] <ThatBoringHacker> i don’t even know waninkoko
01[13:41] <MyCE> k
01[13:41] <MyCE> I thought it was suspicious since he asked for people to subscribe
[13:42] <ThatBoringHacker> yeah
01[13:42] <MyCE> seems like lots of people are calling him fake on his channel comments
01[13:42] <MyCE> oh well
01[13:42] <MyCE> clown
[13:43] <ThatBoringHacker> he’s the one who bricked many ps3ws
[13:43] <ThatBoringHacker> -w
[13:43] <ThatBoringHacker> im lucky to not brick mine
[13:43] <ThatBoringHacker> i only have one
01[13:43] <MyCE> who? waninkoko ?
[13:43] <ThatBoringHacker> im looking for a CECHA01
[13:43] <ThatBoringHacker> yeah
01[13:43] <MyCE> I don’t think that’s even him
01[13:43] <MyCE> someone posing as him on YouTube
[13:43] <ThatBoringHacker> *shrugs*
[13:43] <ThatBoringHacker> his initial cfw bricked nand consoles
01[13:44] <MyCE> yep
[13:44] <ThatBoringHacker> i made a theoretical guide on how to fix it
[13:44] <ThatBoringHacker> long ago
01[13:47] <MyCE> will you be telling any others about the exploit in private so that they can make their own releases?
[13:47] <ThatBoringHacker> maybe
01[13:48] <MyCE> okay, thanks for all the information! appreciate it
[13:48] <ThatBoringHacker> anytime

Justin Massoud contributed to this story.