Fail0verflow PS3 hack demonstrated, release expected soon

As we detailed yesterday, it appears that PS3 hacking without the need for a USB dongle is finally coming to the PS3.

Hector Martin, who goes by the alias marcan, demonstrated that he and his team at fail0verflow were able to get a PS3 slim up and running on Linux during a session at the 27th Chaos Communication Congress (27C3) hacker conference in Germany.

During the session, marcan actually used a notebook computer to remotely access the PS3 via SSH. This was done because the Linux video drivers are currently disabled and they do not yet know how to enable them. The demonstration showed that marcan was able to successfully SSH into a PS3 console running Linux and then print out system information to the screen.

When an audience member asked “Did you actually publish how to do that at home?”, Hector Martin replied with “Right now it’s a horrible, terrible hack, so the idea is to clean it up and in the next month or so, get it out there.”

He then went on to explain how they did this “We did this by flashing through hardware, not because it’s required, but because it’s the only thing that we could pull off by this time, but we know it’s possible to do through just a firmware update, so the idea is to publish a firmware update file that will replace game OS, with Linux like this and basically do this without any weird hardware stuff. And tools on how to build it and all that, so it will all be public, this is using the exploit that we detailed in our main talk.”

A few moments later, marcan added “Shouldn’t have called it an exploit, it’s not an exploit, it’s an epic fail by Sony, the code on the PS3 is fine, they screwed up in HQ. Yeah, yeah, they gave us their private key basically. If you watched the talk they leaked their private key mathematically so we don’t have to exploit anything, we just sign things.”

It’s interesting to see that this mod is not actually an exploit or an attack on the PS3’s security system. Allegedly, the whole thing is possible due to poor cryptography implementation by Sony, and it appears that it will be very difficult to “fix” on the PS3.

The irony here is that the PS3 didn’t get much attention from the hacking/modding community until Sony removed the “Other OS” option to use Linux on the system, so they may have actually shot themselves in the foot by attracting the attention of Linux software developers, which led to this mod by fail0verflow. It looks like the PS3 scene is going to get extremely interesting next year.