An international group recently hacked the PS3 so that Linux could be run on the platform and recently presented how it was achieved at a security conference. Some may recall that the PS3 originally had this option (called “OtherOS” boot), but then the feature was removed after Sony claimed it allowed cracking of their games/piracy concerns. A bios patch was forced from Sony and no machine without the updated BIOS is allowed to use their services.
At this point, the group ‘failOverflow’ then picked up the mantel for angry PS3 users that had bought the console with the goal of running Linux on it and then felt they’d gotten cheated by Sony who was viewed as having reneged on their promise. After about 12 months of work, a hack was achieved.
I gleaned two interesting things from the presentation. Firstly, successful hacks of such modern devices usually comes from teams, not individuals. While working together is obviously a logical progression if several people are trying to hack the same, much more complex device; it does seem to be a big change from the days when a single guy in his garage would ‘prove’ himself by hacking something by themselves. Secondly, these guys are very smart. They clearly have very high levels of understanding of hardware, memory architectures, operating system concepts (loaders, ring levels, decryption, trust-chains, etc), and software stacks. I’m almost certain they all have a Computer Science or similar background. The days of a single guy picking up a book, a debugger, and hacking the security in these consoles in their spare time seems to have come quickly to a close. I think this trend started with the hacking of the original Xbox by a team of Computer Science grad students (which took advantage of an awesomely obscure memory wrap-around bug introduced when they switched from AMD to Intel at the last minute), and this trend doesn’t appear to be going back. It appears that if you want to contribute to hacking a platform; you best get your BS/MS in CompSci or CompEng.
So, without further ado, here’s the video clip of failOverflow talking about their efforts (along with an interesting bit at the beginning on how long it took to hack other platforms)