PS3 ps3 hacking questions learner

Discussion in 'General PS3 Discussion' started by N00bbb, Jul 23, 2019.

  1. 5
    1
    7
    N00bbb

    N00bbb Forum Noob

    Joined:
    Jul 23, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    7
    Gender:
    Male
    I know that ps3 made a mistake returning a constant I guess. But I don't know how hackers see ps3's/ps4's code. And what other things they do in setting up the whole environment in both cases cfw, and hen/han.

    And how webkit exploit works with ps3. There is an exploit but how they use it to run unsigned code, how can that restart a PS3!?!? Etc..

    I am a Noob who do not even know what information to look at
    Please forgive me for being a total NOOB
    Please explain in as much depth as you can and what should I learn to understand these things.
     
  2. 61
    23
    12
    Kazama

    Kazama Forum Noob

    Joined:
    Apr 4, 2019
    Messages:
    61
    Likes Received:
    23
    Trophy Points:
    12
    Gender:
    Male
    Go through the ps3xploit forum and ps3dev wiki and learn programming languages.
    Follow ps3 developers and learn to code.
     
    N00bbb likes this.
  3. 935
    590
    122
    Coldheart2236

    Coldheart2236 Moderator

    Joined:
    Oct 13, 2018
    Messages:
    935
    Likes Received:
    590
    Trophy Points:
    122
    Gender:
    Male
    @N00bbb If you are genuinely interested in learning, see this thread for tutorials based on PS3Xploit, by one of the developers of the exploit. See also his other tutorial thread on setting up a debugging/development environment for the PS3.
     
    N00bbb and Cypher_CG89 like this.
  4. 5
    1
    7
    N00bbb

    N00bbb Forum Noob

    Joined:
    Jul 23, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    7
    Gender:
    Male
  5. 5
    1
    7
    N00bbb

    N00bbb Forum Noob

    Joined:
    Jul 23, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    7
    Gender:
    Male
  6. 5,601
    2,690
    497
    atreyu187

    atreyu187 Retired Old Hunter Moderator

    Joined:
    Sep 29, 2014
    Messages:
    5,601
    Likes Received:
    2,690
    Trophy Points:
    497
    Gender:
    Male
    Occupation:
    Scholar of Byrgenwerth
    Location:
    Cainhurst Castle
    Home Page:

    So a very brief run down on how the PS3 got hacked in terms most can understand. Sony sent a service jig that was used to repair systems back to a customer on accident, they also sent a service battery back in a PSP which lead to it being fully cracked as well FYI. Anyhow that service jig is what got hacker through Sony's first layer of protection which is lvl2. And it's the layer of protection HEN managed to get through using exploits found later as the lvl0/hypervisor only run the check on boot up.

    So once that jig was reversed a payload was coded to allow execution of of code. Thus the PS jailbreak dongle was created. Quickly after that dongles were made for things like the teensy and so forth. This allowed devs to dive deeper into the system which lead to lvl1 and eventually lead to CFW.

    So CFW was born and it was found that Sony screwed up with the ECDSA since the key was static and not variable. This was done via just great math skills. Geohot used hardware for a MITM style attack.

    Graf further dived into the process with what's known as the hypervisor Bible and lead to his home being raided but not before he put all his knowledge out for others to further their investigation. Eventually leading to metldr being owned which the Three Musketeers finally got the holy Grail of keys which lead the the final wall being taken down aka lvl0.

    Sony had a choice at this point. They could either blacklist the 3.55 keys totally which would have lead to millions of lawsuits, reissuing all new hardware to all current PS3 owners neither which were viable as it would simply bankrupt the company. So instead they finally decided to properly implement the ECDSA on firmwares 3.60 and up. They also took it a step further by ensuring if a system came with 3.60+ a user can't go back beyond that to gain the 3.56 exploit. But couldn't stop others that had 3.56 and below systems from returning.

    Now ECDSA has never been defeated in over 30 years since it was available if implemented properly. So this left 3.60 users screwed for a very long time. Now the next huge step for HEN users when our very own admin here Cards got the Cobra team to release their source code to the public. It was refined and fine tuned by the guys of Rebug and various other users over the years.

    Now fast forward a few years and devs started working on finding other ways into the systems and webkits being the best approach as the software they used is borrowed from other OS like FreeBSD, Linux etc and is very well documented. So hackers attempted to use these for current Gen systems causing what's known as a buffer overflow to cause a crash in the system so unsigned code can be executed.

    This is where Xerpi found one such flaw in the Vita's browser and could be ported to the PS3. This was the new entry point for the PS3. And taking everything learned from the full exploit of the 3.55 gen systems the browser was used to trigger and downgrade systems back for CFW.

    Well this was also used to discover another flaw in how Sony used ECDSA and license files which lead to the HAN exploit. So Sony in typical fashion half ass fixed the browser exploit only updating one sprx not actually fixing the rest of the exploit. This lead to it being restored by HFW again exploiting the PS3 PUP in the way it checks these files and allowed for HFW to be built with the older SPRX as Sony didn't update the keys. Had they of done this HFW would no exist.

    So then we have HFW which allowed downgrading of 3.55 systems and the HAN exploit to work again. But then Habib and his team used the previously spoken of Cobra code to build the base of what is now HEN. It is more or less a stripped version of Cobra. Since the 3.55 keys can be blacklisted and the system only checks for the current keys at boot they found a way to load the Cobra base and utilize the 3.55 keys to gain a pesudo-CFW like hack. And lead to what we have nowadays.


    Anyhow hope that was easy enough to follow and not to many fakes were made as it was to try to make this as easy to follow as possible. You can dive further into the subjects yourself but this gives you a place to start and a timeline in what's going on. Hope you enjoy!!
     
    Afk_Jr, ta_poc, MrMario2011 and 3 others like this.
  7. 5
    1
    7
    N00bbb

    N00bbb Forum Noob

    Joined:
    Jul 23, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    7
    Gender:
    Male
    atreyu187 likes this.
  8. 5,601
    2,690
    497
    atreyu187

    atreyu187 Retired Old Hunter Moderator

    Joined:
    Sep 29, 2014
    Messages:
    5,601
    Likes Received:
    2,690
    Trophy Points:
    497
    Gender:
    Male
    Occupation:
    Scholar of Byrgenwerth
    Location:
    Cainhurst Castle
    Home Page:

    NP
     
  9. 27
    46
    12
    MrMario2011

    MrMario2011 Forum Noob

    Joined:
    Apr 9, 2019
    Messages:
    27
    Likes Received:
    46
    Trophy Points:
    12
    Gender:
    Male
    atreyu187 likes this.
  10. 5,601
    2,690
    497
    atreyu187

    atreyu187 Retired Old Hunter Moderator

    Joined:
    Sep 29, 2014
    Messages:
    5,601
    Likes Received:
    2,690
    Trophy Points:
    497
    Gender:
    Male
    Occupation:
    Scholar of Byrgenwerth
    Location:
    Cainhurst Castle
    Home Page:

    Thanks been keeping up with this since geohot did the first hack on 3.21 even though not public. If anyone needs more details I'll be happy to chime in and I have similar material for PSP, Vita, PSC and PS4 as I am really a huge Sony fan of the hacking scene and their amazing mistakes they make time and again it seems with each system. If they used the same security as 3.60+ PS3's they wouldn't even have the few hacks that exists on the PS4.

    Figured they would learn when it is done right it can be secure. But nope they had to go screw the pooch again with the system trying a new security system. And don't get me started on the PSC leaving the keys in plain site for it to be hacked day one.

    They make truly amazing games and screw ups just a good. Makes for interesting hacking scene, games and just fun to watch hehe
     
    N00bbb likes this.
  11. 5
    1
    7
    N00bbb

    N00bbb Forum Noob

    Joined:
    Jul 23, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    7
    Gender:
    Male
  12. 61
    23
    12
    Kazama

    Kazama Forum Noob

    Joined:
    Apr 4, 2019
    Messages:
    61
    Likes Received:
    23
    Trophy Points:
    12
    Gender:
    Male
    Superb...
    I have read it. Thank you , I only know 50% of it. We win at last . Sony lose.
     

Share This Page