Why the PS3 can't be hacked

Discussion in 'PlayStation 3 Modding & Tutorials' started by Carson, Jul 8, 2009 with 100 replies and 27,299 views.

  1. Carson

    Carson Retired Retired

    Messages:
    7,565
    Ratings:
    2,531
    Why the PS3 can't be Hacked
    (Yes it is long, but a very good read)

    When we create a new generation of video games, we also create a new generation of technology, security, and sadly ... hackers. Finding holes in new hardware and exploiting them to do anything from copying free games to changing the technology itself, these hackers have many ways of doing things and leave many industries looking for solutions to stop it. With the PSP being hacked just days after each update, we are left to wonder why the PS3 hasn't been hacked yet and what has Sony done to stop the madness. Well, we created a feature to help explain how things are done and exactly why the PS3 is safe from these attacks.

    If you have ever hacked, or watched someone hack a PSP, then you'd know how things work. You mess with the file system and trick it into reformatting itself to fit your needs. All the DRM and privilege rights are overwritten and nothing is stopping you from doing things you're not supposed to. This can be done on almost any technological piece of hardware. You can insert a UMD and copy it to a memory stick, you can take the iPhone and change the version to bypass AT&T security, or you take your PC game and upload it to a torrent site for someone else to play. Since these hacks seem to be common practice nowadays, Sony has obviously studied these exploits and went to great lengths to prevent it from happening on the PS3.

    The minute your PS3 boots up, it runs through 4 stages of security at all times. All 4 stages have secrets that will need to be decoded in order to reach the next stage. So think of hacking the PS3 to be similar to a treasure hunt. You discover the clues and figure out a way to piece them all together to find the treasure. Except in this hunt for the booty, if you mess up one tiny thing, the whole mission collapses and your PS3 could possibly explode into vast reaches of outer space.

    For starters, the PS3 is not easily fooled like its sibling PSP. Sony has encrypted each hard drive to only work with a specific PS3, which eliminates the possibility of switching them out like memory sticks. The hard drive is then read by the PS3 where it makes sure the drive is registered to the specific console. After verifying the hard drive, the PS3 continues to search for needed files to boot up the OS. This is merely the logo that appears or random files hidden in the system that will trigger the OK to boot up. The hard drive is built in layers with the bootflag.dat being the first file read on each start up, which then leads into the DRM file and finally ... the game files. Several files found in between each of these makes things even more complicated to bypass. We must also note that messing with any of these files will cause the PS3 to read them as missing and not boot up correctly.

    If you finally get past the hard drive, you must then face the problems hidden within the actual system itself. We all know the PS3 is a beast with a hearty 7 cells running under the hood as we brag about this on a daily basis. The problem for hackers is how only 6 of these cells are actually accessible, with the 7th cell access being denied to everyone. Not even game developers have access to this 7th cell. Now why is this cell even there if we can't use it? In a simple sentence, the 7th cell runs the PS3 completely on its own. The cell boots the system up, cracks the codes encrypted in all security branches, and finally keeps the OS running while you play a game or do whatever you normally do. Remember how I talked about the PS3 verifying the HDD in relation to the system? This is where that comes into place. The 7th cell is what verifies everything that needs to be unlocked or encrypted. The 7th cell basically double checks that everything in the PS3 actually belongs to the PS3, so users cannot trade hard drives or share illegal games without the cell noticing and denying access. With the exception of communicating with other cells, this cell cannot be written to or acknowledged by an outside source, making it completely secure from attacks.



    If hackers somehow find a way to hack the hard drive and bypass the 7th cell, there is still one more major problem awaiting for them at the next step. If you haven't heard about Blu-ray, then you are probably thinking PS2 is the shiznit right now and randomly came across this article of the future somehow. Joking aside, Blu-ray is an amazing feature for HD users and a tremendous advancement for all game makers with a massive storage space and fast loading times. However, it is also the biggest problem to every hacker out there. Each Blu-ray disc comes equipped with a special disc-based encryption that is stronger than the security we find on DVD. The 128-bit key is hidden within each disc marked as BD-ROM and requires the special Blu-ray technology to decrypt it. Does Eboot.bin sound familiar? No? Well for the new guys, this is the file that hides all the required data to run a game or movie, which is very important. Now you can guess what is hidden under the encryption layer of BD. A Blu-ray lens can read the encryption, unlock it, and break it down from a .SELF file and .ELF file for games, where the Eboot file can be shared with the system. Even if this code is bypassed, hackers would have trouble finding ways to boot up a particular file without having the disc inserted. Unlike hacks on the PSP, simply inserting a different disc will not work. So next time you insert a BD and realize the small load time, just remember your PS3 is just doing all these things in a matter of seconds.

    While the PS3 is closed down like the gates at Fort Knox, hackers do occasionally find ways to breach the security of the system. Some hackers have tried to steal passwords, some have tried to destroy the PS3 due to their frustrations of failing, and others randomly do something stupid to make us all laugh. Sony finds out about these hacks, or attempts as it were, and immediately issue software updates to protect users like you and I. These updates help protect the PS3 from attacks and are required to access the PlayStation Network. When a PS3 logs into the PSN, it registers on the network with its firmware version. Having faulty firmware will get you banned from the PSN permanently and possibly trigger something to go wrong internally. Hacking the PS3 will also void your warranty and you will no longer be allowed to receive repairs. This final precaution is the 4th and final step Sony has taken to prevent the pirates from hacking your PS3.

    Remember, these are just the 4 major security walls Sony has implemented within the PS3. Depending on how hackers attempt to hack the PS3, several smaller problems can occur preventing them from going any further. Installing the OS Linux may open up some loop holes, but compared to what hackers have done with the PSP, nothing has ever been quite as successful.

    Will we see the PS3 hacked one day? Possibly, depending on if Sony ever releases that 7th cell and how much hackers learn about all the new technology. Right now the PS3 is the safest beast on the market and people don't really have to worry a whole lot about attacks. While you may be thinking free games on the PSP are nice, we all must realize how much it hurts the industry as a whole and would devastate the PS3 market.

    Thankfully, Sony has found a way to make the safety features unnoticeable to the average gamer and keep the lid on the PS3 closed tightly. So no need to worry, your PS3 is safe at home waiting for you to play the latest games and will one day rule the world. That is until PS4 comes out and we start worrying about something new but that's quite a ways away, so let's just relax while we can.
     
    • Like Like x 17
  2. JoeMal

    JoeMal Retired Retired

    Messages:
    6,502
    Ratings:
    1,107
    In other words

    Xbox360 >>>>>>>> PS3
     
    • Like Like x 21
  3. ThePope43

    ThePope43 Retired Retired

    Messages:
    2,100
    Ratings:
    160
    That's cool though how much Sony works on keeping people out. I'm all for modding, but I still find it fascinating how so much work is put in, to essentially keep people from burning games, for the most part. Good post Carson
     
  4. crank dat curry

    crank dat curry Enthusiast

    Messages:
    527
    Ratings:
    20
    Find it funny, how many PS3 Hack sites there are, but no hacks :frown:.

    My PS3 is used for blue-ray and thats it lol.
     
  5. OP
    Carson

    Carson Retired Retired

    Messages:
    7,565
    Ratings:
    2,531
    I think this could be bad for us though guys. What is to stop Microsoft from making their next system have security up to par with this, if not even better?
     
    • Like Like x 3
  6. JoeMal

    JoeMal Retired Retired

    Messages:
    6,502
    Ratings:
    1,107

    ROLF


    Nothing


    But when have they ever done that? MS is notorious for making easily pirated/hacked/manipulated software and hardware....why would they stop now? I mean, if anything, it's BETTER for their business

    Yeah they may not get me for $60 per game, but I DO spend money on controllers, disc drives, hell I've bought multiple 360s in my day simply because they break. I would still own a 360 if I couldn't burn games, I would simply play less games because of it. I still think it's a better console, the extras that go along with it are just a sweet treat!


    Conclusion: MS is a fail and we'll be raeping them for the rest of our technological lives
     
  7. Venomous Fire

    Venomous Fire Retired Admin 4 Life Retired

    Messages:
    8,350
    Ratings:
    3,140
    until they implement these features lol

    Remember this, the 360...all thats been "hacked" with it on a system level is piracy, NO homebrew at this time, which is really where a system stands its test. Piracy is nothing, especially since werent able to enable burned discs on a system level really, but rather by changing the way the DVD drive reads the firmware, and I guarantee you the next xbox will have signed DVD firmware.
     
  8. JoeMal

    JoeMal Retired Retired

    Messages:
    6,502
    Ratings:
    1,107
    Time shall tell, time shall tell

    I'm not saying they won't implement something, I just don't know how reliable it will be on keeping people out
     
  9. Venomous Fire

    Venomous Fire Retired Admin 4 Life Retired

    Messages:
    8,350
    Ratings:
    3,140
    Im imagining it will be pretty air tight, considering they learn with each new iteration of anything, and there is only one thing we can do to the 360 as it is lol
     
  10. Haxalot88

    Haxalot88 VIP VIP

    Messages:
    8,051
    Ratings:
    2,482
    Microsoft confirms that they plan to keep with the 360 well into the next decade. Yet I somehow doubt that even then will hackers find a way to run unsigned code on the system from anything short of cracking the RSA key itself. Beware however, their newest system WILL probably look to these checks. For those of you who say Microsoft is too retarded, look at the difference between the normal xbox and the xbox 360. Notice how much Microsoft has put into the new system, based off their own research. I believe their next system will not only have something just as powerful as security (probably even more powerful than on the 360), but will also have something similar to the PS3 in terms of an OS-only processor cell.
    The thing I do like about the PS3 is that third cell. Even if hackers do manage to find some exploit, it would be trivially limited in what they can do with it. Nothing that can comprimise the system itself could ever be done, and therefore nothing can be done that would allow backups of the games.
     
  11. kirota

    kirota Newbie

    Messages:
    13
    Ratings:
    0
    haha what a load of crap to be honest....did you know that the ps3 is the only system that will play burned games without any hacking/modding/anything? they may have made the harddrive and cell processor "unhackable" but the disc drive is a pirates wet dream

    and another thing....why would you post an anti hacking article / post on se7ensins? lol
     
  12. OP
    Carson

    Carson Retired Retired

    Messages:
    7,565
    Ratings:
    2,531
    It isn't "anti-hacking".... it is to explain why we can't
     
  13. gcnd0001

    gcnd0001 Enthusiast

    Messages:
    383
    Ratings:
    12
    I think maybe the iextreme guys could find a way into the dvd drive. It's not impossible just damn near close to it.
     
  14. pspmodandcfw

    pspmodandcfw Newbie

    Messages:
    6
    Ratings:
    0
    This is why the XBOX 360 owns and the PS3 doesnt!

    -pspmodandcfw
     
  15. SiK GambleR

    SiK GambleR Retired Retired

    Messages:
    9,782
    Ratings:
    1,529
    lemme get this straight, i just read an article saying you can't pirate **** on the ps3 yet your saying its as easy as it was on the ****ing sega dreamcast?
     
    • Like Like x 4
  16. Haxalot88

    Haxalot88 VIP VIP

    Messages:
    8,051
    Ratings:
    2,482
    That sounds about right.

    One thing I like about the 360 is the fact that Microsoft plans to keep with it well into the next decade. However the system that comes after that will **** over the hacking community so much. EVERYTHING will most likely be signed, DVD firmware and all. Considering how much they changed since their previous system, I wouldn't be suprised if the next system goes completely unhacked for its entire lifespan (unless of course, a vulnerability for RSA was found, but guess what there is none).
     
  17. SiK GambleR

    SiK GambleR Retired Retired

    Messages:
    9,782
    Ratings:
    1,529
    I'm still ****ing appauled at what that kid said and want him to respond and show me a tutorial on how to pirate on the ps3. lmao.

    See, the only reason I can see the next console to be hackable is because M$ doesn't produce the hardware, at all/ever. Sony produces some of the hardware and designs the skematics themselves.
    Because the entire system is outsourced and the hardware is licensed to the person who is the cheapest.
    Just like a normal PC, there will be some inconsistancy that we can r***, like the DVD drive firmware for ~example.
     
  18. Spiidey

    Spiidey Enthusiast

    Messages:
    11
    Ratings:
    29
    Yes, this is my first post. It's a very long post. But worth a read.​

    \----------------------------------------------/​
    I was doing some research on the latest updates for softmodding PS3s when I came across Carson's article here. After reading it, I *HAD* to join se7ensins. I'll get on and introduce myself later.

    >> I'm going to call Carson out on his 'unhackable' PS3 post. <<
    First, I would like to say this isn't a flame. I'm not a flamer, fanboy, sociopath... never have been, never will be.

    As a long time hacker (allow me to elaborate on 'long time': I was tinkering at 6 years old, and have been hacking since I was 9 right up till now [25]), it's _always_ been my experience that _anything_ is possible with the right motivation, etc. Hacking the PS3 is one of those 'anythings'.

    I also take slight offense to the ignorant comment "...and sadly ... hackers". But I digress.

    The hard drive in the PS3 is nothing but a laptop drive, which _can_ be swapped out. Being capable of swapping out means that there is no encryption on the drive itself.
    -Myth 1 dispelled.-

    Hacking a PSP is not 'mess[ing] with the file system and trick it into reformatting itself to fit your needs'. Hacking a PSP involves smashing a process stack which allows for arbitrary code to be injected. Said code is simply direction to execute the exploit contained on the memory stick, which then takes over, and installs the v1.50 kernel into flash slots. Flash slots are erasable programmable ROMs (EEPROMS, for those of you who remember hacking your original xbox!). v1.5 allows homebrew software to be used. This is how the PSP is hacked.
    -Myth 2 dispelled-

    Sidenote on the iPhone: In Canada, we don't need to bypass security with Rogers Wireless - however, Jailbreaking enables community-driven features and software. Some pay software, some free software. But the main reason for a hacker like me to do this is... {drumroll please} we love the iPhone. It's sexy. It's sleek. It, however, doesn't do everything a hacker wants it to do out of the box. With the iPhone OS (as well as Mac OSX) being based on UNIX, I want my terminal. I want to write my own code. I want to play with other's software, and not be limited to what Apple decides to release in it's App Store. Sorry, but I appreciate my freedom.

    Now... onto firmware and the famous 'seventh cell'.

    Yes, when the PS3 boots, it runs through it's various levels of security, self-tests and so on. What (brave and/or wealthy) hackers can do (have done, will do, and will continue to do) is disassemble the PS3 casing, drop our test leads onto the testpoints (that Sony themselves use), and boot it up. If you've ever heard of debugging and hex editing, this is where it comes into play. It is in the debugging process that we are able to analyze and/or dump the contents of the firmware. Depending on the bit count, RSA encryption can take forever to break, yes. Unless you have a CRAY or a networked cluster of PS3's at your disposal... and I don't know anyone who has that kinda stuff. It is also with these testpoints that we are able to run debugging and diagnostic software on the much discussed 'seventh cell', and it's functions and processes.

    As for the Blu-Ray data and encryption algorithms: Yep. BD is huge. Up to 25 Gigs/disc. Sadly, there isn't a game out there yet that uses the full capacity of the disc. You guys remember DVDs? HD-DVD? The now unsupported UMD? The encryption on them? Broken. It's just a matter of time before blu-ray is cracked. Also, while discussing software and media on which they travel - the software has to come from some production studio before being put in the dye in each disc. Software has a nasty habit of leaking from these studios from time to time. For the record, I am not promoting illegal black hat hacking and network intrusion, nor do I agree with the disgruntled software engineer who is seeking sweet revenge against his/her employer; I am simply spelling out reality.

    "are required to access the PlayStation Network."
    No. Flat-out NO. There is no requirement for the end user to create a PSN login, use the PSN or even connect their PS3 to the internets. _Mandatory_ updates for standalone and networked PS3s are handled by the game discs requiring these updates. And they're software updates, not firmware. Regardless of the FW you're running, you can still access the PSN. You won't have all the new, shiny features of the latest update, but your access remains unrestrained. When the hackers figure it out in the end, updates will be handled much like the M33 way for the PSP. I can still access the PSN with my PSP. Purchase awesome costumes for my Sackboy in LittleBigPlanet. Remote play Final Fantasy VII (w00t!). Again, it's a matter of time.

    "Right now the PS3 is the safest beast on the market..."

    Agreed. The PS3 is the most secured console on the market.

    However, I firmly disagree that "people don't really have to worry a whole lot about attacks.". Hackers are not 'attacking' people's PS3s. Sure, if you leave them in the DMZ on your router, they're a gateway into your network, and a crafty hacker _will_ use it to get inside. But hackers aren't attacking your hardware itself.

    All that said, I'm happy buying my software, and supporting game companies (that way, they keep making kickass games like Prototype and Assassin's Creed). I'm delighted (tickled, even) with the standard features of the PS3 (such as web browser, Blu-Ray movies, motion-sensitive controllers, Full USB support), and see no reason to softmod, or even hardmod (chip) it.

    Believe it or not, I sold my 360 Elite to buy this beast. And I'm loving every bit of it. I just miss my Halo 3 [Legendary! Oh Spartan helmet :.( ], Mass Effect and Lost Odyssey. Fable II would have been nice too. But paying a subscription service just to play my games online with my buddies was retarded. I bought your hardware. I bought the software. I pay my ISP to give me access to the internets. Now let me play for free.

    Cheers,

    Spiidey
    - Developer - Modder - Hacker - Human -
     
    • Like Like x 27
  19. SiK GambleR

    SiK GambleR Retired Retired

    Messages:
    9,782
    Ratings:
    1,529
    +respect
    from me my man.
     
    • Like Like x 1
  20. Haxalot88

    Haxalot88 VIP VIP

    Messages:
    8,051
    Ratings:
    2,482
    Myth 1: The hard-drive is encrypted.

    Tell me, how does swappable hard-drives have anything to do with encryption? Just because you can change drives, or swap for a larger one does not mean that it is not encrypted. In fact, all it means that multiple drives are supported, meaning an encryption that can be supported across all drives. The encryption is console-specific, meaning a drive can only be used on that console (and also because only that console has the right keys); not the other way around, which what you said means that the console is drive-specific.

    As for the rest of your stuff, nice work on explaination. However if you know so much about these "test points" on the PS3, just how much they can offer, and all that is needed to read them, then why not show people how to do so?

    Also a note, that Sony also opted for the "standard". As you may know, RSA-Labs provides the top standards of both signatures and encryption. Recommended bit count for RSA keys in any commercial application lasting past the year 2010 is 2048 bits. Quite luckily, Sony opted in for this keysize. However no CRAY network of any size will be able to crack such a key in any *decent* amount of time.

    Then again, I also disagree that it can be cracked. Sure it is possible then (by your explaination) to debug the seventh cell, but this leads to nothing. The entire Xbox 360 firmware has been essentially mapped out to its last function. Sadly it still hasn't been exploited (aside from the KK, but that was fairly temporary), and never will be. Just like with Microsoft's *toy*, Sony has also done quite a feat with theirs. Not only do they make it useless for any exploits of any kind (considering OS-specific things are ran on the 7th cell, and exploits will not be able to utilize this), however OS-specific security it still top-notch. Debugging is one thing, but it does not allow further access to utilizing that cell; and without it, hacking the PS3 is still rendered impossible.
     
    • Like Like x 1

Share This Page