"I was searching around google and landed upon a interesting article posted by nikkelitous, explaining why the PS3 is still not hacked. The article is a great read for anyone who is new to the PS3 scene and is wondering; "The 360, PSP, Wii, DS is hacked, why not the PS3?".
Hopefully after reading this, it can cut down tons of confusion present in the PS3 scene (and eliminate the theory that since the PSP was hacked like this so can the PS3).
Originally Posted by "Why the PS3 isn't hacked" by nikkelitous
"Why isn't the PS3 broken already?” We hear this every day. Someone somewhere thinks they can write a better media player with HD support. A guy wants to release his game but needs the RSX for the amazing graphics it can generate. Why can't we just tear open the PS3 solder a few wires and be done with it? The answer is both simpler and more complicated than you might expect.
The PSP, the Wii, even the Xbox 360 have all been hacked and can run homebrew applications so everybody thinks "the PS3 should be just as easy.” The PS3 in some ways is as easy, in fact easier. No other console let you install Linux and run anything you want to. Sure Linux on the PS3 is great. You can write your own code and use it. You have the largest collection of applications anywhere (thats right, WAY more than Windows). It's all free (or at a very low cost).
But it's limited. You can't touch the RSX (The very powerful graphics chip in the PS3), you can't use the full hard drive, and nothing is really optimized for the PS3's fantastic Cell processor, this means that what should be fast and easy tends to be slow and cumbersome. In fact, DVD playing which can be done on any modern computer is a monumental task in PS3 Linux.
The major problem is that the PS3 isn't any other console. The PS3 is different in many huge and terrifying ways. First, lets compare the PS3. I know you may think "Why compare the PS3 to the PSP? Why not the 360 or the Wii? The answer is simple, the PSP is another Sony product and if we can break one Sony product why not another? The PSP is hacked, it's true. In fact, it was hacked almost as soon as it was released!
Why? Because the PSP didn't have any security protections in the first version: Thats right! It essentially ran anything that you put on it. You could install any program from day 1 (Mind you, no programs existed at the outset, but in time they became common.)
Now you may say "But they added security in the next version and that was hacked very quickly”. I agree with you here, the PSP now has a very powerful security system, but like the Greeks, we had people inside. Once a system is hacked and understood, very little can be used to continue to protect it. In other words, the moment the PSP was uncovered and investigated any future security measures would be trivial to remove and disarm. This proved true and to this day we have each version of the PSP firmware hacked and able to run homebrew within a few weeks.
Now, the Wii, homebrew for the Wii has been slower than expected, not because it's incredibly difficult to do, but because most developers don't see a reason. The Wii has been hacked, but it's almost exclusively used to play copied games.
Most homebrew, in fact, runs in the gamecube emulator built into the Wii. The only reason that developers were interested ing the Wii at all is the controller. Once the controller was found to be connectible to any computer (and even to the PS3) developers lost interest.
"But the Wii has still been hacked, lack of interest isn't an excuse for the PS3 being difficult”. That's true, it isn't, but there is a valid excuse. The Wii isn't a full upgrade of all the technologies in the GameCube, in fact, it's almost identical except for a few upgrades. The GameCube has been hacked for a long time and with the Wii being so similar it was a trivial matter to map out the exact differences.
"The 360” some may cry out "it's on par with the PS3 and has been hacked as well.” It's true, several hacks for the 360 exist, and some of them are actually monumentally difficult and fascinating. The first hack is rather simple actually. The 360 uses standard DVD disks for it's games. This means that duplicators exist widely for the 360s media, it also meant that people understand it very well. Sadly, the 360 was broken first by simply fooling the DVD drive to bypass all checks to ensure that a game wasn't copied.
Again it came from lack of security on the original version of the console. The DVD drive was easily put into "debug” mode and forced to reveal all it's secrets. Later versions of the console have rectified this with a newer drive. This hack is simply not possible for the PS3 because it's not using a DVD drive it's using a custom Blu-ray drive, we can't simply copy the disks, and we don't know enough about the firmware on the drive to accomplish a "debug mode” even if it's on there.
This wasn't the only hack to hit the 360. Momentarily vulnerable kernels have happened twice, where a bug in the firmware enabled homebrew to be run, each time, though, Microsoft closed the hole in the next version (which was usually released before the hack was really publicized). This is possible for the PS3, but we haven't yet found one of those bugs.
Remember: Only 2 of all the updates the 360 has had have been broken, all the others are still secure.
Only recently has the "timing” or "ultimate” attack on the 360 come to fruition. By counting the time it takes for the 360 to crash when confronted with code which is not valid the "hash” of a particular set of data can be found. This enables you to move back to one of the older firmwares and hack your 360. However, you are still unable to access the xbox live service until you return to a higher version.
Mind you, this hack is INCREDIBLY difficult to do and requires a specially designed mod-chip and several hours for your 360 to reset repeatedly until you can downgrade putting this hack well above the average user. (To the 360 hackers, I am sorry for simplifying your brilliant hack so much, but this article isn't just to sceners, it's to everyone.)
"It's still a hack.” Well thats true, the 360 IS hacked. And it will probably only get further hacked as time goes on. But you must remember, the 360 was out for a full year longer than the PS3 and it has less security than the PS3 (which actually has a special "police” program running constantly to ensure that the PS3 remains secure). More time and less security mean that it's easier to break open.
"Well, fine then, when can we expect a PS3 hack?” Thats a good question but it's very hard to answer. You see, we have many expert hackers trying to break open the PS3 and eventually they will, the problem is that there are many groups of hackers who aren't communicating or sharing information. This means that many hackers are repeating work that another hacker has already done, or that may be useless due to information that another group may have discovered.
While many groups have claimed hacks, none have actually provided any proof, instead we get videos like the recent ICE video and we get excuses. They may very well have incredibly valuable information, but none of it is shared so it's hard to get anything out of it. Paradox may have a loader but no way of running it on the latest PS3 firmware, while another group may have a hack enabling code to be run on the latest firmware, but nothing to run on it.
"Why aren't they sharing?” Typically, the reason they don't want to share is glory. They want to be "first” they want to be "best” they want to be the Dark Alex or DVD Jon or Arnezami of the PS3. They want first dibs and for that, we all suffer. While each group has different skills, I don't think that any scene group is really better than any other.
I think that any group stands an equal chance of finding that hole, because like stumbling around blindly after a treasure, someone is bound to stub their toe on it eventually. But if all groups were to work together, we could pinpoint the treasure, and the beauty of this treasure, is that every PS3 owner wins."
Funnily enough this article was written about a year ago , there's stil been virtualy no progression made on hacking the PS3 since then . It seems Sony has got it right with their piracy protection, could this be the end of homebrew enabled gaming devices ?
User reply (seemed to be very informed)
Good post, sounds like a fair assessment. However there's one small technical inaccuracy:
"and it has less security than the PS3 (which actually has a special "police” program running constantly to ensure that the PS3 remains secure)."
I assume you're talking about the hypervisor here. The Xbox 360 also has a hypervisor, as well as random memory placement for kernel code (if memory serves me - I could be wrong on this though) and encrypted memory. I assume the PS3 has similar protection though.
I think the reason both the Wii and the 360 have been hacked is that the concept was already there for running copied games (and by 'copied' I don't mean for piracy - even though the idea obviously has been used for that). You touched on this in your post but the link is missing.
TheSpecialist (well known amongst the Xbox scene) was the one who originally put the work into implementing an exploit that was originally mused over in the Xbox 1 days. No-one needed it at the time since there were easier and quicker methods of breaking the console available, but he proved the concept originally with an original Xbox and then when other scene members got involved it moved on to the 360 version available today.
Now whether the concept for the Wii exploit (which again involved bypassing security measures in the DVD drive) was directly inspired by the progress on the Xbox, or whether it was just thought up completely separately, I don't know. But it helped crack the console in the same way.
Once copied games can be played on a system, it makes it easier to find exploits within that system. The 360 exploit involved changing files in King Kong to save special code to memory and execute it. Now if we could only play original games, that wouldn't have been possible.
This is definitely one of the (several) reasons PS3 hasn't been hacked yet. PS3 has more security around it's media than the other two consoles, I'm not sure how much though. It may be possible to execute a similar exploit on the PS3 by modifying the firmware in the drive, but a good security system should have the shortest chain of trust it can. So if they've designed it well, the drive will be outside this chain of trust, and nothing you could do to the firmware would help.