Why the PS3 isn't hacked

[wraggster]

nikkelitous posted this rather informative article for those who cant understand why the PS3 hasnt been hacked fully yet:

"Why isn't the PS3 broken already?” We hear this every day. Someone somewhere thinks they can write a better media player with HD support. A guy wants to release his game but needs the RSX for the amazing graphics it can generate. Why can't we just tear open the PS3 solder a few wires and be done with it? The answer is both simpler and more complicated than you might expect.

The PSP, the Wii, even the Xbox 360 have all been hacked and can run homebrew applications so everybody thinks "the PS3 should be just as easy.” The PS3 in some ways is as easy, in fact easier. No other console let you install Linux and run anything you want to. Sure Linux on the PS3 is great. You can write your own code and use it. You have the largest collection of applications anywhere (thats right, WAY more than Windows). It's all free (or at a very low cost).

But it's limited. You can't touch the RSX (The very powerful graphics chip in the PS3), you can't use the full hard drive, and nothing is really optimized for the PS3's fantastic Cell processor, this means that what should be fast and easy tends to be slow and $#@!bersome. In fact, DVD playing which can be done on any modern computer is a monumental task in PS3 Linux.

The major problem is that the PS3 isn't any other console. The PS3 is different in many huge and terrifying ways. First, lets compare the PS3. I know you may think "Why compare the PS3 to the PSP? Why not the 360 or the Wii? The answer is simple, the PSP is another Sony product and if we can break one Sony product why not another? The PSP is hacked, it's true. In fact, it was hacked almost as soon as it was released!

Why? Because the PSP didn't have any security protections in the first version: Thats right! It essentially ran anything that you put on it. You could install any program from day 1 (Mind you, no programs existed at the outset, but in time they became common.)

Now you may say "But they added security in the next version and that was hacked very quickly”. I agree with you here, the PSP now has a very powerful security system, but like the Greeks, we had people inside. Once a system is hacked and understood, very little can be used to continue to protect it. In other words, the moment the PSP was uncovered and investigated any future security measures would be trivial to remove and disarm. This proved true and to this day we have each version of the PSP firmware hacked and able to run homebrew within a few weeks.

Now, the Wii, homebrew for the Wii has been slower than expected, not because it's incredibly difficult to do, but because most developers don't see a reason. The Wii has been hacked, but it's almost exclusively used to play copied games.

Most homebrew, in fact, runs in the gamecube emulator built into the Wii. The only reason that developers were interested ing the Wii at all is the controller. Once the controller was found to be connectible to any computer (and even to the PS3) developers lost interest.

"But the Wii has still been hacked, lack of interest isn't an excuse for the PS3 being difficult”. That's true, it isn't, but there is a valid excuse. The Wii isn't a full upgrade of all the technologies in the GameCube, in fact, it's almost identical except for a few upgrades. The GameCube has been hacked for a long time and with the Wii being so similar it was a trivial matter to map out the exact differences.

"The 360” some may cry out "it's on par with the PS3 and has been hacked as well.” It's true, several hacks for the 360 exist, and some of them are actually monumentally difficult and fascinating. The first hack is rather simple actually. The 360 uses standard DVD disks for it's games. This means that duplicators exist widely for the 360s media, it also meant that people understand it very well. Sadly, the 360 was broken first by simply fooling the DVD drive to bypass all checks to ensure that a game wasn't copied.

Again it came from lack of security on the original version of the console. The DVD drive was easily put into "debug” mode and forced to reveal all it's secrets. Later versions of the console have rectified this with a newer drive. This hack is simply not possible for the PS3 because it's not using a DVD drive it's using a custom Blu-ray drive, we can't simply copy the disks, and we don't know enough about the firmware on the drive to accomplish a "debug mode” even if it's on there.

This wasn't the only hack to hit the 360. Momentarily vulnerable kernels have happened twice, where a bug in the firmware enabled homebrew to be run, each time, though, Microsoft closed the hole in the next version (which was usually released before the hack was really publicized). This is possible for the PS3, but we haven't yet found one of those bugs.

Remember: Only 2 of all the updates the 360 has had have been broken, all the others are still secure.

Only recently has the "timing” or "ultimate” attack on the 360 come to fruition. By counting the time it takes for the 360 to crash when confronted with code which is not valid the "hash” of a particular set of data can be found. This enables you to move back to one of the older firmwares and hack your 360. However, you are still unable to access the xbox live service until you return to a higher version.

Mind you, this hack is INCREDIBLY difficult to do and requires a specially designed mod-chip and several hours for your 360 to reset repeatedly until you can downgrade putting this hack well above the average user. (To the 360 hackers, I am sorry for simplifying your brilliant hack so much, but this article isn't just to sceners, it's to everyone.)

"It's still a hack.” Well thats true, the 360 IS hacked. And it will probably only get further hacked as time goes on. But you must remember, the 360 was out for a full year longer than the PS3 and it has less security than the PS3 (which actually has a special "police” program running constantly to ensure that the PS3 remains secure). More time and less security mean that it's easier to break open.

"Well, fine then, when can we expect a PS3 hack?” Thats a good question but it's very hard to answer. You see, we have many expert hackers trying to break open the PS3 and eventually they will, the problem is that there are many groups of hackers who aren't communicating or sharing information. This means that many hackers are repeating work that another hacker has already done, or that may be useless due to information that another group may have discovered.

While many groups have claimed hacks, none have actually provided any proof, instead we get videos like the recent ICE video and we get excuses. They may very well have incredibly valuable information, but none of it is shared so it's hard to get anything out of it. Paradox may have a loader but no way of running it on the latest PS3 firmware, while another group may have a hack enabling code to be run on the latest firmware, but nothing to run on it.

"Why aren't they sharing?” Typically, the reason they don't want to share is glory. They want to be "first” they want to be "best” they want to be the Dark Alex or DVD Jon or Arnezami of the PS3. They want first dibs and for that, we all suffer. While each group has different skills, I don't think that any scene group is really better than any other.

I think that any group stands an equal chance of finding that hole, because like stumbling around blindly after a treasure, someone is bound to stub their toe on it eventually. But if all groups were to work together, we could pinpoint the treasure, and the beauty of this treasure, is that every PS3 owner wins.

[I xfire I]

the rsx is outdated, the ps3 uses the cell for most graphics aswell as other processes, the rsx was a last minute add on which isnt really dedicated.

[Triv1um]

Interesting read.

[phsychokill]

the rsx is actualy the main graphics card as the cell is a maths processor and runing graphics through that would be like trying to use your pc cpu as a graphics card it just wont work. the fact is the rsx is suposadly the exiverlant of 2 geforce 6800 ultra's running in sli but it uses the cell to increase transfer to push it further ahead.

Its only like if you compair the xbox 360 graphics card to a modern pc one it has lower pipe lines but a similar clock speed. the fact is the graphics card on its own isnt great in either console its a case of how they are intigrated and the games are made dedicated to that hardware setup making them apear stronger.

but anyway back on topic it would be nice if the devs would work together instead of just going for the glory. the fact is dark alex is probly the best knowen psp hacker but he wasnt the first and a few of the exploits used to downgrade firmwares were found by other people. the people hacking the ps3 should just realise that even if they do hack it first the person who makes best use of the hack's will be best knowen.

[Gizmo356]

Or its security is just good...

[Ashen]

All that said I think there is a very valid reason for not throwing the code out there as they go... Sony are probably watching these forums right now .

I think the better way to go would be for some well-known hackers to form some sort of organisation to manage the process and distribution of work, and then to give everyone involved an equal credit once a solid hack is reached. Then everyone can go back to trying to make a name for themselves. This would also allow the people in charge to manage who had access to what information so that information leaks would be less of a problem.

Course thats a lot of work-- doubly so for hackers who aren't the sort of people to worry so much about this sort of stuff... and pretty much no-one other than the big names (who have proven themselves) would be able to be trusted.

On the flipside of that it is kind of putting all your eggs in one basket. The current method has the advantage that if one team breaks down, the rest can keep going. You're trading efficiency for stability.

...

Its a tough one. Feau sure.

Cheers.
Ash.

[SSUK]

You can save yourself reading a highly inaccurate article by just knowing one thing:

The Cell Processor is not a standard processor.

While the Wii and Xbox 360 run on a PowerPC processors, the Cell is an altogether different beast. Something which takes even mature, professional developers by surprise. A lot of code for PS3 games is probably highly unoptimised for the console, unlike the PPC processors which the 360 and Wii use, the Cell has it's own CBEA (Cell Broadband Engine Architecture) which developers must code around.
Since a lot of homebrew developers are hobbyists who are just writing programs for the sake of it, they're not really in the most advantageous position to try and write for an architecture which has hardly any public documentation.

Also, for those of you confused by the article by thinking "Well, the PSP is hacked, why not the PS3?", well... The PSP runs on a MIPS processor (which is the same architecture which was used in the Playstation and Playstation 2 (yes, the Emotion Engine had a MIPS core)), which is a well documented architecture, hence easier to code for. The MIPS architecture and the CBEA architecture have worlds of difference between the two, making it easy to write for the PSP, so you can confidently tweak the firmware knowing that it SHOULD work. Where as if you modify the PS3 firmware and load it back onto the PS3, you could ultimately brick your PS3 and have next to NO certainties that the code should work or not. And that's one expensive paper weight you'd have.

[acn010]

im touched

[Ultima Chocochu]

Very interesting post, with valid points...One of the biggest problems is, they want to be well known in the homebrew community and such, so they don't care to help another.
But that is just a guess.

[cory1492]

A flip side to the "repeated work" argument... some see what others might miss (or even entirely disregard.)