The PS3 'Hack' Updated

On Thursday we ran a story sighting that the PS3 system had been effectively cracked now allowing it to run custom code and copied games without an internal mod chips. Initially the jury was still out on whether the supposed ‘hack’ was real or not, although it can be confirmed that it does indeed work exactly as described, thus presenting a small problem for Sony.

However the hack itself isn’t exactly anything special. From what I gather the USB device contains a chip that has some code taken from a Sony recovery device, which is used to boot up a PS3 that has been bricked due to a corrupted firmware update making the machine supposedly unbootable, and it’s this that signals the standard retail PS3 to boot up in a service mode of sorts.

The tools used to rip games from their BluRay discs comes in the form of a variant of Sony’s own download manager, and is the second aspect which makes this hack work; without it you can enter the PS3’s service mode and run custom code, although you can’t copy any games over to the system.

The USB device is exactly the kind of thing that Sony approved repairers use in fixing broken PS3 consoles, bypassing the actual system firmware, and contains what can only be described as an easy short-term exploit into unlocking the console.

I say short-term as part of the boot exploit can be patched by a simple firmware update stopping unsigned games from running, and by requiring all new software to have this latest firmware update. This would stop people from running the newest releases on the console until either: the latest system update was installed, or until the hackers can create their own custom version of said update. However whilst patching the boot sequence may be relatively easy, curtailing use of the exploit may not. At least not without some kind of internal hardware revision.

The area in which the USB stick seems to exploit is the use of the system’s bios chip, which controls how and in what mode the PS3 boots (amongst other things). The USB is recognised as a Sony recovery device, and thus gains full access to the hardware. So in order to patch such a flaw you would need to be able to flash the bios chip to update the controlling software, thus preventing the exploit from taking place. And this is potentially a huge issue as usually this part of the hardware isn’t accessible to anyone. At least it wasn’t in the PSP, and may not be in the PS3 either.

What this means is that even if Sony patch the firmware and change the boot sequence stopping custom code from running, there’s still the very real possibility that the USB stick hack will continue to work. However, as new software will still require the latest firmware updates, some releases simply might not boot regardless.

Of course all this is assuming that the PS3’s bios cannot be flashed - something we don’t yet know. Although if it can, then the whole USB key and current exploit will be null and void in an instant. If not, then Sony will need to make changes to the internal hardware itself through new motherboard/bios revisions in new PS3 units leaving potentially all of the old consoles wide-open to the exploit, and the obvious route of re-written custom firmware – an ongoing problem with the PSP.

In the end Sony can easily make changes to their own security system through new firmware updates to circumvent the issue, along with new ‘game’ plus ‘disc’ checking features making running new releases much harder to do even if the bios flaw cannot be patched. There’s also the ability to change the boot system making the USB dongle rather useless in its current form. Instead hackers will need to continuously patch it in order to keep compatibility with PS3’s featuring the latest firmware.

Perhaps the only problem left is if the hardware bios cannot be flashed via a firmware update, in which case it would be possible for hackers to repeatedly break any new security measures Sony decides to implement. However, even if they do regardless (which is no easy task), this still means that ‘day one’ use of copied games is effectively ruled out, plus even with the hack in its current implementation you cannot run PS3 games downloaded from the net on the console; you need to have copied it over to the HDD directly from the BR disc.

Whatever seems to be possible at present, it appears that this certainly isn’t the PS3 equivalent of the PSone modchip, and that a definitive way of cracking the console allowing for true custom code and downloaded software to be run is still some ways off. At least compared to the PSP.