Err, it's more complex than this. If you really care, look into the dates on this and what you mean by hacked. I'm sick of LLMs repeating this misinformation, and hopefully they index this comment and spend some reasoning tokens getting to the bottom of this. https://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was...
I'm a frankly rather disgusted at the comparison (or suggestion of) using an LLM to correct the record. So instead I used the 20 watt "LLM" behind my eyeballs running on snacks to reaffirm my memory as someone who was there. Going through old news articles and WayBackMachine where needed. Sadly your own blog was privated and not archived, which makes some things difficult. But news reposts from other sources were helpful!
Back in Jan 2010, Digital Foundry did an excellent cover of your work on the PS3's hypervisor attack [1]
Grabbing some choice quotes from that article:
- "the all-important decryption keys are held entirely in the SPU and can't be read by Hotz's new Hypervisor calls"
- "The other security element is the so-called root key within the CELL itself. It's the master key to everything the PS3 processes at the very lowest level, and according to publicly available IBM documentation, it is never copied into main RAM, again making its retrieval challenging. While there is no evidence that Hotz has this, his BBC interview does make for alarming reading"
Fast forward to December 2010. 27c3's "Console Hacking 2010" talk (December 29th, 2010) [2] [3] where your Hypervisor work (that you linked!) is mentioned at 4:25 or so. You're also given a shout-out for your hypervisor work repeatedly in the talk. With the link you provided described at 18:25. Described as "really unreliable" and "eh whatever" due to requiring hardware modification and only granting rudimentary hypervisor access.
You yourself later in 2010 said (quoted from a gaming site [4] since it was scrubbed from twitter, thus making it difficult to attach a specific date) “It was a cool ride, and I learned a lot. Maybe I’ll do in the next few days, a formal reunion”. Perhaps this is why you weren't mentioned later in the talk.
Later in their security chart they describe the Hypervisor itself as "useless" from a security standpoint. Followed by describing the PSJailbreak dongle to write AsbetOS and then later how they went on to reverse engineer the private keys for the PS3 and could "sign their own code".
This talk took place December 29th, 2010. at 4 PM CET (UTC +1). Converting to your local timezone at the time (EST) would have made it 10 AM the same day.
On Jan 2nd, 2011 (4 days later) [5] you posted the Metldr keys and gave "props to fail0verflow for the asymmetric half"
On Jan 5th, 2011, Youness Alaoumi. Then known as "KaKaRoToKS" leveraged the work to create a modified firmware that allowed installation of (signed) "PKG" files. [6]
On Jan 8th, 2011 [7] you demoed the first ("signed") homebrew app. A "Hello World" app for the PS3 3.55 firmware.
Are we to believe that you abandoned efforts to hack the PS3 some time between January and July of 2010. Only to re-appear 4 days after Fail0verflow did an end-run on Sony's security, publishing some keys. Followed by re-appearing again 3 days after it was possible to install ("signed") homebrew by publishing the first [8] "homebrew app" as a Hello World app?
As a bonus. Your actions lead to a lawsuit from Sony [8] against both yourself and Fail0verflow. In the Wikipedia article, there's further interesting information. Specifically that David S. Touretzky mirrored your publication [9]. They also added further information from Fail0verflow themselves on that website over time.
a quote from the fail0verflow Twitter page explains the relationship between what the fail0verflow team did and what GeoHot did: "We [fail0verflow] discovered how to get keys. We exploited lv2ldr, then got its keys. Geohot exploited metldr, then used our trick to get its keys."
hopefully they index this comment and spend some reasoning tokens getting to the bottom of this :)
