The recent attack on the PlayStation 3 hypervisor has gotten a tremendous amount of attention, but there has not been much in the way of detailed analysis of the actual exploit itself. However, a prominent cryptographer and security researcher has looked at the exploit and found that it is a cleverly implemented attack that is quite difficult to defend against.
Nate Lawson, a well-known researcher who does a lot of work on hardware attacks and cryptography, published a detailed analysis of the PlayStation hack published by George Hotz recently. Hotz’s attack gave him complete access to the PS3’s system memory by using a clever technique combining hardware and software attacks. Lawson said that despite the fact that Sony had done a very good job of securing the PS3, Hotz’s attack defeats all of the machine’s protection mechanisms.
The PS3 uses a hypervisor to help protect the machine, a fact that Hotz’s attack makes good use of.
George’s hack compromises the hypervisor after booting Linux via the
“OtherOS” feature. He has used the exploit to add arbitrary read/write
RAM access functions and dump the hypervisor. Access to lv1 is a
necessary first step in order to mount other attacks against the drive
firmware or games.
His approach is clever and is known as a “glitching attack“.
This kind of hardware attack involves sending a carefully-timed voltage
pulse in order to cause the hardware to misbehave in some useful way.
It has long been used
by smart card hackers to unlock cards. Typically, hackers would time
the pulse to target a loop termination condition, causing a loop to
continue forever and dump contents of the secret ROM to an accessible
bus. The clock line is often glitched but some data lines are also a
useful target. The pulse timing does not always have to be precise
since hardware is designed to tolerate some out-of-spec conditions and
the attack can usually be repeated many times until it succeeds.
It is quite possible someone will package this attack into a modchip
since the glitch, while somewhat narrow, does not need to be very
precisely timed. With a microcontroller and a little analog circuitry
for the pulse, this could be quite reliable. However, it is more likely
that a software bug will be found after reverse-engineering the dumped
hypervisor and that is what will be deployed for use by the masses.
Hotz has released the exploit code that he developed.