Ps3 hacks you probably don’t know about
With all the rage about CFWs and leaked keys, the Ps3 system has been opened widely. But long before this, other hacks were found that allowed homebrew apps to be ran, amongst other things. While most of these hacks are patched, some are still accessible, even on the latest OFW.
- Ps2 homebrews and backups
One of the first hacks that existed on the Ps3 was not even a Ps3 hack, but rather a Ps2 hack, similar to how we can hack the Vita’s pspemu. This hack required an original copy of Swap Magic 2.6 or up and allowed you to run pretty much any Ps2 homebrew (by means of UlaunchElf) and even Ps2 backups on a usb hdd (by means of USB Loader or Open Ps2 Loader). This method is still available today to any user with a backwards compatible console, but the availability of the Swap Magic discs have been reduced, greatly, since this method was discovered. Swap Magic works on a Ps2 and a Ps3 because it’s pressed the same way as any other Ps2 game, so it would be very difficult (and even impossible) for Sony to patch it.
- Blu-ray Disc Java
BD-J is essentially a way of adding software content to Blu-ray Discs, similar to the Dreamcast’s Mil-CD. This allowed hackers to code BD-J homebrews and play it on a USB stick as the Ps3 recognised them as video files. This method was patched so you can’t play them on a USB anymore, but it’s still doable on a burned Blu-ray Disc.
Very little homebrews were created for this, amongst them we can find pong and an nes emulator with no sound. For more information about BD-J, check this: http://en.wikipedia.org/wiki/BD-J
- RSX access in otherOS
A hack was found that allowed access to the RSX in otherOS and a linux kernel was compiled with such access. Unfortunately, it was patched in version 2.10, and people who have a version lower than that (if there is anyone on earth with such a low firmware) are better off updating to 3.55 CFW and use otherOS++.
- Media Files Exploits
Different exploits and possible exploits in media files, such as image files or video files were found, here is a list of them:
- Tiff exploit
A tiff exploit was found for firmware 1.90, it was alleged that it could allow the playback of ps1 backups and a youtube video showed up demonstrating it. While the tiff exploit was real and allowed one to bypass the firmware update check, it’s use to play ps1 backups was never confirmed. Other such methods were tried to hack the ps3, including corrupted mp3 files that the ps3 recognized as working and later crashed when trying to play it.
- Mp4 exploit
It is also known that firmware 3.21 fixed a potential vulnerability in the playback of mp4 files, we may never know what this vulnerability was and what it could have brought to us, but if Sony patched it, it was for a reason.
- libMPEG exploit
This exploit was found in an mpeg video file, but sadly nothing more than a POC came out of it, it might not even be an exploit (as you might have learned from the psp scene, not all crashes are exploits).
- Open Remote Play
A vulnerability was found that allowed the use of Remote Play on non-PSP systems, such as a PC, by simply disguising our PCs as a PSP, this was patched in firmware 2.80, but not for long since we can now patch the official Vaio Remote Play to use on any PC.
- Resistance: Fall of Man and Motorstorm exploit
This exploit allowed you to bypass the firmware update check to play newer games without updating. It required an original copy of Resistance: Fall of Man and was performed by starting the campaign, pausing the game, ejecting the disc, putting the other game in the drive and selecting “quit game” in the pause menu. Apart from this, apparently Team ICE managed to get unsigned code working using this exploit, but nothing good came out of this. A similar exploit existed in Motorstorm.
- Infectus modchip
The infectus modchip allowed you to downgrade firmware 1.60 to 1.50 but the amount of soldering required, plus the fact that this method was patched, made this hack irrelevant.
- mkfs.self exploit
Little is known about this exploit, but the consequences it could have had were huge. This was the first exploit that allowed to boot blu-ray backups of games. The problem is, these games didn’t run, they booted, but not run, and the exploit was patched above firmware 1.11, so it was clear that very little people could have had access to it. I do not know very well how this exploit worked, but I think it has something to do with renaming mkfs.self (one of the system files?).
Well, as you can see, the ps3 scene has been very active since its beginning, but, for the most part, nothing usable really got out of it.