PS3: Progress on Slim/Super Slim hardware hacks. Fresh hopes for a full-fledged CFW?
PlayStation scene dev Zecoxao has shared a screenshot of a work-in-progress series of tools by MikeM64, designed to hack the PS3 (Slim and Super Slim in particular) further.
PS3 Super Slim mitm hack. What is it, and what’s the big deal?
Hacking your PS3 nowadays is reasonably easy with the likes of PS3xploit and PS3HEN, but there are limitations for new models, in particular the PS3 Super Slim. Namely, the latter Slim and Super Slim haven’t been “fully” hacked, and cannot run PS3xploit, which is a full Custom Firmware. The latter Slim and Super Slim are “limited” to PS3HEN, which has a few limitations compared to a full Custom Firmware.
In practice, most people running PS3HEN (PS3 Homebrew ENabler) won’t feel any difference to running a Custom Firmware, except for the fact that PS3HEN has to be re-launched at every reboot of the console, while a Custom firmware is a much more permanent solution, which also gives complete control over the console.
Again, although in practice the differences between a HEN and a CFW are minimal, the latter PS3 Slim and Super Slim models are the “last man standing” against hacks that would give tinkerers full control over the PS3.
This is where the recent work from MikeM64, as demonstrated by Zecoxao, comes into play. People equipped with the right hardware and modchips can run these tools to try and “trick” the console through a man-in-the-middle attack, letting the console believe its boot sequence is properly secure, when in fact the hacker has injected a slightly different payload, giving them partial control of the system.
The required hardware is “simple” (but the skills involved are not) , namely an Arty-S7 50 (although MikeM64 states this could easily be ported to any Arty A series) and the accompanying generic cables.
This whole endeavor appears to validate a theory that was mentioned almost ten years ago by PS3 Homebrew dev JuanNadie, back in the ps3hax days.
The ultimate goal is to get a CFW running on the console, but before that, to be able to dump the boot programs of the console, and possibly find software flaws in them, to avoid having to rely on hardware hacks.
stage 2 of mitm (dumping lv0ldr) is now complete. should be a matter of time until lv0ldr is dumped from CECH-3000 pic.twitter.com/PbxtbmDXOR
— Control_eXecute (@notzecoxao) May 9, 2022
With this being said, as we’re reading this, it seems like full control of the console through hardware modchips would still be possible even if no software flaws are found.
Download the mitm tools and lv0ldr payloads
Source: via Zecoxao