When PS4 Xbox One will be hacked

Some of you wonder why I recommend throwing away consoles of certain revisions, most notably PS3 Slims with factory firmware version above 3.55 and all of those so called superslims with model numbers 3000, 4000 and higher.

We’ll talk about PS3 and PS4 in a bit, but first let’s concentrate on PS3 only rival – the XBOX 360. I talk about Xbox 360 since both consoles are built on a very similar processor architecture. They both sport an IBM-made CELL CPU, with Xbox 360 having 3 cores and the PS3 has 8, 7 on which are available for the software. I also explain what the eighth core does in a bit. So, IBM CELL processor. It utilizes E-fuse technology. E-fuse are very similar to common fuse which you may see in most electrical and electronic devices. A fuse is normally a glass tube with a piece of wire inside. The wire is set to a certain current, for example 1A. If the current flowing through the fuse exceeds 1A, the wire inside the fuse immediately heats up, melts and snaps, effectively breaking the circuit. Fuses protect your devices from sudden electrical surges. If the high current goes inside the electronics, it may damage it beyond repair. On the other hand, fuses are cheap and easy to replace, and are made to be sacrificed for the greater good. So… These expendable fuses, but in nano size, are inside IBM Cell processors to allow changing of the CPU inner schematics after it leaves the factory. Power certain pins to destroy the e-fuse, the contact will be broken, and the current will not flow through it, reconfiguring electricity flow inside the chip. This process of course cannot be reversed – you can’t replace an e-fuse. Microsoft came up with an evil way to use this technology. Here I must make another distraction and talk about Microsoft being the pioneers of digitally signing software. Digital signature is a subjanre of cryptography, utilizing complex math to generate a number which cannot be generated without knowing another number. If you are interested, read more on open key pairs and asymmetric cryptography. The bottom line is that Xbox 360 can run only Microsoft-signed software. As third party, hacker software will never be signed by Microsoft, and Microsoft secret keys are heavily guarded, in theory this makes it impossible to run unsigned hacker utilities on Xbox 360. This is achieved with e-fuse. E-fuse can be treated as a bit – zero or one. Working e-fuse is a one, and burnt is a zero. By having 128 of these you can burn a 128-bit crypto key right inside the processor. Microsoft is giving each processor a unique private key. After the key is written inside the processor, several more e-fuses are burnt, destroying electrical contact with that efuse area where the key is stored. Basically, this key becomes sealed inside the processor, without any ways to read it from outside. Well, there is a way by slicing nano layers of silicon and using a tunnel microscope to see the state of the fuses. But this renders the processor unusable. And as each processor has a unique key, sacrificing one to read the key and use for the rest of them doesn’t work. The CPU is made in a way that it runs signed code only. When you buy a game disc, the disc is signed for all of the processors, so each console can decrypt and run it. But when you download a game from Xbox Live, the software is signed and encrypted for your console only. So even if you copy the files and try to run them on another console, that other console will just fail to decrypt them. Encrypted software is gibberish until it is decrypted. As Xbox 360 won’t run software without Microsoft signature, each game manufacturer will have to ask Microsoft to sign the games, which comes at a price. And that ensures Microsoft gets a slice of each and every game ever published for the console. Licensing that is called. Well imagine a cup that refuses to brew a tea bag unless the label is signed by the hand of cup manufacturer. All of the Xbox 360 hacks – JTAG, and the later RGH tried to circumvent signature check and force the console to run unsigned code. The Xbox Slim hack just jerks the processor by resetting it until it goes into failover mode, when it runs unsigned code as a diagnostic procedure embedded by IBM. That’s why it may take a while until the hacker chip manages to boot the console in that mode. That’s one side of it. The CPU has some more e-fuse and Microsoft uses them in even more diabolic way. Back in the day, you actually could downgrade console firmware. But a certain Microsoft update burnt an e-fuse. In fact, Microsoft, without the users knowledge or consent, remotely modified the properties on the user-owned hardware. Just take some time to think about it. To understand it better, imagine your power company increasing the current on your apartment input, so that the toilet bulb bursts, changing the lightning pattern of your apartment. The difference is you could easily change that bulb, while the e-fuse inside the CPU remains permanently damaged. This is a very serious private property violation and privacy concern. So, the e-fuse is permanently burnt, and some of the code responsible for update was changed in a way that it checks for this e-fuse, and doesn’t allow to downgrade if the e-fuse is broken. That’s why you can’t downgrade your Xbox 360 if your current firmware is of a certain version or higher. This is a hardware lock, which was introduced right in your home on the hardware you own, without you knowing about it, let alone asked to approve it. Now let’s get to the PS3. It uses a similar, but even more bizarre technology. Fucking insane, like most things in Japan. You know. Remember I said only 7 cores can be used out of 8 the PS3 CPU has? What does the eighth core do? Well, it hosts the so called hypervisor, which encrypts and decrypts everything that goes out and in the CPU. You may be familiar with virtual machines, the easiest example of which are those emulators you run on your computer to play games from other systems like Nintendo or Playstation. A more complicated example are virtualization software and virtual servers, which allow to simultaneously run independent operation systems on shared hardware. Virtualization is a hot topic now, so you may want to read more on it. So the eight core basically creates a virtual machine inside the processor, which cannot be accessed or analyzed from the outside, as all the input and output data is encrypted. That is exactly why hackers couldn’t conquer neither Xbox 360 nor the PS3. Breaking asymmetric crypto keys when they are properly generated is tedious task and may take hundreds of years to bruteforce, so this is considered mathematically improbable. I said generated properly. Well, Sony failed at this, and made a mistake when generating keys for the level one loader. And what a hilarious screw up that was! However you may not get the humor without knowing the basics of cryptography, so I urge you to read on that. The failure is a hardware one, and all phat consoles and most of the early slim revisions with factory firmware up to 3.55 have it. The factory firmware means it came from the factory that way and the retailers sold it with that firmware. Of course the error was quickly patched, and the consoles manufactured with firmware above 3.56, and the later revisions like the superslim and the super-superslim with external power adapter, have it fixed and cannot be hacked, at least on the current knowledge available to the hackers. There is an exception for consoles that were manufactured with firmware 3.55 and below, but the user updated them to a later firmware. You can easily learn which was the factory firmware for your console with a simple utility called MinVerChk. You download it and place on a thumb drive like a normal system update and repeat all steps you would do to make a normal PS3 update from a USB drive. However, the system won’t update but will show you the lowest firmware version it will update to. If it is 3.55 or lower, you may try to downgrade the console with a firmware flasher. If it has NAND ROM, you will need progskeet flasher, which must be soldered to the mainboard. There were some clip-on versions, but they give much worse results. NOR model owners must use e3flasher. This is a clip-on device, but the contact is not very secure so you have to double check everything and still risk bricking you console. In any case, this procedure is beyond capabilities of most owners, and the professional help cost may be quite high. So the easiest way for them to get homebrew and backup capability is just sell their current console, add the money you would spend on the flasher or give away to a pro repairman, and just buy a CFW-enabled model. This is exactly what I mean when I tell you to throw away your console with firmware higher than 3.55 or those fancy 3k/4k models, which cannot be fitted with CFW neither through firmware, nor hardware tricks. There is a way to run homebrew on such, which I will make a separate video about, so stay tuned to my channel. But custom firmware is taboo for those consoles. Of course there always is a probability someone will come up with a hack, like it happened to the XBOX Slim, but with the release of PS4 most of the hackers energy will shift to hacking the next generation consoles – Xbox One and Playstation 4. Speaking of which, you probably wonder when PS4 will be hacked? This is not an easy question to answer. On one hand, in the current generation – PS3 and Xbox 360 that is, both Sony and Microsoft acquired unique and vast experience, allowing them to securely seal any new hardware. There is an example of such hardware already – the PSP Vita is widely accepted as unhackable console. On the other hand, securing the system is a complicated task, and the more complicated the system, the more errors it probably has that hackers can exploit to enable the new consoles to run unsigned code. Early revisions usually have more of those hidden exploits, as the products are rushed to the market without proper testing. That’s why it is always a good idea not to update firmware on new hardware. On the other hand, earlier revisions are normally more prone to break than later revisions, and older firmware version may be banned from playing online and running the latest titles. And the exploitable glitch may even not be there in the first place, of the hackers may fail to uncover it until Sony or Microsoft wants them to. So, I don’t expect next generation consoles to be hacked soon after their release. But there might be a way to play pirated games and even run homebrew on them. Check out my next video to see how it can be achieved.

Leave a Comment