- Nobody cared to hack the PS3 because it had Linux. There was an air of mythos about the security being top notch, but nobody skilled tried. Linux was restricted to not having 3D accel, and there was a short-lived Linux side exploit that granted you that capability, but Sony patched it as expected.
- Sony released the PS3 slim without OtherOS. They claimed they didn't have the resources/interest in developing Linux for it (this was later proven to be bullshit, the patches required were trivial).
- Some folks started staring a bit more seriously at PS3 security at this point.
- geohot developed a hilariously unreliable physical RAM glitching attack to escalate from OtherOS to the hypervisor on the Fat (note: this does not grant access to the secure SPE where all the crypto/DRM is done). I guess he was aiming for the slim, but this was his first target.
- Sony got scared and illegally pulled OtherOS on the Fat in an update, violating consumer protection law (they got sued for this and lost)
- Everyone started looking into PS3 security at this point.
- "Someone" (I have my suspicions) developed and sold a USB dongle which exploited GameOS to gain access at that level, and which included code directly and solely intended for game piracy in its payload. This only broke GameOS security (not hypervisor nor secure element), but Sony's actually-terrible system design meant that was enough to pirate games.
- I and others reverse engineered that and I wrote a Linux loader (AsbestOS) that could be used with clone exploit devices, and worked on both the PS3 Fat and Slim. These payloads didn't include any piracy-related code, just a Linux loader. This is Linux running in GameOS mode, which gives you 3D access (though no drivers were ever written...) and required some kernel patches due to VM configuration differences. I worked on those patches and they are now upstream.
- Research continued, and I and others at fail0verflow eventually discovered that Sony had completely borked their crypto and we could calculate their private signing keys. Due to a technicality, doing that calculation required having access to the symmetric crypto key beforehand, which meant that for any given secureboot chain level, you first needed a (one-off) exploit at that level to dump the AES key, then you could calculate the ECDSA signing key.
- We gave a talk detailing both an exploit at a certain level and the crypto flaw, without disclosing any keys.
- A week or two later geohot used an exploit he had stashed at the metldr level (that's the second highest level, after the bootldr cold boot code) and our method to calculate and publish the keys for that level on his blog. Initially without crediting us (this is a common geohot theme) until I asked him to. metldr cannot be updated, so this is close to a complete hack (Sony found a cute platform recovery trick later, wrapping things with bootldr, until finally someone exploited that and it was all over)
- Sony sued geohot and me and a bunch of others. They probably thought we were cooperating or something. That was a stressful few months.
- geohot settled with them and promised to never hack their stuff again, and they dropped the other defendants (myself included) from the lawsuit, but not before causing personal and legal trouble to some of us.
The timeline is:
- Sony released the PS3 Fat with OtherOS
- Nobody cared to hack the PS3 because it had Linux. There was an air of mythos about the security being top notch, but nobody skilled tried. Linux was restricted to not having 3D accel, and there was a short-lived Linux side exploit that granted you that capability, but Sony patched it as expected.
- Sony released the PS3 slim without OtherOS. They claimed they didn't have the resources/interest in developing Linux for it (this was later proven to be bullshit, the patches required were trivial).
- Some folks started staring a bit more seriously at PS3 security at this point.
- geohot developed a hilariously unreliable physical RAM glitching attack to escalate from OtherOS to the hypervisor on the Fat (note: this does not grant access to the secure SPE where all the crypto/DRM is done). I guess he was aiming for the slim, but this was his first target.
- Sony got scared and illegally pulled OtherOS on the Fat in an update, violating consumer protection law (they got sued for this and lost)
- Everyone started looking into PS3 security at this point.
- "Someone" (I have my suspicions) developed and sold a USB dongle which exploited GameOS to gain access at that level, and which included code directly and solely intended for game piracy in its payload. This only broke GameOS security (not hypervisor nor secure element), but Sony's actually-terrible system design meant that was enough to pirate games.
- I and others reverse engineered that and I wrote a Linux loader (AsbestOS) that could be used with clone exploit devices, and worked on both the PS3 Fat and Slim. These payloads didn't include any piracy-related code, just a Linux loader. This is Linux running in GameOS mode, which gives you 3D access (though no drivers were ever written...) and required some kernel patches due to VM configuration differences. I worked on those patches and they are now upstream.
- Research continued, and I and others at fail0verflow eventually discovered that Sony had completely borked their crypto and we could calculate their private signing keys. Due to a technicality, doing that calculation required having access to the symmetric crypto key beforehand, which meant that for any given secureboot chain level, you first needed a (one-off) exploit at that level to dump the AES key, then you could calculate the ECDSA signing key.
- We gave a talk detailing both an exploit at a certain level and the crypto flaw, without disclosing any keys.
- A week or two later geohot used an exploit he had stashed at the metldr level (that's the second highest level, after the bootldr cold boot code) and our method to calculate and publish the keys for that level on his blog. Initially without crediting us (this is a common geohot theme) until I asked him to. metldr cannot be updated, so this is close to a complete hack (Sony found a cute platform recovery trick later, wrapping things with bootldr, until finally someone exploited that and it was all over)
- Sony sued geohot and me and a bunch of others. They probably thought we were cooperating or something. That was a stressful few months.
- geohot settled with them and promised to never hack their stuff again, and they dropped the other defendants (myself included) from the lawsuit, but not before causing personal and legal trouble to some of us.