

Analysis of the PS3 hypervisor exploit - NateLawson
http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/

======
tptacek
Cliff's notes: a tiny piece of electronics can glitch the PS3 memory bus,
causing memory writes to fail (far below the level of the instruction set
architecture). If you can force writes to fail, you break fundamental
assumptions that conventional code depends on; in this case, you turn a
deallocation into a no-op, leaving you with a reference to stale memory ---
roughly a use-after-free bug (like what just killed IE with Aurora).

------
NateLawson
This is a detailed analysis of source code for the geohot glitching attack on
the PS3 hypervisor. It's a combined software/hardware attack and is likely to
lead to a software-only hack later on.

