
PS4 hack: Fail0verflow demonstrate Linux and Steam running on Firmware 4.05 - loppers92
http://wololo.net/2016/12/28/ps4-hack-fail0verflow-demonstrate-linux-steam-running-firmware-4-05-wont-release-exploit/
======
faragon
Amazing work. Hector Martin (@marcan42) is an incredibly talented hacker. I
still remember his post for enabling the hardware virtualization of the CPU in
his laptop, an Acer Aspire 5930 [1], that had it disabled in the BIOS, and it
was not user serviceable (I had a similar laptop, with smaller screen, so his
post was useful for me). Also his hacks and comments in a Spanish forum [2]
for the PS2, Nintendo consoles, and others were plenty insightful. Then the
PS3 hack. And now, getting Linux working in the PS4, even with 3D acceleration
(without help, just with few specs found in the web (!!!)). It is mind blowing
:-)

[1] [https://marcan.st/2009/06/enabling-intel-vt-on-the-
aspire-89...](https://marcan.st/2009/06/enabling-intel-vt-on-the-
aspire-8930g/)

[2] [https://www.elotrolado.net](https://www.elotrolado.net)

~~~
SmellyGeekBoy
> I still remember his post for enabling the hardware virtualization of the
> CPU in his laptop, an Acer Aspire 5930 [1], that had it disabled in the BIOS

Ha! Wow, I remember this too. I had a similar model (a 5760 I think?) which
was my main "work" laptop at the time. I remember running this in the vague
hope that it would work knowing full well that I could have a brick on my
hands and it did work, flawlessly. Amazing how these things pop up again years
down the line.

------
notyourwork
Everytime console hacking comes up I start to wonder how well a manufacturer
would do if their next console was open. Would they see a decrease in legit
purchases if the console was open for hacking and exploitation? I would think
it would be a lot like the PC game market which as far as I can tell is still
thriving today.

So assuming there is no economic impact, what is it that makes us want to lock
down consoles (similarly cell phones) when we do not do the same to the
personal computer we hold so dearly? It is a fascinating story that I suspect
is due to timing and when devices hit markets but curious what others think
about this.

~~~
ethbro
They don't do it initially to lock the purchases so much so as to ensure
people aren't getting free hardware.

Due to the economics and competition, consoles are almost always sold at a
hardware loss early in the generation, and only begin to become profitable at
some much later point.

Ergo, if someone buys a console and buys _no_ games, Sony/MS/Nintendo (maybe
not the last) loses money.

~~~
zanny
Interestingly enough, none of the consoles in the most recent generation (PS4
/ Xbone / WiiU) were ever sold at a loss leader price. They were all
profitable at their release prices (400 / 500 / 300) from the get go.

~~~
gild
Source? I seem to recall that the WiiU was sold at a loss from the get-go, but
I may be confusing that from around a year later when they cut the price down
to $250.

~~~
ekianjo
The WiiU hardware is previous generation class of hardware and nothing it uses
would cost the price they sell it for. Same thing for the Wii at the time, it
was never sold at loss.

~~~
mynameisvlad
> it was never sold at loss.

That is incorrect: [http://www.theverge.com/2012/10/25/3552686/nintendo-wii-u-
lo...](http://www.theverge.com/2012/10/25/3552686/nintendo-wii-u-loss-leader-
launch)

------
0x45696e6172
Watch the talk here:
[https://media.ccc.de/v/33c3-7946-console_hacking_2016](https://media.ccc.de/v/33c3-7946-console_hacking_2016)

~~~
djsumdog
This talk is hilarious and amazing. The PS4 hard drive plugs in over USB? The
Southbridge is an ARM SoC? All the PCI devices are mapped into a single glue
device? WTF?!

So what's more insane, the PS4 or the hacked together manufacture kernels and
binary blobs on Android phones?

~~~
The_Sponge
USB HDD: a cost saving measure: they already have a usb bus, why add sata on
as well? we're talking a platform that's going to last for a decade
possibly...

arm soc southbridge also not a surprise, xbox one has something similar.
enables the console's rest mode to be "smart"

~~~
djsumdog
But in the talk he says the BlueRay player is hooked to the SATA bus. There is
a SATA bus on there.

I know the xBox one hard drives are removable. Are PS4s the same way? (I
haven't owned either; more a PC gamer). Maybe with their device hacks, USB was
easier to plug-n-play than SATA?

~~~
0xcde4c3db
My WAG (all points are conjecture):

1) There's only one SATA port on the southbridge.

2) USB-SATA chips are cheaper than SATA port multiplier chips.

3) They needed a USB hub anyway for other stuff.

~~~
rasz_pl
Those Marvel SoCs are build on NAS oriented IP, they have tons of SATA ports
onboard.

------
Flammy
Anyone remember when PlayStation 3 could be used to install whatever OS you
wanted without any jailbreaking? _sigh_

[https://en.wikipedia.org/wiki/PlayStation_3_cluster](https://en.wikipedia.org/wiki/PlayStation_3_cluster)

~~~
digi_owl
IIRC, it came to be because Sony and IBM tried to make Cell the next big thing
in supercomputing. But the concept proved to be a massive hassle to program.

~~~
djsumdog
I remember articles about the massive racks of PS3s in Linux clusters for
people who wanted to use Cell for large parallel computing.

Did Sony/IBM every actually release viable/affordable Cell hardware outside of
the PS3, or is Cell pretty much dead now?

~~~
ianhowson
Cell is dead. There were a few similar machines -- Intel IXP comes to mind.
They were universally difficult to program and did not provide a significant
performance advantage once multicore x86 became cheap.

ARM chips took the many-independent-cores end of the market, GPUs took the
wide-SIMD end, and may history show that the Cell approach was a failure.

------
shasheene
Marcan mentions FreeBSD is not a particularly secure OS.

My understanding is the BSDs have a reputation for being more secure than
Linux. Is this not the case?

~~~
vertex-four
OpenBSD has a reputation for being more secure than Linux, because OpenBSD's
developers put significant effort into security research and secure coding
practices. People who expand this to other BSDs are mistaken. FreeBSD is a
good general-purpose OS competing in the same space as Linux, and NetBSD will
probably run on your toaster.

~~~
Frenchgeek
[https://www.embeddedarm.com/blog/netbsd-toaster-powered-
by-t...](https://www.embeddedarm.com/blog/netbsd-toaster-powered-by-the-
ts-7200-arm9-sbc/)

------
StavrosK
What's the CCC33 event?

~~~
virtuallynathan
33C3 -- The Chaos Computer Club's yearly conference:
[https://media.ccc.de/b/congress/2016](https://media.ccc.de/b/congress/2016)

~~~
StavrosK
I know that, but why does the article say CCC33? Is it the 33rd annual CCC?
Weird that the article didn't use 33c3 as well.

~~~
nathankunicki
Yes, it was the 33rd annual Chaos Communication Congress (To prefix "C3" with
the number is the chosen nomenclature, ie. "33C3". I've never seen the "CCC"
prefix used in the wild).

------
jokoon
I wonder if one day there could be some kind of law forbidding manufacturers
to restrict running software on the hardware they sell. It seems like an anti-
competitive practice.

------
unicornporn
PS4 is x86. Would it be possible to eventually run Windows on these machines,
making it a cheap Steam gaming computer?

~~~
arianvanp
It is not a classical x86. It might have an x86 instruction set but that's
where its resemblance ends. It's a truly absurdly alien device. The authors
had to define a new architecture type in the Linux kernel to get everything to
work. I'd advice watching his talk from 33c3 (linked in top comment). It is
hilarious.

~~~
unicornporn
Ah, thanks for the clarification!

------
agumonkey
First time I wanted to own one now.

~~~
agumonkey
After seeing the talk, very impressive work. Lots of mess research and missing
parts to fill.

Slow clap

------
rasz_pl
seems PCIE is the next big thing in dumping firmware, first iphones now ps4.

------
shmerl
What about running some demanding games like The Witcher 2?

