It seems like those expecting a custom firmware to hack the PS3 can give up now as Sony has pretty much nullified the PSJailbreak exploit. Even though people like to call it a PS3 hack it was in essence a glitch.
I call it a glitch because “hackers” didn’t circumvent the core PS3 security measures which Geohot was working on before he gave up. These alleged hackers pretty much took a jig key, probably from someone that works in technical support for Sony in China, and used it to create the PSJailbreak.
Tech support centers use this special jig key to turn any PS3 sent in for repair to enter what’s called a debug mode. Once in debug mode the PS3 can playback unsigned code. As you can see all of hooks have been put in place by Sony for unsigned code to be played on the PS3 deliberately for troubleshooting.
The only thing that is even close to a hack is the fact that the PSJailbreak’s version of the jig key is deployed via a heap overflow using the USB ports. This isn’t all that impressive as overloading the system with a USB (switch on/off) is an old trick. It just happens that these hackers had a legitimate jig key to inject as the payload.
Over the course of two months Sony quietly combated the exploit in two ways – from a legal and technical standpoint. Sony was able to get the PSJailbreak banned in pretty much most of the major countries preventing sales of the exploit in mass quantities.
As reported by Digital Foundry, Sony released firmware 3.42 which pretty much nullified the ability to run unsigned code on the PS3, including the PSJailbreak. In firmware 3.50, Sony introduced a USB “white list” which pretty much blocked out any non-storage based USB devices, including the modified PSJailbreak USB drive.
Also, new games such as Medal of Honor are using a new encryption that can only be decrypted with a new key unknown to the public. Basically, even the PS3 doesn’t have the key to unlock the game unless you have firmware 3.50.
In order to really hack the PS3 like the PSP, hackers must get through the Hypervisor, which is the lowest level of security on the hardware. Believe it or not the Hypervisor security layer runs on the PPE (core processor) and uses one the reserved SPE (SPU). This SPE is isolated in a way so that even the main core PPE can’t even access it.
The single SPE uses the hardware root key to decrypt the encryption code while being tied to a random ID generator. This is probably one of the most complex security systems ever invented utilizing one of the Cell SPUs to handle decryption in isolation mode.
Sony has nullified the PS3 exploit rather efficiently and swiftly without making a major scene. It almost seems like Sony had a contingency handbook for this exact scenario. I suppose, the engineers at Sony figured this many happen eventually as the human element is always an unknown factor.