Respuesta: PS3 hackeada, geohot lo ha conseguido.
Yo tampoco lo veo claro. Esta claro que han hackeado solo Hypervisor y hay acceso total al hardware. Han caido varias barreras pero los SELF no creo que caigan tan rápido. Además del mismo "cifrado" de los SEFL tenemos las claves del SPU aislado por el Hypervisor que esas no han caido por mucho que le Hypervisor cargado en memoria so lo haya hecho). El SPU esta aislado y si se accede se borra lo de dentro.
Additional features that the PS3 advanced from previous generations are the included extra security features. The main ones are listed below.
- Blu-ray Disc encryption
- Harddrive encryption
- Generic data encryption
- Hypervisor
To help with the security, the following hardware are also included inside the Cell:
- Hardware root key
- Hardware decryption routine
- Hardware random number generator
Game data from the Blu-ray disc can have a disc-based encryption on it. The encryption key (128 bit) is hidden inside the disc as a BD-ROM Mark, and requires special Blu-ray reader technology to read it. The disc layered encryption is usually used to encrypt EBOOT.BIN from Blu-ray game discs. After decrypting this disc layer, the result is a file named *.SELF. These *.SELF files are packed NPDRM encrypted data and includes SHA1 hashes. When this layer of encryption is removed, the result is an *.ELF file ready for execution on the PS3. The harddrive is also per PS3 encrypted, so it is not possible to swap drives into another PS3.
Hypervisor
There is a security layer called the Hypervisor running on the PS3 (running at the lowest level: Level 1 or lv1). The Hypervisor (code contained in lvl1.self stored on the encrypted NAND flash chip in early PS3) runs on the PPE and the one reserved SPE with the highest priviledge. The Hypervisor utilizes dedicated hardware on the PPE running in priviledge mode, allowing only itself, for example, to change the read-only status of code memory. There are 256 Hypervisor related System Calls. The GameOS and OtherOS (like linux) runs on Level 2 or higher on top of the hypervisor.
Encrypted code can be secured by having it run on the one reserved SPE (like the secure loader: lv1ldr which decrypts lvl1.self hypervisor code). lv1ldr itself is decrypted following a chain trust to the initial bootloader decrypted using hardware root key and hardware decryption routine built inside the Cell. Practically all the passed data for decryption happens inside Cell registers. The PPE would take the encrypted code (can be analogous to an application file from the decrypted Blu-ray disc, or something from the flash memory) and setup a SPE to go into secured (isolation) mode. In this mode, the hardware decryption routine takes over, grabs the encrypted code, decrypts it using a hardware root key, and puts the decrypted code inside the SPE's local store. Note that an SPE in isolation mode cannot have its whole code and data read or written externally (not even by the PPE that started it up), with the exception of a small area of the local store for communication purposes. The only thing the PPE can do is kill the SPE process (along with the SPE local code and data). The hardware random number generator in the Cell is there so that you can timestamp sessions keyed to a random number to prevent replay attacks.
Almost all of the keys inside the PS3 are public RSA keys for decryption only. With the exception of creating Save Games and general encryption of the harddrive, encryption keys for encrypting games and Blu-ray discs are held in secret by Sony.