Feeds

back to article PlayStation 3 code signing cracked

Hardware hackers claim to have uncovered the private key used by Sony to authorise code to run on PlayStation 3 systems. The hackers uncovered the hack in order to run Linux or PS3 consoles, irrespective of the version of firmware the games console was running. By knowing the private key used by Sony the hackers are able to sign …

COMMENTS

This topic is closed for new posts.

Page:

Pint

What for it....

...all the "It's my software/hardware, I can do what the eff I like with it!" people will be out in force now!

5
14
Silver badge

waiting is over

...and why not, they did pay for it, or are they just leasing/renting it in your eyes hence if it breaks Sony are liable to replace it? Warranty/support may be a different issue but you can't dictate usage after sale in any other regards.

1
0
Silver badge

Sir

Wait's your point?

2
0
WTF?

It was easier with software

Now seeing a license agreement for hardware saying that this hardware is not being sold to you, you just get a license to use it would be a totally different kettle of fish. Rules for renting hardware/physical things/tools are well established. If you rent a car, you must return it at the end of the location contract or buy it and therefore own it. Also, location or renting is limited in time and most of the time there is a contract specifying the details. Sony will have a lot of lobbying to do in order to change a lot of laws here. it will be fun to see what they'll come out with.

0
1
Silver badge

And why not?

They are correct!

2
0
Alert

Read more at PsJailBreak.Co.CC

Read more at PsJailBreak.co.cc

1
1
Anonymous Coward

Serve them right!!!!

Sony kinda brought it on themselves by removing the ability to run Linux on the PS3 in the first place. It's one thing not to be allowed to run Linux on a console, but to be allowed when you buy it and then to have that arbitrarily revoked???

I'd imagine it'll be impossible to change. They could sign new code with a new key (and obviously pass that to the console as an update) but they'll surely have to honour the compromised key or explain to customers why their older games no longer work (or is it just the OS that needs signing?)

Sucks to be them, but it was largely self inflicted!

14
0
FAIL

titular information

Actually, the keys are impossible to change, as they are relied upon in certain areas of the boot process, and are irrevokable. Note that the Apploader key (that allows GameOS stuff to be signed)hasn't been found yet, and I don't think that Marcan and co. are in a hurry to do that ;)

The "exploit", if it can be called that, shows how much fail Sony are made of. The AES encryption in hardware was cool, if only they didn't use the SAME F***ING RANDOM NUMBER to generate the keys. That means that when you have two public keys, you can rearange the terms of the AES equation using basic algebra to get the private key.

The presentation is worth the watch for technical details, and if you like memes the thing is full of them (Over 9000 PSJailbreak clones, hehe)

Fail icon, 'cos of Sony's fail

2
0
FAIL

BS

This had nothing to do with OtherOS, it's just some spotty teenagers trying to tie the two events together.

The fact is, before Sony removed OtherOS two things were true:

1/ Nobody cared about it

2/Those handful of people that did, were crying about GPU hardware access.

So lets stop pretending shall we?

0
1

What Sony will probably do...

...is simply push out an update that disables the loading of code from either USB or a burned CD/DVD. It won't solve the problem in the long term, but it will force a lot of gamers into accepting the update if they want to carry on playing network games or accessing the PS store - unless they fancy running the risk of using a modded firmware (and possibly getting their account permanently banned and forfeiting any purchased games or media.) At that stage, the customer won't be able to jailbreak their console later, without modding the hardware and rewriting the flash chip manually - and that is something that will put most people off. Only dedicated hardware hackers will be running homebrew, or those who decide to eschew PlayStation Network.

They will release a new console, in all probability, with a new root key and a whitelist for existing games, and knowing Sony, they will probably screw every existing PS3 owner by saying "New games will be released, 6 months forward, for the new PS3 only - get your upgrade today!" It sounds outlandish, utterly unfair and a really bad way to treat your customers - but it's pretty consistent with Sony's past behaviour, so I wouldn't be at all surprised if they did it. They would probably also issue a recall for all PS3s in the channel, while they are at it - and remanufacture them as new PS3s.

Depending on how expensive it would be, Sony may invest some time retrofitting older PS3s with a new CPU (with the new root key on it.) They could tell all PS3 owners to send their console in for a retrofit - with, say, an incentive of an extra year's warranty. Of course, depending on how tamper-resistant the design is, that may prove to be more expensive than it's worth. Personally, I think it is straying too close to what I would call "customer service", so I wouldn't hold my breath on Sony doing this. They're far more likely to just turn their problem into their customer's problem, and screw everyone with an older console (or make them pay for a hardware update.) That's Sony.

Those who talk about piracy are, I'm afraid, obfuscating the issue. Sony doesn't actually give a shit about piracy, despite what they might say. They ARE, on the other hand, scared to death of publishers deciding to sign their own games and release them on the market without paying Sony a cut. This is the REAL reason why Sony want the console locked down nice and tight. Many people do not have the wit to realise that piracy is only a very, very small reason why Sony want things this way: A few realise that Sony's business model DEPENDS on levying a fee for developers to gain access to the PS3 market, and you can bet that, right now, there are several very high-level discussions underway within Sony's management about this very issue. A few people copying games is neither here nor there, compared to the prospect of someone like EA saying "We'll sign our own games from now on, thanks" and Sony seeing their entire source of revenue get flushed down the toilet as developers sign their own code, instead of paying Sony to.

Sony will not let this stand, because it threatens their business model. The consequences are likely to be very ugly - watch this space.

0
0
FAIL

Epic

Now I might buy a PS3.

7
0
FAIL

Weak or just not random?

From watching the presentation the method by which Sony chose to generate a random number for the private key was to pick one and then use it repeatedly. And because the numbers are the same in the first section of the signed excutables you can apply some good old fashioned math and get the key from the SELFs already out there.

Pretty silly from a company with the highest rate of piracy in the last generation of consoles.

I bet there is a PKI guy at Sony with a red face and a P45.

2
0
Thumb Up

Not quite so.

Generating unique encryption key and embedding them in hardware is unpractical, it defeats the purpose of mass production. It's way much easy to generate a key and use it in thousands of identical chips than to generate unique keys, keep track of them and customize every chip with its unique key. While it is technically feasible, it doesn't scale well for mass production.

The same thing happened with encryption keys used for HDCP in that once THE key has been leaked the protection (racket) scheme was compromised for good.

1
0

and..

If every console had a unique key surely the hackers would just publish the code/methodology for finding your key in the same manner they had found theirs? That whole process could be automated i am sure.

Failing that would we end up with some sort of draconian UbiSoft style copy protection?

Why not just have a homebrew private key that when used pops up a disclaimer that disavows all knowledge and tells you all problems you encounter are SEP?

0
0
Flame

stable door..

Sony will rue the day they removed the OtherOS feature from the PS3. Many many people legitimately used it to run Linux - and even bought the PS3 over the xbox360 due to this extra function/ability.

yes, the bad people want to run pirated games...but all Sony has done is pushed the legitimate people into the underground scene world...and basically accelerated this cracking of the system.

Sony - grow a backbone and give back the OtherOS feature as it was listed as a feature of the system when sold originally...I know you don't care about the 'its a computer!' tax dodgy..as that no longer applies anyway.

15
0

OtherOS

Good thing Sony nerfed OtherOS then, eh? Screwing people who legitimately wanted to experiment with the cell processor all in the name of preventing piracy.

Piracy never /ever/ finds another way, eh?

6
0
Linux

Ooops

Guess that decision to remove the linux option to prevent piracy has kinda backfired.

Egg, meet face.

12
0
Silver badge

No it hasn't

What an utterly absurd suggestion. Crackers / hackers would have used Linux to obtain the same information that they're after now. Removing Linux has "backfired". It was prudent in the circumstances and hackers would probably gotten further on with it being there than from it being absent. So Sony were right to do it even if their other protections contain goofs of their own.

0
9
Silver badge
Boffin

@DrXym

Before the OtherOS removal, the only ones interested in cracking the PS3 were trying to get pirated games to run on the PS3. The "run Linux in my toaster" crowd was uninterested, and incidentally this crowd is usually the one that actually gets the impossible stuff don, like porting Android to the iPhone. While a PS3 crack could have eventually happened, it would've taken far more time if the PS3-Linux crew hadn't been involved, up to the point that the fail0ver team didn't care about cracking PS3s until Sony removed OtherOS.

It is also interesting to note that when they release these juicy bits of code, it will NOT allow pirated games to run. They don't want pirated games, they want Linux and have enabled a way to run Linux *without* automatically compromising the GameOS at the same time, which was the case with the earlier USB trick. And it will probably remain that way, as a run-Linux/no-piracy jailbreak won't run afoul of the DMCA. :)

4
0
Silver badge

Bollocks

Stop rewriting history. The reason OtherOS was removed was precisely because someone was developing a crack on the hypervisor. Do you really think Sony was going to leave OtherOS there and lose potentially billions to pirates?

And all the exploits after the removal have been nothing to do with making Linux run (expect as a vector to launch further attacks) and all about playing unsigned or cracked games.

1
2
Silver badge

No

The crack using hypervisor was to give Linux the ability to fully utilize the hardware. Piracy wasn't a goal there, and would have been a whole lot more work than this will be.

I called it though. I said as soon as the otherOS option vanished from my PS3 that we'd be seeing an exploit to run Linux again within a year and one that didn't involve a soldering iron in 18 months. I expect to see pirated games running within another couple months.

Dumb move by Sony. The fact that the Linux crowd could mostly do what they wanted without cracking the system was the only thing keeping pirated games off the PS3 when the Wii and 360 were already cracked.

1
0
FAIL

Ahh. someone with a brain

Rather than the rest of the frothy mouthed idiots here...

Homebrew as we all know it a cutesy name for piracy. If you want to write homebrew, pay $25 and get a Android developer account and write for that...

0
0
FAIL

Well done Sony!!!

Removing OtherOS was really the way to go (to involve the only one that was best not to piss off).

3
0
Megaphone

Good!

This is a message to all hardware manufacturers: your customers will not let you get away with restricting the functionality of your products. In an information society, restricting information for profit is immoral and unethical. And as you can plainly see, you aren't even good at it. So quit now while you still have your dignity intact. We do not forgive, we do not forget etc.

7
0
Bronze badge
Grenade

what will Sony do?

Choose one of:

1. panic

2. restore ability to run Linux in next firmware version

3. create and support own signed distribution of Linux

My bet is on 1.

5
0
FAIL

Chose all that apply here :

1 - They will do it anyway in addition of other options

2 - Too late. This option changes nothing to repair or at least limit the damage they suffered, so why bother.

3 - Can't do that because they'll be in violation of copyright law. TiVo was doing that but GPL has been improved to close that loophole. Besides that, there's no point since nobody will want their signed/locked Linux distribution instead of running anything they please.

It is more likely they will try to come up with a way of revoking the key and deploying a new one hoping they will be able to control the much bigger damage this will cause to their reputation. Think of something like return your PS3 in exchange for a shiny new PS4 at no charge.

0
0

GPL

While there is a new version of the GPL that requires that code signing keys be made available if needed to load a modified version of the software, Linux is not using that version of the GPL.

0
0
Pirate

HA!

they make me laugh...

I know well from the home brew scene on the Wii that 'officially' they do not approve of any software that is used to play illegal copies of games to the point that while installing one hack to allow you to read and write to a USB hard drive that it asks you if you intend on using this software to play pirated games. if you say yes it then blocks the instalation of the software and refuses to allow you to re-install it untill you prove you have some legal games..

0
0
Pirate

titular agreement

Never saw that one, but I remember Ceiling Cat flipping the HBC screen upside down if it detected any cIOS, and announcing that he's "watching ur ISOz".

0
0
Linux

Damn, and I just gave away my PS3 to my nephews...

... as I never played games on it, got a new bluray player with a new sound system, but thought the path of retiring it to linuxhood was closed to me...

But it strikes me, it's taken this long since the PS3's introduction for this hack to come about, despite the presumed lure of being able to run counterfeit games from the start - could it be that no-one with sufficient ability was sufficiently motivated to try *until* Sony closed off the ability to put Linux on it?

Any chance Sony might learn the right lesson from this?

(falls over laughing)

7
1
FAIL

OK then...

What idiot buys the best console and then doesn't play games on it?

Are you some kind of moron?

0
1
Silver badge
Thumb Up

No doubt

there will be cries of "piracy" and Sony will no doubt attempt to fix this in yet another firmware upgrade, but the simple fact is this, Sony brought this onto themselves by removing the ability to use linux on the fat ps3. If this hack allows slim ps3s' to use linux then im all for it.

About time Sony had a bit of "the other side of the coin" after the root kit fiasco from several years ago.

5
0
Pirate

Just to clarify?

This is code signing... the ability to take a binary and sign it in such a way that the console believes that its from Sony, rather than the ability to run unsigned binaries.

I would think then that this just means effectively an OS/Homebrew market rather than the complete "rip BluRay", Share, burn BluRay, play as I would have to imagine that there is additional security on the disc, much like the way DVDs embed their signing information in the track 0 which isnt writeable on standard DVD +/- Rs but which you need something like a QFlix enabled burner and media to place the keys in the right place for.

So does knowing the playback key help you remove the protection to resign it to reburn to non-protected media? I'm not sure it does in this case?

2
1
Anonymous Coward

yes but

If one can install any piece of software it likes then there is nothing you cant do, DVD/BD security are but wee hurdels, think about it, does software exist on the PC that can do as you ask?

can Sony change the keys? well yes they could but its doubtful, software "A" made last year would have the key built in to allow it to run on the PS3, by putting out a firmware update removing that key would effectively stop all software from working that uses that key.

0
0
Linux

titular thingy

There are many keys used for signing different things on the PS3. At the moment, the Apploader key for GameOS hasn't been found, and Marcan and co. aren't in a rush to find it. So no Blu-Ray piracy yet.

This is not to say that the PS3 isn't completely 0wned, because it is. It's just that you can't pirate games on it.

0
0
Anonymous Coward

Bluray rips

> I would think then that this just means effectively an OS/Homebrew market rather than the complete "rip BluRay", Share, burn BluRay, play as I would have to imagine that there is additional security on the disc,

It is already very easy to rip bluray disks (and has been for years). The combination of slyfox (or dumphd), bdrebuilder and imgburn gives DRM free disks or ISOs (both standard bluray, and BD5 and BD9 which use standard DVD media) that play both on most BD players *and* on media players, such as the hisense 1080p and geexbox. (In fact the ripped disks start quicker and play more reliably on BD players than DRM encumbered disks.)

So, presuming that these keys would allow live linux CDs to be produced, then all it would need would be a port of these (or similar) tools to be included on a distro. (It would need to support USB burners and mass storage.)

But all it would do is move the work from a PC to a PS3. This doesn't change the landscape for movies.

However it does potentially change the situation for games. If someone successfully rips a game, then it can be played on any machine.

0
0

Har har...

Sony, you deserve it.

1
0
Silver badge
Pirate

Annual Chaos Communication Conference hacker congress?

Hmmm, there's a great idea.

Undertake underground illegal activity such as hacking and cracking, things that generally get the authorities and business upset, then once a year all gather for a beer in Berlin.

Or maybe I'm missing something.

Is the only way into the conference through a secret backdoor?

0
1
Silver badge
Pint

Zum Wohl

And Love Parades offer such perfect cover activities and captivating opportunities for sensitive applications, Velv.

Proposal seconded and virtually supported.:-)

0
0
Silver badge
FAIL

Sigh.

One more time:

Hacking != Cracking

Yes, cracking is illegal (usually in a civil rather than criminal sense). Hacking is the art of using a computer system for other than its intended purpose, usually in a creative way, and is usually totally legal. For example, making a hairdryer out of a toaster would be akin to hacking, manufacturing and selling knock-off brand name toasters would be akin to cracking.

As far as I am aware, the Chaos Computer Club (the group holding this conference) are a group of hackers, not crackers, and, quite rightly, look down upon crackers.

So yes, you are missing something.

FYI:

http://en.wikipedia.org/wiki/Chaos_Computer_Club

http://en.wikipedia.org/wiki/Chaos_Communication_Congress

1
0
Silver badge
Pirate

Legal question

Are Sony going to try and use the Computer Misuse act or DCMA to prevent this? Is restoring functionality that was removed after purchase a reasonable defence? The ramifications could be huge - who ultimately has control of a device after purchase?

1
0

To be fair to Sony

It's been out for 4 years, the Xbox was cracked about 20 minutes after release and the same with the Wii.

Now all the chavs who buy their XBox games from a man in a van can finally afford a PS3, woo to them, made up for you. You can now play all the games that people play after work, only you can do it during the day! Jeremy Kyle will be gutted he's just lost his audience.

2
1
Anonymous Coward

CyberSub

Replace or with on, on with of:

"The hackers uncovered the hack in order to run Linux or PS3 consoles, irrespective on the version of firmware the games console was running."

0
0
Troll

question

I've seen many flame wars where people claim that the PC is superior to the console, and in fact, the console is holding the PC back. So why are there so many attempts to open the console to home developers (who already own PCs)? and those attempts are always followed with "we want to program on it, we are not doing it to support piracy!"

If the PC is superior (and more developer friendly), why are home developers trying to program on an inferior platform? (without an SDK to use)

note, because I bought it or because I want to, is not the answer I am looking for. There is a better platform to develop on, and there are many pirates in comparison to homebrew developers. So why help enable piracy (even if it just a side effect) when you have a good platform to develop on?

P.S. I am looking for a honest answer from a homebrew developer, it is not my intention to start a flame war. And for the record, my own answer is: this method will enable me to make an English translation patch for Japanese console games that would, otherwise, never see the light of day in the west!

0
0
Troll

update

after reading the details about what have happened, I now realize that this will not enable piracy in any way. It will allow homebrew and nothing else (well, maybe unofficial commercial games?).

hummm... perhaps we will final get a PS2 emulator for the PS3? and perhaps people will finally get the MKV support that they have been crying for.

0
0
Silver badge
Boffin

Cell Processor

Yes, indeed the PC will usually be superior to most consoles; and on some accounts, it is still the case. The thing is that the PS3 carries a new kind of processor, the CellBE, that has a new kind of architecture suitable for heavy number-crunching. So while the specs on a PS3 are definitely inferior to a standard PC (256MB RAM? Ha!), the processor itself outruns most current-generation x86 crapcessors.

So while you won't see much interest on Wii Linux or Xbox running Linux; there is a large interest on the PS3 thingy just because of that processor. I don't really care much about homebrew, but I did enjoy tinkering around with the different programming model for the CellBE.

2
0
Silver badge

Answers:

"If the PC is superior (and more developer friendly), why are home developers trying to program on an inferior platform? (without an SDK to use)"

1- An impressing media center, including mp3, Internet on your living room and probably streaming content to other devices, and can double as a game console ;)

2- An inexpensive dedicated p2p client and/or server

3- The kid's computer. More than enough for websurfing, reading email and running some Office software . Almost no viruses. Small form factor.

4- Part of a , ahem, Beowulf cluster or similar system, useful for scientists, companies and universities.

5- ...

As for the lack of an SDK, my guess is that there will be several Open Source SDKs for this platform before the end of 2011.

2
0
Happy

Sony will soon fix this?

Well, how long will it take for Sony to fix this?? specially when how to hack instructions are public..

0
0
Silver badge

No fix for this

The key that was exposed is part of the ROM. The only fix they can do now is changing hardware stuff on the PS3 itself. EPIC FAIL.

0
0
Silver badge
Grenade

Sony Play Station TV Networking

Do you think Sony use InterNetworking World Wide Webs as their Prototype Play Station Master Provider of Virtual Machine IntelAIgents and NEUKlearer Intellectual Property?

A SMART Phormation of Great Phishermen and Glorious Perfume Gardeners ...... and a Heavenly Base for SMARTer Phorms of Programs with Virtually Activating Programming ..... SMART Enablement.

Or is the fiction too factual and verifiable and thus always in the excitement and danger of unknown secrets being pressed and pressganged into reality?

1
0

Page:

This topic is closed for new posts.