back to article Newest PS3 firmware hacked in less than 24 hours

Hackers say they unlocked the latest firmware for the PlayStation 3 game console, less than 24 hours after Sony released it in a desperate attempt to stuff the jailbreaking genie back in the bottle. Sony announced the release of Version 3.56 on Wednesday. That same day, game console hacker Youness Alaoui, aka KaKaRoToKS, …

COMMENTS

This topic is closed for new posts.

Page:

meh

Im running 3.55 custom firmware and on PSN right now, just use one of the proxies that basically reports back to PSN that your on 3.56 when you really on 3.55 and your in.

2
0
Anonymous Coward

Not likely for long though

Once PSN requires you to download and run their little bit of authentication code you're toast. Either you let it run, in which case it fails and your PS3 get banned, or you block it, in which case you don't get on PSN, and maybe get banned as well.

This is going to be really hard to get around, though not impossible, as they can change what the code is doing at any time, or even every time thus making it very hard to fake.

0
0

That will not continue to work...

Several sources claim that 3.56 makes the PS3 far more tamper evident and that the PSN authentication process now interrogates the PS3 using encrypted calls. If this is true (which is likely), PS3s without the ability to reply properly to the encrypted challenges will be detectable by the PSN authentication - and ban-able.

1
0
Thumb Up

For the monent...

Are you an idiot? Clearly Sony are letting you in via a proxy to identify you prior to the ban hammer falling....

2
0
Silver badge
FAIL

Quote..."

Version 3.56 also introduces a significantly re-engineered private encryption key that makes it next to impossible to roll back the update. PS3 users with older firmware are required to update if they want to continue using the PlayStation Network"

For about a week......

Sony 1, Hackers 1.

www.eurasia.nu

0
0
Stop

Wake up Children,

When OtherOS was on the fats, no one cared.

When OtherOS wasn't on the slims, no one cared.

When Geohot used OtherOS to start hacking into the PS3, Sony took action. And when other attempts were made to hack the PS3 via USB devices, Sony again took action, and now they're doing the same thing again.

Sony was never the aggressor here, they're trying to protect the system. As someone who owns two PS3's, I'll be happy if they can continue to attract developers and my online experiences aren't marred by idiots that are able to use their hacked system to ruin my experience.

3
8

wow

And I thought I _bought_ my PS3. Partly bcos it could run OtherOS. Now, suddenly, it no longer can. Can I get my money back please? No? Oh.....

And please do tell how would a PS3 with a custom rom "ruin your experience"?

1
0
Silver badge
Grenade

Call to protect my ruined PS3 experience spotted, film at 11

The paycheck from Sony will clear, I'm sure.

1
0
Silver badge

Correct me if I'm wrong...

...but since the PS3's root key is fixed and sits at a level below the firmware, how can the firmware be blocked against a rollback by use of the root key?

0
0

Because the root key is not the private key - they are two separate keys.

The root key is completely unknown and is only used by the SPV code. The private key that was compromised by Fail0verflow is used to sign (authenticate) all SELFs, including firmware updates. The 3.56 firmware effectively retires the old key and requires a new private key. The old private key used to authenticate SELFs was compromised due to an egregious error in coding the authentication routines that allowed the actual private key to be reverse engineered. Without that glaring error in the authentication code, fail0verflow would likely not have been able to determine the private key in use, nor break the chain of trust in the way that they did. That's not to say that it's impossible to do, it's just very difficult.

However by retiring that old private key and firmware 3.56 forwards requiring a new private key is used to sign SELFs, Sony effectively plugs that gap. What no one figured on was the ability to make the firmware require the same new private key for an update. This makes it difficult to downgrade the firmware to a hacked firmware revision, and the requirement for a new private key makes a custom version of 3.56 extremely unlikely for now.

The root key is not the private key often spoken of, nor is it a unique system identifier. It's a hardware key buried inside the CPU that is not readable from the outside and is used to encrypt the code that runs inside the secure processing vault. That program code only exists in an encrypted form and is only ever decrypted inside the SPV. There is no way to force the SPV to dump it's local store or divulge the secrets because any interference with the SPV causes it to reset and clear it's own memory. To say that the root key in the CPU is restricted knowledge is to understate it greatly. This was a fundamental part of the CellBE design made by IBM.

5
0
Silver badge

So...

The firmware update needs the root key in order to run. Otherwise, to quote Spike Milligan, you'd be trying to "open the box with the crowbar you will find inside". Which means someone savvy enough can DISASSEMBLE the update (and it has to be offline because it's going into discs as well) and tear it apart. The new key will be in there somewhere. Once they learn that new key, it's back to square one.

Plus you can't retire the old keys. Otherwise, you can't run old games. And whitelisting can be prohibitive considering how many games and apps already exist for the PS3. Not to mention a rooted PS3 can simply "fake it".

0
0

Not quite. The key isn't in the firmware update.

The root key exists only in the internal circuits of the CPU, no where else, except Sony where it's used sparingly to encode very small amounts of code for the SPV (Secure Processing Vault). Remember that the root key is not the same key as the private key. They serve two entirely different purposes.

The private key used to sign a SELF file does not exist in the firmware update either. The signature and authentication of an executable is a two key process. The private key is used to create an authentication signature that is added to the executable file. The PS3 has a public key that can be used together with an appropriate program to authenticate the signature. That means that the PS3 can determine the signature is authentic, without decoding it. The private key is never on the PS3 at all.

The reason the private key was obtained before is that there was a quite inexcusable coding error in the programs that authenticate the signature. That, several different signatures that could be authenticated with the same public key and an extensive analysis of the signature authentication code allows some very clever mathematics to be used to reverse engineer the private key.

This time however, there is no inexcusable coding error, the algorithms have been changed and hardened, and the new private key remains secure.

2
0
Stop

Good to see someone that knows what they talk about here

All the other 10yr old pirates, and hacks seem to be just fed by some random website and believe everything that's written.

How many times did I hear that the PS3 is now wide open and irreversible, when it was the exact opposite.

Still it makes it easy to filter the BS websites that's know what they fuck they are talking about, and believe everything they read on a forum, from those that DO know what they talk about.

0
1
Silver badge

But still...

...but what about the old games? They still have the old broken signature system, and you can't apply the new signature system to them (since they exist on read-only media) without a (pretty big) whitelist. So how do you keep hackers from simply using the old signature system?

0
0

You can't...unless there is an update to the game.

The whitelist would only consist of hash signatures, and Sony has all of those. There can't be that many games that they'd have to include on such a list, so it's doable.

If there is a game update, it will use the new key. the PS3 will only download and execute it if it uses the new key for the signature. So when your older game is patched with the new code, and therefore the new key, your game requires official firmware to work. Of course since you have to connect to PSN to download the patches, you will already be running the real firmware anyway.

Incidentally, when you think about the use of a new signing key. Sony will have gone through a process of re-signing all executables available over PSN, and any re-prints of games, or greatest hits versions will be resigned too. Not a trivial undertaking.

1
0

Research please. This article completely misses the point

Sony changed the private key and fixed the key authentication process. They also blacklisted Home brew and CFW already in existence.

Because of the new private key - used to sign this firmware and all future executables, it's hard to downgrade from 3.56 to an earlier firmware or custom firmware. Without the new private key, it's impossible to sign executables or firmware that will run under 3.56. Sony is also said to have updated the secure processing vault, no one is sure what with. In addition it's said that PSN and PS3 now user a more exacting authentication protocol that makes the PS3 be a lot more tamper evident, so without the new firmware it is increasingly difficult to get on PSN.

3.56 does a lot more than you think. but this has been known for days, and the hacker you mention has since tweeted that he's not looking at 3.56 right now and is concentrating on CFW based on 3.55 and Homebrew software.

4
0
Silver badge

Thing is...

...to upgrade 3.55 (which HAS been taken apart top to bottom), you need to authenticate it with 3.55's key. Basically, you need the old key to put in the new one, but doing so allows the new one to be extracted, doesn't it?

0
3

No, because the private key doesn't exist in the update, only the signature does.

private/public key encryption allows both encryption and authentication. A public key cannot be used to create a new encrypted message, but i can be used to authenticate that a message received is authentic.

Once firmware 3.56 is installed, there is no easy way back. Firmware 3.55 can install 3.56, but the new private key doesn't exist in the 3.56 update.

1
0
Megaphone

Shhhh, that real news is nowhere near as newsworthy as this BS.

God its depressing how stupid people are (including the press). This story stems from some random chatter on IRC... Do you know how pathetic that is? Does anyone actually know these people? This is 10000x worse than "some bloke down the pub said".

The fact that previously credible news sites are muddying their name on this tripe is frankly incredible.

Originally Posted by IRC:

Jan 27 14:44:32 3.56 has nice new stuffs in there

Jan 27 14:44:43 like remote code execution upon login

Jan 27 14:44:45 They will just release patches so people who have hacked cant go online

Jan 27 14:44:46 yummy

Jan 27 14:44:50 WAT

Jan 27 14:45:00 RFE built-in the fw!?

Jan 27 14:45:25 3.56 pretty much has a built in psn rootkit

Jan 27 14:45:30 dude, that's the only stuff i'd be afraid of

Jan 27 14:45:31 don't tell me I haven't warned you

Jan 27 14:45:43 psn rootkit ?

Jan 27 14:46:05 but if we could rip-off the fw that ***** would be erased

Jan 27 14:46:20 that was the only thing stopped sony to _auto_ update your fw

Jan 27 14:46:22 noone it's not that simple

Jan 27 14:46:29 the server awaits a proper reply

Jan 27 14:46:34 and that reply isn't in the firmware

0
0

Any bricking reported?

Friend of mine is the manager of a store that buys and sells games/consoles/whatever, PS3s included. He's been telling me that some of the older, fat PS3s have been bricking with this update applied. Any truth to that?

0
0
Anonymous Coward

Not bricked

blocked. Big difference....

3
0

CFW bricks fat systems. 3.56 doesn't, however....

If you're updating to 3.56 from a custom firmware, there is a chance that the custom firmware could screw something up and your system will brick. That's why people are better restoring back to an official firmware before upgrading to 3.56.

Also, as the other poster here points out, a console that is banned, is not bricked.

2
0
Troll

Re: Any bricking reported?

I have the fat version of the PS3 (UK, 40GB, yes the older ones) and it was not bricked by the update. It works very fine with the new update.

note, didn't install the modified firmware, only used the _official_ ones.

0
0

Why do they bother?

Seems that their time would be better spent helping with Linux or *BSD, or whatever -- rather than just trying to get Sony to sue them but, in the mean time, actually helping Sony to sell consoles.s

Sony told the world that you do not own your console, you rent it. After that nobody should be helping them at all.

0
3

You own the hardware. You do not own the software...

And you most definitely do not own the network. Sony owns the network and licenses the software to you under terms and conditions of use that prohibit any kind of hacking or modification of the system software. If you want to take your PS3 and turn it into a Foreman grill, Sony doesn't care. Sony only cares when you start to chip away at the foundations of their system/network security. A compromised PS3 certainly represents a threat to the PSN, so it has to be dealt with.

No where does Sony tell you you can't do something with your hardware, they only set the terms of the software license you agree to for the system, network and game software. Fry your hardware if you like, Sony doesn't care a jot.

5
2
Terminator

maybe so, but

Is that clearly stated on the packaging? Can they then change the terms under which they leased me that software? Is there a license agreement (a physical copy in the store) that I can read before buying the console? Can I return the console when they _do_ change the terms (like when OtherOS option was removed)?

This is soo evil and is getting more so.

2
1

Nowhere? Really?

So that's why they release that open edition of the system software?

No PSN but run what you like?

Or even bootloader documentation so we can put linux on it and be done with it?

Sure Sony are telling you what to do with it, and trying to prevent you from using your hardware as you see fit. At every turn.

0
1

@David Hicks

So, they're good because they allow you to install another OS _or_ use the console for playing games? Are they really good because they did allow you to do both but now they don't?

Or are they good because it wasn't them but a court which seized Mr. Hotz's computers, as well as his PS3, because he worked out how to run unsigned code.

Defend Sony all you want, I'm sure they are only protecting their business interests, but for fuck's sake don't pretend they're allowing you freedom when using their product.

1
0
Linux

@Cameron

Sorry, sarcasm doesn't always come across well on the internet.

I was protesting that no, they're not good, they don't let you do what you want with your hardware at all, and that this sucks.

I wouldn't have such a huge objection to the whole thing if they released an easy way to run an alternate OS, from the ground up, so at least you could use the hardware in the way you wanted. Instead they do their damnedest to make sure you can't run your own stuff on there at all.

0
0

Oops...

Seems my sarcasm detector failed there and I read it the other way around. I turned Dave into the guy from The Mary Whitehouse Experience.

0
0

3.56 is not hacked yet.

If it was hacked there would be custom firmware based on it.

0
0
Anonymous Coward

Pleese esplane, signore,

how come you call gitorious.com "underground"? Was it because it wasn't founded by an american? What?

1
0
WTF?

So exactly how much of this console is used for entertainment?

The PS3 is like a lot of modern equipment; the bulk of the engineering seems to be going into some kind of copy protection arms race rather than actual product features. I'll admit that the graphics look nice, the games are fun but I just can't be bothered spending my money on this kind of junk.

What Sony and their ilk don't get is that people aren't really interested in breaking copy protection to pirate games and so suck the financial life blood from them. They do it "because its there" -- they pose a challenge, people rise to and meet that challenge. It really doesn't matter if people run alien software on those consoles; this is always going to be a minority activity and will have minimal negative -- and potentially -- positive impact on their bottom line. But they just don't get it.

3
4

Sure, Fail0verflow might use that excuse

But as soon as they do the hack and release it into the wild, millions of snotty nosed youths jump on it as their chance to have free games. If some hacker group wants to completely hack a console and demonstrate their total mastery of the hack. That's fine. If you're only doing it because it's there, great. Call a press conference. Announce it, prove it. But after that, you're done, you're on to the next mountain, so why not say, give the information to Sony instead of letting the snooty nosed youths of the world steal games with your knowledge?

I also have to wonder, is it really that massive an achievement? It has always been easier to tear down rather than build up. If the 'hackers' are so bloody smart, why are they not working for 6+ figures making something instead of scratching around to destroy something?

9
2
JBR

crosswords

When I finish the cryptic crossword, like the git I am I make sure the office knows it. It's done for the challenge and the egomania. DRM is up against human nature and will fail eventually every single time as the user has both the encrypted text and the key.

3
0
Troll

destroying what exactly?

The point is to regain control over the hardware. And as someone who has used pirated software I can tell you that I have stolen from noone. Nobody lost a single penny because of me because I couldn't afford original games. All my money went into a few music CDs. Now that I can afford it I find better ways to sink my money and time.

Is breaking the PS3 security an acchievment? Hell yes!!

2
1
Silver badge
FAIL

Okay then...

"I also have to wonder, is it really that massive an achievement? It has always been easier to tear down rather than build up. If the 'hackers' are so bloody smart, why are they not working for 6+ figures making something instead of scratching around to destroy something?"

Here's an example of why you are exactly wrong:

Say Alice has some confidential data that she does not want to fall into your hands, but wants to pass to Bob over an unsecured network. She can arrange for Bob to create a pair of encryption keys, known as a private and public key. Bob then sends the public key to Alice and Alice uses this to encrypt the message. Only the private key can be used to decrpyt it, so the encypted message can be sent safely between Alice and Bob. The only way you can work out the contents of this message is for you to reverse engineer the encyrption algorithm to obtain the private key. Modern encryption makes this very difficult.

So, in summary: encryption (build up) = easy, breaking encryption (tear down) = hard.

People who are able to figure out the flaws in such algorithms are generally very clever people, who are already likely to be earning six-figure sums. Unlike you.

2
0
Stop

@Loyal Commenter

So, the original work done by Ron Rivest, Adi Shamirh and Len Adleman (and independently by Clifford Cocks) to develop the theory and algorithms behind public key cryptography was easy was it?

As for the easy vs hard argument, cryptographers (the builders) and cryptanalysts (the breakers) have an equally difficult job. However, I would argue that the invention aspect of creating a new cipher makes the cryptographers job that little bit harder.

0
0
Anonymous Coward

Here, have some letters...

Meh. Steam + PC == high definition bliss.

1
1
Thumb Up

good

I do hope Sony manage to nail this...

Whilst being able to run homebrew might make a small minority of users happy, completely opening it up pirated games will only lead to degradation in the user experience for everyone. Aim bots, wall hacks and the like running on hacked firmware (as is already happening) will ruin the game for most people who just want to play and enjoy themselves. Being able to run pirate games will also affect the publisher's margin, as each unit pirated is a sale lost, and so also the developer - and if a platform is seen as eminently pirate-able, then that will affect the developer's willingness to make platform exclusives.

I remember the guy from Crytek saying that if Crysis had been released on the consoles as well, it would have sold 4 million more copies, which is why Crysis 2 is being released on consoles as well. Exclusivity is a big selling point for the manufacturers, so if developers aren't as willing to develop exclusives, then that will affect the manufacturers bottom line.

So Sony can't really just sit back and let it slide, they have to make sure that piracy doesn't happen. The problem is that whilst they are firefighting with the security issues, that is time that could have been spent improving the user experience - although any niggles with the system I have aren't an issue compared to some idiot using wall hacks or aim bots ruining my game.

2
1
Silver badge
Pirate

Sir

" as each unit pirated is a sale lost"

That's a very crude assumption.

When I were a lad, I used to obtain copies of games to play because I didn't have enough money to buy the games, so there was no lost sale, just someone playing their stuff for free. If you could have taken those copied games away from me, it wouldn't have generated a sale.

When I earned enough money, I bought the games - no need to pirate.

Your statement is an incorrect absolute I'm afraid, as I am the exception to the rule, and I'm sure there are others.

Yarrr.

5
0

Crysis 2 on the 360

That's going to be hilarious. The 360 wouldn't have coped with the first game without some toning down or bits being ripped out, so God only knows what the second one will be like. With any luck it won't end up like Deus Ex on the PS2...

1
0
Thumb Up

I am guessing Youness...

is a fan of Toriyama's DragonBall :D

0
0
Anonymous Coward

Sony's legal moves

"The hack underscores the futility of Sony's legal maneuvers. It came 24 hours before a federal judge ordered the seizure of computers belonging to George Hotz"

Well, even if Sony's case against Hotz comes to nothing, they can certainly make his life hell for two years before the acquittal finally comes through - as has already happened. That ought to be enough to make sure others reconsider whether to get involved.

0
1
Thumb Down

Something smells here..

acquital means 'not guilty'. so you're suggesting that it's entirely legitimate for a corporation to make your life hell for two years for something you didn't do.

Welcome to Megacity One.

1
1
Boffin

'as each unit pirated is a sale lost'

Hmmm not sure I agree with this.

Pirates can have hundreds of Games installed and ready to go but rarely play any more than a few core games.

So just because they pirate a games doesn't mean they are willing to fork out £40+ for it or even play it. So no sale lost. Maybe you could stretch to potential sale missed. You can't lose something you never had in the first place.

Although I do agree with the statement above about

'completely opening it up pirated games will only lead to degradation in the user experience for everyone. Aim bots, wall hacks and the like running on hacked firmware (as is already happening) will ruin the game for most people who just want to play and enjoy themselves'

There is nothing worse than playing a game with somebody cheating. So Sony should be able to protect their network and customers from cheating bastards.

No real point just a thought. Don't own a PS3 - PC+Steam its the only way to be sure.

2
0
Anonymous Coward

Not 'one sale lost' but..

I have plentry of cash to spend on video games. I moved to the US a few years ago and took my Wii with me. Because of the region change I decided to get it chipped so I could play both my UK and US games. Since doing that the amount of Wii games I own has increased by about 30.. The amount of those I've paid for is maybe 2 or 3.

I have a PS3 too and I have probably 20 games for it, all legitimately purchased. When I saw the news of this jailbreak I know that it would be bad. Sony need to figure out a way, like Microsoft, to start banning consoles that play copied games. Lets not see it waste away like the PSP.

0
1
FAIL

Hackers

This whole situation is pathetic. When the iPhone was hacked it was a godsend at the time because there were so many things the iPhone was capable of handling that Apple strictly locked down for little to no reason at all, like the ability to record film on a 3G, using blacklist tools to stop people calling you or texting you, flash support, etc.

It's quite obvious that the only people running this custom firmware are doing it either for piracy or to ruin online games with their aimbots or stat modifiers. Just look at what they've done to Modern Warfare 2... Completely ruined. Whilst it's true that people SHOULD be able to do what they want with their own hardware, more often than not it's for illegitimate reasons. What are people seriously doing with their PS3's that it couldn't do already?? Run Linux?? Please... The majority of people I'm sure who own a PS3 have a PC...

You buy a game console for it to run as a game console... You don't buy a cheese sandwich expecting to clean your house with it.

If people want to hack their system then fair enough but I hope Sony find these people and keep them off the network.

0
2
Stop

Sony needs to stop this

I hate these kids who hack into consoles and games, spoiling it for the rest of us. Sony developed the console, spent a fortune doing so, and regardless if you "own" it or not, you dont "own" the code or development or property rights that went into it.

I really do hope Sony come down hard on these people and can fix the issue. The jailbreak will only serve one purpose and thats so little kids can pirate each others games. I believe the hack also allows you to rip games to the HDD.

Was only last night I turned on my PS3 to have a game of MW2 to find the game had been hacked, couldnt even have a decent game, so I turned it back off after ten minutes, oh, and another ten minutes while I waited for the update to the console to install.

This idiots are spoiling it for the rest of us who want to use our PS3's legitimately. Hopefully Sony will catch them and lock them up in a room with some Lego for the rest of their miserable lives.

0
2
FAIL

They have stopped it

There is no way to play pirated games AND log into PSN. When Killzone3 arrives, you will have to update, or nor play it, ditto Uncharted 3, Portal 2 and the tonnes of other killer PS3 titles this year.

Sure you can get left behind to play old games, but i'll be enjoying new stuff, and the system has been locked down to ensure only legitimate users can do so.

Ignore the headline grabbing news that the firmware is hacked, it's not.

0
1

Page:

This topic is closed for new posts.

Forums