Sony has set the lawyers on hackers who figured out a way to run unsigned code on PlayStation 3 consoles without the use of a dongle. The hack, made possible by the discovery of the private key Sony used to sign its software, was demonstrated by a group called fail0verflow at the Chaos Communication Congress in Berlin late last …
It's my console
and I'll do what I want to...
annnnnd queue the...
PS4, sorry your PS3 disks wont work in it, but its a new model - honest >.> so you will have to buy it to replace the PS3
(PS now stands for Playing Sucks, my xbox 360 is nosily mocking from under my TV.)
from 2 sides.....
sony make money from software/game sales so i can see why they didnt want the console hacked easily like the wii and xbox. the fact it is still only almost possible after 4 years is a success for sony. after all i think they will release details for ps4 very soon.
@"... is the crushing pointlessness of DRM highlighted for all to see.
"Piracy BAD", yes maybe but you don't stop it by annoying your paying customers rather than the people you're trying to stop. Any more than you stop a charging elephant with a sheet of cling film."
- but the ps3 doesnt SEEM to have this BS. you can play all games offline. you can play almost all of them on any system (apart from the EA ones that require you to use a serial), meaning you can resell them (unlucky pc guys) and lend them to mates. the fact that the ps3 has been so well locked down has meant much fairer online gaming (no bots etc on ps3 online games - something that ruined pc online games years ago for me)
i would imagine that sony has made more money from game sales than wii and xbox due to their ease of copying games.
i can see how about 0.0001% of people who own a ps3 might be interested in linux on it but we all know the vast majority of hacking is purely to run copyritten games, meaning loss of income for sony. in the end we will all end up paying for that. look how many games do not make it to PC now as developers know their games will rarely be copied if playing on ps3 for example.
"i can see how about 0.0001% of people who own a ps3 might be interested in linux on it but we all know the vast majority of hacking is purely to run copyritten games, meaning loss of income for sony. in the end we will all end up paying for that."
A) 0.0001% or otherwise is irrelevant. They're Sony's customers.
B) The vast majority of hacking may be to run pirated games. I don't believe it is, but that's irrelevant. The most important hacking always comes from homebrew and/or Linux fans. They break the system to do what they want -- the warez junkies come in as a second phase, picking up what the homebrewers did and extending it. It's always a minor step, just as GeoHot took fail0verflow's hack and modified it to do more than originally intended.
Many people saw the original OtherOS option as a very shrewd move by Sony -- they gave the homebrewers and the Linux crowd an "easy in", which meant they had no reason to break open the OS or firmware.
And it worked pretty well -- without the assistance of the homebrew crowd, the dedicated pirates were on their own and didn't get very far.
With OtherOS still in place, the fail0verflow guys would never have gone to the effort of breaking the encryption.
>>A) 0.0001% or otherwise is irrelevant.
>>They're Sony's customers.
0.0001% of 40 million units is nothing.. if they wanted to run Linux they should have bought a PC. Aside from maybe 4 people in "ethical PS3 hacking scene" there are very few people who could code to take advantage of the Cell.
>>B) The vast majority of hacking
>>may be to run pirated games.
The only reason the PS3 has been hacked now is because of the PSJailbreak. The PSJailbreak is a device that is marketed as enabling piracy. The information used to pull off the PS3Jailbreak is going to be a mix of things discovered from what GeoHot did and maybe some leaked stuff. OtherOS was crippled from the start (probably to stop game publishers using it as a route to unlicensed games) and if these "ethical hackers" could have broken the crypto without the holy grail in piracy developments (The PSJailbreak) they would have done it ages ago.. they didn't.
>>The most important hacking always
>>comes from homebrew and/or Linux fans.
So that's why the most important hack for the PS3, the one that opened all the doors, was .....drum roll ... wait for it .... A PIRACY DEVICE!
>> the warez junkies
The warez scene used to break security systems long before it was cool be be an ethical hacker and make statements like "its a fail overflow, ignore the fact it took 4 years..."
Except that the PSJailbreak used an exploit that no one else seemed to have noticed before it was released?
>>Many people saw the original OtherOS
Yes, the whole 3 people that used it seriously got very upset.
>> no reason to break open the OS or firmware.
OtherOS was crippled from the start...
>>With OtherOS still in place, the fail0verflow guys would
>>never have gone to the effort of breaking the encryption.
Geohot did his initial stuff when the phat PS3 still had OtherOS.. he wanted to get access to the RSX GPU which isn't allowed in OtherOS (crippled from the start). And the ethical hackers may go on and on about "if we could run homebrew we wouldn't hack" but everyone knows that's crap. You could run homebrew in OtherOS, people were still trying to get around the GameOS security,... The Xbox360 has a development kit available... it still gets various hacks.
If they said "we hacked because we like hacking stuff" fair enough, but making it out as some crusade for freedom is really retarded. There is plenty of open hardware out there, don't buy proprietary locked down hardware if what you actually want is a bog standard PC.
cheats wont get a free run online
They can still do checks against online consoles in much the same way xbox360 or punkbuster do and ban their accounts. Bluray disks and writers arn't exactly cheap either so I can't imagine everyone is going to rush out and make copies in their homes. What this really causes a problem with are larger scale pirates and conterfeiters. Sony like other media producers have really shot themselves in the foot by their approach putting them at odds with their own customers.
As far as I'm aware, as it currently stands the only way to get 'jailbroken' firmware onto a PS3 is to use the existing mechanism that allows you to update the firmware via file on a USB stick. An 'official' firmware update that blocked the USB updating mechanism would block the ability to jailbreak.
As PSN blocks access to users who aren't on the latest firmware version you'd have a choice - upgrade & lose your ability to jailbreak or not upgrade and lose your ability to play games online & access the PS3's online services.
I guess then we'll find out how many people ARE actually interested in this hack 'so they can run homebrew'.
As to the legal stuff - I don't think Sony will get anything from it but I don't think they could afford not to do it. Either way it probably won't get resolved any time quickly.
Not homebrew, Linux
I don't give a flying fudge about homebrew. I do care about Linux on the PS3 though. Give me that and I'm happy.
That won't work either
This usb blocking can be by passed by creating a "front end" on top of the firmware. This front end gets loaded first at boot time and asks users if they want to update, if not, it boots the firmware that is loaded. But if you loaded the new firmware without the "front end" you could be screwed.
@ AC No#
No you don't.
Check out psgroove. You'll see Geohot and failoverflow have their hack running on 3.55 firmware. Why would it need to be jailbroken if they have the master key?
The sad thing is
They did this to themselves.
It was pretty clear Geohot was bullshitting first time around which in turn got the OtherOS removed. Had Sony have simply boosted security without removing the OtherOS the PS would remain unchallanged.
What would have been even better is post the 3.4 Jailbreak hack sony re-introduced OtherOS in 3.55. Again hackers would have stopped messing about just as quickly as they'd started it.
Hey ho. I plan on getting a second PS3 as mine is horrifcally noisy. My original will be used as a dodgy box with proper MKV support (it'll happen with homebrew) and an emulator.
No pirates were harmed in the making of this post.
How do you copyright an encryption key?
Perhaps Sony could publish it in the public domain so we can all check that the one's we use don't infringe their copyright.
Of the dyslexic trolls.
George is 21, not 12.
I suppose it's understandable
I don't agree with the steps that Sony are taking - it's likely to reflect poorly on them whilst ultimately only acting as a temporary fix.
That said, I imagine that Sony are under significant pressure from the developers who target their platform. Ultimately the profitability (and survival) of their console is dependent on having games publishers who will develop for their platform. If someone else's platform appears to be less prone to illegal copying, the games publishers might go elsewhere.
So maybe the whole industry is being a bit greedy at this point (just like the music industry has been for years), which is driving what might seem like very backwards behaviour, but ultimately I suppose it's the just economics of the situation, and a whole chain of companies acting in their best interests due to external pressures.
It's not logical
It appears Sony believe they can sue people who cracked a console because what they've done may be used by others for immoral/illegal purposes. Good job Einstein's dead then, or Japan might be suing him for his work that helped develop the nuclear bomb.
Also, if the fix is easy for Sony to implement, as some are suggesting, why are they going all out to to suppress any code or keys the hackers may release? Equally, why are't they using marketing as a heavy propoganda weapon to dissuade PSN users from running pirated software with the threat of expulsion from the online service? It doesn't quite add up.
The only thing that we can safely say at this point, is that a lot of bullshit is being spread around by the opinionated few. But that's why we read El Reg, isn't it? :)
Re: jailbreak & updates
The original jailbreak for PS3 only let you run unsigned code on the console. While there were programs that could poke around the flash that hosts the console's firmware, you couldn't change that flash, because that would invalidate the signature, and the bootloader would refuse to boot the firmware the next time you'd turn on the console.
The hackers who named themselves fail0verflow started with just porting Linux to the jailbroken PS3 and looking for a way to boot it without having to do the jailbreak every time (since that requires you to unplug the console, then plug it in again, turn it on and press Eject). In doing so, they found out that Sony did an amazingly stupid mistake in their cryptography, while allowed them to derive the private keys used to cryptographically sign the packages. And geohot then used an exploit to get the bootloader code, and from there the key that's used to sign the firmware (this key is stored in ROM and cannot be changed on current consoles). Since he published that key, this means that now anybody can create a firmware update that a non-jailbroken console running any current firmware (that is up to 3.55) will accept as valid, and update itself to it. There is nothing Sony can do about this. They may somehow strengthen the security in a future firmware upgrade, however if somebody finds a security hole in one of such future firmwares, any currently existing console can be jailbroken again (Sony can and probably will update the bootloader in future consoles so that unofficial firmwares won't work with them, but this will have no effect on consoles that are already out there).
SONY 0 - HACKERS 1
No chance this will stick.
Sign me, play me, sue me.
Reading through the complaint Sony submitted chucks up several nuggets, in fact the whole thing reads like a hastily chucked together mess. Highly entertaining, I'd suggest you go read the whole thing yourself.
"47. Through his January 2, 2011 posting, Hotz enabled software pirates to create and sell unauthorized copies of the SUBJECT WORKS, falsely authenticate those copies and play the infringing copies. Indeed, software pirates using these Keys could write code that will allow them to falsely authenticate almost any unauthorized software and run that software on the PS3 System. Consequently, unless Defendants are immediately enjoined, users will be able to copy, create, sell and play unauthorized or pirated games without limit."
Sounds a bit like a confirmation the horse hasn't just bolted out of the gate, rather legged it to Aintree, galloped around the racecourse a few times, taken the trophy and prize money, then retired to an easy life in the Costa Del Sol.
"Sloppy cryptography by Sony meant anyone might be able to bypass copyright controls and sign their own code so that it ran on the console."
And what other kind does Sony exhibit (ref. the Sony rootkit)?
Has it damaged sales ?
Xbox and Wii have been cracked for how long exactly, yet they seem to enjoy very healthy sales figures. I'm pretty sure a bunch of people buy a console because it HAS been cracked so that they can supplement the games they can afford to buy, with some extra ones they can't.
Of people with hacked consoles, I can't think of a single one that doesn't buy any games at all.. But several did get one because it WAS cracked.
Developers Developers Developers Developers
Yes, hardware sales increase, but the sale of GAMES is what they're worried about. Developers might just decide to stop making games if they lose too much money to pirates, and without games where would the console market be?
FW: Has it damaged sales ?
well it has the potential of damaging sales of GAMES. That's the actual source of income for Sony as they have a slice from every PS3 game sold. Hardware alone isn't (very) profitable.
File size != anti-piracy measure
"As far as piracy goes, Sony could ask game developers not to compress data on the blu-rays, which could deter pirates who don't want to download 50GB files every time they want to grab a game."
Blu-Ray Burners are less than US$80 now and DL BD-R discs can be found for less than US$10 (in bulk).
I remember when CDs were new and people said music couldn't be pirated because the file sizes were so big. Then again with DVDs... So how's that working out for everyone?
Who is the real fraud
What kind of assurance did Sony give to game publishers with regards to security?
Is there a way in which their poor (obscurity) implementation of security could constitute fraud on their part?
Where do I donate to his defence fund?
Seriously, I takes me hat of to the guy. And don't get all hoity-toity "ethics" with me, we /are/ talking about the same Sony that once owned your CD drives through a rootkit.
Ways to stop this madness
1. Throw out NetFront and replace it with a WebKit or Gecko based browser, and throw out FlashLite and replace it with a full-featured version of Flash (or Gnash). NetFront is incredibly failtastic. I can cause the console to hang just by visiting the Acid3 website (this was a few versions ago tho. Don't know if they fixed that). Furthermore, many flash-only sites fail to load on the PS3 (yes, you can argue that it's the same for the Wii, Jesus Phone and Fondle Slab, but then those aren't 1080p display devices. And in the case of the Jesus Phone and Fondle Slab, at least the Acid3 site doesn't freeze up the phone). Heck, Sony has promised that it would ditch NetFront in the past, and yet it still hasn't.
2. Provide a legal homebrew development SDK to the public like Microsoft does with the XBox 360.
3. Reinstate software BC for PS2 games.
In any case tho, the cat's already out of the bag, and it can be argued that Sony had only brought this upon themselves by removing PS2 BC, then OtherOS. And oh, selling Japanese games in a market where no one understands Japanese.
Geohot not a member of FailOverflow
George might not be a member of FailOverflow but he worked with them (or most of them) before he was kicked out of the original iPhone Dev Team for doing just what he did with the PS3, doing his own thing and releasing early without thought of the consequences.
It never ceased to amaze me just how few people have the skill to actually do hacking at this level.
They are very, very clever people and I hope that this case fails, but I hope more that none of these guys actually gets a job with a console/phone maker - then we would have fail proof security!
This will probably play out like the DVD CSS algorithm
At the end of the day the PS3 security system will probably be an open secret. It will be easy for anyone to find the information if they look for it, but no one can make use of it in legitimate ways. So if anything, it will prevent game publishers from signing their own game releases and continue to pay Sony to do so.
As this is a US law.......
It may be US law, but the original presentation was given in Berlin
What's the Defense Contract Management Agency got to do with this?
This is the company who once threated to sue me for taking an American purchased laptop overseas...
The defence can be the killer ...
If the Defendants were to disclose the crack in their defence documents, sending a copy to Sony's lawyers by the slowest means possible, then file an affidavit of service with the document attached, tipping off reporters, Sony wouldn't have time to have the Defence sealed.
Don't these guys have something better to do, like sell consoles?
Sony seems pretty opposed to the idea of actually letting paying customers own the hardware they buy. Do they suppose they can treat physical goods like DRM-infested software and act like customers who paid hundreds of dollars have not bought the right to do as they please with the physically extant chunk of transistors and PCBs they shelled out for? Too bad Sony aren't the only ones.
However, Sony's pretty naïve if they think that suing their own paying customers--who are paying quite a lot, to boot!--is going to earn them such respect and obedience that people will stop circumventing the shoddy copy-protection measures they've introduced at the expense of even legitimate users. Worked great for Apple and Microsoft and IBM and DEC and...
They're a bunch of obnoxious beancounters who wish they could sell something and still own it themselves. Sorry, dickheads. That's now how selling things works. I'm sure they could be greedier, but they'd really have to work at it.
I bought my fat PS3 over a year ago, back when it was still $399 here in Canada. Its price was about 25% more than an Xbox, but I chose it because I didn't want Microsoft (a sort of "stick it to the man" attitude). I had no idea it could run Linux too, but when I discovered that I was thrilled, and decided I'd give it a try at some point (been a Linux user for many years now). When the new update required me to give up the "Other OS" option, I declined it, and have stayed with the previous firmware version ever since.
Needless to say, since then I haven't been able to log on to PSN, have lost access to whatever money I had in that account, and (most importantly) I haven't been able to play any demos. But I felt their attitude as oppressive, unjustified, and until now I think it was a small price to pay for freedom.
I'm sure Sony couldn't care less if they found out about my little rebellious act, but when the Xbox 720 and the PS4 will come out, even though Microsoft is no angel either, I'll think twice about which console to choose.
Or, I might just stick to my good old MAME emulator.
How to get downvoted in this thread
How to effectively rack up lots of down votes in this thread:
1) Mention the fact that piracy is bad.
2) Locking down a platform to stop piracy is good.
3) Locking down a platform to stop cheat is good.
4) Having a locked down system that enables easy exchange/trade of games you own is good
5) Pointing out that Linux on PS3 was useless anyway for homebrew as you didnt have access to Sony's grahic libaries
6) Pointing out that loosing Linux was worth it if it maintains points 1-4 for the MAJORITY of people
Seems the downvoters are either XBOX owners who really will downvote anything that endorses anything that Sony does or PS3 owners who are so stupidely idealist that they dont appreciates that regardless what Sony's motive is, Sony's policy actually protects the majority of PS3 owner's interest (points 1-4).
I didnt like it when Sony decided to remove the Linux option. I'm a software developer and I loved the idea. But in truth I didnt put it to any use. Other than maybe turning the PS3 into a decent web browser it didnt have much application for domestic use (I have no interest in wiring up 100 PS3 together to number crunch).
What many people that keep bleeting about their civil liberties and their "freedom" dont appreciate, is that when you provide people suitable "freedom" it gets abused. When that happens we ALL loose out. If you use Law / Policing as an analogy, you will appreciate that removing both will actually mean you loose a lot more rights then you gain. You will loose the right to be safe for one that tends trump most other perceived freedoms. Same goes with the console lockdown, either grow up and get back on your XBOX, dont care which you going to downvote me anyway.