back to article Sony tweets 'secret' key at heart of PS3 jailbreak case

An official Sony Twitter account has leaked the PlayStation 3 master signing key at the heart of the company's legal offensive against a group of hackers being sued for showing how to jailbreak the popular game console. Kevin Butler, a fictional PS3 vice president, retweeted the metldr key in what can only be assumed was a …

COMMENTS

This topic is closed for new posts.
  1. Graham Marsden
    Coat

    But...

    ... will they now try to prosecute the people who are discussing the Tweet...?!

    1. Anomalous Cowturd
      Joke

      I've already handed in my computer...

      And both eyeballs!

      Luckily for me I can touch type on my air keyboard ;o)

  2. Reverend Brown

    The title is required, and must contain letters and/or digits.

    Sony Legal adds vetting posts for the PR droids to their job description?

  3. Anonymous Coward
    Dead Vulture

    "leaked"???? really?

    > An official Sony Twitter account has leaked the PlayStation 3 master signing key

    I wouldn't call this a "leak". He didn't go into their secret source code, find the secret key, and post it to Twitter.

    Someone posted a tweet directed at him with a random-looking string of hex and a cryptic comment. He obviously didn't know what it was, but thought the hex numbers looked a bit like the co-ordinates you use on a Battleships board. So he replied with a slightly lighthearted reply. And the Twitter program also copied the original message in his tweet.

    Obviously, as soon as it was pointed out what the number was, he removed the tweet.

    I don't think he actually did anything wrong. There was no way for him to know what the number was. It's not like people memorize the number. And as a Sony employee, he shouldn't have access to Sony's copy of the key, and his employer would probably prefer him not to read sites about hacking Sony's copy protection.

    1. Anonymous Coward
      FAIL

      He didn't go into their secret source code, find the secret key, and post it to Twitter.

      Proove it!

      He published the key where he got it from is not relevant.

    2. sabroni Silver badge
      FAIL

      Possible rational explanation?

      downvote that shit! We don't need that sort of talk on here!

    3. David Hicks

      I donh't think he did much wrong either

      But given what's going on at the moment you would have thought some common sense was a useful skill in a PR droid. Maybe not though.

      OTOH how many people outside of techy circles even know what a crypto key is, let alone what one looks like?

    4. Anonymous Coward
      FAIL

      His mistake was on many levels, due mainly to a big ego.

      one, it was not @exiva to the original sender, but was a public tweet.

      two, it was not just a reply to @exiva but a RT of the orignial tweet containing the secret key.

      three. it was the real secret key NOT a "random string of hex" if he'd changed it then no problem.

      What he should have tweeted was:

      "@exiva you just sank my Battleship >:'o("

      But no the marketing twonk thought thats such a good joke I'll publish it so the world can see it.... And in doing so broke the first rule of secrets club, dont publish your secret.

      The fact that the marketing twonk did not know the key is technically not relevant, the key should be so obscure that there is a billion to one chance of him publishing it in a series of random numbers. so it's not possible(incredibly unlikely) to just publish it without knowing or being prompted. The point here is that he was prompted to publish it and did so.

      A marketing person needs to be fully aware of every character they publish, THIS is the FAIL. he published something he did not understand, and the consequence is dire.

      IF someone had posted "sony to give away ps3s for free" to him in English or Japanese, would he have reposted it? verbatim?

      1. Eddie Edwards
        Happy

        A thousand billion billion billion billion billion to one.

        Actually

    5. Jon 52

      marketing

      The marketing department should now evreything going on with their comapany and what people are saying about it. If they hadn't heard about the recent cases of their company being hacked, they arent usefull to the company.

      1. Anonymous Coward
        Thumb Up

        re: marketing

        Oh they'd heard that someone had copied the key... So they were rigorously avoiding all talk of bars of soap, chewing gum, and other key copying techniques...

        Marketing is worth every penny.

    6. Highlander

      Well...it wasn't even Sony who retweeted...

      In all honesty, shouldn't we be more truthful than this? From what I understand reading other reports of this stupidity, someone sent the old private SELF signing key to the fake (clearly) Kevin Butler twitter account that is managed by a marketing person who works not for Sony, but for the marketing firm that Sony uses to handle the Kevin Butler campaign. The person behind the twitter account isn't a Sony employee, nor are they technical, nor should the be technical, or expected to be approving every retweet with some Sony legal team. Kevin Butler is a fictional person, so anything said it neither official, nor can it be attributed as authoritative. Not only that, but the point behind the twitter and other social networking elements of the Kevin Butler personality is to interact with gamers in a humorous manner to generate positive buzz. Therefore when someone tweets that account, they normally will get some kind of joking reply - like "You sank my battle ship!".

      Of course sending the hex key yo that twitter and seeing it retweeted must have felt really good for the guy that did it, but it's hardly Sony leaking or giving away the signing key - is it? This is what really bugs me about The Register and tech media in general. Never let the truth get in the way of a hit generating headline. I used to think that the Register was better than that. Not any more.

      Let's see, "Hacker Exploits Marketing Lack of Knowledge, Spreads Old PS3 Key" just doesn't have quite the same ring to it as "Sony tweets 'secret' key at heart of PS3 jailbreak case" does it? Perhaps one is more accurate than the other, but one is more likely to generate hits than the other. Guess which is which.

      1. Anonymous Coward
        Anonymous Coward

        re: Well...it wasn't even Sony who retweeted

        Law is law, and is often very differnent to what you percieve as common sense.

        Legally an agent, paid by sony, published on behalf of sony, a secret key, that Sony are in the process of trying to withold/redact whatever.

        There is no deception in this story. There is however a plonker, who is willing to repost anything for a cheap laugh, even if he doesn't understand the consequences of his actions.

  4. Lord Lien

    Wonder if the Twitter..

    .. account was compromised & some one put the key up. seems the only logical explanation.

  5. Chris Hatfield

    lulz

    at epic fail.

  6. Anonymous Coward
    Anonymous Coward

    lets face it

    At the moment the Japanese are going a bit crazy on copyright what with passing new laws that makes lending games illegal, and nintendo is trying to sue people that sell their saved games to other players.

    http://www.zakzak.co.jp/society/domestic/news/20110208/dms1102081601011-n1.htm

    Note game rentals are already illegal in Japan (unless you pay the correct Yakuza boss the correct sums of course.)

  7. Danny 14 Silver badge
    FAIL

    best defence ever?

    See, the key is that irrelevant even sony dont mind sending it out into the world..

  8. henrydddd
    Linux

    disgusting

    I hope that Sony goes bankrupt. I will never purchase another Sony product. I hope that 20,000,000 people view the video on hacking ps3, that should keep da lawyers busy for a few decades.

    1. Anonymous Coward
      WTF?

      Da?

      Da? Downvote.

  9. Gangsta
    Dead Vulture

    Not the way to go

    The title was a little misleading, I thought Sony leaked the unknown key.

    Anyway this certainly undermines their legal case, should they now sue themselves for discussing (disclosing) the key? - no of course not they're the ones attempting to enforce copyright on their own property.

    IMO DMCA is one of the most restricting laws that holds down the open development. In fact Sony should be letting these hackers get on with it, so they can fix flaws. No exploit employees involved , free labour. The DMCA just enforces security via obscurity.

  10. Anonymous Coward
    FAIL

    Sony screwed themselves

    Sony have put themselves into this situation.

    their knee-jerk reaction to remove the OtherOS feature has actually pushed people who used that legitimate feature to now look at the jailbreak/rooted world to get that feature back... they then

    enter the world where pirated games are a download away..and its all too easy for them to join the dark side.... when they used to live a world away from it, happily booting between linux and GameOS.

    1. Daniel Palmer
      Flame

      meh

      >>remove the OtherOS feature has

      Because people were doing things they didn't want to happen.. i.e. unlocking the RSX in OtherOS. There is a reason it's locked out.. Sony makes money from licensing games. If they allowed OtherOS full access to the hardware there would be no reason for publishers to get their games officially licensed by Sony. You may not agree with Sony's business model but there is a clear reason why they removed OtherOS.

      >>actually pushed people who used that legitimate feature

      People keep making out that lots of people used OtherOS... without any numbers at all.

      I would guess if OtherOS was running on a significant portion of the 44 million PS3's out there, then there would have been more of a fuss. One guy in the US tried to sue Sony for removing it and got nowhere right?

      >>to now look at the jailbreak/rooted world to get that feature back...

      I'm just guessing here.. but I reckon the people using these recent developments for warez opposed to homebrew is something like 1000 to 1?

      >>world where pirated games are a download away..

      The only reason this has all happened was the PSJailbreak.. which is for warez.

      >>when they used to live a world away from it,

      So homebrew is a "gateway drug?" even more reason for Sony not to allow homebrew right.

      >>happily booting between linux and GameOS.

      Yes, all those millions of PPC linux users that don't seem to appear anywhere.. The Wii is PPC too.. have we seen any massive jump in PPC linux users? Nope. From the Debian popcon stats we can see that Debian PPC hasn't grown in like 3 or 4 years.... You know if you want to run a commodity OS you can just buy X86 hardware right?

      1. Daniel B.

        Not meh

        There are quite a bit of PPC users, and PS3 isn't just PPC but it also has the CellBE processor, the only one with such a thing. Thanks to IBM's axing of the Cell Blades, the only way to get 'em now is by buying a PS3!

        OtherOS users would never ever need to crack the ps3 for pirated games; those in the industry actually think that Sony's move was stuipd because the pirates themselves had considered the PS3 too hard to crack, and thanks to OtherOS the hackers didn't care about hacking the thing.

        In fact, the hackers stopped short of enabling piracy precisely because they weren't interested in that. It was the pirate community the one that went and used the opened doors to enable the "copy game to HDD, run from HDD" thingy. But they would still be unable to do so if the hackers hadn't cracked the thing, and the crack wouldn't have happened if OtherOS hadn't been disabled in the first place!

        It may be a small % of PS3 users, but it is the kind of people that actually have the knowledge to crack the thing. Bad move!

        1. andro
          Linux

          agreed

          Yes, I agree 100% with your comments. I am a linux head, I did not own a ps3. Now they are unlocked I have purchased one, with intent to make it my lounge room computer/media center. I have recently installed debian linux on it, and, well, it needs some work yet, but I'll enjoy helping improve it to the point where I can boot the ps3 normally for official bluray disks, or boot linux and use it for everything I currently use my dated laptop for.

          I bet, infact know, lots of people are buying ps3s now they can do a lot more with them. Being cracked will sell more units of ps3, push the numbers sony use to woo developers, and pirates will pirate and consumers will still legitimately consume. Game publishers will make just as much money from the ps3 now, as they do from the xbox 360.

          1. johnnytruant

            see, that's all fine

            A PS3 would make a rather good HTPC, they're quiet and powerful and they come with a wireless controller - you could put some games on there too (mmmm, ScummVM on the big screen!) and using it for crunching Hard Numbers if that's your thing too. I'd definitely like to have a PS3 as part of my video processing and image stacking system. Lots of grunt in those Cell cores for that kind of thing.

            The problem, from Sony's point of view, is the PS3 unit itself if a loss leader. They lose money on every console they sell - they make it back when you buy games, download stuff from PSN and so on. But if all you do is install linux, then Sony are just subsidising your HTPC, and they don't want to do that.

            There were quite a few people using them - standalone or clustered - for Science, at least until it got cheaper/easier to use a stack of GPUs and OpenCL for most things. Sony, as a business first and foremost, didn't want to be paying for research that they didn't benefit from. I understand their point of view, but they handled it badly - they should have known that removing OtherOS would have triggered this kind of arms race, one they will always lose. How to handle it any other way is the difficult question - although it's possible that the negative publicity they're seeing now is costing more than a handful of PS3s!

            1. CaptainHook
              WTF?

              It's not hard to handle it another way

              "How to handle it any other way is the difficult question"

              The root cause of the problem was that Sony were selling a very useful bit of kit for a loss, in the hopes of getting more people addicted to their overpriced games.

              The other way of handling it would be to simply not sell the hardware at a loss. Instead, make money on every unit you sell and it wouldn't matter what use the customers were making of the hardware.

              Even better, since you are no longer subsidising the hardware, the software doesn't have to be quite so overpriced which would give Sony a bit more leeway to undercut their rivals.

              If Sony are unable to make the hardware at a price customers would buy at, then maybe thats a sign that it just wasn't a good design to start with for it's stated objective of playing a computer game.

        2. Daniel Palmer
          Flame

          Dont re-write history.

          >>There are quite a bit of PPC users, and PS3 isn't just PPC but it also has the

          >> CellBE processor, the only one with such a thing. Thanks to IBM's axing of

          >>the Cell Blades, the only way to get 'em now is by buying a PS3!

          Ok, so IBM don't want to sell you a Cell anymore and neither do Sony.. you think it might be time to consider a new architecture?

          >> the pirates themselves had considered the PS3 too hard to crack,

          PSJailbreak came first. Don't try to re-write history the other way around.

          The keys would have never been leaked had the PSJailbreak not appeared.

          >>and thanks to OtherOS the hackers didn't care about hacking the thing.

          So what the hell was GeoHot doing? Trying to unlock everything to OtherOS.

          >> used the opened doors to enable the "copy game to HDD, run from HDD" thingy.

          Again, you have it the wrong way around. Without the USB exploit from the PSJailbreak this would have never happened.

          >> but it is the kind of people that actually have the knowledge

          >>to crack the thing. Bad move!

          Except that the PSJailbreak beat them to it?

      2. Ivan Slavkov

        I did not know that I just became transparent

        I did not know I am transparent and inexistent. I have in fact two PPC desktops.

        My main personal laptop nowdays is a MacBook Pro Titanium which my other half obtained via skipdiving before leaving her last job. The dolts in their IT did not know how to fix a run of bad sectors under Mac OSX. Despite it being 8 years old for most laptop tasks it performs _ON_ _PAR_ with the company hp nc94xx crap I am obliged to have from my work. Under Linux (debian to be more exact).

        Similarly, till recently the shared desktop in my house was a Mac Mini G4 similarly running Debian. Similarly written off by dolts in IT somewhere and obtained via skipdiving. The only reason I went back to Intel for that is that the Mini does not hibernate.

        I also know quite a few other users which use PPC for Internet exposed home/SME servers. It is quite a bit of fun watching k1dd10tz trying to apply their scr1pt k1dd13z 31337 sk1llz to a non-Intel big endian machine.

        Yours, sincerely, a PPC linux user.

        1. Daniel Palmer

          wow

          Ok, so you are one user with like 4 ppcs machines.. someone call fedora, suse etc.. they need to get their PPC build machines back up and running!!!

  11. nsld
    Paris Hilton

    just watched one of the videos on youtube

    well about 10 seconds of some spotty merkin youth explaining it all.

    If Sony want to write to me I will of course refer them to Arkell versus Pressdram 1971!

  12. Paul Leighton
    Thumb Up

    Twitter messages are not private ruling...

    So this info appeared on twitter officially by sony we are allowed to publish it ourselves since twitter was ruled not private.... brilliant :D

  13. Goat Jam

    What

    is a "fictional Vice President"?

    1. Anonymous Coward
      Anonymous Coward

      Search is your friend

      http://www.lmgtfy.com/?q=sony+fictional+vice+president

    2. Anonymous Coward
      Anonymous Coward

      well...

      after this little stunt, he'll disappear and Sony will try to pretend he never existed.

  14. JaitcH
    FAIL

    A complete defence?

    I guess George Hotz, aka geohot, potentially has a 'complete defence' to the allegations levelled at him by Sony.

    The whole matter proves that Sony still hasn't figured out security following that 100% foul up with the root technique. See: < https://secure.wikimedia.org/wikipedia/en/wiki/Sony_BMG_copy_protection_rootkit_scandal >.

  15. LinkOfHyrule
    FAIL

    Haha

    Sony, your are fucking idiots!

    1. CD001

      Please

      Please re-read the content of YOUR post and tell me if YOU ARE a fucking idiot. If you're going to bring someone else's intellectual capacity into question - you'd best make damned sure your own house is in order first. *sighs*

      1. Ken Hagan Gold badge

        Re: Please

        Sigh! Presumably the person who downvoted your reply is someone else who doesn't know the difference between "your" and "you're".

  16. The Fuzzy Wotnot
    Happy

    Hmmm...

    I believe that's what the young'uns these days called, "pwned"!

    SONY, a masterclass in crass stupidity!

  17. Anonymous Coward
    Anonymous Coward

    Ok Sony, nothing on the web

    Can we have tee-shirts and a song, as with the AACS key?

  18. nozafc
    Paris Hilton

    Not master key

    It was the key used for generating dongle ID's , not the master key.

    /just sayin

  19. Ray Simard

    They might prevail? How?

    I have not (and don't intend to) read the text of the DMCA; however, I'd bet big that the proscription of circumventing encryption refers to the person/entity who does the circumventing. I'd be rather surprised to discover that the DMCA's language extends to anyone who just happens to read or watch something said person/entity has chosen to publish on the subject.

    Or does it...?

    The DMCA is a travesty anyway, a weapon an industry can use to harass and intimidate not only individuals, but competitors and innovators as well (cases in point: aftermarket toner cartridges for printers and garage-door openers), in ways nothing like the stated intent of the law, not to mention anyone who dares publish legitimate criticism of the quality or security of some product (lots of cases of embarrassing security flaws about which the researchers who found them never published their findings because they were threatened with DMCA action).

    This is just another example of how it can be stretched (if this action goes Sony's way) to ridiculous lengths.

    I agree with a previous poster; I intend to avoid Sony products anywhere I can.

  20. Anonymous Coward
    FAIL

    it's just a number

    I hereby claim ownership of the number 7. Stop using it or pay me!

  21. Mako

    Er...

    "Kevin Butler, a fictional PS3 vice president..."

    "A email sent to Butler [...wasn't...] returned"

    Well if he's fictional, his email address probably is too, so...

    But seriously, does that mean that he's a genuine employee, whom Sony have fictionalised as a vice-president (presumably for some idiotic marketing-related reason)?

    I ask because I'm as confused as Goat Jam (upthread) appears to be.

  22. TeeCee Gold badge
    FAIL

    Mentioning the key is illegal under the DMCA.

    Now that appears to have been confirmed by a judge, only one question remains to be answered:

    Who at Sony is behind the "Kevin Butler" account and going to jail?

  23. Anonymous Coward
    FAIL

    institutional ...

    stupidity

    thought so.

  24. Anonymous Coward
    Go

    T-shirt

    I really have to have a T shirt with:

    46 DC EA ... CD D2 C2 - You sank my Battleship!

    set nonsense to flank speed! GO!

  25. Anonymous Coward
    Headmaster

    Well of course it's Sony!

    ...and Kevin Butler is indeed a real person, and not a character created for Sony by Deutsch ....

    .... and of course Kaz Hirai himslef actually vets every Tweet sent, received, retweeted by Kevin Butler, who, again, is absolutely real in all senses of the word, and the Twitter account has never ever been managed by Deutsch.

    And Other Os removal - wasn't that because George 'Please turn your camera towards me' Hotz, openly crowed that he had cracked the PS3 BEFORE Other OS was removed on the original design PS3s. And for those people that cite the iPhone Jailbreak as a precedent - the main motiviation behind that was to open the phone up to other carriers as all other phones were capable of being unlocked, and thus was seen as a consumer choice issue.

    He only released the metldr key, because FailOverflow got there first and therefore they were stealing thunder that GeoHot thought was rightfully his, thus possibly restricting his 15 mins of fame and getting his face on FOX news.

    The fact is, that the hacker community relies on the idea that Sony, Nintendo, and MS Xbox division WON'T do anything to stop them because of 'teh internetz' - I believe you should have the ability to do whatever you want to your stuff, as long as the ramifications of those actions are only restricted to you, but the signal-to-noise ration of online glitchers/modders and cheaters to homebrew enthusiasts must be about 10000 to 1.

    Surely it must gall the true homebrew community to know that their community is being used as an excuse and smokescreen for hackers. What Sony should do is a) re-enable OtherOS through a small patch that can be downloaded if you want it, like an app on the Playstation Store, and b) release a hobbyist SDK like XNA.

    But for everyone shouting out about the loss of OtherOS, people like the US Navy that were using PS3s for clusters didn't sue Sony, why not? Because to them the Sony firmware is just a glorified Grub bootloader.

    Apologists..... cheeky modder fokkers.

  26. Tron

    When I grow up I want to be a fictional VP.

    That would be the same Sony that hacked and crashed users' PCs with its dumb-ass DRM on music CDs a few years back? Couldn't happen to nicer people.

    1. Highlander

      No, that was BMG, actually it was...

      Actually the CD CRM crapolla wasn't Sony at all. No offense to anyone who wishes to believe that Sony is the great Satan, but you are very wrong. Sony is a large multi-national corporation that owns many different companies, and is split across many different products and markets. Music CD production is/was owned, operated by Song BMG. BMG is a separate company within Sony, and operates that way. The CD DRM technology deployed was developed by a company BMG hired to protect their music CDs against copying. As it happens, few people inside BMG had even a partial understanding of how the technology worked. The point though is that It wasn't Sony. BMG is owned by Sony, but a wholly owned subsidiary company runs itself as part of the Sony group and has no relationship with SCE - Sony Computer Entertainment, which is the parent for SCEI, SCEJ, SCEE and SCEA.

      Now, Sony being a good corporate decided to take it on the chin and took responsibility for what had happened, but, the truth of the matter is that someone in BMG wanted to stop their CDs from being copied and bought some DRM technology that was implemented by a third party. But you know, it's much easier just to say that Sony did it.

      What bothers me is the way people who *should* know better, swallow all the half truths and myths as fact around here.

      1. Highlander

        Error correction

        The previous post contains a typing error not detected by the spell checker...

        Music CD production is/was owned, operated by Song BMG

        SHOULD read

        Music CD production is/was owned, operated by Sony BMG

  27. Anonymous Coward
    FAIL

    Prosecution to Defendant:

    P: So how did you get the key?

    D: Sony gave it to me.

    P: how exactly?

    Multiple choice answers:

    D: There marketign department published it on twitter..

    Or

    D: It was on a chip in the console they sold to me..

    Is there really that much difference?

    1. No, I will not fix your computer
      Thumb Up

      Two types of keys

      Symetric - you encrypt with the same key as you decrypt with (e.g. DES)

      Asymetric - you encryrypt with one key and decrypt with a different one (e.g. RSA)

      As I understand, Sony use Asymetric keys, so you hard-code the public key (everybody knows it) into the box and keep the secret key a.... um.... secret, unless the content was encrypted with the secret key (or just signed using a hash of the code) you can't decrypt it (therefore can't run it), symetric keys have been read from hardware before (using electron microscope), you have to be very careful removing the packaging of the chip (some of which are designed to destroy the content if dismantled) - using an asymetric key means that one key can be let out in the wild as long as the other remains a secret (and it's not anymore).

      It's the same way that https/SSL certificates work.

  28. MarthaFarqhar
    WTF?

    It appears that the left hand and the right hand aren't aware of each others activities.

    Here is a company that doesn't want users running Linux on a Playstation, which they marketed as a computer system for tax purposes, but are wanting to market a Playstation branded phone running android, derived from Linux. Do they not see that as strange?

  29. Whitefort
    Alert

    Am I doomed?

    I screengrabbed the picture of the tweet and code. Does this mean that SonyCorp Troops will shortly be abseiling through my skylight with stun grenades and a black bag for my head?

  30. Anonymous Coward
    Thumb Down

    Not quite

    "D: It was on a chip in the console they sold to me..

    Is there really that much difference?"

    Yes - you misunderstand the difference between Public and Private keys. The Private key is used to sign the software as legitamate, an is known only to Sony HQ and is not distributed on the PS3.

    1. Anonymous Coward
      FAIL

      re: Not quite

      So please explain how the 'hack' extracts it from the ps3 then...Have you seen the youtube vid before it was pulled? and explain why GeoHotz is in trouble for reverse engineering a ps3, not hacking into sony's computer networks.

      Erm last time i checked Public/Private key only works if BOTH the sender and recipients Private keys are secure.. the ps3 private key is now not secure.

      1. Anonymous Coward
        FAIL

        Did you actually look at the presentation?

        Because Sony used a constant where they should have used a different number every time the private key (which isn't in the PS3 firmware) can be derived if you have more than one thing signed with it.

      2. bazza Silver badge

        the clue is in the name

        The public key can be public, and security is assured so long as the private key is truly private.

        I don't know about the hack but I imagine that sony haven't been careful enough (a software mistake by the looks of it) in keeping the private key private.

        The private and public keys are related, its just that to work out one from the other is terribly hard. But if the method to do so were common public knowledge then one could claim that knowlege of one 'automatically' bestows knowledge of the other. If that method was quick then the crypto scheme is broken and crap and could not reasonably claimed to be a copyright device. But how good does the crypto scheme have to be before it can be claimed to be a copyright device? I bet the dcma doesn't say and even if it did that would not be able to sensibly take into account technical advances. As usual lawyers and judges will be making arbitary decisions about technical 'evidence' with few qualifications to do so.

      3. Highlander

        Hots did *nothing*

        Fail0verflow were able to reverse engineer the old private signing key because of an egregious coding error that allowed them to determine sufficient information to use some very complex mathematics to reverse engineer the key. Hots simply reposted the key along with other information and software. Not sure of his motives, he always claimed not to support piracy, but there's really only one use for the information he posted. I guess he didn;t like the Fail0verflow guys succeeding where he failed.

        Either way, the private key is never distributed with the hardware or software. The new private key - which is likely to remain secure for a long while, similarly does not exist in the software or hardware. Sony fixed the software flaw exploited by Fail0verflow, and so the new private signing key is probably secure until enough brute force computing is available to crack it that way.

  31. A J Stiles
    Grenade

    Serves 'em right

    What Sony are doing, basically, is preventing other people besides them from releasing games which can be played on the PS3; which surely meets anyone's definition of anti-competitive behaviour.

    The only way Sony have a legal leg to stand on, is if it's possible for third parties to make PS3 games without the key. (And the method for doing this would have to be disclosed in court.) Otherwise, it is necessary for a PS3 owner to know the key in order to make full use of their own property (i.e., by creating their own games for it; it is true, not everybody will want to exercise that right, but it *is* their right) and therefore the key is *not* Sony's secret.

    The fact that knowing the key makes it possible to play illegally-copied games is neither here nor there. All Sony have to do, if they are bothered about this, is sell legal copies of games cheaper than the "pirates" can make their own copies for. They have economies of scale on their side, after all. And if this doesn't fit in with their business model, well, I believe the phrase you're looking for rhymes with "rough pit" -- they can either adapt to the changing environment, or go the way of 95% of all species that ever lived on Earth.

    1. No, I will not fix your computer
      FAIL

      Re: Serves 'em right

      >>What Sony are doing, basically, is preventing other people besides them from releasing games which can be played on the PS3; which surely meets anyone's definition of anti-competitive behaviour.

      Well, if there was only one games console in existence and sony held a key part of the process preventing the creation of other consoles then you might have a point, but there are many other consoles/PCs and it's been built and sold by Sony as a closed platform, for a simpler analogy think printers, printer manufacturers will put things in the way of using "compatibles" or refills such as page counting chips, these don't prevent other printers being made just the consumables for their printer. If Sony had most of the market and their activities restricted other products (think Windows/InternetExplorer vs Windows/NetscapeNavigator - as an open platform this put Netscape at a disadvantage).

      >>The fact that knowing the key makes it possible to play illegally-copied games is neither here nor there. All Sony have to do, if they are bothered about this, is sell legal copies of games cheaper than the "pirates" can make their own copies for.

      Eh? seriously, Eh? how much does a blank DVD cost?

      >>They have economies of scale on their side, after all. And if this doesn't fit in with their business model, well, I believe the phrase you're looking for rhymes with "rough pit" -- they can either adapt to the changing environment, or go the way of 95% of all species that ever lived on Earth.

      OK, either I've missed something or this is a really stupid thing to say, lets compare the two business models;

      1. Sony

      Large investment in marketing, research, development, testing, production, distribution and advertising; thousands of people employed, needing high volume sales to maintain a large company.

      2. Pirate

      Blank disks, stack of burners, internet connection, car boot sale, probably claim benefits while spending the day burning pirate copies playing WOW only pausing to put the disks in the cases, punt the disks for £7 at a car boot, probably £6.50 untaxed profit

      Now, #2 requires #1 otherwise there's no source material to pirate, so let's imagine that Sony could reduce the price to £5, or maybe shift to charging on use via some internet scheme, what would the pirate do? charge £3? maybe you can get copies that cheap anyway, how can Sony possibly compete with the pirate, when the pirate has almost no overheads? (such as paying for the product to be created in the first place).

    2. Charles 9 Silver badge

      One problem...

      They may have economies of scale on their side, but they have a ton of things going AGAINST them. R&D, development costs, hiring talent, marketing, pressing costs, etc. all add up to exorbitant development budgets. Little wonder a number of notable developers have collapsed/moved elsewhere/been bought out this generation.

      It's like the drug market. Trying to find the next miracle drug is the hardest and most expensive part (not to mention the thing that takes up most of your precious patent-exclusivity time). Making the darn things (once you know the formula) is the simplest (this is why drugs are patentable--otherwise, there'd never be an RoI on them, and no incentive to make new drugs; the nature of those things being treatments rather than cures is another discussion altogether).

  32. fLaMePrOoF
    FAIL

    Surely...

    Sony have just sank their OWN battleship?

    Now that they have themselves broadcast the key into the public domain, ALL of their legal challenges fall down?!

  33. Tom 13

    So that would be game, set, and match to George Hotz.

    And he didn't even have to do anything.

    And here I was so hoping Sony would manage to piss off enough people that we might finally rid ourselves of the DCMA monstrosity.

  34. Bonce
    Thumb Up

    LOL

    I just looked up http://www.46dcead317fe45d80923eb97e4956410d4cdb2c2.com

    See where it takes you

  35. Mike123456
    FAIL

    Sooo..

    this, plus that court case whereby the ruling was that twitter was not private, and should be considered public equals...

    No court case. The key's in the public domain from Sony, distributed by it's twitter account.

  36. Hungry Sean
    Big Brother

    as a filthy 'mirkun

    I think that Sony is playing with fire if they are trying to subpoena lists of people who watched a particular you-tube video. Over here, video rental history (I realize slightly different from youtube since there's no actual rental there) is protected under the video privacy prevention act.

    Apparently a supreme court nominee had his history dug up by people trying to block him, and though it turned out he hadn't watched any smut, the congress-critters watching the proceedings started thinking about what would happen if the same thing were done to them by opponents and quickly passed one of our toughest privacy acts. I believe that under current law, video rental records are more protected than library history.

    I can't help but feel that somewhere in all of this, in the fact that the freedom to watch Debbie Does Dallas is better protected than the freedom to read Das Kapital, an essential aspect of the American character is revealed.

    1. Highlander

      You should research the civil law process of discovery

      Lawyers know that discovery requests have to be as broad as possible, because there are no second chances to get more information once discovery ens, therefore Sony's lawyers have requested everything they can think of. Sony isn't directing them to harass anyone, this is all standard operating procedure in a civil case in the US legal system. If you want to blame someone, blame the legal system since it effectively encourages overly broad discovery requests in the first place.

  37. Anonymous Coward
    Anonymous Coward

    Not the right key

    Not that it matters, it's all very comical anyway, but that's not the "master signing key" (metldr - that GeoHot revealed) in the Twitter message, it's the USB dongle signing key.

  38. Tigra 07 Silver badge
    Thumb Up

    Ha!

    Funny how yet again Sony have shot themselves in the foot and done more damage than their customers possible piracy may have.

  39. Spencer Taylor
    FAIL

    not his tweet

    Looking at the twitpic, he didn't post any key to twitter. He simply commented about someone else's post posing the question as to whether it related to his "battleship". Others are clearly speculating as to what that means.

  40. BlackMage
    Stop

    Not long enough for a signing key

    The twitpic link contains 20 hex pairs. In other words that's 20 bytes or 160 bits. That's nowhere near long enough to be a signing key. Asymmetric RSA/DSA keys used for signing certificates and the like are 1024 bits minimum. 160 bits is more likely to be the SHA1 hash of the key.

  41. David Dawson
    Headmaster

    ...that aren't covered by copyright

    Yes they are. Everything written by you, me, or the person making software in corner is covered by copyright.

    You mean ... isn't covered by a license with Sony.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019