# PS3 Hackers able to sign code (and more)!



## DeltaBurnt (Dec 29, 2010)

Currently one of the biggest hacking conventions, Chaos Communication Congress (27C3), is being held in Berlin and there have been some startling advancements announced by a team of PS3 Hackers.



			
				QUOTE said:
			
		

> The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot's memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.
> 
> Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), *giving users the ability to sign their own SELFs* Following this, the team declared Sony's security to be EPIC FAIL!






Source



Hackers' Website


----------



## Frederica Bernkastel (Dec 29, 2010)

Nicely done, now we'll see a flood of crap just like with the Wii.


----------



## KirovAir (Dec 29, 2010)

Awesome!
Any links to view it back? (Maybe HD?)
And again, awesome news!


----------



## SifJar (Dec 29, 2010)

In other words, homebrew can now be run directly on OFW with no real "exploit" so to speak, am I right? And CFW could quite possibly be possible I think too. Oh, and apparently fail0verflow's aim is to create "AsbestOS.pup" i.e. an unofficial update that'll (re)add Linux


----------



## Squirps (Dec 29, 2010)

Woo hoo!  
	

	
	
		
		

		
		
	


	



Can't wait to see some more PS3 homebrew, easily accessible w/out a dongle!


----------



## Mike&Ike (Dec 29, 2010)

I think its time to hack my PS3 >=)


----------



## jalaneme (Dec 29, 2010)

cool stuff but we still have to be cautious about going online with hacked ps3s though.


----------



## mocalacace (Dec 29, 2010)

Antoligy said:
			
		

> Nicely done, now we'll see a flood of crap just like with the Wii.



Not so much a flood of crap, more like 30 different ISO loaders and 50 different emulators and only 3 good homebrew games.


----------



## Fireballo (Dec 29, 2010)

I'm happy to see this. I've been angered by Sony taking away stuff like my Netflix and Linux.


----------



## Frederica Bernkastel (Dec 29, 2010)

here's a clip


----------



## Squirps (Dec 29, 2010)

jalaneme said:
			
		

> cool stuff but we still have to be cautious about going online with hacked ps3s though.


I agree, I'm still not going to hack my PS3 until there is a way for it to NOT be traceable online... :/
Either way, I'm ALWAYS going to put my online experience with the PS3 first, ahead of homebrew...I won't be able to live without it. o3o


----------



## raulpica (Dec 29, 2010)

I love these guys. Seriously, I love them. I can't wait to fully hack my PS3 without crappy dongles


----------



## Squirps (Dec 29, 2010)

Fireballo said:
			
		

> I'm happy to see this. I've been angered by Sony taking away stuff like my Netflix and Linux.



How did they take your Netflix? :/


----------



## DeltaBurnt (Dec 29, 2010)

mocalacace said:
			
		

> Antoligy said:
> 
> 
> 
> ...



Well there's already a shit ton of emulator and a couple good homebrew games. And we already have a lot of ISO loaders aswell. So we just need a little more of what we already have 
	

	
	
		
		

		
		
	


	




This exploit is also going to be better for making it so you don't need to use a dongle everytime, and so CFW can be installed, not to have ISO loaders and such.


----------



## Bladexdsl (Dec 29, 2010)

Mike&Ike said:
			
		

> I think its time to hack my PS3 >=)


i think it's almost time to buy 1


----------



## Coto (Dec 29, 2010)

PS3 has finally reached the Wii´s raped security wall.

Welcome then Arr Arr

irate:


----------



## jan777 (Dec 29, 2010)

Antoligy said:
			
		

> here's a clip




Isnt that marcan or bushing or someone?


----------



## dekuleon (Dec 29, 2010)

let the fun begin


----------



## Satangel (Dec 29, 2010)

That's just immense, after all that time, the pirates finally win (again). This is awesome!


----------



## ThePowerOutage (Dec 29, 2010)

jan777 said:
			
		

> Antoligy said:
> 
> 
> 
> ...


Both.

Can't wait till tomorrow and part 2:
Day 4
Room Saal 3
Start time 11:30
Duration 02:15


----------



## Bladexdsl (Dec 29, 2010)

lets see sony patch this!


----------



## dekuleon (Dec 29, 2010)

Bladexdsl said:
			
		

> lets see sony patch this!



They can?? I wonder?!


----------



## jan777 (Dec 29, 2010)

ThePowerOutage said:
			
		

> jan777 said:
> 
> 
> 
> ...




As I thought.
Damn they're my heroes.

But, Guys, that means there's also _probably_ gonna be disputes over piracy vs homebrew.


----------



## ThePowerOutage (Dec 29, 2010)

dekuleon said:
			
		

> Bladexdsl said:
> 
> 
> 
> ...


They could patch it but it would be extremely difficult. Put it this way - it got hacked worse than the Wii if you look at the charts.
However, Sony may start patching new ones on the factory line by using a randomising the number. (I think they can, though I'm not sure. I'm hardly a cryptolgist.)


----------



## shaunj66 (Dec 29, 2010)

Just hope this doesn't mean more cheaters on PSN


----------



## Squirps (Dec 29, 2010)

shaunj66 said:
			
		

> Just hope this doesn't mean more cheaters on PSN


Ugh...MW2 was INFESTED with them... T-T


----------



## raulpica (Dec 29, 2010)

shaunj66 said:
			
		

> Just hope this doesn't mean more cheaters on PSN


It will, it will. Suckers who don't like to lose are everywhere, and with the system hacked so deeply it's only a matter of time before someone creates a Cheat System and failers start creating cheats for online for EVERY GAME OUT THERE.


----------



## BORTZ (Dec 29, 2010)

Hahaha here comes the pirate ship.
Honestly has the PS3 really fallen to the hackablily level of the Wii?


----------



## DeltaBurnt (Dec 29, 2010)

shaunj66 said:
			
		

> Just hope this doesn't mean more cheaters on PSN



There will be cheaters, but I doubt there will be a way to circumvent a perma ban from PSN.


----------



## ThePowerOutage (Dec 29, 2010)

shaunj66 said:
			
		

> Just hope this doesn't mean more cheaters on PSN


It will, but I imagine that cheats will be a lot harder to produce for the PS3 than the Wii. Even though the security system fails, the system is extremely complex.

Trophy cheats are another matter though.


----------



## Sterling (Dec 29, 2010)

I just shat bricks. By bricks I mean PS3 bricks. inb4peoplewhocan'tfollowinstructions.


----------



## Rydian (Dec 29, 2010)

I understand substitute functions to return values when the correct one isn't functional, but shouldn't generating a random value always be functional unless your system is to the point that you're not going to be coding anything at all?


----------



## sturmen (Dec 29, 2010)

jalaneme said:
			
		

> cool stuff but we still have to be cautious about going online with hacked ps3s though.


The whole idea here is that you DON'T need to hack your PS3. With this key, you can sign your program just like it would come from Sony. This means the PS3 will accept it, no hacks required. It doesn't reject Sony code, and for ALL intents and purposes, we can now make "Sony code."

In short, the very thing that makes Sony's code runnable on an unmodified PS3 (a digital signature), is now available to all!


----------



## Bladexdsl (Dec 29, 2010)

Argentum Vir said:
			
		

> I just shat bricks. By bricks I mean PS3 bricks. inb4peoplewhocan'tfollowinstructions.


sony is gonna be shitting bricks when they find out about this


----------



## SifJar (Dec 29, 2010)

Rydian said:
			
		

> I understand substitute functions to return values when the correct one isn't functional, but shouldn't generating a random value always be functional unless your system is to the point that you're not going to be coding anything at all?


What? I am quite confused by this question. If you're asking why Sony's "random" number is always the same, I'm pretty sure no one really knows. Its just Sony's stupidity. Someone asked at the end of the talk "Where does the number come from?" and their response was "We're quite sure, but we think the southern hemisphere"


----------



## ganons (Dec 29, 2010)

ThePowerOutage said:
			
		

> jan777 said:
> 
> 
> 
> ...



What's the topic? Or is it continuation of ps3?


----------



## gbatempfan1 (Dec 29, 2010)

Full presentation of today from a mirror, you might want to reupload if you can onto a fileshare service for other people as the mirror can be slow at times. 

The first few minutes of the talk(you have to fast forward a little bit first):
http://mirror.informatik.uni-mannheim.de/p...1229-154501.wmv

The rest of the talk is contained in this second video:
http://mirror.informatik.uni-mannheim.de/p...1229-160048.wmv


----------



## SifJar (Dec 29, 2010)

ganons said:
			
		

> What's the topic? Or is it continuation of ps3?



They're demoing stuff on the PS3 I believe. Probably running some custom signed code or something similar.


----------



## mehrab2603 (Dec 29, 2010)

Sony is probably thinking to hire some assassins to silence these guys before they can reveal everything tomorrow lol


----------



## doyama (Dec 29, 2010)

SifJar said:
			
		

> Rydian said:
> 
> 
> 
> ...



It's not about the random number per-say. But if you look at the presentation, the idea is that the value 'm' should be randomly generated every time you do the security hash. It also needs to be random every time you call it. They essentially call the 'same' value for m each time which basically makes breaking the encryption trivial. 

Think of it like this, when the Germans were using their Enigma code machines, they initially did not want duplicate letter showing up at the beginning of a message. This was to reduce operator error. But this effectively reduces the key-space and then makes it 'easier' to hack the code.


----------



## Maz7006 (Dec 29, 2010)

shaunj66 said:
			
		

> Just hope this doesn't mean more cheaters on PSN
> 
> unfortunately there will be millions of them now
> 
> ...



quite funny; just was in a hacked lobby, some guy was having infinite head shots, everyone had a wallhack and golden desert eagle and insta-nukes and all that stuff 
	

	
	
		
		

		
			





as much as im quite thrilled about this issue, i hope that the whole PS3 "Scene" doesn't just fall for into Cheating and Piracy / then again its highly likely it would.


----------



## jalaneme (Dec 29, 2010)

shaunj66 said:
			
		

> Just hope this doesn't mean more cheaters on PSN



cheating offline is fine, but cheating online and annoying everyone NOT OK


----------



## Bladexdsl (Dec 29, 2010)

Maz7006 said:
			
		

> shaunj66 said:
> 
> 
> 
> ...


maybe they'll all piss off from the wii and go to psn


----------



## gamerjr (Dec 29, 2010)

BortzANATOR said:
			
		

> Hahaha here comes the pirate ship.
> Honestly has the PS3 really fallen to the hackablily level of the Wii?



In the coming months it's possible for it to be far pass its hackability of the wii


----------



## doyama (Dec 29, 2010)

Going through the presentation is a fascinating technical talk. Just goes to show that you can have all the security in the world, but it doesn't account for user stupidity.

The public key crack is a truly an Epic Fail on Sony's part. It's surprising how despite all the acrutements of security built into the PS3 the astounding failure of the implementation of each component is astounding. It truly is on the level of the Wii in terms of the security implementation.


----------



## AaronUzumaki (Dec 29, 2010)

Wait, did I understand correctly? The PS3 will be hackable tomorrow? (when I think they are revealing how)

EDIT: easily and freely hackable*


----------



## Rydian (Dec 29, 2010)

AaronUzumaki said:
			
		

> Wait, did I understand correctly? The PS3 will be hackable tomorrow? (when I think they are revealing how)
> 
> EDIT: easily and freely hackable*


Assuming you mean "I can download this file tomorrow and it makes everything work", no.
Jumping to conclusions, don't.


----------



## doyama (Dec 29, 2010)

AaronUzumaki said:
			
		

> Wait, did I understand correctly? The PS3 will be hackable tomorrow? (when I think they are revealing how)
> 
> EDIT: easily and freely hackable*



Eventually yes. Right now it's basically like you found the keys to the mansion under the floor mat at the entrance. Once inside you can do whatever you want. We're not there yet. The big things are that:

1) the private key has been discovered due to incompetence
2) The hack cannot be 'patched' by any means by firmware updates


----------



## DigitalDeviant (Dec 29, 2010)

so based on these new findings, are we any closer to CFW on ps3?


----------



## MFDC12 (Dec 29, 2010)

Satangel said:
			
		

> That's just immense, after all that time, the pirates finally win (again). This is awesome!



hackers and pirates are not the same thing.


----------



## Bladexdsl (Dec 29, 2010)

DigitalDeviant said:
			
		

> so based on these new findings, are we any closer to CFW on ps3?


YES


----------



## Justin121994 (Dec 29, 2010)

This cannot be patched. If the custom signed homebrew is signed the same way sony code is, there is no way it can be blocked. Sony can't do this if they do they block everything games included. Games wouldn't run. They are screwed.


----------



## purechaos996 (Dec 29, 2010)

PS1 (well back then it wasn't a big deal) but just burn and play
PS2 (some easy modification but somewhat easy to pirate on) 
PSP (CFW)

Sony sucks security wise lol.


----------



## Mike&Ike (Dec 29, 2010)

The hackers win again, I think in the future, thanks to this we'll have loads of things from the PS3
homebrew scene.


----------



## MasterPenguin (Dec 29, 2010)

You can't say sony failed hard, their security lasted over 4 years. They did good.


----------



## Sterling (Dec 29, 2010)

MasterPenguin said:
			
		

> You can't say sony failed hard, their security lasted over 4 years. They did good.


I could have been hacked more soon, but people were apparently put off by the statement of "Inhackability". Seriously this could have been blown wide open 2 - 3 years ago if there was more interest back then. Just goes to show you that no one should listen to the manufacturer, and push the limits, and break the rules anyway.


----------



## MasterPenguin (Dec 29, 2010)

Argentum Vir said:
			
		

> MasterPenguin said:
> 
> 
> 
> ...



So you think Sony telling everybody its unhackable was unintentional? As I said, they did well.


----------



## steveo1978 (Dec 29, 2010)

Argentum Vir said:
			
		

> MasterPenguin said:
> 
> 
> 
> ...



Cost had alot to do with it not being hacked to. I believe GeoHot was giving one for free and he had hacked it in a few weeks. Also must hackers i have seen start out by just wanting to run linux on a console and since the PS3 already had linux and could run emus and some other homebrew in it there was no need nut when Sony removed linux that motivated people into trying to put linux back and when they found away then that opened the door for piracy and other homebrew. If Sony had not removed OtherOS the PS3 probably would still be unhacked.


----------



## Justin121994 (Dec 29, 2010)

It wasn't a complete fail it lasted awhile. There biggest fail was when they started removing features and spat out bullshit that it would cost too much to have linux on the slim.


----------



## KirovAir (Dec 29, 2010)

MasterPenguin said:
			
		

> You can't say sony failed hard, their security lasted over 4 years. They did good.



When they removed OtherOS, it all went viral. Don't touch the homebrew of hackers. 
	

	
	
		
		

		
		
	


	



With homebrew ~4Years+
When homebrew was removed: ~3-5 months?


----------



## DigitalDeviant (Dec 29, 2010)

steveo1978 said:
			
		

> Argentum Vir said:
> 
> 
> 
> ...



"If Sony had not removed OtherOS the PS3 probably would still be unhacked."

that's the irony of it all.


----------



## Sterling (Dec 29, 2010)

MasterPenguin said:
			
		

> Argentum Vir said:
> 
> 
> 
> ...


No, it was intentional, but my point is to ignore the manufacturer and push and break stuff anyways.


----------



## Joe88 (Dec 29, 2010)

steveo1978 said:
			
		

> Argentum Vir said:
> 
> 
> 
> ...


linux had nothing to do with it
it was going to get removed on the ps3 fat regardless because of cost of supporting something very few people even use (its pretty expensive updating support for linux every time a new firmware is released believe it or not)
it was already removed in the ps3 slim back in aug of 2009

geohot discovered a vulnerability in jan or so, didnt really go any where 
then linux was removed in apr, geohot went on a rampage swearing revenge on sony, nothing happened
geohot then announces he is leaving the scene, gets called a pussy, failure, poser,  and just about everything else in the book then uses this as an excuse why the PS3 isnt hacked yet and why he is leaving
fast forward to late aug, PS3 Jailbreak announced, enabling of running unsigned code and pirating games via a USB Jig, clones then appear for a fraction of the cost in sep doing the exact same function


----------



## Rydian (Dec 29, 2010)

http://www.osnews.com/story/22073/Why_N...im_Sony_Answers


----------



## Raiser (Dec 29, 2010)

Why call Sony's PS3 security 'epic fail' when it originally took them this long to be able to hack it (unlike the 360 and Wii which were hacked fairly quickly)?

EDIT: Never mind, someone already brought it up.


----------



## Bladexdsl (Dec 29, 2010)

BortzANATOR said:
			
		

> Hahaha here comes the pirate ship.


----------



## thedicemaster (Dec 29, 2010)

all this cfw talk, when if this is true cfw would be completely pointless.
why use cfw to disable signature checking, if you can let pretty much everything pass the ofw's signature checks?

btw, it IS in fact possible for sony to patch this, but it's a nightmare to do so.
they'd have to not only check for signed code, but also verify every game/program using a whitelist and figure out a new protection method for games still to come(unless they want to bring out a firmware update with a new whitelist every time a game comes out)


----------



## DeltaBurnt (Dec 29, 2010)

Rydian said:
			
		

> I understand substitute functions to return values when the correct one isn't functional, but shouldn't generating a random value always be functional unless your system is to the point that you're not going to be coding anything at all?



I doubt the REAL function just returned 4, I'm sure they just did that to be funny. I'm guessing that the actual code attempted to be random but always outputted 4 because of bad coding.


----------



## jalaneme (Dec 29, 2010)

doyama said:
			
		

> 2) The hack cannot be 'patched' by any means by firmware updates



are you 100% of that statement, you should know what sony is like with their firmware updates, it's a cat and mouse game for them!


----------



## murkurie (Dec 29, 2010)

DeltaBurnt said:
			
		

> Rydian said:
> 
> 
> 
> ...


that picture they had was a XKCD picture, 
Xkcd: Random Number


----------



## smf (Dec 29, 2010)

DeltaBurnt said:
			
		

> I doubt the REAL function just returned 4, I'm sure they just did that to be funny. I'm guessing that the actual code attempted to be random but always outputted 4 because of bad coding.



It's not even 4, that was for comedy effect. The actual number is much bigger, although still not random.


----------



## Trygle12 (Dec 29, 2010)

Eh... this is a mixed bag.


Piracy will be sure to ruin quite a few of the PS3's charm.
Cheater's online will also begin to be more of a nuisance. 
Such a mixed feeling in the pit of my stomach.


----------



## deathking (Dec 29, 2010)

great news 
otherOS being disabled and now the new Linux os planned will rock
hopefuly fully utilize the power of the ps3


----------



## SifJar (Dec 29, 2010)

jalaneme said:
			
		

> doyama said:
> 
> 
> 
> ...



Yes it is 100% true. It is impossible for Sony to change their private key, it would render every piece of software to date useless. They could add a second key I guess, but to maintain support for current software, they would have to retain the ability to run code signed with the old key, and therefore homebrew could still be signed with the old key, and this would be entirely pointless. They can NOT stop code signed with the current key from running, that would break everything currently in existence for the PS3. There is no way for them to patch it. If they could, of course they would, and it'd be cat and mouse until the PS4 is out, but they can't. Especially this late in the PS3's life. If it were a few months after its release, perhaps they could try and recall all units and software, but even then, it'd be a complete pain in the ass. Now, there is no chance. 

My guess is that decent games for the PS3 will sadly trail off now. Considering it will most likely be SO easy to pirate games from now on, in a way that cannot be prevented with updates, why would companies keep developing games? At least with the Wii, Nintendo can_ try _to prevent piracy with each update, blocking exploits etc., but in this case there is no exploit as such, nothing to block.


----------



## KingVamp (Dec 29, 2010)

I remember people saying Sony won this before it even started...


----------



## ThePowerOutage (Dec 29, 2010)

First off, you guys do realise that piracy will wait a while? I mean, failoverflow aren't releasing their stuff for a bit and it will take a while for people to reverse or replicate the steps for piracy. 
Second, the presentation kept in pushing the point that all PS3 out AT THE MOMENT are vunrble, implying that new PS3s may come with this parched.


----------



## thedicemaster (Dec 29, 2010)

sifjar: there is still a way for them to block homebrew, although it's tedious work.
they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.
not that it would help them much for the ps3's that are already at people's homes, because for those some hacker would just make a firmware update without the whitelist.


----------



## deathking (Dec 29, 2010)

ThePowerOutage said:
			
		

> First off, you guys do realise that piracy will wait a while? I mean, failoverflow aren't releasing their stuff for a bit and it will take a while for people to reverse or replicate the steps for piracy.
> Second, the presentation kept in pushing the point that all PS3 out AT THE MOMENT are vunrble, implying that new PS3s may come with this parched.


yes but there are probably millions of ps3s on shelves right now that can be patched and sony will not be recalling them to install it as it will cost them too much and be a nightmare media and logistics wise.


----------



## deathking (Dec 29, 2010)

thedicemaster said:
			
		

> sifjar: there is still a way for them to block homebrew, although it's tedious work.
> they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.
> not that it would help them much for the ps3's that are already at people's homes, because for those some hacker would just make a firmware update without the whitelist.



Then we will see the ps3 equivalent of Fish Tycoon to trick the system


----------



## ecko (Dec 29, 2010)

classic case of security through obscurity i guess


----------



## SifJar (Dec 29, 2010)

thedicemaster said:
			
		

> sifjar: there is still a way for them to block homebrew, although it's tedious work.
> they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.
> not that it would help them much for the ps3's that are already at people's homes, because for those some hacker would just make a firmware update without the whitelist.


True, I guess that's possible, didn't think of that. I'd suck as a technical adviser for Sony 
	

	
	
		
		

		
			





Anyhow, considering fail0verflow can sign pretty much anything, they'd be able to sign a firmware update without that and problem solved 
	

	
	
		
		

		
		
	


	




 And I'm pretty sure they can sign stuff really early on in the boot process, before Game OS is even loaded, along the lines of BootMii for the Wii. They can update the earliest updateable portion of the boot process. Because no updateable code can be run before that, it can't check a whitelist, and MUST boot that signed code. Whatever way you look at it, the PS3 is blown wide open now.


----------



## person66 (Dec 29, 2010)

SifJar said:
			
		

> My guess is that decent games for the PS3 will sadly trail off now. Considering it will most likely be SO easy to pirate games from now on, in a way that cannot be prevented with updates, why would companies keep developing games? At least with the Wii, Nintendo can_ try _to prevent piracy with each update, blocking exploits etc., but in this case there is no exploit as such, nothing to block.


There are still decent Xbox games aren't there? And pirating will be a pain on the ps3, seeing as some games could be up to 50gb in size.

I guess I have mixed feelings about this, I'm excited for all the homebrew and such, but I hope that people who cheat online will get banned, no one likes playing with cheaters.


----------



## SifJar (Dec 29, 2010)

person66 said:
			
		

> SifJar said:
> 
> 
> 
> ...


It'll be much easier to pirate than Xbox I'm fairly sure, no hard-mod needed here.


----------



## Justin121994 (Dec 30, 2010)

Hope I can get my ntfs drive working with movies on my ps3. I dream I dream.


----------



## nl255 (Dec 30, 2010)

person66 said:
			
		

> SifJar said:
> 
> 
> 
> ...



That just means it will be easier to rent and rip rather than download.  No big deal as you can get a 2-3 day rental fairly cheap most places.


----------



## redact (Dec 30, 2010)

SifJar said:
			
		

> Someone asked at the end of the talk "Where does the number come from?" and their response was "We're quite sure, but we think the southern hemisphere"
> 
> 
> 
> ...


----------



## kaputnik (Dec 30, 2010)

Rydian said:
			
		

> http://www.osnews.com/story/22073/Why_N...im_Sony_Answers
> 
> 
> The last quote in the article is kinda interesting:
> ...



Is it coincidental that they changed their mind about that right after Geohot released his exploit? Otherwise I'd say it's a quite strong indicium suggesting that they removed OtherOS support because of their fear of exactly what has happened now with PSJB and its clones, and nothing else.


----------



## DeltaBurnt (Dec 30, 2010)

ThePowerOutage said:
			
		

> First off, you guys do realise that piracy will wait a while? I mean, failoverflow aren't releasing their stuff for a bit and it will take a while for people to reverse or replicate the steps for piracy.
> Second, the presentation kept in pushing the point that all PS3 out AT THE MOMENT are vunrble, implying that new PS3s may come with this parched.



Not really...we already have many different homebrews that allow for piracy. There just have to be some edits and signing the packages (or signing something that will install packages that aren't signed).

I'm not saying we'll be pirating by the end of the year, but it won't take another year.


----------



## jalaneme (Dec 30, 2010)

SifJar said:
			
		

> jalaneme said:
> 
> 
> 
> ...



yeah they said that about the jailbreak and look what happened to that, but anyways i can't wait for the homebrew scene to flourish i won't be pirating on the ps3 i will still buy games all i want is XBMC to be ported and i can then retire my old xbox 1 plus i hope to see other useful stuff out of this aswell, lets just hope sony don't intervene this time. (we can only hope)


----------



## Midna (Dec 30, 2010)

mercluke said:
			
		

> SifJar said:
> 
> 
> 
> ...


That's from xkcd, mate


----------



## --=ZerO=-- (Dec 30, 2010)

thedicemaster said:
			
		

> they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.



They could blacklist the unwanted homebrew too. Nintendo does this on the Wii. But it's pointless... Sony is f***** up!


----------



## redact (Dec 30, 2010)

Midna said:
			
		

> That's from xkcd, mate


i knew that >_>
just thought it was a funny part of the talk


----------



## Lightake (Dec 30, 2010)

Just got the ps3 a few days ago , can't wait to fully hack it .


----------



## DarkSzero (Dec 30, 2010)

thedicemaster said:
			
		

> sifjar: there is still a way for them to block homebrew, although it's tedious work.
> they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.
> not that it would help them much for the ps3's that are already at people's homes, because for those some hacker would just make a firmware update without the whitelist.


I was thinking that this could be a way for Sony to fix this mess, however I just came to the conclusion it won't work.
Sony has to make a patch for this new version with the new public key and the whitelist and everything else. Since we have complete control about everything now, we could modify this patch so it still has the RNG bug, providing what we need to discover the new private key


----------



## 9th_Sage (Dec 30, 2010)

BortzANATOR said:
			
		

> Hahaha here comes the pirate ship.
> Honestly has the PS3 really fallen to the hackablily level of the Wii?


I would say MORE so, since with the Wii you at least have to use an exploit of some kind to run code in the first place, if you actually have the PS3's keys though you can simply sign the software and install whatever you want, assuming I understand this correctly..


----------



## Trygle12 (Dec 30, 2010)

Nope... this is going to have dire consequences for the free PSN system. 
From a simple application of an easily obtainable cheat device combined with a free online play network means that there will be very little stopping the griefers and the cheaters online. I am not sure of Sony has had a method for banning PS3's but it will probably be futile with the amount of access given from the hack.

Had Sony had a bit better encryption maybe then their entire system wouldn't be under such a risk.

Sony had better ramp up security measures... but right now it's a daunting task. They already have one of the biggest nukes on their security.


PSN games and the PSN online games are the biggest things at risk right now. 
I'd doubt many future pirates have a Blu-Ray burner ready to go in the event that you can (will) burn Blu-ray games for the PS3.

The Wii and 360 had pretty sizable leads for their market to take a hit in the long run. The Wii had a decent lead along with a mainly casual centric based market.  This is also why I feel there is less of a "Hardcore market" but I have no evidence to back that up.

The 360 had a year head-start and requires hard-modding and a paid subscription model to fully enjoy the system. Hacking is limited to those that wish to mod their 360 and those that are willing to risk being banned from Xbox Live.

The PS3 had the least marketshare. Had the least cheaters. Now it has nothing. All the nifty features from before will be ripped to shreds (Ehh... on second thought... Maybe not "ripped to shreds" and more "severely stunted". 

Free PSN is going to be affected by this, probably be made more tedious and less user friendly.(Worse case scenario is that they start charging money to play online.)
Countless updates for legitimate users that will do nothing more than waste time. (Guaranteed or double your wasted time back!)
PSN games are going to be the hardest hit when piracy fully comes out. Those are small games and fully reside in the HDD, meaning that those games will require no special hardware to pirate. (If my understanding is correct, the files themselves require some modification due to how the PS3 associates files from other users. But since these keys have been broken, it probably won't need much.)

PS3 is going to be taking a heavy, heavy hit.
...and it's all Sony's fault. This is such an odd feeling. I've never been this disappointed with a system being hacked.


I'm glad for the home-brew, but I am saddened by the amount of vulnerabilities that will make the rest of the functions take a huge hit. Might as well take the good with the bad as we all wait for the inevitable.


I mean we all saw it coming... but I never thought it would be as big as this.


----------



## jalaneme (Dec 30, 2010)

Trygle12 said:
			
		

> (Worse case scenario is that they start charging money to play online.)



based on what? why do you think they will charge for online?


----------



## Elaugaufein (Dec 30, 2010)

What is with the doomsaying over hacks ? There are now all of 0 completely piracy secure consoles this generation. When things started all of them were secure. Its still a level playing field. If game makers want to abandon the PS3 its not like there's a secure system for them to move too (the closest thing is the 360). And I say this is someone who buys games even though I have a bunch of hacked systems (I like the convenience and having emulators is pretty nice too), I'm aware enough to know that if I want more games I like I need to buy the current ones that I like. 

About the only real problem is online cheaters (which I admit is bad, cheating in online games (without prior agreement from all parties) is just poor form*).

* In all honesty I don't actually care about it personally, I pretty much play only Turn-based RPGs of which maybe 1 in every 50 has multiplayer, and maybe 1 in every 10 of those has multiplayer thats is either necessary for completion or not completely identical to in game battles just verse other people anyway), but I still don't like stomping all over someone else's fun for no reason.


----------



## Trygle12 (Dec 30, 2010)

jalaneme said:
			
		

> Trygle12 said:
> 
> 
> 
> ...



The money would attempt to be a deterrent. When people have something they invest in, they are less likely to take a risk with it. 
A pay system will also require authentication and a method of distinguishing PS3s and user accounts reliably(if done correctly).

It would also recoup the losses from having a sudden spike of people on the PSN playing more games. This last bit is assuming that piracy becomes rampant.

No one knows how rampant piracy will be or how Sony will react...

...but I think it's clear that ... for Sony at least... they are going to start feeling queasy.


----------



## jefffisher (Dec 30, 2010)

everyone is forgetting that those guys don't support piracy and they probably wont release the actual signing method, who knows how long until someone who actually wants piracy and cheating figures the same thing out.

the main concern should be people being able to resign retail games to run from burnt discs on unmodded systems and selling them to unwary suckers.


----------



## Trygle12 (Dec 30, 2010)

jefffisher said:
			
		

> everyone is forgetting that those guys don't support piracy and they probably wont release the actual signing method, who knows how long until someone who actually wants piracy and cheating figures the same thing out.
> 
> the main concern should be people being able to resign retail games to run from burnt discs on unmodded systems and selling them to unwary suckers.



...But those that have the resources know it is possible. They know more or less what to look for. 

Ultimately this is Sony's fault.


----------



## SS4 (Dec 30, 2010)

Thats awesome, I can run ISO on the PS3, and i dont care about cheater, id rather play online with my friends anyway and we dont cheat so im not concerned with that.

Running ISO and homebrew is great though, way to go.


----------



## deathking (Dec 30, 2010)

Trygle12 said:
			
		

> PSN games and the PSN online games are the biggest things at risk right now.
> I'd doubt many future pirates have a Blu-Ray burner ready to go in the event that you can (will) burn Blu-ray games for the PS3.


no one needs a bluray to pirate ps3 games even before this latest news happened
even a 12 year old with a simple portable hardrive and a calculator or ipod can easily download the majority of games with most around 5 gig and get them to work 
expect for the latest most notibly gt5 and play them for no cost


----------



## godreborn (Dec 30, 2010)

the security tank ps3.  lol!  more like security jank!


----------



## Maz7006 (Dec 30, 2010)

purechaos996 said:
			
		

> Sony sucks security wise lol.



it's not like the Nintendo stuff or even the Xbox is any better


----------



## Gitaroo (Dec 30, 2010)

Trygle12 said:
			
		

> PSN games and the PSN online games are the biggest things at risk right now.



I thought PSN games would have the least risk, cuz they are using an unknown file system or something. This Signing hack only make homebrew to work to work, and a iso loader software rip retail games. I don't follow the PS3 scene so not too sure.


----------



## Felipe_9595 (Dec 30, 2010)

Dont know about, but if we had the keys, we can make a different online client, and scre up PSN, no?


----------



## Trygle12 (Dec 30, 2010)

Felipe_9595 said:
			
		

> Dont know about, but if we had the keys, we can make a different online client, and scre up PSN, no?




Pretty sure that is a different beast. All online transactions are handled server-side. There would be little you could do to modify or "scre" up PSN directly from just having the keys.


----------



## Felipe_9595 (Dec 30, 2010)

Sorry for forgot to press W :/


----------



## WiiUBricker (Dec 30, 2010)

So the PS3 is now a PC, huh?
I think the PS4 will come early.


----------



## deathking (Dec 30, 2010)

Gitaroo said:
			
		

> Trygle12 said:
> 
> 
> 
> ...



before this latest news psn games could be played on a jb but they needed to be patched or something and only a few were done .


----------



## 8BitWalugi (Dec 30, 2010)

aguyyyy said:
			
		

> shaunj66 said:
> 
> 
> 
> ...


Heard of the edit button?

Anyway, that aside, I wonder when this will become available to us? Same goes for that DSi exploit.


----------



## Gitaroo (Dec 30, 2010)

deathking said:
			
		

> Gitaroo said:
> 
> 
> 
> ...




I think they ran it through some proxy server, they never really did crack any of the PSN software. Ppl still cant figure out how to extract save files  from HDD of broken PS3, I was looking to do so recently to get my save from my HDD. Again, I dont follow the scene, not 100% sure.


----------



## shakirmoledina (Dec 30, 2010)

lovely... now i can buy one if I wanted to (ask getting a ps3jailback like all other devices is quite difficult)
beautiful work by these hackers, someone day i wish to reach there (to understand what they are doing not hacking big time atleast)
committed team i guess as the wii is well hacked and its easy to install the hbc which does not put too much commitment to it

EDIT: Just saw the video and it may seem sony rushed some parts... how do they get the algorithms? are they generated or something or is it in the manual somewhere?


----------



## DBlaze (Dec 30, 2010)

I love how they're all like "EPIC FAIL OMG LOL WE HACKED IT", after it took like, forever to get to this point to begin with.
I have yet to see anything work on the current firmware myself, so wake me up when we get to that point.


----------



## ThePowerOutage (Dec 30, 2010)

DBlaze said:
			
		

> I love how they're all like "EPIC FAIL OMG LOL WE HACKED IT", after it took like, forever to get to this point to begin with.
> I have yet to see anything work on the current firmware myself, so wake me up when we get to that point.


It only took 12 months. Hardly a long time.
Watch the presentation, then you'll understand.


----------



## squall23 (Dec 30, 2010)

It's starting, guys.

Well, that was short but worthwhile.


----------



## overlord00 (Dec 30, 2010)

*WARNING EXPLICIT LANGUAGE*

i fucking hate all those noobs who are like "boooo, they arent even good, took them 4 years... they copied the jailbreak.... they did nothing...." fuck those people.
TT hack been able to get most of the keys, decrypt all sorts of things and the ps3 is their bitch.
dongle-less jailbreaking possible in the future... probably near future (say a few months) with almost full control over the system.

its the fucking pirates who are all, oh it took them 4 years for them to give me my l33t w4rez... i want it nowzzzzz. TT arnt people who pirate, they are good honest hardworking people who require no payment for any of their software. what is wrong with the scene these days... too many fucking 12 year olds that know nothing and constantly asking "whats this?"

FUCK!


----------



## Goofy Time (Dec 30, 2010)

Small bit of trivia for you guys:

By having access to the private keys, one of the more renowned discussions about it is homebrew apps can just be "liscensed" and interpreted as Sony-official applications on the PS3. Another thing to note, and probably the reason it may take a new console SKU to fix this is that *every single PS3 game currently released* uses that set key. The only way to counteract that exploit would to make an all new model of the PS3 that regenerates a random key while having a method to reset every single PS3 game ever released to now recognize the new key as legitimate.

This has the potential damage of being so bad for Sony that their next console may have to prevent PS3 backwards compatibility, as the exploit with the key will simply transfer over. This is a _huge_ fuckup for Sony, and it's absolutely amazing to see the once impenetrable fortress basically be on the whim of being the most exploited platform this generation in terms of an exploit. To put this into perspective, nobody even has access to the private keys on the Nintendo Wii. This is a gigantic missile to the PS3 much more than custom firmware was for the PSP.

And to believe this all started by Sony bullshitting and taking out features for a device.


----------



## Matthew (Dec 30, 2010)

Wow, sony is screwed. Also, overlord if you want to protect little kiddes use spoilers


----------



## shakirmoledina (Dec 30, 2010)

the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them

Is it correct, that the whole basis of this huge exploit is due to the random number issue?


----------



## overlord00 (Dec 30, 2010)

@matthew... nah. just venting my hulk-like rage. People have no respect these days.


----------



## ThePowerOutage (Dec 30, 2010)

There are still differences between Sony and homebrew code. With a new hardware revision, Sony could rewrite the SPE code and crush brew on newer consoles I think.
I mean, they screwed it up but Fail0verflow seemed to suggest it could be patched.


----------



## overlord00 (Dec 30, 2010)

shakirmoledina said:
			
		

> the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
> if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them
> 
> Is it correct, that the whole basis of this huge exploit is due to the random number issue?
> ...


Potentially yes, seeing they would have to fix the boot0 (or whatever it was) exploit. However, @Goofy Time makes a good excuse... previous games would fail to authenticate... there would have to be some serious work done to prevent the same thing from happening again with the new hardware.


----------



## Goofy Time (Dec 30, 2010)

shakirmoledina said:
			
		

> the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
> if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them
> 
> Is it correct, that the whole basis of this huge exploit is due to the random number issue?



That random number sequence is supposed to keep private keys...private. They're basically the official authorizers for the device. Having them at your disposal literally means you can get a homebrew app on your PC and transfer it over to your PS3 and have it almost instantly recognizable. And the only way to really fix the key issue would be to make a new version of the console that somehow recognizes games, as PSN games and PS3 discs are still looking for the current key. Patching and changing the key on current consoles imposes the tremendously likely risk that every single piece of software made prior to the patch is rendered unrecognizable by the system. It puts Sony in a corner that it can't even be fought like DS and PSP hacking. How can they disable applications the console recognizes as Sony authorized? Having the private keys basically means you can authorize the homebrew app as Sony code, and the system wouldn't be able to know the difference.


----------



## ganons (Dec 30, 2010)

I take it you will need a jailbreak device in the 1st place to make the hack permanent and a 3.41 or lower fw ps3?


----------



## dlf (Dec 30, 2010)

From the seemingly large amount of threads of this on other sites, I doubt it probably just a USB FAT formatted stick.


----------



## Ziggy Zigzagoon (Dec 30, 2010)

...and I give the hackers an "F"... for "Fabulous"!

Seriously, though, I find looking into the security systems of all 3 consoles interesting. I mean, Wii has the most unique features, yet such is apparently the console that is easiest to hack.

I am starting to feel more and more appreciative of my waiting for the PS3. (All I need now is the money... The PS3 is essentially a one-time purchase now...)


----------



## ThePowerOutage (Dec 30, 2010)

Video and more info here!


----------



## ThePowerOutage (Dec 30, 2010)

shakirmoledina said:
			
		

> the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
> if _they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them
> _
> Is it correct, *that the whole basis of this huge exploit is due to the random number issue?*


_They disagree with piracy but accept that it will happen_


*It's mostly to do with that, but their were other fails like the fact the SPE's did almost nothing.*


----------



## Chiverus (Dec 30, 2010)

k first off let me say im a game pirate, DS PSP WII i download games i dont find worth buying for all of them, but I dont know about ps3 private keys. I mean isnt this simular to what happened to the dreamcast in the regards of playing burnt games without modding the core system? and didnt that kill consoles for sega and almost shut them down as a company as a whole? dont get me wrong im all for homebrew emulators (hopping for a ps2 emulator for it but not getting hopes up) but wont this kill the ps3 as a whole the moment piracy gets ahold of it?(and they will)


----------



## Matthew (Dec 30, 2010)

What makes it even harder for sony is the fact that the SDK has also been leaked and homebrew developers will be able to write in the official SDK AND sign there apps.


----------



## nIxx (Dec 30, 2010)

shakirmoledina said:
			
		

> the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
> if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them
> 
> Is it correct, that the whole basis of this huge exploit is due to the random number issue?



Yeah kind of, because of that "random number" they can just calculate the private key (the biggest fail that can ever happen) 
	

	
	
		
		

		
			





 and Sony can´t do anything against it because old software still needs to run (as it was already mentioned in this thread).

@Chiverus: DC was different with the private key it´s just possible to sign homebrew or any other self written software like Sony does it with their own software


----------



## Chiverus (Dec 30, 2010)

nIxx said:
			
		

> [@Chiverus: DC was different with the private key it´s just possible to sign homebrew or any other self written software like Sony does it with their own software



I gathered however that was not the point i was getting at. The point i wanted to make was that priacy no longer needing to mod a core system which in turn would cause a downfall in the devlopment with the system, the point im making at its core is that this is most likly the bullet that will kill the ps3.


----------



## nIxx (Dec 30, 2010)

Chiverus said:
			
		

> nIxx said:
> 
> 
> 
> ...



Nah usually if something gets hacked it will sell even more just look on the PSP after it was hacked it sold better as before thought developers will not like the fact that now every PS3 can be hacked.I think with the DC the problem was that you could play "backups" really soon and really easy (no need for Hard/softmods at all) and developers just didn´t made games then anymore.
However pirating games on the PS3 with this new hack is still far away thought all door are open now without any usb dongle.


----------



## DeltaBurnt (Dec 30, 2010)

Matthew said:
			
		

> What makes it even harder for sony is the fact that the SDK has also been leaked and homebrew developers will be able to write in the official SDK AND sign there apps.



Yes but there's different SDKs for each firmware on the PS3. We only have the SDK for a really old firmware and like 3.41 (if I remember correctly).

Most homebrew developers I'm sure would rather use/contribute to a community made SDK.


----------



## redact (Dec 30, 2010)

ganons said:
			
		

> I take it you will need a jailbreak device in the 1st place to make the hack permanent and a 3.41 or lower fw ps3?


No, the beauty of this discovery is that no "hacks" or "exploits" take place
They correctly sign it, the ps3 reads it and that's all
Fail0verflow are currently working on a .pup file that will install a cfw that replaces gameOS with AsbestOS (so it'll boot on power-up rather than using a dongle and pressing power+eject on power-up)


----------



## ManFranceGermany (Dec 30, 2010)

*PS3 Homebrew/Hack Demonstrations*


1:48 "The Videoram is turned off and we have no clue how to turn it on"
What dose that mean? Is it about PS3 or his netbook or whatever...sorry, Im a noob.


----------



## doyama (Dec 30, 2010)

shakirmoledina said:
			
		

> lovely... now i can buy one if I wanted to (ask getting a ps3jailback like all other devices is quite difficult)
> beautiful work by these hackers, someone day i wish to reach there (to understand what they are doing not hacking big time atleast)
> committed team i guess as the wii is well hacked and its easy to install the hbc which does not put too much commitment to it
> 
> EDIT: Just saw the video and it may seem sony rushed some parts... how do they get the algorithms? are they generated or something or is it in the manual somewhere?



The ECDSA code is a standard way of providing elliptical encryption. Like RSA the methodology of generating the keys is widely known. The difficulty is that it is easy to generate R and S, but difficult or impossible to obtain the private key 'k'. Since they botched the signature generation by using the same 'random' number every time, it was then trivial to obtain the private key. If they had used an actual random number for each signature, it would have been impossible to obtain the private key. 

As indicated in the presentation, if you did it correctly, you'd have 3 unknowns(m1, m2, k), but only 2 equations, which makes the problem insolvable without basically brute forcing it, or analyzing the elliptical curve blah blah blah math that would make most people's head explode like in Scanners. But since they used the same random number, m1=m2 so now you have 2 equations with 2 unknowns (m,k). So solve for m, then solve for k. Easy as pie!

As they say, the weakest link in a security system, is the person behind the keyboard.


----------



## mollekemiel (Dec 30, 2010)

shakirmoledina said:
			
		

> the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
> if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them
> 
> Is it correct, that the whole basis of this huge exploit is due to the random number issue?



try to explain it simple
if you want to calculate the private key you end up with an equation with 2 unknown (means cant be solved) the key and the random number
when the random number is the same for 2 different keys it is possible to make an mathemathic equation with only 1 unknown , the key, (1 unknown means equation can be solved) 
and thats what sony did. they used the same random number to generate multiple keys. (how dumb can you be !)


----------



## doyama (Dec 30, 2010)

ManFranceGermany said:
			
		

> 1:48 "The Videoram is turned off and we have no clue how to turn it on"
> What dose that mean? Is it about PS3 or his netbook or whatever...sorry, Im a noob.



Basically it means that at this point the video out is not working with the exploit. I'm not sure if it's because they don't have lvl1 yet or if it's just a bug in the way the loader currently works. As they mentioned the way it works now is not very refined so there are going to be inevitable bugs like that.


----------



## doyama (Dec 30, 2010)

Thinking about it more, I suspect that Sony is already working on their 'master' revocation list right now. The DSi worked on a similar principle of whitelisting all their previous games and doing an RSA sig for new ones. Watch out for some new firmware updating coming in the next months.


----------



## ManFranceGermany (Dec 30, 2010)

doyama said:
			
		

> ManFranceGermany said:
> 
> 
> 
> ...



But isn't this really bad news? Without Videoram access the whole thing is almost useless, isn't it?
At least u can't play backups and Homebrew could just run from the normal RAM.


----------



## doyama (Dec 30, 2010)

ManFranceGermany said:
			
		

> doyama said:
> 
> 
> 
> ...



That depends on your perspective. For running Linux on the PS3, getting the video out working is really not that important, sincce you can run X and remote in. There are some benefits though to getting video out working. You could get something like XBMC/Boxee running with video. Ultimately though they've accomplished what they wanted.

1) Get Linux running on a PS3 without any dongles (loader overlfow exploit)
2) Being able to boot strap loader overflow exploit, without any dongles ('random number fail' private key)

That's not to say they won't get it working. Sounds like they were rushed to get a work in progress going for the conference. Hopefully by next month when they release the PUP file it will be more refined and such.

However, for them all the 'fun' stuff is done. They've basically owned all existing PS3's in the market and exposed the PS3's security features like the naked Emperor.  It'll be up to other people to take up what they've done and see what happens.


----------



## shakirmoledina (Dec 30, 2010)

i think the architecture of the ps3 has been figured out and hacked so the issue of how to exploit it will be multiple and cleaner in the future (we hope)
i guess the equations are predefined then... ellipses were quite easy to solve when our teacher taught it (well i guess we had a great teacher)


----------



## doyama (Dec 30, 2010)

mercluke said:
			
		

> ganons said:
> 
> 
> 
> ...



I would preface that with all existing PS3's that have the current firmware version (3.55) and below do not need any dongle to use the upcoming PUP file. I suspect Sony is furiously trying to get 3.6 out with a whitelist to block the leak of the private key.


----------



## trumpet-205 (Dec 30, 2010)

Time to buy a PS3.

Poor Xbox 360.


----------



## ManFranceGermany (Dec 30, 2010)

doyama said:
			
		

> ManFranceGermany said:
> 
> 
> 
> ...



Thanks for your explanation!
Time will tell if this hack will be useful for me or not


----------



## doyama (Dec 30, 2010)

shakirmoledina said:
			
		

> i think the architecture of the ps3 has been figured out and hacked so the issue of how to exploit it will be multiple and cleaner in the future (we hope)
> i guess the equations are predefined then... ellipses were quite easy to solve when our teacher taught it (well i guess we had a great teacher)



Yep the equations aren't the typical elliptical curves you would have learned before. They're in multiple dimensions and include scalar multiplication and other crazy mathematical mumbo jumbo. It was amusing to see the mathematical slides done in LaTEX. Ah the good old days of academia. I still dabble in some advanced math, but really a lot of stuff these days just requires too much background knowledge to even begin to understand the basics.


----------



## cwstjdenobs (Dec 30, 2010)

ManFranceGermany said:
			
		

> But isn't this really bad news? Without Videoram access the whole thing is almost useless, isn't it?
> At least u can't play backups and Homebrew could just run from the normal RAM.



It really only means they need a new "driver" of sorts, I think in their replacement GameOS not Linux. Sony's probably sets this up right so they haven't had to worry about it while using JB's, but now they have to do all that set up themselves.

But as sweet as this is right now did anyone catch the RC4 and deobfuscation talks? The techniques used could be very relevant in the future.

EDIT: Well for those of us who count the regular set of dimensions as too much hard work without even going all hypertourus.


----------



## doyama (Dec 30, 2010)

trumpet-205 said:
			
		

> Time to buy a PS3.
> 
> Poor Xbox 360.



Dunno personally I think the PS3 really dropped the ball on the whole internet integration. The Xbox dashboard is a really solid piece of UI and usability. If you think about it, the xbox only bans you from their live service. Which is a smart move, because the hardware itself is worthless, its bascically a gateway to Xbox Live where you ACTUALLY want to be. I never thought the PS3 or PSN was really as polished or as feature rich as Xbox Live.


----------



## SifJar (Dec 30, 2010)

Some pretty interesting quotes from fail0verflow's twitter [http://twitter.com/fail0verflow]:



			
				QUOTE said:
			
		

> @redsquirrel87 yes, we'll release all our tools as soon as we cleaned them up in january or so
> 
> 
> 
> ...



So they'll be releasing the tools to sign stuff quite soon apparently. Good news for anyone with a PS3 interested in homebrew.


----------



## Kwartel (Dec 30, 2010)

Does this mean it'll be plausible to make a cfw which doesn't send ID's from unofficial shit, only official? That would be a big breaktrough!


----------



## doyama (Dec 30, 2010)

kwartel said:
			
		

> Does this mean it'll be plausible to make a cfw which doesn't send ID's from unofficial shit, only official? That would be a big breaktrough!



It might sorta be plausible. I recall that the ID's are store in a file (or somewhere) for upload later to PSN. So you could 'possibly' have the firmware only write for specific IDs in theory. Not enough is known about that whole cycle to speculate if it's possible or not.


----------



## DeltaBurnt (Dec 30, 2010)

kwartel said:
			
		

> Does this mean it'll be plausible to make a cfw which doesn't send ID's from unofficial shit, only official? That would be a big breaktrough!



Well it depends on how the ID's are sent to the PSN. If it's the PS3 that sends them then probably. If the PSN scans your PS3 to get the information then probably not, but still maybe.


----------



## doyama (Dec 30, 2010)

cwstjdenobs said:
			
		

> ManFranceGermany said:
> 
> 
> 
> ...



Which track was the de-obfuscation talk? I saw RC4 one which was interesting, though I don't think having to crack WEP is a huge thing 
	

	
	
		
		

		
		
	


	




 It was more interesting that they used fuzzy logic to actually find the vulnerability, rather than attacking it directly.


----------



## 8BitWalugi (Dec 31, 2010)

Goofy Time said:
			
		

> Small bit of trivia for you guys:
> 
> By having access to the private keys, one of the more renowned discussions about it is homebrew apps can just be "liscensed" and interpreted as Sony-official applications on the PS3. Another thing to note, and probably the reason it may take a new console SKU to fix this is that *every single PS3 game currently released* uses that set key. The only way to counteract that exploit would to make an all new model of the PS3 that regenerates a random key while having a method to reset every single PS3 game ever released to now recognize the new key as legitimate.
> 
> ...


Woah...
Sony, you fucked up bad.


----------



## RupeeClock (Dec 31, 2010)

8BitWalugi said:
			
		

> Woah...
> Sony, you fucked up bad.


They really did, having a random number generator somehow always return the same result?
PS3 won't even need a custom firmware now, people can run whatever the hell they want.


----------



## doyama (Dec 31, 2010)

8BitWalugi said:
			
		

> Goofy Time said:
> 
> 
> 
> ...



I don't totally agree with this sentiment. The leak of the current master key just means that all existing PS3s as of firmware 3.55 can run any code that is signed with this master key. 

To get around this problem, you'd have to do is create an admittedly large whitelist of all existing PS3 games and their corresponding signatures. All new games will be signed with a new master key, while old games will rely on the whitelist to be run. Not impossible as the DSi already does something similar-ish.


----------



## doyama (Dec 31, 2010)

RupeeClock said:
			
		

> 8BitWalugi said:
> 
> 
> 
> ...



They implemented the security the wrong way. They did use a random number generator, they just didn't make a new one every time like you're supposed to. Here's an interesting read on how you can use crypto but screw up in any number of ways if you're not reading the specs carefully. The devil is in the details.

http://rdist.root.org/2010/11/19/dsa-requi...random-k-value/
http://rdist.root.org/2009/10/06/why-rsa-e...ng-is-critical/


----------



## Elaugaufein (Dec 31, 2010)

There are some problems with the whitelist approach, if you hash the entire Blueray and include a filesize check , thats going to have to be computed every time one of those games is started. Thats going to suck, essentially the entire disk has to be read and the hash of a 5-50 GB file has to be computed every time. You could also check the disc as each bit was loaded, essentially slowing the game down constantly instead of once at start up. Depending on the BD architecture and how it communicates with the PS3 either of these could potentially be bypassed (eg the swapping the disc after the calculation, if its done at startup, if the PS3 doesn't have a sophisticated detection method for such, which it probably does). 

The DSi method doesn't do that but its got its flaw anyway since its possible for flash cards to duplicate the part of the cart that is checked (which is how they bypass it)

You can hash a variety of small parts of a file and check them at random too (but that still leaves you open, just with a non-100% success rate). It also means your whitelist is going to be enormous if you have to calculate the hash for 1000 different 10 MB chunks of every PS3 piece of executable code out there (in order to keep the success rate low). 

Essentially sure a whitelist method can work but the more secure it is, the more likely they are going to get themselves crucified for giving every PS3 application a loading time thats more associated with installing a 2+ DVD game on a PC.

(Its also not going to realistic help against anyone who knows about this, they just aren't going to update until such a time as they know its not going to break anything and its going to be really obvious if it does (the next PUP out isn't going to work on older firmwares without an in between update if they change the PUP key, and disabling service mode is equally trivial to spot))

Essentially whether or not its worth it for anything currently out there is debatable (one of the things in a talk is that its going to be possible to redowngrade the loaders using a mod chip essentially for everything out there now , even if they fix the firmware). And once people can install "valid" firmwares from "valid" PUPs they can essentially update every time Sony does just with the revocation lists zeroed out or bypassed.

They could lock it down pretty nicely on new systems (and if they kept the white-list only on new systems people wouldn't have a "Guide to what you need to impersonate to pass" but that requires releasing seperate PUPs for both systems). 

Essentially no matter what they do, its going to hurt them. They really don't have a good choice. 

They'll probably try something though even on the systems out there now (via a firmware update), they probably have obligations to do so even if its essentially utterly pointless (and you don't even have to make it "hard" just "non-trivial" to discourage a certain subset of people, an $X0 modchip  + $X0 installation fee, will slow a bunch of people down).  

Probably a whitelist thats based on reading and calculating only some subset of the data (maybe selected "randomly" from a list) combined with a file size check it'd probably work passably well for a while. Of course they'll also have to kill service mode (in some way) to stop people downgrading (and then reinstalling a "valid" PUP, since alternative l2diag files could now be signed, since dongles are getting pretty cheap. 

Its going to be interesting watching what the reaction actually is. 


Sidenote: A remote system (the PSN) cannot "scan" your PS3,  a "scan" by a remote system is essentially the same as requesting your system to send things to it. If your system is compromised it (the remote system) can't trust the results of the scan, because a compromised system can  transmit a bald-faced lie (and should be assumed to do so whenever such is advantageous). If you play online maybe it could scan the data you transmit to the server for irregularities (since sending completely fake data to a server in an online game is silly) which gives avenues for catching cheaters but thats about it.


----------



## cwstjdenobs (Dec 31, 2010)

doyama said:
			
		

> Which track was the de-obfuscation talk?
> 
> It was using optimising compiler technique's. https://events.ccc.de/congress/2010/Fahrpla...ts/4096.en.html I'm trying to find a video link but everyone seems a bit obsessed with this, stuxnet, and the political stuff right now.
> 
> ...



Totally agree, that was sort of my point.


----------



## doyama (Dec 31, 2010)

But only the BOOT.ELF files are signed in this way, so you don't need to decrypt the entire disc. You just need to read the ECDSA header that contains the signature, and compare that to the whitelist. I don't disagree that the list would be large, but I think the performance hit would be minimal in theory to do the hash and comparison. I suspect the next firmware revision will address this. 

Though I'm not 100% sure, I think the actual stack overflow of the revocation list cannot be fixed since it's in one of loaders that they can't update. So even when the firmware update comes out, since all the security features don't actually integrate the way it's supposed to, you can just create a mod chip to supply the necessary 'bad' revocation list.


----------



## doyama (Dec 31, 2010)

cwstjdenobs said:
			
		

> doyama said:
> 
> 
> 
> ...



http://mirror.informatik.uni-mannheim.de/p...20optimization/

Actaully scratch that, the feed is like 50% filler and the audio cuts out a lot.... Have to wait for the properly edited version.

The file is big but it's something 
	

	
	
		
		

		
		
	


	




 Once it downloads I'll take a look. There's a lot of good talks on there I need to look at once I get the time.


----------



## Slowking (Dec 31, 2010)

BortzANATOR said:
			
		

> Hahaha here comes the pirate ship.
> Honestly has the PS3 really fallen to the hackablily level of the Wii?
> Deeper. The Wii has bugs that can be exploited. Sony handed the hackers the PS3s privat keys and said "here you go sign your homebrew as if it was software we made!".
> 
> ...


No they don't.


----------



## SifJar (Dec 31, 2010)

QUOTE said:
			
		

> SifJar said:
> 
> 
> 
> ...



My bad. The stream was a bit bad at that point, I misunderstood and thought it was a joke.


----------



## doyama (Dec 31, 2010)

SifJar said:
			
		

> QUOTE said:
> 
> 
> 
> ...



Most likely segher just said that because the original PS3Jailbreak videos came from an Australian dealer so he assumed the team was from there. They probably don't follow the scene much, and once the payload was made public there was even less incentive to care about who did what originally.


----------



## qaz00 (Dec 31, 2010)

thedicemaster said:
			
		

> sifjar: there is still a way for them to block homebrew, although it's tedious work.
> they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.
> not that it would help them much for the ps3's that are already at people's homes, because for those some hacker would just make a firmware update without the whitelist.



They cannot block the homebrew nor make a whitelist, because the loader (metldr) we/they know the private key for is *not updatable*. 
	

	
	
		
		

		
		
	


	




BTW the key for signing games/apps is not known, the key we/they have is for signing the GameOS/Lv2 stuff.

EDIT: I spose they could add a whitelist in newly manufactured PS3s.


----------



## Kakkoii (Dec 31, 2010)

Antoligy said:
			
		

> Nicely done, now we'll see a flood of crap just like with the Wii.



And a few gems, like MPlayer CE.


----------



## Gitaroo (Jan 1, 2011)

would be funny sony secret leak/mix in a bunch of fake homebrews that bricks your systems to scare ppl off and they have to have send their system for repair and they make even more $$$.


----------



## redact (Jan 1, 2011)

Slowking said:
			
		

> --=ZerO=-- said:
> 
> 
> 
> ...


they do for homebrew channel
hence 'HAXX' -> 'JODI'

edit:

also for action replay gamecube


----------



## zeromac (Jan 1, 2011)

Well this is going to be interesting! Finally all the big three consoles are hacked

If anyone cares, heres 'info' on the masterkey
http://www.geek.com/articles/games/playsta...-code-20101230/


----------



## Elaugaufein (Jan 1, 2011)

QUOTE said:
			
		

> But only the BOOT.ELF files are signed in this way, so you don't need to decrypt the entire disc. You just need to read the ECDSA header that contains the signature, and compare that to the whitelist. I don't disagree that the list would be large, but I think the performance hit would be minimal in theory to do the hash and comparison. I suspect the next firmware revision will address this.



The thing is if you're just whitelisting the signature, you're inviting attacks that use padding or cruft to replicate the signature (you only need to get one "launcher" program to match the tags and then you're good to go). That is one of the fastest solutions but its also not the most secure. But thats the inevitable tradeoff. 

zeromac: Thats not the signing key, that website has confused two different events (the service jig masterkey which is the key in the article) and the signing keys that fail0verflow found.


----------



## doyama (Jan 1, 2011)

Elaugaufein said:
			
		

> QUOTE said:
> 
> 
> 
> ...



I think the goal at this point for Sony would be to minimize the chance of a pure soft-mod for future PS3s. As long as you need a mod chip, then it creates a significant barrier of entry for most people. Even with a pure soft-mod Wii, the Homebrew channel install population is only 1% of existing Wii's. As long as you can keep the #'s down it can help significantly.

A signature attack might be possible, though I think the ability to duplicate another signature is still be very difficult even for a launcher application. I agree that it's probably just the quickest fix, but I think speed is better in this case. It doesn't need to be rock solid secure, since we know the security is already kinda crap on thePS3. You just need to make the barrier of entry higher and that's probably enough for now.


----------



## Slowking (Jan 1, 2011)

mercluke said:
			
		

> Slowking said:
> 
> 
> 
> ...


Well if you consider deleting 4 title IDs a blacklist, then k.


----------



## SifJar (Jan 1, 2011)

Slowking said:
			
		

> mercluke said:
> 
> 
> 
> ...



Um, yeah. That's exactly what it is. What else could it possibly be? You think its not a "list" till it has a lot of stuff in it? Anything with two or more items can be a list. In fact, I see no reason why a list can't have one entry.


----------



## ManFranceGermany (Jan 2, 2011)

Elaugaufein said:
			
		

> Thats going to suck, essentially the entire disk has to be read and the hash of a 5-50 GB file has to be computed every time. You could also check the disc as each bit was loaded, essentially slowing the game down constantly instead of once at start up.



Isn't Nintendo doing exactly the same thing with the Wii? At least as far as I understood in this first presentation he mentioned that the Wii hashes the whole Disc.


----------



## Rydian (Jan 2, 2011)

He's talking about a blacklist on startup.

The list you're talking about is only on update.


----------



## chartube12 (Jan 3, 2011)

Sits back and waits for a working port of dolphin for the ps3.


----------

