I have been reading some into the recent news about the keys being publicly released. Interesting stuff. Two questions come to mind (out of curiosity). Anyone 1337 enough to answer them? a) The way I understand it, is that software only runs when both the console and the software are signed with the same key. The guys who did this, when to great lengths to exploit and reverse-engineer the ps3. Why not just take the keys from the games instead? Would seem so much easier. b) What happens to the keys when a game is copied in the first place? I have seen countless ps3-titles online. Did their keys got destroyed in the dumping process? How? Ta for the answers.
a) this is the difference between symmetric and asymmetric encryption (the PS3 using the latter for the purposes of code signing)- symmetric uses the same keys to encode and decode where asymmetric uses a key to sign/encrypt files and another one to verify/decode them (this means depending on what you want to do you keep one key a secret and the other you can send to anyone you so desire*). To this end yes it was probably very silly to have the PSP private keys on the PS3- by and large you keep the keys locked very tight and only a select few people can access things to do with them let alone know them. These different keys are mathematically related but should be impossible to derive from just the public key (it is based on the mathematical principle that multiplying two numbers is easy or some other similar/related concept but trying to figure out what two were multiplied when given the result is near impossible- prime numbers and ellipses providing a good basis for all this). What Sony did was fluff another part of this when it comes to actually working as encryption/signing (the random number that the encryption relies on) to as the videos demonstrated reduce the problem from one of untold time with a supercomputer/all the computers in the world to simple high school maths (encryption is often really fun like that). Read up elliptic curve cryptography if you want more on that, a simple search and scan through says http://math.arizona.edu/~mleslie/files/ecc.pdf is pretty good. *this is the one we got for the wii, the reason it is useful on the wii is because nintendo hosed up their test method and we could check files against this key when altering junk parts of the file until we hit a correct value for the first part of the hash (which if you did it right is all that mattered) which is easy to do- more http://debugmo.de/2008/03/thank-you-datel/ . In addition to this it allowed decryption of a lot of the code which helped in finding further exploits (this a common key can do for all systems that have one or at least parts able to be decrypted with it- in and of itself it will do nothing for allowing you to run code). b) I am not familiar with the blu ray/PS3 media protection but assuming it is the same as other such devices like DVDs and other optical media this is less that keys get broken (although they might) but that your little home burner by design can not replicate and even adequately read things well enough to hope to replicate what a optical media press can do. This protection comes up as many things including unburnable lead in (there were a few DVD hacks that did this before DVD CSS was broken and indeed some of the big "pirate" factories and companies like Datel aim to replicate) and error sectors (security sectors) that things like daemon tools emulate and the 360 hacked DVD drives emulate (security sectors as a file that the drive feeds back to the 360 proper).
Idid some thinking about this part (which seems very logical to me). You take the private key, multiply it by a prime, end up with a public key, which is considered a match and runs the game. Now where does the story about Sony using a fixed number instead of a random number come in?
That is not how you get/use the key per se and the video covers it quite well* but anyhow * I am assuming you have seen it but for the benefit of others reading http://www.youtube.com/watch?v=5E0DkoQjCmI - 35 minutes 30 seconds starts the crypto explanation, 37 minutes and a few seconds starts the where Sony screwed up section. Do watch the whole thing though. Encryption and data signing is usually based around a so called hard problem (actual mathematical term like real, imaginary, complex, logarithmic and the like) and the two big ways to do it (as least as far as asymmetric stuff goes in the real world) is to use prime numbers (RSA is a good one here) or the maths behind ellipses/elliptical curves (ECDSA being the choice method here). http://security.ece.orst.edu/koc/ece575/papers/ecdsa.pdf gets right into it (mainly section/chapter 4 although you might want to read 3 as well). One of the equations used in the signature is along the lines of signature part which remember is just a number = ( sha1 of thing you want to sign + (private key multiplied by result of hard maths function) ) / random number The hard maths function also uses the supposedly random number and indeed is the only true unknown as far as the stuff the person has to decode it knows. However being a hard function you can not take the result and the other known input data and use it to get the random number. The random number used in the hard part is the same as the equation mentioned up above and the private key is the private key which should be constant for your entire implementation or else there is no point. All well and good until you consider that Sony chose to use the same random number every time they did that signature (there are multiple different signatures/private keys for various parts and versions of the PS3 platform but they are all broken in the same way so it is just a matter of repeating the process) Getting two signatures is easy enough (there are multiple programs after all), you have the data being signed and sha1 is a known function if nothing else. s1 = signature 1 and s2 = signature 2 k= random number m1=program1 m2=program2 r= hard maths part d= private key aka holy grail of PS3 hacking. s1 = (m1's sha1 + d*r)/k s2 = (m2's sha1 + d*r)/k As Sony screwed up and used k twice (or indeed all the time) you can combine the equations to lose the private key*hard maths part (remember r is derived using k so the same k value makes for the same r value). If they had used a different random number it would have been impossible/pointless trying to combine them. s1-s2= (m1's sha1 - m2's sha1)/k Rearranging to find k is easy enough. While you are at it rearrange the "easy" equation to have the private key "on one side". private key = ( (random*signature) - sha1 )/ result of hard maths As part of the whole signature you have the result of hard maths (it is part of the public key), you have the random number thanks to the trick above and the signature and sha1 values are there as well. The private key is now a matter of perhaps 30 seconds on a calculator.
Thanks again for the long explanation. I'll watch the video again now. Stuff starts to make a lot of sense now.