PS3 Hackers able to sign code (and more)!

[shakirmoledina]

the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them

Is it correct, that the whole basis of this huge exploit is due to the random number issue?

 

[overlord00]

@matthew... nah. just venting my hulk-like rage. People have no respect these days.

 

[ThePowerOutage]

There are still differences between Sony and homebrew code. With a new hardware revision, Sony could rewrite the SPE code and crush brew on newer consoles I think.
I mean, they screwed it up but Fail0verflow seemed to suggest it could be patched.

 

[overlord00]

the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them

Is it correct, that the whole basis of this huge exploit is due to the random number issue?
according to their panel at Chaos Communication Congress, Sony's "random number generator" was infact not random at all... many (if not all) random numbers generated by the console used this same "random number" where the number was according to TT a static number... however, this was probably over simplified.

For as long as they have been around ie; MARCAN, BUSHING, etc, they have always been about the homebrew scene, forever are they "fighting" the pirates, and from what i understand, they hate piracy, and have never been about exploiting for piracy... it is/was merely an oversight.


QUOTE(ThePowerOutage @ Dec 30 2010, 08:50 PM) There are still differences between Sony and homebrew code. With a new hardware revision, Sony could rewrite the SPE code and crush brew on newer consoles I think.
I mean, they screwed it up but Fail0verflow seemed to suggest it could be patched.

Potentially yes, seeing they would have to fix the boot0 (or whatever it was) exploit. However, @Goofy Time makes a good excuse... previous games would fail to authenticate... there would have to be some serious work done to prevent the same thing from happening again with the new hardware.

 

[Goofy Time]

the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them

Is it correct, that the whole basis of this huge exploit is due to the random number issue?

That random number sequence is supposed to keep private keys...private. They're basically the official authorizers for the device. Having them at your disposal literally means you can get a homebrew app on your PC and transfer it over to your PS3 and have it almost instantly recognizable. And the only way to really fix the key issue would be to make a new version of the console that somehow recognizes games, as PSN games and PS3 discs are still looking for the current key. Patching and changing the key on current consoles imposes the tremendously likely risk that every single piece of software made prior to the patch is rendered unrecognizable by the system. It puts Sony in a corner that it can't even be fought like DS and PSP hacking. How can they disable applications the console recognizes as Sony authorized? Having the private keys basically means you can authorize the homebrew app as Sony code, and the system wouldn't be able to know the difference.

 

[ganons]

I take it you will need a jailbreak device in the 1st place to make the hack permanent and a 3.41 or lower fw ps3?

 

[dlf]

From the seemingly large amount of threads of this on other sites, I doubt it probably just a USB FAT formatted stick.

 

[Ziggy Zigzagoon]

...and I give the hackers an "F"... for "Fabulous"!

Seriously, though, I find looking into the security systems of all 3 consoles interesting. I mean, Wii has the most unique features, yet such is apparently the console that is easiest to hack.

I am starting to feel more and more appreciative of my waiting for the PS3. (All I need now is the money... The PS3 is essentially a one-time purchase now...)

 

[ThePowerOutage]

Video and more info here!

 

[ThePowerOutage]

the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them

Is it correct, that the whole basis of this huge exploit is due to the random number issue?

They disagree with piracy but accept that it will happen


It's mostly to do with that, but their were other fails like the fact the SPE's did almost nothing.

 

[Chiverus]

k first off let me say im a game pirate, DS PSP WII i download games i dont find worth buying for all of them, but I dont know about ps3 private keys. I mean isnt this simular to what happened to the dreamcast in the regards of playing burnt games without modding the core system? and didnt that kill consoles for sega and almost shut them down as a company as a whole? dont get me wrong im all for homebrew emulators (hopping for a ps2 emulator for it but not getting hopes up) but wont this kill the ps3 as a whole the moment piracy gets ahold of it?(and they will)

 

[Matthew]

What makes it even harder for sony is the fact that the SDK has also been leaked and homebrew developers will be able to write in the official SDK AND sign there apps.

 

[nIxx]

the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them

Is it correct, that the whole basis of this huge exploit is due to the random number issue?

Yeah kind of, because of that "random number" they can just calculate the private key (the biggest fail that can ever happen)

and Sony can´t do anything against it because old software still needs to run (as it was already mentioned in this thread).

@Chiverus: DC was different with the private key it´s just possible to sign homebrew or any other self written software like Sony does it with their own software

 

[Chiverus]

[@Chiverus: DC was different with the private key it´s just possible to sign homebrew or any other self written software like Sony does it with their own software

I gathered however that was not the point i was getting at. The point i wanted to make was that priacy no longer needing to mod a core system which in turn would cause a downfall in the devlopment with the system, the point im making at its core is that this is most likly the bullet that will kill the ps3.

 

[nIxx]

[@Chiverus: DC was different with the private key it´s just possible to sign homebrew or any other self written software like Sony does it with their own software

I gathered however that was not the point i was getting at. The point i wanted to make was that priacy no longer needing to mod a core system which in turn would cause a downfall in the devlopment with the system, the point im making at its core is that this is most likly the bullet that will kill the ps3.

Nah usually if something gets hacked it will sell even more just look on the PSP after it was hacked it sold better as before thought developers will not like the fact that now every PS3 can be hacked.I think with the DC the problem was that you could play "backups" really soon and really easy (no need for Hard/softmods at all) and developers just didn´t made games then anymore.
However pirating games on the PS3 with this new hack is still far away thought all door are open now without any usb dongle.

 

[DeltaBurnt]

What makes it even harder for sony is the fact that the SDK has also been leaked and homebrew developers will be able to write in the official SDK AND sign there apps.

Yes but there's different SDKs for each firmware on the PS3. We only have the SDK for a really old firmware and like 3.41 (if I remember correctly).

Most homebrew developers I'm sure would rather use/contribute to a community made SDK.

 

[redact]

I take it you will need a jailbreak device in the 1st place to make the hack permanent and a 3.41 or lower fw ps3?

No, the beauty of this discovery is that no "hacks" or "exploits" take place
They correctly sign it, the ps3 reads it and that's all
Fail0verflow are currently working on a .pup file that will install a cfw that replaces gameOS with AsbestOS (so it'll boot on power-up rather than using a dongle and pressing power+eject on power-up)

 

[ManFranceGermany]

PS3 Homebrew/Hack Demonstrations


1:48 "The Videoram is turned off and we have no clue how to turn it on"
What dose that mean? Is it about PS3 or his netbook or whatever...sorry, Im a noob.

 

[doyama]

lovely... now i can buy one if I wanted to (ask getting a ps3jailback like all other devices is quite difficult)
beautiful work by these hackers, someone day i wish to reach there (to understand what they are doing not hacking big time atleast)
committed team i guess as the wii is well hacked and its easy to install the hbc which does not put too much commitment to it

EDIT: Just saw the video and it may seem sony rushed some parts... how do they get the algorithms? are they generated or something or is it in the manual somewhere?

The ECDSA code is a standard way of providing elliptical encryption. Like RSA the methodology of generating the keys is widely known. The difficulty is that it is easy to generate R and S, but difficult or impossible to obtain the private key 'k'. Since they botched the signature generation by using the same 'random' number every time, it was then trivial to obtain the private key. If they had used an actual random number for each signature, it would have been impossible to obtain the private key.

As indicated in the presentation, if you did it correctly, you'd have 3 unknowns(m1, m2, k), but only 2 equations, which makes the problem insolvable without basically brute forcing it, or analyzing the elliptical curve blah blah blah math that would make most people's head explode like in Scanners. But since they used the same random number, m1=m2 so now you have 2 equations with 2 unknowns (m,k). So solve for m, then solve for k. Easy as pie!

As they say, the weakest link in a security system, is the person behind the keyboard.

 

[mollekemiel]

the removal of OtherOS was actually a flag to allow hackers to jump into... correct me if i am wrong but do u sincerely believe tht hacking is done for homebrew (i am talking about hackers themselves)? dont u think tht they do something tht gives the stepping stone towards piracy if not releasing an exploit to allow full piracy
if they are doing it JUST for homebrew and running their own codes... then TOTAL ABSOLUTE respect for them

Is it correct, that the whole basis of this huge exploit is due to the random number issue?

try to explain it simple
if you want to calculate the private key you end up with an equation with 2 unknown (means cant be solved) the key and the random number
when the random number is the same for 2 different keys it is possible to make an mathemathic equation with only 1 unknown , the key, (1 unknown means equation can be solved)
and thats what sony did. they used the same random number to generate multiple keys. (how dumb can you be !)