PS3 Hackers able to sign code (and more)!

  • Thread starter Thread starter DeltaBurnt
  • Start date Start date
  • Views Views 27,815
  • Replies Replies 178
steveo1978 said:
Argentum Vir said:
MasterPenguin said:
You can't say sony failed hard, their security lasted over 4 years. They did good.
I could have been hacked more soon, but people were apparently put off by the statement of "Inhackability". Seriously this could have been blown wide open 2 - 3 years ago if there was more interest back then. Just goes to show you that no one should listen to the manufacturer, and push the limits, and break the rules anyway.

Cost had alot to do with it not being hacked to. I believe GeoHot was giving one for free and he had hacked it in a few weeks. Also must hackers i have seen start out by just wanting to run linux on a console and since the PS3 already had linux and could run emus and some other homebrew in it there was no need nut when Sony removed linux that motivated people into trying to put linux back and when they found away then that opened the door for piracy and other homebrew. If Sony had not removed OtherOS the PS3 probably would still be unhacked.

"If Sony had not removed OtherOS the PS3 probably would still be unhacked."

that's the irony of it all.
 
MasterPenguin said:
Argentum Vir said:
MasterPenguin said:
You can't say sony failed hard, their security lasted over 4 years. They did good.
I could have been hacked more soon, but people were apparently put off by the statement of "Inhackability". Seriously this could have been blown wide open 2 - 3 years ago if there was more interest back then. Just goes to show you that no one should listen to the manufacturer, and push the limits, and break the rules anyway.

So you think Sony telling everybody its unhackable was unintentional? As I said, they did well.
No, it was intentional, but my point is to ignore the manufacturer and push and break stuff anyways.
 
steveo1978 said:
Argentum Vir said:
MasterPenguin said:
You can't say sony failed hard, their security lasted over 4 years. They did good.
I could have been hacked more soon, but people were apparently put off by the statement of "Inhackability". Seriously this could have been blown wide open 2 - 3 years ago if there was more interest back then. Just goes to show you that no one should listen to the manufacturer, and push the limits, and break the rules anyway.

Cost had alot to do with it not being hacked to. I believe GeoHot was giving one for free and he had hacked it in a few weeks. Also must hackers i have seen start out by just wanting to run linux on a console and since the PS3 already had linux and could run emus and some other homebrew in it there was no need nut when Sony removed linux that motivated people into trying to put linux back and when they found away then that opened the door for piracy and other homebrew. If Sony had not removed OtherOS the PS3 probably would still be unhacked.
linux had nothing to do with it
it was going to get removed on the ps3 fat regardless because of cost of supporting something very few people even use (its pretty expensive updating support for linux every time a new firmware is released believe it or not)
it was already removed in the ps3 slim back in aug of 2009

geohot discovered a vulnerability in jan or so, didnt really go any where
then linux was removed in apr, geohot went on a rampage swearing revenge on sony, nothing happened
geohot then announces he is leaving the scene, gets called a pussy, failure, poser, and just about everything else in the book then uses this as an excuse why the PS3 isnt hacked yet and why he is leaving
fast forward to late aug, PS3 Jailbreak announced, enabling of running unsigned code and pirating games via a USB Jig, clones then appear for a fraction of the cost in sep doing the exact same function
 
Why call Sony's PS3 security 'epic fail' when it originally took them this long to be able to hack it (unlike the 360 and Wii which were hacked fairly quickly)?

EDIT: Never mind, someone already brought it up.
 
BortzANATOR said:
Hahaha here comes the pirate ship.
hackitlorl.jpg


stupidfaceh.jpg
 
all this cfw talk, when if this is true cfw would be completely pointless.
why use cfw to disable signature checking, if you can let pretty much everything pass the ofw's signature checks?

btw, it IS in fact possible for sony to patch this, but it's a nightmare to do so.
they'd have to not only check for signed code, but also verify every game/program using a whitelist and figure out a new protection method for games still to come(unless they want to bring out a firmware update with a new whitelist every time a game comes out)
 
Rydian said:
I understand substitute functions to return values when the correct one isn't functional, but shouldn't generating a random value always be functional unless your system is to the point that you're not going to be coding anything at all?

I doubt the REAL function just returned 4, I'm sure they just did that to be funny. I'm guessing that the actual code attempted to be random but always outputted 4 because of bad coding.
 
DeltaBurnt said:
Rydian said:
I understand substitute functions to return values when the correct one isn't functional, but shouldn't generating a random value always be functional unless your system is to the point that you're not going to be coding anything at all?

I doubt the REAL function just returned 4, I'm sure they just did that to be funny. I'm guessing that the actual code attempted to be random but always outputted 4 because of bad coding.
that picture they had was a XKCD picture,
Xkcd: Random Number
 
DeltaBurnt said:
I doubt the REAL function just returned 4, I'm sure they just did that to be funny. I'm guessing that the actual code attempted to be random but always outputted 4 because of bad coding.

It's not even 4, that was for comedy effect. The actual number is much bigger, although still not random.
 
Eh... this is a mixed bag.


Piracy will be sure to ruin quite a few of the PS3's charm.
Cheater's online will also begin to be more of a nuisance.
Such a mixed feeling in the pit of my stomach.
 
jalaneme said:
doyama said:
2) The hack cannot be 'patched' by any means by firmware updates

are you 100% of that statement, you should know what sony is like with their firmware updates, it's a cat and mouse game for them!

Yes it is 100% true. It is impossible for Sony to change their private key, it would render every piece of software to date useless. They could add a second key I guess, but to maintain support for current software, they would have to retain the ability to run code signed with the old key, and therefore homebrew could still be signed with the old key, and this would be entirely pointless. They can NOT stop code signed with the current key from running, that would break everything currently in existence for the PS3. There is no way for them to patch it. If they could, of course they would, and it'd be cat and mouse until the PS4 is out, but they can't. Especially this late in the PS3's life. If it were a few months after its release, perhaps they could try and recall all units and software, but even then, it'd be a complete pain in the ass. Now, there is no chance.

My guess is that decent games for the PS3 will sadly trail off now. Considering it will most likely be SO easy to pirate games from now on, in a way that cannot be prevented with updates, why would companies keep developing games? At least with the Wii, Nintendo can try to prevent piracy with each update, blocking exploits etc., but in this case there is no exploit as such, nothing to block.
 
First off, you guys do realise that piracy will wait a while? I mean, failoverflow aren't releasing their stuff for a bit and it will take a while for people to reverse or replicate the steps for piracy.
Second, the presentation kept in pushing the point that all PS3 out AT THE MOMENT are vunrble, implying that new PS3s may come with this parched.
 
sifjar: there is still a way for them to block homebrew, although it's tedious work.
they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.
not that it would help them much for the ps3's that are already at people's homes, because for those some hacker would just make a firmware update without the whitelist.
 
ThePowerOutage said:
First off, you guys do realise that piracy will wait a while? I mean, failoverflow aren't releasing their stuff for a bit and it will take a while for people to reverse or replicate the steps for piracy.
Second, the presentation kept in pushing the point that all PS3 out AT THE MOMENT are vunrble, implying that new PS3s may come with this parched.
yes but there are probably millions of ps3s on shelves right now that can be patched and sony will not be recalling them to install it as it will cost them too much and be a nightmare media and logistics wise.
 
thedicemaster said:
sifjar: there is still a way for them to block homebrew, although it's tedious work.
they just have to make a whitelist of all currently existing legit ps3 software, and block anything signed with the old(current) key that isn't on this whitelist.
not that it would help them much for the ps3's that are already at people's homes, because for those some hacker would just make a firmware update without the whitelist.

Then we will see the ps3 equivalent of Fish Tycoon to trick the system
 

Site & Scene News

Popular threads in this forum