Slashdot Mirror
Playstation 3 Code Signing Cracked For Good
ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"
"Following this, the team declared Sony's security to be EPIC FAIL!"
Is it really necessary for everybody to talk like complete dicks nowadays?
I feel a bit more comfortable jailbreaking a game system with a dongle or some other easily removable device, if I would like to resell it, etc. I guess I'm just that paranoid.
Epic Fail? WTF?
How many years has it taken to crack the PS3?
I'd say that Sony has done a remarkable job.
Does it go on forever?
It's a bit late to invalidate private keys.
My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.
While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.
Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Please, the Dreamcast was epic fail it shipped with accessible debug mode.
From the blurb:
'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system.
Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.
Weaselmancer
rediculous.
Thousands of commentards said this couldn't happen. How can people on the Internet be wrong?!
It is impressive indeed. Though I do note that it didn't completly resist attack for four years. It just took for years to be completly, irrepairably and conveniently broken. There have been wayst o break the PS3s DRM for years, but their complexity put the beyond the ability of all but the most technologically capable users. With the code-signing cracked, it's as simple as burning an ISO.
How did Sony fuck that one up?
It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.
With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.
With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).
What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".
How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?
Yipee, replacement parts for the Beowulf cluster!
threadeds blog
I wanted to commit a PS3 to biomedical research on a project of MY choosing, as well as play LEGIT games but that was taken because ... well it doesn't matter as it's too late now.
I wouldn't say Epic Fail:
1: PS3 was released to retail on November 11, 2006. That's over 4 years of security when you had both the lock and the key.
2: As is pointed out, if they want to pay the price for it Sony can invalidate and replace the keys revealed. Expensive and a PITB, but certainly possible if it matters enough.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
To be fair, until Firmware version 3.21, which was released in April this year, it was officially supported to install an alternative OS on the PS3 - so there was little motivation to break the code signing system.
Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.
I was at the presentation in Berlin today. They did bring up this exact point.
Their counter argument was that people don't take into consideration that the console did support homebrew until Sony declared they'd drop that. The argument for that action was they'd save money not having to support it for their then-new PS3 Slim models, which turned out to be bullshit after hackers discovered that the Slim (with some hacking) could actually run the same Linux distros as the PS3 Fat. They then disabled OtherOS on the PS3 Fat, too.
This was 12 months ago (can't cite a source other than the slides), making it take only 12 months of actual effort for it to get cracked, as opposed to other (closed) platforms where the homebrew hacking efforts begin at day 0.
That's true. And Sony have been boasting of having the toughest DRM of all consoles.
However, it only took half a year from removing Linux support, and in that short period have had many partially successful attacks against it. Before, while they had the Linux support, such stories were remarkably rarer.
Many critics meant that the continued security of the console was partially because they allowed linux to run on it, and so many of the talented people had no reason to look closer at it. Since PS3, after four year of "DRM cracking almost never heard of" have now gone to "Completely broken" in just over half a year's time, I think they have a point there.
It's not that it was that much more secure, it's just that most of the really talented people had no reason to look into it.
It's The Golden Rule: "He who has the gold makes the rules."
Yeah, but during the first three of those four years the only reason was piracy why people would want to break it. Which is clearly not the intention of those guys. So, technically it was only twelve months since SONY removed the OtherOS mode.
The people that did this exploit/hack/whatever reportedly only chose this method of action after Sony decided to remove OtherOS support from PS3's. Their stated goal is to get Linux up and running on retail PS3s. Maybe this would've occured a lot quicker if OtherOS never existed.
Folks toss about the phrase "Epic Fail" far too loosely. Here's what a real Epic Fail looks like:
The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.
As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.
THAT is an epic fail.
"Time flies like an arrow; fruit flies like a banana." --Groucho Marx
It took probably thousands or more hackers and modders since 2006 to crack it, so epic fail would be an overstatement. If they did it in an afternoon, then I would agree it would be an epic failure.
From @fail0verflow:
"we only started looking at the ps3 after otheros was killed."
and
"our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."
If Sony would have left OtherOS alone, they wouldn't be in this predicament.
Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.
No, it took 8 months to be broken.
The Other OS functionality of the PS3 was unilaterally removed by Sony on April 1st 2010. The years before are of no importance, because you could freely boot Linux. Nobody who had the skills to crack the PS3 even bothered to look.
When they removed Other OS, Sony signed their own fucking death warrant.
Does my bum look big in this?
Do they really have Sony's signing key?
Of course, the real win would be to get the Windows Update private key. That, and a BGP exploit, and you can rule the Windows world. I still consider Windows Update an unacceptable backdoor. Someday, that's going to backfire.
What does this mean for hacks and other programs that modify program code or execute and stay resident alongside game code? Does the cracking of the keys allow custom boot loaders that will open the doors for hacking?
If so, this is a sad day. The primary reason I bought a PS3 was to play in a hack free environment.
"dongle-less jailbreaking by overflowing the bootup NOR flash"
Awesome. I expect to hear this line in a sci-fi movie someday.
I remember that cracking PS3 got a huge soar when SONY killed Linux support with a firmware update.
I wonder if current motives are still Linux booting. If this is the case, SONY executives are truly dumb.
Does someone knows what are (practical) counter measures sony have against secret key leak ?
It's a known myth, but actually it was broken because Sony allowed Linux to run in it.
Geohot's mem glitch exploit would not work, if not OtherOS (Linux).
And all existing hacks used dumps made using mentioned exploit.
there are video mirrors and updates here: http://www.ps3news.com/PS3-Hacks/Fail0verflow-27C3-PS3-Exploit-Hacker-Conference-2010-Highlights/
Ah, but users have been able to run Linux for most of that time. Jailbreaks started being introduced only AFTER Sony removed Linux... I don't recall hearing about attempts before then.
I wonder if current motives are still Linux booting.
You ever actually thought that was the real motive when the first uses of all these jailbreaks was to pirate games? How naive you are.
Yeah this all has to do with Sony killing linux support. That is why the 360 has hacked firmware and the Wii has been hacked, because of linux... . Really can we really stop being hypocrites about telling this all has to do with regarding of free software and linux.
So does this mean a hypervisor free linux is around the corner? I may change my stance on buying a PS3.
Sometimes, life itself is sarcasm...
In other words, Sony has just gone and proved that the only DRM that remains unhacked is the kind that nobody cares to hack. See also: SACD.
Not a typewriter
Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Another way to look at is that on April 1st, 2010 the "other OS" option was retroactively removed from all PS3s with current firmware.
That makes it 5 months from pissing off the wrong people to the first widespread jailbreak and 9 months to a permanent crack.
When information is power, privacy is freedom.
Only on the original models. Slim has never had this option.
Choosing the lesser of two evils is a choice for evil.
Yeah, homebrew. That's it. People are dying to run homebrew... like a custom-copied version of LittleBigPlanet 2
In other words, Sony has just gone and proved that the only DRM that remains unhacked is the kind that nobody cares to hack. See also: SACD.
SACD is cracked. Or at least worked around enough so that it doesn't matter.
There are two hacks for SACD:
1) Physical modification of various players to extract the PCM audio after conversion from DSD, this approach is a few years old now.
2) The widespread crack of HDCP enabled extraction of the original DSD audio from any HDMI equipped SACD player.
There are plenty of SACD rips floating around the net
When information is power, privacy is freedom.
Mod parent up, folks. This is exactly the fix we should expect from them.
DRM: Terminator crops for your mind!
...access to the signing keys. This is fairly unprecedented, as far as I know
The HDCP master key was also recently found.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Depending on the specifics of the checksum procedure, this could be far from trivial. If Sony has any sense they will use a hash function that makes collisions extremely hard to find.
DRM: Terminator crops for your mind!
and now cracked in 2010? That's not too bad if it took hackers almost 4 yrs to crack it. Most encryption isn't made to be uncrackable, just takes a ridiculously long amount of time to do it that it becomes impracticable in the long run.
It is what I plan to do with it.
When they removed Other OS, Sony signed their own fucking death warrant.
... because this has somehow killed Sony or even the PS3?
I hope XBMC will be ported to it now.
ayottesoftware.com
http://xkcd.com/221/
Not surprising and something that's likely to be a trend in consumer devices over time, especially as more and more devices become "connected" -- An interesting research report we highlighted last week shows just how vulnerable these newly connected devices are (ok PS3 isn't newly connected but many more consumer devices are) Cellphones, iPods, digital cameras, set-top boxes, gaming systems... these devices pervade modern life. Mostly, they make our lives easier and more fun. But if they're built without the proper security technology, our favorite gizmos and gadgets can seriously compromise our privacy, finances and even our personal safety: http://www.securityweek.com/security-focus-consumer-electronics
They only started attempting to crack it once the OtherOS option was removed, which was around 9 months ago. So, in essence it took them 9 months to crack, not over 4 years.
They removed OtherOS. If they would have left OtherOS intact, these groups would have had no reason to want to crack the PS3.
Sony did this to themselves.
Possibly. I just look at the numbers (over 3 years in relative peace, then several strong (as in easy to do by customer) cracks in under a year) involved, and that many of the people trying to crack it now says they only started because linux support was removed.
Did the Sony engineers remove it because they knew this would happen, or did this happen because they removed the support? Did the chicken come before the egg, and was he wearing a condom? We don't know.
However, one thing that I have been thinking about these last minutes.. I don't see why this is the end of the world for Sony. There are a limited number of games using the old key. And with crypto signing / verification you usually work on a hash.. Let's say that the hash is 256bit long (rather overkill, really), and there are 30.000 games released (Wikipedia lists 653 games, but I don't think it's complete. Plus you probably have different versions and locales) - that's still under 1MB of data. It's perfectly doable for them to make a whitelist of hashes allowed to use the old key. And if they use exceptionally large hashes for some reason, or validate against the whole binary code... Just sha256 it. Done deal. If performance is a problem (scanning the table) you could make an index of it during firmware upgrade, or have a local cache of valid hashes.
In short, I see absolutely no reason why they couldn't do this. Sure, it's a lot of work, and you're almost guaranteed to miss some.. But the alternatives are worse. Just give the ones with problems some free store credit, everyone is happy, and The Disaster(TM) is easily averted.
It's The Golden Rule: "He who has the gold makes the rules."
I'm sorry, the PS3 being cracked is a bad thing? Maybe for Sony's crypto guys, but not for the consumer. I'm way more likely to buy a PS3 now that I can run MY code on it and do what I want with it.
Didn't I read something about the US Army/Air Force/Navy/Marines/Something using PS3s as ad-hoc supercomputers? Sounds like a great thing for them.
Considering the attacks against the PS3 skyrocketed after OtherOS was removed in April, yeah I think for the kind of people technically proficient enough to perform these type of hacks it was, or at least it was about the perceived challenge from a huge faceless corporation. Most of the people capable of pulling this type of stuff of are smart enough to have a job which makes the couple bucks saved in pirating games worthless compared to the hours spent.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
That's all I want, badly, very badly.
It's half the reason I got the PS3 when I did, XBMC was in the early stages of PS3 support, however the idiots at Sony blocked the GPU acceleration for the video so the team abandoned it once the 3D loophole was closed in linux. I don't know the full term, something along the lines of a hypervisor.
Then they closed off linux all together.
I love it as a gaming machine but I wish it could match my Xbox1. The Ps3 hardware is amazing, XBMC would be brilliant on it.
3. The SACD player digital audio output. All SACD players must support a DRMed extension - I forget it's name - but it's very primative and trivial to break. So you could just record off that.
The PS3 was being attacked well before OtherOS removal. When linux was available the graphics on the machine were limited to virtualization. The race was on too crack the 7 locked down SPUs. Were people successful? Mostly no, but that doesnt mean attempts havent been made. If i remember correctly, Geohot's intention was to gain access to the cores. They just happened to find an exploit to give them keys to the kingdom
Removing linux definitely brought the talent out of the woodwork, but it did not start a war
PS3's security might be dead, but it was effective for a hell of a lot longer than the "EPIC FAIL" meme was funny.
The xbox one was released on 15th Nov 2001 and its private keys still havnt been cracked.
The removal of the OtherOS option was not the reason for the current crack. The OtherOs was removed because George Hotz figured out a crack involving the OtherOS option. He released that crack in Jan 2010 and Sony removed the option in March 2010. The current cracker crew cracked it in 9 months while having 3 years of people exploring lots of dead ends for them to ignore. Yes, a small percentage of people will use the now open PS3 to run homebrew. 99.99% of people will use the crack to run pirate games. Free always trumps $.
Give me enough EC2 cycles (or donated, via BOINC), and you can find those collisions. It just takes some time.
3. The SACD player digital audio output. All SACD players must support a DRMed extension - I forget it's name - but it's very primative and trivial to break. So you could just record off that.
I own a stand-alone SACD player and I have no idea what you are talking about.
If you are thinking of SP-DIF/toslink - at best that only gives you down-rezzed CD-quality - might just as well rip the CD compatibility layer that most SACD discs have.
When information is power, privacy is freedom.
http://twitter.com/fail0verflow Whoever originally wrote something about "overflowing the bootup NOR flash" needs to be shot (after watching the talk and paying attention)
That's nearly a year until it was completely haxxored, it had been successfully hacked a couple times over that time period, just not in a way that didn't require a dongle.
So, appeasing the users with OtherOS capability got goodwill on Sony's side for 3 years, 4 months. Sony withdraws the feature that appeased hackers and it got defeated in just under 9 months.
They thought they had security; they just had never been tested. They'd thought that if they were, they would pass. Looked at the tested (XBOX, Wii) and thought, "There but for grace we go"? No, they said, "Screw you," and now see what they just found out.
That's the impression that I get.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Speaking only for myself, I wouldn't care about dongles or hacking it if they hadn't removed the Other OS option. I'm sure it will primarily be used for warezing, but I don't have the time or inclination for that shit (hell, I have more than enough games I haven't finished yet). Linux support was an important factor in buying my PS3. Had it not been a feature, I probably would have bought an XBox360 -- that's what most of my friends play and the games I do have (Orange Box, Fallout 3, etc) have fewer bugs and better support.
Do you even lift?
These aren't the 'roids you're looking for.
Yes, now if they can get the slim to run PS2 games, I will be ecstatic.
The Kruger Dunning explains most post on
you are diluting it's epicness. Pretty soon everything will be epic this, epic that. won't someone think of the epicness~
The Kruger Dunning explains most post on
I think they said you couldn't use 3D features from OtherOS, so homebrew wasn't very interesting. My bet is that Sony did a very good job indeed and it was necessary four years to break the PS3 even though it's not completely done yet (you can't run software written on your own Blu-ray).
HDMI can transport DSD, some SACD players have an HDMI output.
so we can make signed yet unauthorized PS3 games? Time to bring back the Legacy of Kain/Soul Reaver story.
If (big IF) it is Home brewed, there is still one mayor thing. The PS3 Network. Once you open up the console for "homebrew" sony network(for multiplayer games) software might be able to detect that. Sony can ban (or even brick) the hardware form the PS3 network. SO if you want to be on the network AND play "backups"you need 2 PS3 consoles. Sony will be happy to sell you more consoles.
And do not be confused about this, sony is much more aggressive about cracks than nintendo. They fixed the 2.41 overflow quite fast, and made the fix mandatory in the PS3 Network.
This lends credence to the claims that DRM gets cracked to support legitimate rights of the owner. For 3 years they allowed homebrew and Linux and had few problems. As soon as they stole that feature from existing owners the efforts to crack the DRM began in earnest.
Sigh. If only folks would put as much effort into improving the government (etc) as they do wasting time cracking game consoles. Nice to see what really matters. The country is going to hell in a handbasket - but hey, we sure showed Sony. Folks -really- need to check their heads.
Why should Sony respond to consumers hacking their own systems to run their own software? Why should we take this cr*p anymore?
I am sorry but we would not tolerate our pc's to be locked in such a way and it is time we as consumers demand everything else to be open. Can you image if Microsoft did this and forcing everyone reading this to run Windows 7 and ban all GNU software? I hate to tell Sony, but they do not own the PS3s after we purchase them. WE DO.
It is a sad day when you try to jailbreak and root your own system. The arrogance of cell phone makers, Apple, and Sony are astounding to say the least. There should be laws against console makers using such abusive practices. They are monopolistic and anti competivie in nature. We could have 3 or 4 more platforms today if it were not for console makers dumping products below cost and then locking them down forcing royalties on software.
http://saveie6.com/
Or at least, there must be laws in place which require vendors to make it clear that locked hardware which only accepts signed code is not being sold, but rented.
I.e. the unit is a rental platform, owned by the vendor, for the purpose of purveying content under the control of that vendor.
Once you sell (actually sell, not rent) a piece of hardware, you cannot control what software goes on it.
The locked model is fine, but it's outside of the ethical definition of what it means to sell something. It's a different type of agreement from a sale agreement.
It's years old now. You can get a faster netbook for the same price (less if you are careful).
And it only has 512MB of RAM
Seriously, The Linux isn't even worth caring about anymore.
http://lkml.org/lkml/2005/8/20/95
As an ex first and third party PS3 dev I used this exploit myself for a long time, actual devs who are not dependent on middleware sussed this one out themselves to save money on devkit licenses. Its an obvious kid level exploit left in there by the original developer out of spite to allow first and third party devs to get shit done, not to be unkind but that something to obvious is just now out just goes to show how fucking retarded whats left of the scene is.
it is an epic fail, just watch the video's of the congress floating around the net (the complete ones)
for instance the main reason they can sign the code (self) in the same way as sony is doing, is just an utterly stupid programming error. If you look at the vids and see the equasion it has 2 variables and can not be solved, however as they explained in the video sony did not get a random number (which one of the variables is) but used a constant, if it was indeed a random number, they could not have calculated the keys and would not be able to sign the code like sony does. now that it is a constant, it's just a matter of solving an equation with one variable ...
That for me is trully an epic fail !!!
also about the dongle stuff, since they now can sing selfs in the same way sony does for games, demo's or whatever code they want to run, you do not need a dongle because the ps3 will think it's a legit self. Meaning they can not see the diffrence between their signed selfs (sony's) or the one the team will make so you can say basically put the selfs on a usb stick and let it run without having problems at all. So the ps3 usb thingies are no longer needed at all
that's just an effect of their epic fail... There are other parts what make it fail but the key one trully made me laugh
I expect the sales of the PS3 to rise in the coming months.
The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
HDMI can transport DSD, some SACD players have an HDMI output.
Really? I never would have guessed.
When information is power, privacy is freedom.
int getRandom( void )
/* return a value from /dev/random */
{
}
What Sony did:
int getRandom( void ) // I rolled a die, it told me 4, so this is random
{
return 4;
}
Anybody want a peanut?
Just wait for the consumer lawsuits, developers abandoning a platform that is totally insecure, and more.
Yea, it might kill Sony from ever entering the console scene ever again.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I'm actually surprised the crack was released by a private group, and not the US military, which purchased so many PS3s to run their cluster.
Starbucks, Harbuckle of Breath.
Before then sony had the best possible security possible for a console, give the modders an outlet
That might not be perfect. By your measure, before this break, Microsoft had the best security in the form of Xbox Live Indie Games where modders could even sell their games. It was so good that Apple copied the XNA business model ($99/yr to unlock your own hardware, and an exclusive online store to sell your wares for a 30% cut) wholesale for its own App Store. But for some reason, it didn't work as well for Apple as for Microsoft: iPhone SDK and App Store access wasn't enough to keep iOS 2 and later from getting jailbroken.
What about PS3 exclusives? Shooter
There are shooters on every platform since the NES.
Infamous
Infamous is on 360 and PC; it's just called Prototype.
Little Big Planet
WarioWare DIY for DS is close.
Luminez
What is Luminez? Is it anything like Lumines, which I have on my PSP, or Luminesweeper, which I have on my Game Boy Advance?
Some of these are not just exclusives, they are games that raise the bar, shining examples of the medium taken to the next level.
Here's your Shinin' example.
(Obligatory grammer nazi comment:
As in Kelsey?
You cannot capitalize the first word of your sentences but you capitalize the "PS" in "PS3"? Really?
Some languages capitalize proper nouns but not the first word of a sentence. I imagine alen's English is better than your Noeneg or your Toki Pona.
Which is trivially broken by the jailbreak simply telling the firmware that it's one of the "genuine" games.
That's what the DSi-compatible DS flash cards do. The jailbreak would have to include a copy of the executable of one of the genuine games, and a multimegabyte executable is a much larger volume of copying than U.S. courts have allowed so far in cases like Sega v. Accolade or Lexmark v. Static Control Components.
Now all they have to do is crack the "having to buy an overpriced piece of proprietary hardware that merely replicates what the PC I own can already do" part of the equation.
Crack that, and I'll be all set. Otherwise I'm not spending several hundred dollars to buy a box to take up more space simply to play software that my PC would be able to play if it weren't for someone's desire to complete control and every last dollar.
Change from a hardware/software company to a software company, and I'll use your product.
This space available.
Nintendo had a nifty solution for the old Gameboy(/color) - code wasn't signed, but games did need to have [...] the Nintendo logo
Typography is not copyrightable, and a U.S. trademark cannot be used as an ersatz copyright or patent. See Dastar v. Fox, and especially Sega v. Accolade.
Folks toss about the phrase "Epic Fail" far too loosely.
Any failure involving Sony is an epic fail because Sony owns Epic Records.
not sure how that is an epic fail.
But I'm sure the 5 guys who use it for homebrew will be happy along with millions of pirates.
wow! how can slashdot be stagnant with all of these new Michael KristoFuckheads showing up all the time to keep it fresh?!
anything clever to say about my mum? Nothing new I'll bet!
You are a loser^340!
My fucking GAWD...what's NEXT? . THEY HACKED MY CAMCORDER!!!! Now my entire Adult Home Video Center displays images of unshorn maidens above the age of 30. . WON'T SOMEONE THINK OF THE CHILDREN!!!! . "Shit, Martha, the public figured out how to hack our iPod. Every time we make whoopie, we expose ourselves to perverts." "What do we do George?" "Well, Martha, I believbe we BUY OURSELVES ANOTHER MUTHERFUCKING HUNDRED DOLLAR CAMCORDER while Slashdot praises itself for figuring out a way to make ours into a gynecological exam. Happy sixtieth birthday, Martha!" "Oh, George, you are so 733t!"
Nope... I just have the ONE account... You are the pathetic one MKP^340!
Go put one of your guns in your mouth and have ur mum help pulling the trigger!
You're worse than a nigger!
you are NOTHING.
cower some more, feeb.
What usually happens is that the pirate user (who are about as technically proficient as a brick wall) simply ride off the back of the more academic users who tend to hack the device for less dubious reasons.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Linux was removed only after glorious mem glitch by Geohot, so it's obvious what's the egg here.
SPDIF can do 96KHz 24-bit... or are SACD players required to cripple their SPDIF output?
If so, there are probably a few people who have connected their incredibly expensive SACD players to their incredibly expensive speakers using an SPDIF link... and really, they couldn't tell the difference. There's a reason CD was set at 44.1KHz: Any higher and you are beyond the limits of human hearing. I suspect this is a large part of why SACD and DVD-Audio both flopped - unless you are someone of near-superhuman perception and using the very best equipment, it's pointless.
I'll wait for a release before I decide to reverse my decision not to get a PS3...
Same, It's my box. I will run linux on it.
I have to wonder if the 7th spu could be unlocked for games and what performance benefits it would have.
and then ask the hackers not to release the code and tools (and possibly provide additional incentives to sign an NDA).
I mean, by publicly conceding their accomplishment and and by giving the public back what they took away previously, it becomes harder to argue that the cracking tools need to be released. Of course the whole message needs to be calibrated just so it won't appear as giving in to blackmail. It will give them and game developers more time to reap the cost of developing the PS3 and games.
First off i'd like to congratulate the fail0verflow team.
Regardless of the motivation or rational behind the attack, and the perceived errors in the implementation, this is seriously impressive feat of engineering to attack and defeat such a system.
everyone seems to see it as a fail on behalf of Sony .
Isn't this IBM's Cell at fault ?
Sony removing the Linux boot feature via an "upgrade" was like selling a car with allow wheels and breaking into your garage to replacing the wheels with steel rimmed ones - it lead to a ban on Sony kit in many places because it's in principle a breach of trust and results in a device that does not match the description it was sold as.
Since it's now possible to break the box without, could I have that option back?
Insert
http://www.youtube.com/watch?v=hcbaeKA2moE
SPDIF can do 96KHz 24-bit... or are SACD players required to cripple their SPDIF output?
Yes they are. Also, that's stereo only. My personal interest in SACD was for multichannel.
When information is power, privacy is freedom.
I'm surprised you actually expect such an announcement to come from them. Why in the hell would they ever open themselves to a potential lawsuit by announcing it publicly. That's not to say it hasn't been done, particularly since depending on what the PS3 cluster is being used for, the NSA and/or DISA has almost assuredly broken the PS3 down to find out its flaws security wise.
And multichannel I think is dead for a different reason. People don't listen to music like that any more - how many people do you know who actually sit down and just listen to music? It's become something portable, or something that plays in the background while doing more productive things. Multichannel brings no benefits under those circumstances - you're either wearing headphones, or moving around the room.
Good for movies, though.
And multichannel I think is dead for a different reason.
It's not. It's just on bluray now.
When information is power, privacy is freedom.
wh000sh
The only thing I'm really interested in is getting round the copy protection on my own files. I'm pretty sure that if my PS3 breaks, I lose some of my saves, as you can only restore to the machine the backup was made on, otherwise it doesn't copy the protected files.
Copy protection on save files is the reason I'll never buy another Guitar Hero type game until the protection it removed, and also why I've not played World Tour as much as previous games.
If this hack gives me back control of my own save files, then I'm glad it's happened.
Read the last line. I said multichannel is dead (Or rather, never really lived) for music, but is still a success for movies.
You are a little overconfident.
When information is power, privacy is freedom.
Michael Kristopeit
mike@kristopeit.com
14605 34th Ave N
Apt 108
Plymouth, MN 55447
US
408-307-9811
I bet his name is not Michael Kristopeit. Probably his ex-boyfriend that he is getting back at.
http://www.buehrens.com/person.php?person_id=6
why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system
Really? people haven't been trying to get to accelerated video in linux on the ps3?
Yes, they tried : But in completely different manners.
- The main efforts since day 1, were done by using the SPUs of the CELL, instead of the GeForce. I.e.: using a completely different part of the PS3, which is a SIMD exactly like the modern DX10&11 GPUs with unified shaders, but which OtherOS applications are authorised to use.
- The more recent efforts were trying to get the hyper-visor to authorise access to the GeForce.
- NONE of these method was about getting unsigned code to run, or finding a way to sign code.
Or piracy(Piracy was a big BIG motivator on Xbox, 360, PS2 and Wii;
The main problem that piracy, homebrew, and other hacks faces, is that it requires coordinated efforts to understand a system. (Most of the console hacking is done on wikis, etc.)
By doing this OtherOS option and providing all the necessary tools, Sony made sure to split the community.
On one side, the legal, in the open, homebrew community. They got everything they need from Sony (bar access to the GPU) and could do wonderful homebrew stuff on their own (for example, they don't need a way to run unsigned code or sign their code : OtherOS will run homebrew code anyway).
On the other side, the pirate groups. Which need to tackle a completely different set of problems (running unauthorised code as an example). If they start coordinating to achieve this, they are clearly and demonstrably doing something which is considered illegal in lots of jurisdictions.
Also, the brains tend to gather around homebrew, whereas piracy attracts mostly leeches. If all the intelligent people are busy running Linux on the PS3, nobody would be free to help the script kiddies getting free copies of PS3 games.
also Dreamcast but, the DC's security was even bigger epic fail than Sony's
The DC was a completely different beast. It didn't really feature a protection system on purpose. The console was *designed* to be able to boot from plain CD media. This was designed to enable demo CD, karaoke CD, extra bonus material on audio CD, etc.
Incidentally, this also meant that it was possible for home brewer to burn their own CD-R and run home made software without any major problem.
The only form of game-copy protection was the medium itself : GD-ROM.
- They were non standard, so SEGA & NEC hoped that nobody would be able to read them. But people ended up with several solutions, the most popular being using a bootdisk (fully supported by the CD-R method) and copying the data over serial or network.
- They were huge, so they would be hard to copy. But peer-to-peer networks slowly expanded to the point of being able to carry payload with sizes up to a couple of gigabytes.
- They were huge, so it won't be possible to fit a games on a normal CD-R. But clever re-compression trick enabled exactly this (ranging from simply removing or downgrading intro movies, all the way up to using a sophisticated on-the-fly decompression system similar to what Linux LiveCD do).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
cower some more, feeb.
you're completely pathetic.
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34719276
http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
http://it.slashdot.org/comments.pl?sid=1916240&cid=34647708
http://slashdot.org/comments.pl?sid=1922942&cid=34665368
http://slashdot.org/comments.pl?sid=1924664&cid=34669668
ROTFLMAO! I wouldn't listen to "professor hairyfeet" guys, he's only an ITT Tech student.
http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34719276
http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834
http://it.slashdot.org/comments.pl?sid=1916240&cid=34647708
http://slashdot.org/comments.pl?sid=1922942&cid=34665368
http://slashdot.org/comments.pl?sid=1924664&cid=34669668
ROTFLMAO!
I seriously wouldn't listen to "pwuffesuh haiwypheet" people!
(He's only an ITT Tech student)
Finally possible to run linux kernel on PS3 and calculations using the cell processor?
Anon Finnish Computer Person
erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70
(geohot.com)
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
Except to gain access to the GPU....
"People don't want to learn linux" hasn't been a valid excuse since '03.
I'm glad they are suing this person. Just because something *can* be done, doesn't mean it *should* be done. The claim that GeoHot "takes a stance" against piracy is lunacy - by finding and publishing those keys, they are advancing piracy and all manner of behavior that is contrary to the legal agreements that one makes when they buy/use a PS3.
Lets put it this way - I'm sure that GeoHot lives in a house. His house undoubtedly has windows made of glass. Everyone knows that glass is easily broken, so clearly it is OK for us to go break the glass in his windows and steal his belongings, er, I mean use-them-without-his-permission. After all, since it is *possible* to break glass windows, and he knows that it is possible, it must be OK, right?