Slashdot Mirror

← Back to Stories (view on slashdot.org)

Playstation 3 Code Signing Cracked For Good

Posted by samzenpus on from the forever-is-a-long-time dept.

ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"

7 of 534 comments (clear)

  1. Re:Epic Fail? WTF? by fuzzyfuzzyfungus · · Score: 5, Insightful

    I think that the "epic fail" part isn't the overall security of the PS3(which has generally been a pretty good sinister representative of the dystopian "trusted computing" future); but the fact that they somehow managed to build a code-signing verification mechanism that allowed their private key to be computed by an outside party.

    Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify that a private key was used to sign something with nothing more than the public key, from which the private key should be computable only in a time longer than the lifespan of the universe's remaining protons. That is the part that they apparently managed to fuck up. In terms of generally being a tough nut to crack, Sony did a pretty decent job. However, if TFA is true and not misleading, they failed to implement an absolutely foundational part of practical cryptography properly...

  2. OtherOS by Anonymous Coward · · Score: 5, Insightful

    From @fail0verflow:

    "we only started looking at the ps3 after otheros was killed."

    and

    "our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."

    If Sony would have left OtherOS alone, they wouldn't be in this predicament.

  3. Re:Invalidate Private Keys by igreaterthanu · · Score: 5, Insightful

    My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

    They already have a list of all genuine games signed by the now compromised keys. They could potentially release an update that used new keys but also accepted the old keys provided it had signed something on the already known genuine list of games.

    --
    I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
  4. Re:Invalidate Private Keys by fuzzyfuzzyfungus · · Score: 5, Insightful

    Not that I want them to succeed; but they could always do something like: "Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."

    The number of existing PS3 games, DLCs, etc., while not small, is finite and pretty well characterized. It would be a pain in the ass; but not fundamentally difficult, to compute the hash of each one that is tainted by the compromised key and hardcode trust of it into the same patch that otherwise nukes that key and anything signed by it.

    Now, since the private keys presumably also control verification of patches, it is likely that some number of PS3s will permanently leave their control, with hacked patches applied that spoof acceptance of future patches, thus leaving them in control of their owners; but regaining control of all unsophisticated updaters and all PS3s leaving the factory from now on doesn't seem fundamentally impractical...

  5. Re:Sigh by MoonBuggy · · Score: 5, Insightful

    I get the impression that the moderate openness of the PS3 at release was exactly what did preserve its uncracked status for so long. As soon as they locked out the 'Other OS' option, they pissed off the precise segment of the userbase who also have the skill to crack any subsequent security improvements.

  6. Re:precisely. by spazdor · · Score: 5, Insightful

    Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken

    But Sony already possesses them - they had to sign them in the first place! Either that or they entrusted all those publishers with with their private signing key. Which would be a terrible idea.

    --
    DRM: Terminator crops for your mind!
  7. Re:How did they get the private key, if they did? by fail0verflow · · Score: 5, Insightful

    > Do they really have Sony's signing key?
    Yes, we have most of their signing private keys.