Slashdot Mirror
Playstation 3 Code Signing Cracked For Good
ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"
"Following this, the team declared Sony's security to be EPIC FAIL!"
Is it really necessary for everybody to talk like complete dicks nowadays?
I feel a bit more comfortable jailbreaking a game system with a dongle or some other easily removable device, if I would like to resell it, etc. I guess I'm just that paranoid.
Epic Fail? WTF?
How many years has it taken to crack the PS3?
I'd say that Sony has done a remarkable job.
Does it go on forever?
It's a bit late to invalidate private keys.
My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.
While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.
Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Please, the Dreamcast was epic fail it shipped with accessible debug mode.
From the blurb:
'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system.
Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.
Weaselmancer
rediculous.
Thousands of commentards said this couldn't happen. How can people on the Internet be wrong?!
It is impressive indeed. Though I do note that it didn't completly resist attack for four years. It just took for years to be completly, irrepairably and conveniently broken. There have been wayst o break the PS3s DRM for years, but their complexity put the beyond the ability of all but the most technologically capable users. With the code-signing cracked, it's as simple as burning an ISO.
How did Sony fuck that one up?
It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.
With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.
With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).
What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".
How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?
Yipee, replacement parts for the Beowulf cluster!
threadeds blog
I wanted to commit a PS3 to biomedical research on a project of MY choosing, as well as play LEGIT games but that was taken because ... well it doesn't matter as it's too late now.
To be fair, until Firmware version 3.21, which was released in April this year, it was officially supported to install an alternative OS on the PS3 - so there was little motivation to break the code signing system.
Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.
I was at the presentation in Berlin today. They did bring up this exact point.
Their counter argument was that people don't take into consideration that the console did support homebrew until Sony declared they'd drop that. The argument for that action was they'd save money not having to support it for their then-new PS3 Slim models, which turned out to be bullshit after hackers discovered that the Slim (with some hacking) could actually run the same Linux distros as the PS3 Fat. They then disabled OtherOS on the PS3 Fat, too.
This was 12 months ago (can't cite a source other than the slides), making it take only 12 months of actual effort for it to get cracked, as opposed to other (closed) platforms where the homebrew hacking efforts begin at day 0.
That's true. And Sony have been boasting of having the toughest DRM of all consoles.
However, it only took half a year from removing Linux support, and in that short period have had many partially successful attacks against it. Before, while they had the Linux support, such stories were remarkably rarer.
Many critics meant that the continued security of the console was partially because they allowed linux to run on it, and so many of the talented people had no reason to look closer at it. Since PS3, after four year of "DRM cracking almost never heard of" have now gone to "Completely broken" in just over half a year's time, I think they have a point there.
It's not that it was that much more secure, it's just that most of the really talented people had no reason to look into it.
It's The Golden Rule: "He who has the gold makes the rules."
Yeah, but during the first three of those four years the only reason was piracy why people would want to break it. Which is clearly not the intention of those guys. So, technically it was only twelve months since SONY removed the OtherOS mode.
The people that did this exploit/hack/whatever reportedly only chose this method of action after Sony decided to remove OtherOS support from PS3's. Their stated goal is to get Linux up and running on retail PS3s. Maybe this would've occured a lot quicker if OtherOS never existed.
Folks toss about the phrase "Epic Fail" far too loosely. Here's what a real Epic Fail looks like:
The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.
As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.
THAT is an epic fail.
"Time flies like an arrow; fruit flies like a banana." --Groucho Marx
It took probably thousands or more hackers and modders since 2006 to crack it, so epic fail would be an overstatement. If they did it in an afternoon, then I would agree it would be an epic failure.
Not even all that hard, I suspect, to replace the keys. They don't need to accept all code signed with the old keys -- only the set of code signed with the old keys that they know they signed, which is a very small number compared to modern storage and computation.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
From @fail0verflow:
"we only started looking at the ps3 after otheros was killed."
and
"our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."
If Sony would have left OtherOS alone, they wouldn't be in this predicament.
Do they really have Sony's signing key?
Of course, the real win would be to get the Windows Update private key. That, and a BGP exploit, and you can rule the Windows world. I still consider Windows Update an unacceptable backdoor. Someday, that's going to backfire.
What does this mean for hacks and other programs that modify program code or execute and stay resident alongside game code? Does the cracking of the keys allow custom boot loaders that will open the doors for hacking?
If so, this is a sad day. The primary reason I bought a PS3 was to play in a hack free environment.
"dongle-less jailbreaking by overflowing the bootup NOR flash"
Awesome. I expect to hear this line in a sci-fi movie someday.
I remember that cracking PS3 got a huge soar when SONY killed Linux support with a firmware update.
I wonder if current motives are still Linux booting. If this is the case, SONY executives are truly dumb.
Does someone knows what are (practical) counter measures sony have against secret key leak ?
It's a known myth, but actually it was broken because Sony allowed Linux to run in it.
Geohot's mem glitch exploit would not work, if not OtherOS (Linux).
And all existing hacks used dumps made using mentioned exploit.
Ah, but users have been able to run Linux for most of that time. Jailbreaks started being introduced only AFTER Sony removed Linux... I don't recall hearing about attempts before then.
So does this mean a hypervisor free linux is around the corner? I may change my stance on buying a PS3.
Sometimes, life itself is sarcasm...
In other words, Sony has just gone and proved that the only DRM that remains unhacked is the kind that nobody cares to hack. See also: SACD.
Not a typewriter
Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Another way to look at is that on April 1st, 2010 the "other OS" option was retroactively removed from all PS3s with current firmware.
That makes it 5 months from pissing off the wrong people to the first widespread jailbreak and 9 months to a permanent crack.
When information is power, privacy is freedom.
Only on the original models. Slim has never had this option.
Choosing the lesser of two evils is a choice for evil.
In other words, Sony has just gone and proved that the only DRM that remains unhacked is the kind that nobody cares to hack. See also: SACD.
SACD is cracked. Or at least worked around enough so that it doesn't matter.
There are two hacks for SACD:
1) Physical modification of various players to extract the PCM audio after conversion from DSD, this approach is a few years old now.
2) The widespread crack of HDCP enabled extraction of the original DSD audio from any HDMI equipped SACD player.
There are plenty of SACD rips floating around the net
When information is power, privacy is freedom.
Which then means any ps3 not connected to the internet cannot play new games. That would be epic fail.
...access to the signing keys. This is fairly unprecedented, as far as I know
The HDCP master key was also recently found.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
True - they could update the firmware to accept the old key only for signatures that have particular hashes, and supply a list of hashes. If there are 1000 games out there for the PS3 and a hash of the signature is 20 bytes long then you only need 20kb to store the whole table - a trivial amount to include in a firmware blob.
Now, if you can get the keys needed to update the firmware that is a different matter...
Depending on the specifics of the checksum procedure, this could be far from trivial. If Sony has any sense they will use a hash function that makes collisions extremely hard to find.
DRM: Terminator crops for your mind!
Too late for that, now that we have keys we can sign our own hacked firmware updates.
Which then means any ps3 not connected to the internet cannot play new games. That would be epic fail.
How is that any different than what happens now? There have already been updates released that one was required to have in order to play newer games and/or blu-rays.
It gave Sony about 3 years of a 0% piracy rate, which is unheard of. That in itself will likely make Sony drop even more fundage into the PS4 to make it harder to crack. I'm sure this time around, they will be using a real RNG for generating their keys.
It is what I plan to do with it.
When they removed Other OS, Sony signed their own fucking death warrant.
... because this has somehow killed Sony or even the PS3?
I hope XBMC will be ported to it now.
ayottesoftware.com
http://xkcd.com/221/
They only started attempting to crack it once the OtherOS option was removed, which was around 9 months ago. So, in essence it took them 9 months to crack, not over 4 years.
So then we get the new key. The private key can be calculated again. Also we can sign our own modified firmware now.
They removed OtherOS. If they would have left OtherOS intact, these groups would have had no reason to want to crack the PS3.
Sony did this to themselves.
Possibly. I just look at the numbers (over 3 years in relative peace, then several strong (as in easy to do by customer) cracks in under a year) involved, and that many of the people trying to crack it now says they only started because linux support was removed.
Did the Sony engineers remove it because they knew this would happen, or did this happen because they removed the support? Did the chicken come before the egg, and was he wearing a condom? We don't know.
However, one thing that I have been thinking about these last minutes.. I don't see why this is the end of the world for Sony. There are a limited number of games using the old key. And with crypto signing / verification you usually work on a hash.. Let's say that the hash is 256bit long (rather overkill, really), and there are 30.000 games released (Wikipedia lists 653 games, but I don't think it's complete. Plus you probably have different versions and locales) - that's still under 1MB of data. It's perfectly doable for them to make a whitelist of hashes allowed to use the old key. And if they use exceptionally large hashes for some reason, or validate against the whole binary code... Just sha256 it. Done deal. If performance is a problem (scanning the table) you could make an index of it during firmware upgrade, or have a local cache of valid hashes.
In short, I see absolutely no reason why they couldn't do this. Sure, it's a lot of work, and you're almost guaranteed to miss some.. But the alternatives are worse. Just give the ones with problems some free store credit, everyone is happy, and The Disaster(TM) is easily averted.
It's The Golden Rule: "He who has the gold makes the rules."
I did consider that possibility myself, but I don't think it can be done perfectly. They can include a list of hashes for all the big games, but think how many games there are - and then they have slight variations by version, by region, and so on. Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken. Sony might consider that a price worth paying.
Considering the attacks against the PS3 skyrocketed after OtherOS was removed in April, yeah I think for the kind of people technically proficient enough to perform these type of hacks it was, or at least it was about the perceived challenge from a huge faceless corporation. Most of the people capable of pulling this type of stuff of are smart enough to have a job which makes the couple bucks saved in pirating games worthless compared to the hours spent.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
And that helps:
people who bought their PS3's before Sony manages to rush a new firmware image through the factory, and who hold back their online updates before Sony manages to rush a new one through the update system. Remember, if they can update the signing keys, they can also update the key checking code, so there's no reason the second key has to be as easily compromised as the first.
Anyone who can emancipate their PS3 in this (presumably) short window of time is gonna be able to keep their PS3 well-stocked with spoofed updates from this day forward. But this doesn't break all PS3 security forever.
DRM: Terminator crops for your mind!
That's all I want, badly, very badly.
It's half the reason I got the PS3 when I did, XBMC was in the early stages of PS3 support, however the idiots at Sony blocked the GPU acceleration for the video so the team abandoned it once the 3D loophole was closed in linux. I don't know the full term, something along the lines of a hypervisor.
Then they closed off linux all together.
I love it as a gaming machine but I wish it could match my Xbox1. The Ps3 hardware is amazing, XBMC would be brilliant on it.
3. The SACD player digital audio output. All SACD players must support a DRMed extension - I forget it's name - but it's very primative and trivial to break. So you could just record off that.
Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken
But Sony already possesses them - they had to sign them in the first place! Either that or they entrusted all those publishers with with their private signing key. Which would be a terrible idea.
DRM: Terminator crops for your mind!
The PS3 was being attacked well before OtherOS removal. When linux was available the graphics on the machine were limited to virtualization. The race was on too crack the 7 locked down SPUs. Were people successful? Mostly no, but that doesnt mean attempts havent been made. If i remember correctly, Geohot's intention was to gain access to the cores. They just happened to find an exploit to give them keys to the kingdom
Removing linux definitely brought the talent out of the woodwork, but it did not start a war
PS3's security might be dead, but it was effective for a hell of a lot longer than the "EPIC FAIL" meme was funny.
Well that is lame.
The removal of the OtherOS option was not the reason for the current crack. The OtherOs was removed because George Hotz figured out a crack involving the OtherOS option. He released that crack in Jan 2010 and Sony removed the option in March 2010. The current cracker crew cracked it in 9 months while having 3 years of people exploring lots of dead ends for them to ignore. Yes, a small percentage of people will use the now open PS3 to run homebrew. 99.99% of people will use the crack to run pirate games. Free always trumps $.
Give me enough EC2 cycles (or donated, via BOINC), and you can find those collisions. It just takes some time.
3. The SACD player digital audio output. All SACD players must support a DRMed extension - I forget it's name - but it's very primative and trivial to break. So you could just record off that.
I own a stand-alone SACD player and I have no idea what you are talking about.
If you are thinking of SP-DIF/toslink - at best that only gives you down-rezzed CD-quality - might just as well rip the CD compatibility layer that most SACD discs have.
When information is power, privacy is freedom.
http://twitter.com/fail0verflow Whoever originally wrote something about "overflowing the bootup NOR flash" needs to be shot (after watching the talk and paying attention)
That's nearly a year until it was completely haxxored, it had been successfully hacked a couple times over that time period, just not in a way that didn't require a dongle.
So, appeasing the users with OtherOS capability got goodwill on Sony's side for 3 years, 4 months. Sony withdraws the feature that appeased hackers and it got defeated in just under 9 months.
They thought they had security; they just had never been tested. They'd thought that if they were, they would pass. Looked at the tested (XBOX, Wii) and thought, "There but for grace we go"? No, they said, "Screw you," and now see what they just found out.
That's the impression that I get.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Speaking only for myself, I wouldn't care about dongles or hacking it if they hadn't removed the Other OS option. I'm sure it will primarily be used for warezing, but I don't have the time or inclination for that shit (hell, I have more than enough games I haven't finished yet). Linux support was an important factor in buying my PS3. Had it not been a feature, I probably would have bought an XBox360 -- that's what most of my friends play and the games I do have (Orange Box, Fallout 3, etc) have fewer bugs and better support.
Do you even lift?
These aren't the 'roids you're looking for.
Yes, now if they can get the slim to run PS2 games, I will be ecstatic.
The Kruger Dunning explains most post on
you are diluting it's epicness. Pretty soon everything will be epic this, epic that. won't someone think of the epicness~
The Kruger Dunning explains most post on
Any big customer like that, I imagine Sony would be happy to sell them PS3s with a custom firmware. It's the more moderatly sized research organisations that might benefit - those who don't have the money or connections needed to get Sony's cooperation.
I think they said you couldn't use 3D features from OtherOS, so homebrew wasn't very interesting. My bet is that Sony did a very good job indeed and it was necessary four years to break the PS3 even though it's not completely done yet (you can't run software written on your own Blu-ray).
I did consider that possibility myself, but I don't think it can be done perfectly. They can include a list of hashes for all the big games, but think how many games there are - and then they have slight variations by version, by region, and so on. Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken. Sony might consider that a price worth paying.
It is almost certain that the process of signing the games includes a hash generation. Usually the way these things work is that you hash the entire image, then encrypt the hash with the private key. Mainly because hashing is orders of magnitude faster than encryption. So even if Sony didn't archive a copy of every game they signed due to laziness or lack of process or they ran out of shelf-space, it would have been trivial to archive a copy of every hash that they signed.
When information is power, privacy is freedom.
HDMI can transport DSD, some SACD players have an HDMI output.
If (big IF) it is Home brewed, there is still one mayor thing. The PS3 Network. Once you open up the console for "homebrew" sony network(for multiplayer games) software might be able to detect that. Sony can ban (or even brick) the hardware form the PS3 network. SO if you want to be on the network AND play "backups"you need 2 PS3 consoles. Sony will be happy to sell you more consoles.
And do not be confused about this, sony is much more aggressive about cracks than nintendo. They fixed the 2.41 overflow quite fast, and made the fix mandatory in the PS3 Network.
This lends credence to the claims that DRM gets cracked to support legitimate rights of the owner. For 3 years they allowed homebrew and Linux and had few problems. As soon as they stole that feature from existing owners the efforts to crack the DRM began in earnest.
Why should Sony respond to consumers hacking their own systems to run their own software? Why should we take this cr*p anymore?
I am sorry but we would not tolerate our pc's to be locked in such a way and it is time we as consumers demand everything else to be open. Can you image if Microsoft did this and forcing everyone reading this to run Windows 7 and ban all GNU software? I hate to tell Sony, but they do not own the PS3s after we purchase them. WE DO.
It is a sad day when you try to jailbreak and root your own system. The arrogance of cell phone makers, Apple, and Sony are astounding to say the least. There should be laws against console makers using such abusive practices. They are monopolistic and anti competivie in nature. We could have 3 or 4 more platforms today if it were not for console makers dumping products below cost and then locking them down forcing royalties on software.
http://saveie6.com/
Or at least, there must be laws in place which require vendors to make it clear that locked hardware which only accepts signed code is not being sold, but rented.
I.e. the unit is a rental platform, owned by the vendor, for the purpose of purveying content under the control of that vendor.
Once you sell (actually sell, not rent) a piece of hardware, you cannot control what software goes on it.
The locked model is fine, but it's outside of the ethical definition of what it means to sell something. It's a different type of agreement from a sale agreement.
It's years old now. You can get a faster netbook for the same price (less if you are careful).
And it only has 512MB of RAM
Seriously, The Linux isn't even worth caring about anymore.
http://lkml.org/lkml/2005/8/20/95
As an ex first and third party PS3 dev I used this exploit myself for a long time, actual devs who are not dependent on middleware sussed this one out themselves to save money on devkit licenses. Its an obvious kid level exploit left in there by the original developer out of spite to allow first and third party devs to get shit done, not to be unkind but that something to obvious is just now out just goes to show how fucking retarded whats left of the scene is.
This is exactly the only possible fix. It is, however, technically quite hard to pull of for a number of reasons. I'm not at all certain that Sony will do that. They need to build a hash list of every version of every game, package, downloadable cotent, deal with shop versions and stuff like that, etc...
Assuming they don't botch signing with the new key, no, we don't. The code running on the PS3 is perfectly fine (the signature verification, that is; the rest of the security is a clusterfuck). So is the way the signature is implemented. The screwup is in Sony's signer code. If they fix that and only issue safe signatures from now on, we can't compute new keys.
But because we can downgrade and due to the oracle attack on the secure SPE, this will likely not gain them much.
Sony cannot permanently regain any existing PS3 with a firmware update (nor can they fix this hole trivially at all, including in new manufactured units). They can make it harder for you to install a hacked firmware on a PS3, but as of today every manufactured PS3 is vulnerable to a modchip (NOR/NAND flasher) forever.
I expect the sales of the PS3 to rise in the coming months.
The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
HDMI can transport DSD, some SACD players have an HDMI output.
Really? I never would have guessed.
When information is power, privacy is freedom.
int getRandom( void )
/* return a value from /dev/random */
{
}
What Sony did:
int getRandom( void ) // I rolled a die, it told me 4, so this is random
{
return 4;
}
Anybody want a peanut?
Just wait for the consumer lawsuits, developers abandoning a platform that is totally insecure, and more.
Yea, it might kill Sony from ever entering the console scene ever again.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I'm actually surprised the crack was released by a private group, and not the US military, which purchased so many PS3s to run their cluster.
Starbucks, Harbuckle of Breath.
Before then sony had the best possible security possible for a console, give the modders an outlet
That might not be perfect. By your measure, before this break, Microsoft had the best security in the form of Xbox Live Indie Games where modders could even sell their games. It was so good that Apple copied the XNA business model ($99/yr to unlock your own hardware, and an exclusive online store to sell your wares for a 30% cut) wholesale for its own App Store. But for some reason, it didn't work as well for Apple as for Microsoft: iPhone SDK and App Store access wasn't enough to keep iOS 2 and later from getting jailbroken.
What about PS3 exclusives? Shooter
There are shooters on every platform since the NES.
Infamous
Infamous is on 360 and PC; it's just called Prototype.
Little Big Planet
WarioWare DIY for DS is close.
Luminez
What is Luminez? Is it anything like Lumines, which I have on my PSP, or Luminesweeper, which I have on my Game Boy Advance?
Some of these are not just exclusives, they are games that raise the bar, shining examples of the medium taken to the next level.
Here's your Shinin' example.
(Obligatory grammer nazi comment:
As in Kelsey?
You cannot capitalize the first word of your sentences but you capitalize the "PS" in "PS3"? Really?
Some languages capitalize proper nouns but not the first word of a sentence. I imagine alen's English is better than your Noeneg or your Toki Pona.
They can include a list of hashes for all the big games, but think how many games there are
After the crypto on the Nintendo DS was thoroughly broken (starting with the "NoPass" exploit and culminating in R4-style cards), Nintendo included the SHA-1 of the first 3000 or so authentic DS releases in the DSi firmware, and then signed all future releases with a new key that the DSi checks.
Which is trivially broken by the jailbreak simply telling the firmware that it's one of the "genuine" games.
That's what the DSi-compatible DS flash cards do. The jailbreak would have to include a copy of the executable of one of the genuine games, and a multimegabyte executable is a much larger volume of copying than U.S. courts have allowed so far in cases like Sega v. Accolade or Lexmark v. Static Control Components.
Now all they have to do is crack the "having to buy an overpriced piece of proprietary hardware that merely replicates what the PC I own can already do" part of the equation.
Crack that, and I'll be all set. Otherwise I'm not spending several hundred dollars to buy a box to take up more space simply to play software that my PC would be able to play if it weren't for someone's desire to complete control and every last dollar.
Change from a hardware/software company to a software company, and I'll use your product.
This space available.
Nintendo had a nifty solution for the old Gameboy(/color) - code wasn't signed, but games did need to have [...] the Nintendo logo
Typography is not copyrightable, and a U.S. trademark cannot be used as an ersatz copyright or patent. See Dastar v. Fox, and especially Sega v. Accolade.
Which then means any ps3 not connected to the internet cannot play new games.
Under a proper fix, like that used in the transition from DS to DSi, games would continue to be signed with both the old and new keys.
Folks toss about the phrase "Epic Fail" far too loosely.
Any failure involving Sony is an epic fail because Sony owns Epic Records.
not sure how that is an epic fail.
But I'm sure the 5 guys who use it for homebrew will be happy along with millions of pirates.
They cannot revoke this and they cannot update the private keys. The revocation list is owned in this hack and the loader where these keys were pulled is at such a low level that Sony cannot update it. Perhaps new consoles will be updated but not the zillions already out there...
Oh and they can sign new firmware so Sony updating firmware isn't going to help. Near as I can tell this DOES bust the PS3 "forever" - or at least the one I own :-)
Build it, Drive it, Improve it! Hybridz.org
Really?
BRB, hitting "Boxing Week" sales.
DRM: Terminator crops for your mind!
This video ought to help explain. If I have followed correctly there at the beginning and towards the middle where they discuss the revocation I believe this is true ->
http://www.youtube.com/watch?v=84WI-jSgNMQ&feature=player_embedded#!
Oh and if you looking to pirate listen to this part too -> http://www.youtube.com/watch?v=84WI-jSgNMQ&feature=player_detailpage#t=795s
Build it, Drive it, Improve it! Hybridz.org
They actually got that first.
404: sig not found.
Which goes to show that OtherOS was the greatest anti-piracy measure in videogame history.
404: sig not found.
What usually happens is that the pirate user (who are about as technically proficient as a brick wall) simply ride off the back of the more academic users who tend to hack the device for less dubious reasons.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Linux was removed only after glorious mem glitch by Geohot, so it's obvious what's the egg here.
SPDIF can do 96KHz 24-bit... or are SACD players required to cripple their SPDIF output?
If so, there are probably a few people who have connected their incredibly expensive SACD players to their incredibly expensive speakers using an SPDIF link... and really, they couldn't tell the difference. There's a reason CD was set at 44.1KHz: Any higher and you are beyond the limits of human hearing. I suspect this is a large part of why SACD and DVD-Audio both flopped - unless you are someone of near-superhuman perception and using the very best equipment, it's pointless.
I'll wait for a release before I decide to reverse my decision not to get a PS3...
Same, It's my box. I will run linux on it.
I have to wonder if the 7th spu could be unlocked for games and what performance benefits it would have.
and then ask the hackers not to release the code and tools (and possibly provide additional incentives to sign an NDA).
I mean, by publicly conceding their accomplishment and and by giving the public back what they took away previously, it becomes harder to argue that the cracking tools need to be released. Of course the whole message needs to be calibrated just so it won't appear as giving in to blackmail. It will give them and game developers more time to reap the cost of developing the PS3 and games.
First off i'd like to congratulate the fail0verflow team.
Regardless of the motivation or rational behind the attack, and the perceived errors in the implementation, this is seriously impressive feat of engineering to attack and defeat such a system.
everyone seems to see it as a fail on behalf of Sony .
Isn't this IBM's Cell at fault ?
Sony removing the Linux boot feature via an "upgrade" was like selling a car with allow wheels and breaking into your garage to replacing the wheels with steel rimmed ones - it lead to a ban on Sony kit in many places because it's in principle a breach of trust and results in a device that does not match the description it was sold as.
Since it's now possible to break the box without, could I have that option back?
Insert
http://www.youtube.com/watch?v=hcbaeKA2moE
SPDIF can do 96KHz 24-bit... or are SACD players required to cripple their SPDIF output?
Yes they are. Also, that's stereo only. My personal interest in SACD was for multichannel.
When information is power, privacy is freedom.
I'm surprised you actually expect such an announcement to come from them. Why in the hell would they ever open themselves to a potential lawsuit by announcing it publicly. That's not to say it hasn't been done, particularly since depending on what the PS3 cluster is being used for, the NSA and/or DISA has almost assuredly broken the PS3 down to find out its flaws security wise.
And multichannel I think is dead for a different reason. People don't listen to music like that any more - how many people do you know who actually sit down and just listen to music? It's become something portable, or something that plays in the background while doing more productive things. Multichannel brings no benefits under those circumstances - you're either wearing headphones, or moving around the room.
Good for movies, though.
And multichannel I think is dead for a different reason.
It's not. It's just on bluray now.
When information is power, privacy is freedom.
So did this accomplish anything but selling more R4i-style cards, like the one I bought? (It was barely more than the R4-style card, I just have a DS.)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It appears Nintendo would have a stronger legal case against makers and sellers of R4i-style cards, which require a ROM of a licensed, vulnerable game in order to function on a DSi. I've ordered an Archos 43 instead, as Android homebrew appears to be far less vulnerable to legal action than DS homebrew despite Oracle v. Google.
wh000sh
The only thing I'm really interested in is getting round the copy protection on my own files. I'm pretty sure that if my PS3 breaks, I lose some of my saves, as you can only restore to the machine the backup was made on, otherwise it doesn't copy the protected files.
Copy protection on save files is the reason I'll never buy another Guitar Hero type game until the protection it removed, and also why I've not played World Tour as much as previous games.
If this hack gives me back control of my own save files, then I'm glad it's happened.
Read the last line. I said multichannel is dead (Or rather, never really lived) for music, but is still a success for movies.
You are a little overconfident.
When information is power, privacy is freedom.
why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system
Really? people haven't been trying to get to accelerated video in linux on the ps3?
Yes, they tried : But in completely different manners.
- The main efforts since day 1, were done by using the SPUs of the CELL, instead of the GeForce. I.e.: using a completely different part of the PS3, which is a SIMD exactly like the modern DX10&11 GPUs with unified shaders, but which OtherOS applications are authorised to use.
- The more recent efforts were trying to get the hyper-visor to authorise access to the GeForce.
- NONE of these method was about getting unsigned code to run, or finding a way to sign code.
Or piracy(Piracy was a big BIG motivator on Xbox, 360, PS2 and Wii;
The main problem that piracy, homebrew, and other hacks faces, is that it requires coordinated efforts to understand a system. (Most of the console hacking is done on wikis, etc.)
By doing this OtherOS option and providing all the necessary tools, Sony made sure to split the community.
On one side, the legal, in the open, homebrew community. They got everything they need from Sony (bar access to the GPU) and could do wonderful homebrew stuff on their own (for example, they don't need a way to run unsigned code or sign their code : OtherOS will run homebrew code anyway).
On the other side, the pirate groups. Which need to tackle a completely different set of problems (running unauthorised code as an example). If they start coordinating to achieve this, they are clearly and demonstrably doing something which is considered illegal in lots of jurisdictions.
Also, the brains tend to gather around homebrew, whereas piracy attracts mostly leeches. If all the intelligent people are busy running Linux on the PS3, nobody would be free to help the script kiddies getting free copies of PS3 games.
also Dreamcast but, the DC's security was even bigger epic fail than Sony's
The DC was a completely different beast. It didn't really feature a protection system on purpose. The console was *designed* to be able to boot from plain CD media. This was designed to enable demo CD, karaoke CD, extra bonus material on audio CD, etc.
Incidentally, this also meant that it was possible for home brewer to burn their own CD-R and run home made software without any major problem.
The only form of game-copy protection was the medium itself : GD-ROM.
- They were non standard, so SEGA & NEC hoped that nobody would be able to read them. But people ended up with several solutions, the most popular being using a bootdisk (fully supported by the CD-R method) and copying the data over serial or network.
- They were huge, so they would be hard to copy. But peer-to-peer networks slowly expanded to the point of being able to carry payload with sizes up to a couple of gigabytes.
- They were huge, so it won't be possible to fit a games on a normal CD-R. But clever re-compression trick enabled exactly this (ranging from simply removing or downgrading intro movies, all the way up to using a sophisticated on-the-fly decompression system similar to what Linux LiveCD do).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
cower some more, feeb.
you're completely pathetic.
erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70
(geohot.com)
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
Except to gain access to the GPU....
"People don't want to learn linux" hasn't been a valid excuse since '03.