Slashdot Mirror

← Back to Stories (view on slashdot.org)

Playstation 3 Code Signing Cracked For Good

Posted by samzenpus on from the forever-is-a-long-time dept.

ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"

41 of 534 comments (clear)

  1. Sigh by Anonymous Coward · · Score: 4, Insightful

    "Following this, the team declared Sony's security to be EPIC FAIL!"

    Is it really necessary for everybody to talk like complete dicks nowadays?

    1. Re:Sigh by Raineer · · Score: 5, Interesting

      "Following this, the team declared Sony's security to be EPIC FAIL!"

      Is it really necessary for everybody to talk like complete dicks nowadays?

      To be honest I'm not sure how you can call Sony security a failure. As far as popular consumer devices go, the PS3 lasted for eons. I am both a Sony and Apple fanboy (somewhat), and have to laugh at the hours (literally) it takes any Apple product to be cracked while Sony (as dysfunctional as any company there is) makes a product that lasts for years. Cracking the keys was inevitable, but Sony should be recognized for making it more difficult than anyone else :) I still sit on the side of the fence where the damn thing should have been open from the get-go...but meh

    2. Re:Sigh by MoonBuggy · · Score: 5, Insightful

      I get the impression that the moderate openness of the PS3 at release was exactly what did preserve its uncracked status for so long. As soon as they locked out the 'Other OS' option, they pissed off the precise segment of the userbase who also have the skill to crack any subsequent security improvements.

    3. Re:Sigh by MoonBuggy · · Score: 5, Interesting

      Having followed the finest Slashdot tradition and only read TFA after posting, it appears that there was truth in my speculation. Fail0verflow, the group that found the keys, posted on twitter that "we only started looking at the ps3 after otheros was killed.". That means they did this in nine months.

    4. Re:Sigh by socceroos · · Score: 4, Funny

      The only 733ts I'm aware of are my wife's.

    5. Re:Sigh by Derekloffin · · Score: 4, Insightful

      Only if they completely ignored all knowledge of the PS3 discovered before 9 months ago, which I highly doubt. Granted, it probably wouldn't have taken them the 4 years to crack it if they had interest from the start, but to complete ignore the 3 intervening years, you have to assume they gained nothing from those 3 years at all on any front. It is a disingenuous claim.

    6. Re:Sigh by kurokame · · Score: 3, Insightful

      Okay, I'll give you 12 months. The difference is negligible. The techniques used to root the PS3 are so fundamental and well-known that it was largely a matter of trying them out. There was nothing revolutionary here, it was just a matter of people with sufficient expertise and resources becoming motivated to spend the time to do the necessary work.

      The point remains: working with your users diminishes their motivation to work against you. Minimizing the artificial constraints placed on what users can do with the device they purchased means that huge swaths of people who might be motivated to reverse engineer your safeguards won't need to. The community relationship will be improved, new uses for the hardware that you didn't anticipate will be found.

      When you can improve sales and customer relations while simultaneously lengthening the lifetime of your product as a DRM device, well, it seems like it would be a relatively simple decision. The net effect is to attract and retain customers both at a consumer and industry level. Consumers get a more versatile device - and equally important, respect. Developers get stronger and longer-lasting DRM and a larger and more robust consumer base. Everybody wins.

    7. Re:Sigh by causality · · Score: 3, Insightful

      Everybody wins.

      And that's the problem. I'll describe the mentality with which you are dealing when you speak of corporations that want to control what can be done with a device post-sale: "it is not enough for me to win -- someone else must also lose." They are not interested in finding the balance of which you speak.

      The corporations own most of our legal system and media. I'm glad for these cracker groups. They're just about the only remaining check against them that seems to actually work.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    8. Re:Sigh by marcansoft · · Score: 5, Informative

      I'm one of those guys, and the summary is so terrible it's not even funny. Please watch the recording of the talk before you form an opinion; the reporting on this one is pretty terrible. Especially the "overflowing the bootup NOR flash". I don't even know what that's supposed to mean.

      The PS3 security system really is horrible. Most of it is effectively useless because it can be worked around or breaking it is not necessary, and the signature screwup is basically inexcusable. We aren't calling it "Epic Fail" for one or two holes, we're calling it "Epic Fail" because as a whole it's a complete clusterfuck and there are many fundamental design holes and more than enough evidence that the developers responsible for it were not qualified to design a security system or write its code (e.g. clearly they didn't employ a proper cryptographer). It's also a reference to our Wii talk (which was subtitled "Wii Fail") because we consider the PS3's security to be a hell of a lot worse, design-wise.

    9. Re:Sigh by Gogo0 · · Score: 5, Informative

      For those that dont know, this guy (among others of course) has been integral to opening up the Wii and now the PS3 for homebrew.
      Very interesting writer too, explains on his website much of the details of working around the various "fixes" Nintendo applied to try and close the holes in their code.
      He is definitely not an asshole, and those of us who care about openness on these consoles (or just enjoy running homebrew on them) owe a lot to him and the teams he works with.

      </deserved asskissing>

    10. Re:Sigh by amentajo · · Score: 3, Interesting

      George Hotz ("geohot") tried his hand at it, given that he had been rather successful at cracking Apple's iStuff. He found an exploit that gave hypervisor access, and in response, Sony removed OtherOS in a firmware update, as geohot's hack required use of OtherOS.

      So this can all be traced back to geohot getting involved... though in my opinion, Sony shouldn't have responded by removing OtherOS, causing all the collateral damage. It inevitably was going to result in a lot of really serious people getting involved and, by extension, more stories like this.

    11. Re:Sigh by marcansoft · · Score: 4, Informative

      while the fact that they're not randomizing the encryption is incredibly bad, it's not epic fail

      A signer screwup that leaks their private key is not epic fail? This is probably the first time in embedded system security that someone has fucked up public key crypto this badly.

      For epic fail, we go to the Xbox 360 which has a damn JTAG pinout exposed to the world on the fucking motherboard(runner up: Xbox pogo pins).

      So does the PS3. JTAG doesn't mean anything if it's disabled, which it normally is, on both consoles (actually, we suspect it might be enabled on the PS3 but you probably can't do anything interesting with it). The Xbox 360 security design is a lot better than the PS3's. They had a few minor holes. The PS3 is completely messed up. The 360 has better revocation, better encryption, secure memory, a simpler and more effective security design, and a better implementation.

      Also, why didn't you guys list sjeep's Independence Exploit for PS2 that came out in 2002 or so? It didn't directly enable piracy(although when HDloader got dumped into ELF format it sure did).

      That came a lot later than modchips (which already enabled homebrew and piracy equally, since there's no PKI), and the slide was already overcrowded so it didn't make much sense.

    12. Re:Sigh by marcansoft · · Score: 3, Interesting

      Honestly, it's perfectly possible to engineer the signature randomization failure deliberately (it would certainly be very easy to botch a signer like this and make it look like a bug, see the Underhanded C Contest for similar examples), but I think it's extremely unlikely that something like this actually happened. Never attribute to malice that which can be adequately explained by stupidity. Especially considering the rest of the security is messed up in ways that clearly indicate they just didn't know what they were doing.

  2. Epic Fail? WTF? by scum-e-bag · · Score: 4, Insightful

    Epic Fail? WTF?

    How many years has it taken to crack the PS3?

    I'd say that Sony has done a remarkable job.

    --
    Does it go on forever?
    1. Re:Epic Fail? WTF? by fuzzyfuzzyfungus · · Score: 5, Insightful

      I think that the "epic fail" part isn't the overall security of the PS3(which has generally been a pretty good sinister representative of the dystopian "trusted computing" future); but the fact that they somehow managed to build a code-signing verification mechanism that allowed their private key to be computed by an outside party.

      Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify that a private key was used to sign something with nothing more than the public key, from which the private key should be computable only in a time longer than the lifespan of the universe's remaining protons. That is the part that they apparently managed to fuck up. In terms of generally being a tough nut to crack, Sony did a pretty decent job. However, if TFA is true and not misleading, they failed to implement an absolutely foundational part of practical cryptography properly...

    2. Re:Epic Fail? WTF? by Riceballsan · · Score: 4, Insightful

      It's pretty true there, before the other OS, there weren't even known attempts, beyond one lame idiot saying he thought he might someday be able to do it through the other OS, that caused sony to go crazy and remove the other OS feature. Before then sony had the best possible security possible for a console, give the modders an outlet, modders/homebrewers with high inteligence usually are not the same as the modders that want to sell to pirates, so you keep the smart ones busy, and the pirates won't have anyone to do their dirty work for them. You flip the finger at them and tell them they are a security risk and can no longer keep what you sold them... well expect the most determined wave of security breaks in history.

    3. Re:Epic Fail? WTF? by overlordofmu · · Score: 3, Insightful

      Are you serious or trolling?
      Why is there no reason to buy PS3 titles? Do you only play Halo?

      What about PS3 exclusives? Shooter, Eden, Infamous, Little Big Planet, Luminez, Uncharted 1&2?
      Some of these are not just exclusives, they are games that raise the bar, shining examples of the medium taken to the next level.

      Again, are you serious or trolling? Honestly, I cannot tell.

      (Obligatory grammer nazi comment: You cannot capitalize the first word of your sentences but you capitalize the "PS" in "PS3"? Really?)

    4. Re:Epic Fail? WTF? by VortexCortex · · Score: 4, Insightful

      Actually, I think the metric is fair.

      If every grain of sand on Earth were a super computer that could perform a public/private key signature check once every clock cycle (not possible, takes many cycles), and those super computers ran at 1000 times the speed of our current fastest supercomputers, it would take trillions of years to crack our current public key crypto systems (when implemented correctly -- something Sony failed to do).

      The universe is estimated to be about 13.75 billion years old. One trillion years is a truly Epic timescale. Given that there are many correctly implemented public key cryptographic libraries with source code available I find that Sony did, in fact, fail on an epic scale...

      These enormously large metrics are meant to drive home to laymen just how impractical it is to brute force correctly implemented public key cryptography with the hardware we have today.

      In short, "Epic Fail!" is an accurate exclamation. If you disagree, I suggest you go read up on the subject of public key cryptography a bit more before making baseless claims as to the "feeb"ness of others' well informed comments (failing this, you could just troll harder).

    5. Re:Epic Fail? WTF? by marcansoft · · Score: 5, Interesting

      The "epic" part really came about due to the completely inexcusable ECDSA signature screwup. We were left speechless by that one. However, as a whole, the entire PS3 architecture is terrible. Especially after breaking it open and properly analyzing it and finding a ton of screwups (many critical), there is absolutely no doubt in our mind that the sole reason why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system (that, and maybe hype around their hypervisor and isolated SPE security, both of which turned out to be terribly bad). If you watch the talk you'll actually see that we make this point clear and address the time-to-hack of the PS3. Given our experience and what we've learned from people who work on console hacks, almost nobody tried until OtherOS was removed, so the only valid measurement for "time to hack", as a strength-of-security measure, is the time since OtherOS was removed (9-12 months or so).

      OtherOS was Sony's single best security feature.

    6. Re:Epic Fail? WTF? by marcansoft · · Score: 3, Informative

      Although the keys are kind of short (they likely will become breakable in a few decades or something like that), that has nothing to do with the screwup. They completely botched their signer so it creates correlated signatures that leak the key. The computation to get the private key takes milliseconds.

    7. Re:Epic Fail? WTF? by RyuuzakiTetsuya · · Score: 3, Informative

      why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system

      Really? people haven't been trying to get to accelerated video in linux on the ps3? Or access to the GameOS FS just to tinker with it? Or piracy(Piracy was a big BIG motivator on Xbox, 360, PS2 and Wii; also Dreamcast but, the DC's security was even bigger epic fail than Sony's).

      So I think that's complete bollocks.

      The PS3 only went down because the first few lines of defense were pretty good... But not much else. In game save exploits like the famous GTA:LCS PSP, the Mechassault Xbox or the Twilight Princess Wii attacks weren't possible because the PS3(and 360 IIRC), unlike a Wintel system, actually properly implement the NX bit(According to Mathieulh at least, it also explains why TIFF exploits weren't being examined as well). So, bye bye that attack vector. The PS3 didn't rely on making sure that the optical drive was secure, so bye bye with that exploit(this was popular on the 360 and Wii). The PS3 also didn't expose the CPU to debug pins like the Xbox(with Pogo pins) or the Xbox 360(thanks to it's handy dandy JTAG connector).

      It wasn't until we saw the big weakness with the PSJailbreak did we see the other major flaws.

      Yes, I've gone to bat for Sony for locking down the PS3, but I don't think that it's wrong to fight back.

      --
      Non impediti ratione cogitationus.
  3. Invalidate Private Keys by VGPowerlord · · Score: 4, Insightful

    It's a bit late to invalidate private keys.

    My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

    While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.

    Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    1. Re:Invalidate Private Keys by igreaterthanu · · Score: 5, Insightful

      My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

      They already have a list of all genuine games signed by the now compromised keys. They could potentially release an update that used new keys but also accepted the old keys provided it had signed something on the already known genuine list of games.

      --
      I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
    2. Re:Invalidate Private Keys by fuzzyfuzzyfungus · · Score: 5, Insightful

      Not that I want them to succeed; but they could always do something like: "Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."

      The number of existing PS3 games, DLCs, etc., while not small, is finite and pretty well characterized. It would be a pain in the ass; but not fundamentally difficult, to compute the hash of each one that is tainted by the compromised key and hardcode trust of it into the same patch that otherwise nukes that key and anything signed by it.

      Now, since the private keys presumably also control verification of patches, it is likely that some number of PS3s will permanently leave their control, with hacked patches applied that spoof acceptance of future patches, thus leaving them in control of their owners; but regaining control of all unsophisticated updaters and all PS3s leaving the factory from now on doesn't seem fundamentally impractical...

    3. Re:Invalidate Private Keys by Brett+Buck · · Score: 5, Funny

      do something like: "Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."

          Hey I think that sentence is a viable line of COBOL.

    4. Re:Invalidate Private Keys by orthicviper · · Score: 3, Funny

      1. Take out Linux functionality to provoke hackers to unlock your PS3
      2. Boost hardware sales from all the people buying PS3's to play pirated games, while acting innocent to your third party game developers
      3. ????
      4. PROFIT!!!

  4. Epic Fail? Hardly. by Weaselmancer · · Score: 4, Informative

    From the blurb:

    'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system.

    Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.

    Compared to DVD and Blu-Ray, that is actually pretty darn good.

    --
    Weaselmancer
    rediculous.
  5. Re:Epic Fail? Hardly. by SuricouRaven · · Score: 3, Interesting

    It is impressive indeed. Though I do note that it didn't completly resist attack for four years. It just took for years to be completly, irrepairably and conveniently broken. There have been wayst o break the PS3s DRM for years, but their complexity put the beyond the ability of all but the most technologically capable users. With the code-signing cracked, it's as simple as burning an ISO.

  6. Wow... by fuzzyfuzzyfungus · · Score: 4, Insightful

    How did Sony fuck that one up?

    It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

    With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.

    With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).

    What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?

    I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".

    How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?

    1. Re:Wow... by Fireye · · Score: 4, Informative

      What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
       

      From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.

    2. Re:Wow... by Rich0 · · Score: 3, Interesting

      Dunno, but I can make a comment regarding HDCP.

      HDCP isn't really doing the same thing as Sony's code-signing, and it suffers from the DRM problem where Bob and Eve are the same person.

      As you say, Sony's use case is just traditional public-key digital signatures, and should be completely immune to attack barring major advances, or compromise of the signing key. So, they are without excuse.

      HDCP accomplishes a different mission. HDCP needs to allow any two random and unrelated pieces of AV equipment to talk to each other without anything in-between intercepting the communication. That means that each device must contain a keypair, and not a single key, which means that private keys are inside every HD TV sold today. If you can extract the keypair from any one of those TVs you can fully impersonate that TV which is all you need to crack the system barring key revocation, since HDCP dictates that any device trust any other device with full-quality streams unless it has a revoked key.

      If you crack one TV set you break HDCP somewhat. The manufacturer can of course revoke the key and recall all TVs containing that key at considerable expense, and then re-secure the rest of the system (once the revocation fully propagates, which of course involves a lag).

      The next problem with HDCP is that all the device keys are related to a master key (which is how devices can figure out if any particular keypair is a good one or not without having any prior relationship). The nature of that relationship allows the master key to be brute-forced once a sufficient number of device keys are obtained. Over time a sufficient number of device keys were obtained, and thus the master key was obtained. That makes revocation of individual devices no longer an option, and the only solution at this point is to invalidate every HDMI-sporting device out there.

      The protection on BluRay had similar issues. Again, this is all DRM and it is theoretically insecure since the threat model is an attacker who has physical possession of the keys, which of course there is no mathematical defense against.

      None of this applied to the PS3 - at least not regarding code authentication. Code encryption is a different story - if discs are encrypted then if you extract a private key from any valid console you can decrypt every disc out there, but you can't modify and run them without having the signing key or jailbreaking individual devices.

      I'm curious as to how they did it as well. If they didn't provide details I'd be suspicious that the key wasn't simply leaked. Key management is the achilles heel of public key crypto.

    3. Re:Wow... by dch24 · · Score: 5, Informative

      I'm a little uncertain what you're asking at the end of your comment, but the key they obtained was the Isolation-mode SPU AES key.

      They say at the end of their talk they do not have the LV1 OS keys, and they aren't going to work on them -- those are used to sign & verify games.

      The Isolation-mode SPU AES key is used to verify loaders, and it was broken because the encrypted block is stored at a lower address than the decryption code -- and the size parameter is not verified. So the encrypted block can be overflowed to overwrite the current instruction and then the isolated SPU is under user control.

    4. Re:Wow... by Anonymous Coward · · Score: 3, Informative

      Actually, the bug wasn't in key generation, but in *signature* generation.

      They were supposed to salt each signature with a different random salt (number "m"), but they didn't, they used a constant number every time.

      That made the equations for computing the signatures, R and S, easily exploitable, making it possible to simply solve them and obtain the private key. Now, this isn't a computationally expensive operation, since the equations are rather simple, hence the EPIC fail: as soon as anyone realizes Sony didn't salt their signatures, they can almost immediately compute the private key used just by having two signatures using the same key (and salt).

  7. Re:Epic Fail? Hardly. by jchillerup · · Score: 5, Informative

    Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.

    Compared to DVD and Blu-Ray, that is actually pretty darn good.

    I was at the presentation in Berlin today. They did bring up this exact point.

    Their counter argument was that people don't take into consideration that the console did support homebrew until Sony declared they'd drop that. The argument for that action was they'd save money not having to support it for their then-new PS3 Slim models, which turned out to be bullshit after hackers discovered that the Slim (with some hacking) could actually run the same Linux distros as the PS3 Fat. They then disabled OtherOS on the PS3 Fat, too.

    This was 12 months ago (can't cite a source other than the slides), making it take only 12 months of actual effort for it to get cracked, as opposed to other (closed) platforms where the homebrew hacking efforts begin at day 0.

  8. Re:Epic Fail? Hardly. by Terrasque · · Score: 5, Informative

    That's true. And Sony have been boasting of having the toughest DRM of all consoles.

    However, it only took half a year from removing Linux support, and in that short period have had many partially successful attacks against it. Before, while they had the Linux support, such stories were remarkably rarer.

    Many critics meant that the continued security of the console was partially because they allowed linux to run on it, and so many of the talented people had no reason to look closer at it. Since PS3, after four year of "DRM cracking almost never heard of" have now gone to "Completely broken" in just over half a year's time, I think they have a point there.

    It's not that it was that much more secure, it's just that most of the really talented people had no reason to look into it.

    --
    It's The Golden Rule: "He who has the gold makes the rules."
  9. What Would Epic Fail Look Like? by W.+Justice+Black · · Score: 4, Funny

    Folks toss about the phrase "Epic Fail" far too loosely. Here's what a real Epic Fail looks like:

    The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.

    As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.

    THAT is an epic fail.

    --
    "Time flies like an arrow; fruit flies like a banana." --Groucho Marx
  10. OtherOS by Anonymous Coward · · Score: 5, Insightful

    From @fail0verflow:

    "we only started looking at the ps3 after otheros was killed."

    and

    "our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."

    If Sony would have left OtherOS alone, they wouldn't be in this predicament.

  11. Re:precisely. by spazdor · · Score: 5, Insightful

    Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken

    But Sony already possesses them - they had to sign them in the first place! Either that or they entrusted all those publishers with with their private signing key. Which would be a terrible idea.

    --
    DRM: Terminator crops for your mind!
  12. A bit close-minded around here by metalmaster · · Score: 4, Insightful

    The PS3 was being attacked well before OtherOS removal. When linux was available the graphics on the machine were limited to virtualization. The race was on too crack the 7 locked down SPUs. Were people successful? Mostly no, but that doesnt mean attempts havent been made. If i remember correctly, Geohot's intention was to gain access to the cores. They just happened to find an exploit to give them keys to the kingdom

    Removing linux definitely brought the talent out of the woodwork, but it did not start a war

  13. Re:How did they get the private key, if they did? by fail0verflow · · Score: 5, Insightful

    > Do they really have Sony's signing key?
    Yes, we have most of their signing private keys.

  14. Re:precisely. by marcansoft · · Score: 3, Interesting

    Sony cannot permanently regain any existing PS3 with a firmware update (nor can they fix this hole trivially at all, including in new manufactured units). They can make it harder for you to install a hacked firmware on a PS3, but as of today every manufactured PS3 is vulnerable to a modchip (NOR/NAND flasher) forever.