Playstation 3 Code Signing Cracked For Good

← Back to Stories (view on slashdot.org)

Playstation 3 Code Signing Cracked For Good

Posted by samzenpus on Wednesday December 29, 2010 @09:19AM from the forever-is-a-long-time dept.

ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"

29 of 534 comments (clear)

Min score:

Reason:

Sort:

Sigh by Anonymous Coward · 2010-12-29 09:21 · Score: 4, Insightful

"Following this, the team declared Sony's security to be EPIC FAIL!"
Is it really necessary for everybody to talk like complete dicks nowadays?
1. Re:Sigh by Raineer · 2010-12-29 09:40 · Score: 5, Interesting
  
  "Following this, the team declared Sony's security to be EPIC FAIL!"
  Is it really necessary for everybody to talk like complete dicks nowadays?
  To be honest I'm not sure how you can call Sony security a failure. As far as popular consumer devices go, the PS3 lasted for eons. I am both a Sony and Apple fanboy (somewhat), and have to laugh at the hours (literally) it takes any Apple product to be cracked while Sony (as dysfunctional as any company there is) makes a product that lasts for years. Cracking the keys was inevitable, but Sony should be recognized for making it more difficult than anyone else :) I still sit on the side of the fence where the damn thing should have been open from the get-go...but meh
2. Re:Sigh by MoonBuggy · 2010-12-29 09:45 · Score: 5, Insightful
  
  I get the impression that the moderate openness of the PS3 at release was exactly what did preserve its uncracked status for so long. As soon as they locked out the 'Other OS' option, they pissed off the precise segment of the userbase who also have the skill to crack any subsequent security improvements.
3. Re:Sigh by MoonBuggy · 2010-12-29 09:56 · Score: 5, Interesting
  
  Having followed the finest Slashdot tradition and only read TFA after posting, it appears that there was truth in my speculation. Fail0verflow, the group that found the keys, posted on twitter that "we only started looking at the ps3 after otheros was killed.". That means they did this in nine months.
4. Re:Sigh by socceroos · 2010-12-29 09:58 · Score: 4, Funny
  
  The only 733ts I'm aware of are my wife's.
5. Re:Sigh by Derekloffin · 2010-12-29 10:11 · Score: 4, Insightful
  
  Only if they completely ignored all knowledge of the PS3 discovered before 9 months ago, which I highly doubt. Granted, it probably wouldn't have taken them the 4 years to crack it if they had interest from the start, but to complete ignore the 3 intervening years, you have to assume they gained nothing from those 3 years at all on any front. It is a disingenuous claim.
6. Re:Sigh by marcansoft · 2010-12-29 12:55 · Score: 5, Informative
  
  I'm one of those guys, and the summary is so terrible it's not even funny. Please watch the recording of the talk before you form an opinion; the reporting on this one is pretty terrible. Especially the "overflowing the bootup NOR flash". I don't even know what that's supposed to mean.
  The PS3 security system really is horrible. Most of it is effectively useless because it can be worked around or breaking it is not necessary, and the signature screwup is basically inexcusable. We aren't calling it "Epic Fail" for one or two holes, we're calling it "Epic Fail" because as a whole it's a complete clusterfuck and there are many fundamental design holes and more than enough evidence that the developers responsible for it were not qualified to design a security system or write its code (e.g. clearly they didn't employ a proper cryptographer). It's also a reference to our Wii talk (which was subtitled "Wii Fail") because we consider the PS3's security to be a hell of a lot worse, design-wise.
7. Re:Sigh by Gogo0 · 2010-12-29 15:51 · Score: 5, Informative
  
  For those that dont know, this guy (among others of course) has been integral to opening up the Wii and now the PS3 for homebrew.
  Very interesting writer too, explains on his website much of the details of working around the various "fixes" Nintendo applied to try and close the holes in their code.
  He is definitely not an asshole, and those of us who care about openness on these consoles (or just enjoy running homebrew on them) owe a lot to him and the teams he works with.
  
  </deserved asskissing>
8. Re:Sigh by marcansoft · 2010-12-30 00:56 · Score: 4, Informative
  
  while the fact that they're not randomizing the encryption is incredibly bad, it's not epic fail
  A signer screwup that leaks their private key is not epic fail? This is probably the first time in embedded system security that someone has fucked up public key crypto this badly.
  
  For epic fail, we go to the Xbox 360 which has a damn JTAG pinout exposed to the world on the fucking motherboard(runner up: Xbox pogo pins).
  So does the PS3. JTAG doesn't mean anything if it's disabled, which it normally is, on both consoles (actually, we suspect it might be enabled on the PS3 but you probably can't do anything interesting with it). The Xbox 360 security design is a lot better than the PS3's. They had a few minor holes. The PS3 is completely messed up. The 360 has better revocation, better encryption, secure memory, a simpler and more effective security design, and a better implementation.
  
  Also, why didn't you guys list sjeep's Independence Exploit for PS2 that came out in 2002 or so? It didn't directly enable piracy(although when HDloader got dumped into ELF format it sure did).
  That came a lot later than modchips (which already enabled homebrew and piracy equally, since there's no PKI), and the slide was already overcrowded so it didn't make much sense.
Epic Fail? WTF? by scum-e-bag · 2010-12-29 09:23 · Score: 4, Insightful

Epic Fail? WTF?
How many years has it taken to crack the PS3?
I'd say that Sony has done a remarkable job.

--
Does it go on forever?
1. Re:Epic Fail? WTF? by fuzzyfuzzyfungus · 2010-12-29 09:36 · Score: 5, Insightful
  
  I think that the "epic fail" part isn't the overall security of the PS3(which has generally been a pretty good sinister representative of the dystopian "trusted computing" future); but the fact that they somehow managed to build a code-signing verification mechanism that allowed their private key to be computed by an outside party.
  
  Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify that a private key was used to sign something with nothing more than the public key, from which the private key should be computable only in a time longer than the lifespan of the universe's remaining protons. That is the part that they apparently managed to fuck up. In terms of generally being a tough nut to crack, Sony did a pretty decent job. However, if TFA is true and not misleading, they failed to implement an absolutely foundational part of practical cryptography properly...
2. Re:Epic Fail? WTF? by Riceballsan · 2010-12-29 09:44 · Score: 4, Insightful
  
  It's pretty true there, before the other OS, there weren't even known attempts, beyond one lame idiot saying he thought he might someday be able to do it through the other OS, that caused sony to go crazy and remove the other OS feature. Before then sony had the best possible security possible for a console, give the modders an outlet, modders/homebrewers with high inteligence usually are not the same as the modders that want to sell to pirates, so you keep the smart ones busy, and the pirates won't have anyone to do their dirty work for them. You flip the finger at them and tell them they are a security risk and can no longer keep what you sold them... well expect the most determined wave of security breaks in history.
3. Re:Epic Fail? WTF? by VortexCortex · 2010-12-29 11:54 · Score: 4, Insightful
  
  Actually, I think the metric is fair.
  If every grain of sand on Earth were a super computer that could perform a public/private key signature check once every clock cycle (not possible, takes many cycles), and those super computers ran at 1000 times the speed of our current fastest supercomputers, it would take trillions of years to crack our current public key crypto systems (when implemented correctly -- something Sony failed to do).
  The universe is estimated to be about 13.75 billion years old. One trillion years is a truly Epic timescale. Given that there are many correctly implemented public key cryptographic libraries with source code available I find that Sony did, in fact, fail on an epic scale...
  These enormously large metrics are meant to drive home to laymen just how impractical it is to brute force correctly implemented public key cryptography with the hardware we have today.
  In short, "Epic Fail!" is an accurate exclamation. If you disagree, I suggest you go read up on the subject of public key cryptography a bit more before making baseless claims as to the "feeb"ness of others' well informed comments (failing this, you could just troll harder).
4. Re:Epic Fail? WTF? by marcansoft · 2010-12-29 13:04 · Score: 5, Interesting
  
  The "epic" part really came about due to the completely inexcusable ECDSA signature screwup. We were left speechless by that one. However, as a whole, the entire PS3 architecture is terrible. Especially after breaking it open and properly analyzing it and finding a ton of screwups (many critical), there is absolutely no doubt in our mind that the sole reason why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system (that, and maybe hype around their hypervisor and isolated SPE security, both of which turned out to be terribly bad). If you watch the talk you'll actually see that we make this point clear and address the time-to-hack of the PS3. Given our experience and what we've learned from people who work on console hacks, almost nobody tried until OtherOS was removed, so the only valid measurement for "time to hack", as a strength-of-security measure, is the time since OtherOS was removed (9-12 months or so).
  OtherOS was Sony's single best security feature.
Invalidate Private Keys by VGPowerlord · 2010-12-29 09:24 · Score: 4, Insightful

It's a bit late to invalidate private keys.
My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.
While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.
Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.

--
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
1. Re:Invalidate Private Keys by igreaterthanu · 2010-12-29 09:42 · Score: 5, Insightful
  
  My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.
  They already have a list of all genuine games signed by the now compromised keys. They could potentially release an update that used new keys but also accepted the old keys provided it had signed something on the already known genuine list of games.
  
  --
  I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
2. Re:Invalidate Private Keys by fuzzyfuzzyfungus · 2010-12-29 09:44 · Score: 5, Insightful
  
  Not that I want them to succeed; but they could always do something like: "Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."
  
  The number of existing PS3 games, DLCs, etc., while not small, is finite and pretty well characterized. It would be a pain in the ass; but not fundamentally difficult, to compute the hash of each one that is tainted by the compromised key and hardcode trust of it into the same patch that otherwise nukes that key and anything signed by it.
  
  Now, since the private keys presumably also control verification of patches, it is likely that some number of PS3s will permanently leave their control, with hacked patches applied that spoof acceptance of future patches, thus leaving them in control of their owners; but regaining control of all unsophisticated updaters and all PS3s leaving the factory from now on doesn't seem fundamentally impractical...
3. Re:Invalidate Private Keys by Brett+Buck · 2010-12-29 10:46 · Score: 5, Funny
  
  do something like: "Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."
  Hey I think that sentence is a viable line of COBOL.
Epic Fail? Hardly. by Weaselmancer · 2010-12-29 09:25 · Score: 4, Informative

From the blurb:
'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system.
Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.

--
Weaselmancer
rediculous.
Wow... by fuzzyfuzzyfungus · 2010-12-29 09:31 · Score: 4, Insightful

How did Sony fuck that one up?

It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.

With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).

What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?

I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".

How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?
1. Re:Wow... by Fireye · 2010-12-29 09:47 · Score: 4, Informative
  
  What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
  
  From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.
2. Re:Wow... by dch24 · 2010-12-29 10:28 · Score: 5, Informative
  
  I'm a little uncertain what you're asking at the end of your comment, but the key they obtained was the Isolation-mode SPU AES key.
  
  They say at the end of their talk they do not have the LV1 OS keys, and they aren't going to work on them -- those are used to sign & verify games.
  
  The Isolation-mode SPU AES key is used to verify loaders, and it was broken because the encrypted block is stored at a lower address than the decryption code -- and the size parameter is not verified. So the encrypted block can be overflowed to overwrite the current instruction and then the isolated SPU is under user control.
Re:Epic Fail? Hardly. by jchillerup · 2010-12-29 09:36 · Score: 5, Informative

Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.
I was at the presentation in Berlin today. They did bring up this exact point.
Their counter argument was that people don't take into consideration that the console did support homebrew until Sony declared they'd drop that. The argument for that action was they'd save money not having to support it for their then-new PS3 Slim models, which turned out to be bullshit after hackers discovered that the Slim (with some hacking) could actually run the same Linux distros as the PS3 Fat. They then disabled OtherOS on the PS3 Fat, too.
This was 12 months ago (can't cite a source other than the slides), making it take only 12 months of actual effort for it to get cracked, as opposed to other (closed) platforms where the homebrew hacking efforts begin at day 0.
Re:Epic Fail? Hardly. by Terrasque · 2010-12-29 09:37 · Score: 5, Informative

That's true. And Sony have been boasting of having the toughest DRM of all consoles.
However, it only took half a year from removing Linux support, and in that short period have had many partially successful attacks against it. Before, while they had the Linux support, such stories were remarkably rarer.
Many critics meant that the continued security of the console was partially because they allowed linux to run on it, and so many of the talented people had no reason to look closer at it. Since PS3, after four year of "DRM cracking almost never heard of" have now gone to "Completely broken" in just over half a year's time, I think they have a point there.
It's not that it was that much more secure, it's just that most of the really talented people had no reason to look into it.

--
It's The Golden Rule: "He who has the gold makes the rules."
What Would Epic Fail Look Like? by W.+Justice+Black · 2010-12-29 09:39 · Score: 4, Funny

Folks toss about the phrase "Epic Fail" far too loosely. Here's what a real Epic Fail looks like:
The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.
As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.
THAT is an epic fail.

--
"Time flies like an arrow; fruit flies like a banana." --Groucho Marx
OtherOS by Anonymous Coward · 2010-12-29 09:40 · Score: 5, Insightful

From @fail0verflow:
"we only started looking at the ps3 after otheros was killed."
and
"our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."
If Sony would have left OtherOS alone, they wouldn't be in this predicament.
Re:precisely. by spazdor · 2010-12-29 10:45 · Score: 5, Insightful

Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken
But Sony already possesses them - they had to sign them in the first place! Either that or they entrusted all those publishers with with their private signing key. Which would be a terrible idea.

--
DRM: Terminator crops for your mind!
A bit close-minded around here by metalmaster · 2010-12-29 10:46 · Score: 4, Insightful

The PS3 was being attacked well before OtherOS removal. When linux was available the graphics on the machine were limited to virtualization. The race was on too crack the 7 locked down SPUs. Were people successful? Mostly no, but that doesnt mean attempts havent been made. If i remember correctly, Geohot's intention was to gain access to the cores. They just happened to find an exploit to give them keys to the kingdom
Removing linux definitely brought the talent out of the woodwork, but it did not start a war
Re:How did they get the private key, if they did? by fail0verflow · 2010-12-29 12:13 · Score: 5, Insightful

> Do they really have Sony's signing key?
Yes, we have most of their signing private keys.