Slashdot Mirror
PS3 Root Key Found
An anonymous reader writes "The PlayStation 3 'root key' used for code signing has been found by GeoHot. This enables running homebrew without the need for psjailbreak-style USB-devices, and also provides hope for those at firmware version 3.55 that currently cannot be downgraded. The key also cannot be changed without hardware modifications. Oops."
I wonder how many job offers that kid has received.
Is this the same private key that was discovered last week?
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
I wonder how long until the lawyers start raining down from the sky.
Did you guys hear about the next firmware update that bricks the console? It's fine, they offer free replacements for anyone affected by it.
Now perhaps we can find the key to giving /. memory lasting longer than 6 days.
This is a dup.
Acid and a very powerful microscope? Or leaked information from a Sony insider?
Better known as 318230.
They are under attack by terrorist hackorz.
So, so, so sad.... maybe they will have to act with common sense and decency towards their customers now.
Ha, ha... like that will ever happen.
I can encrypt/sign anything on psp now.
maybe i misunderstood PKI. i thought the public key would be on the machine, and discs/software signed by Sony in some secret secure lab would be the only ones with the private key...
It'd be cool if this finally gained us access to the RSX....
Since they basically did a "bait and switch" with the PS3.
When I bought it, it had the OtherOS feather AND I could do all the online stuff...not now
When I bought it, it had backwards comparability for almost all PS2 games...not now
So it appears to me that in a sense the "hackers" have returned my property that was stolen from me by the "legitimate corporation"
I doubt that Sony will learn anything from this, and after our family owning a PS2 and 3, the next console I buy will be Xbox...I had no idea a company could be dysfunctional enough to make me regret not buying a MS product.
you living in a farm son?
That was last week in Chaos convention
Still think revoking the "Other OS" function was a good idea?
Do not look at laser with remaining good eye.
Will this awesome bit of back-hackery enable PS2 backwards compatibility again?
Informatus Technologicus
And the key reads...
1234helpimtrappedinaplaystationfactory67890
Let the corporate world beware, don't tread on Linux. Big mistake to allow it and then take it away.
"Laywers raining down from the sky"
<voice actor="Lloyd Bridges">Looks like I picked the wrong week to give up skeet shooting....</voice>
www.eFax.com are spammers
He used the work of others, most notably the guys that just got the private keys.
The other guys are the ones truly responsible for this. GeoHot, as he tends to do, is just trying to take credit.
He's a known bullshitter in the scene.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Hopefully someone creating the custom firmware will add support for NTFS
I think they only allowed it in the first place to try to get tax breaks in the European Union. So, after the EU decided that it wasn't really a personal computer, Sony pulled it from their newer models (the PS3 Slim never had Other OS).
However, it was tampering around with the Hypervisor that caused Sony to remove it from older models in a firmware update.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
lol, wut?
Since the lame submission doesn't bother to link to the /very/ source that the article is about, I'll paste it here.
Hey, that's the same combination that I have on my luggage!
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
Backwards compatibility was never removed from any PS3. If you had it before, you have it now.
I have a 1st gen PS3 and the latest firmware and I still have my near 100% PS2 BC.
You really should consider making posts based upon facts instead of vitriol.
http://lkml.org/lkml/2005/8/20/95
SACD was not removed. It works and it works the same as it ever did. And there's no reason to think it won't work the same long-term as it has so far.
It's not a bait and switch if you simply didn't get a feature because the device you bought never had it.
No one uses SACD anyway. It's the height of hyperbole to try to make a mountain out of this molehill.
http://lkml.org/lkml/2005/8/20/95
Google "AsbestOS PS3"
It's been available for a while, now...
From the geohot site:
props to fail0verflow for the asymmetric half
Geohot isn't taking credit for anyone's work here.
Weaselmancer
rediculous.
I think they only allowed it in the first place to try to get tax breaks in the European Union. So, after the EU decided that it wasn't really a personal computer, Sony pulled it from their newer models (the PS3 Slim never had Other OS).
This story about trying to get the console recognized as a computer for EU tax purposes applies to the PS2, not the PS3.
Do what thou wilt shall be the whole of the Law
I wouldn't have minded a little details on how or what the method was, some flaw in the encryption, brute force over time? Give me some details on the work involved thats the most interesting part.
No, it was their choice to do that. In no way did someone messing with the hypervisor cause the removal of the feature. To say that is like saying because my dinner was cold I had to beat my wife.
I use SACD. I don't have a great deal of media, but I appreciate being able to play what I have.
I've fallen off your lawn, and I can't get up.
It'd be cool if this finally gained us access to the RSX....
First there was MSX, an 8-bit home computer built around the ColecoVision architecture. Then there was the BS-X, a satellite modem for the Japanese version of the Super NES. Then there were two different Sony products called PSX: the original PlayStation and a DVR with a built-in PS2 console. Now the PS3's GPU is called the RSX. What is it about video game consoles and ?SX names?
I've never owned any Sony products (not even a walkman) but I must say I'm seriously considering buying a PS3 now!
Just play it on your PC or whatever open platform you want. Nobody forcing you to use a PS3, dork.
Er, maybe you're typical of the kind of person that owns a PS3 (and thinks nothing else in the world exists)... derrr, herrr
...that this shouldn't matter to Sony. More software should mean more console sales - and that should make them happy.
Sadly, it's not like that at all.
Game consoles are sold at a loss - with the manufacturer getting their money back from issuing licenses to game manufacturers and clawing back a percentage on every game that's sold. Hence, if someone runs unlicensed software on their console - or uses it for nothing more than watching BluRay movies - or as a door-stop or paper-weight - they lose money. Hence it's in their interests to prevent non-licensed games from running on the machine. People (who are mostly stupid) like the idea that game consoles are cheap - and are blind to the cost of the games they run on them.
In a utopian future, people would pay the actual cost of manufacturing the console - plus a reasonable profit margin. Anyone could write games - and the cost of them would be reduced because they wouldn't have to pay the "Sony Tax" on each one. For people who'll own very few games over the life of the console, this is not so attractive - but for people who buy more than the average number of games, it's a huge win. But at least we're honest about it.
Benefits would be that very small companies - and open-source enthusiasts could make cool hacks and super-cheap or even freebie games - and that would result in a much-needed shot of creativity into the games market. It would also make it plausible for some new company to break into the business. It takes big balls and an even bigger bankroll to fund making a million consoles and giving them away at half price - in the HOPE that enough games will be sold to pay it back. But if consoles could be sold at a profit - there could be more players in the field.
But sadly, people are stupid - and they'll buy a $60 printer which needs $50 ink cartridges - or take advantage of a super-cheap cellphone that ties you to a single phone company for years at a stretch. They think they are saving money - but the console, printer and cellphone manufacturers don't seem to be going out of business with this model...so evidently that's not the case.
It winds up being a tax on the people who will make the most use of the device in order to subsidize the people who buy it and then hardly ever use it. That doesn't seem to be the right way to treat your customers.
However, it would be tough for any one of the big three console makers to break the pattern. Very few people would pay $600 for a console when the competition are selling the almost identical thing for $299 - even if they're going to save $20 on each game they buy for the next three or four years. As console replacement cycles stretch - the ratio of games purchased for every console goes up - making this an ever more productive thing for the console maker - and an even more unreasonable thing for the end user.
A teeny-tiny law that required games makers to disclose, on the front of the packaging, how much "tax" you're paying to SONY when you buy that game would be a good thing for everyone.
reminds me of this guy "DVD Jon" which everybody thinks programmed DeCSS but actually did nothing more than program a menu system
"The key also cannot be changed without hardware modifications."
This is 100% incorrect and assumes that Sony will not take actions that *may* have a detrimental impact to their users. Historically, they have proven time and time again that when it is their profit vs. their customer, the customer loses.
Here's what they would have to do (from a high level perspective, all you encryption experts can retract your claws) to fix this:
1) Publish a firmware update (mandatory) for the PS3, needed to sign in to PSN, which includes an update to the root certificate / trust, which would include the reciprocating key for a new private key they generated.
2) Publish a small update to *every* piece of existing PS3 software that signs the executable with the new key.
As Sony licenses their technology and as every executable has to be signed by them internally anyway, it's not a stretch to believe they'd have (somewhere) a full list of these executables. They could just re-sign the SELF binaries with the new key, publish as a patch, and they'd have a new key.
I'm not sure where the statement came from that this was held in hardware -- I mean, sure, it's accurate -- everything held in FlashROM is effectively 'in hardware', but for the purposes of this conversation it doesn't in any circumstance mean that Sony can't fix this -- just that fixing it could possibly negatively impact their userbase. I again must remind everyone that this is not something they normally bother themselves with.
I expect 3.60 to come out soon with a new key and for every single program I run for the next two months to be telling me it requires an update before it will load.
That said, NOW, any of you encryption gurus out there with a better understanding of how the PS3 (mis)uses encryption are free to tear my post to pieces.
To the darkened skies once more, and ever onward.
I do not recall them saying metldr but instead GameLauncher. Am I mistaken in what it's called or is this yet another key? I've not gone back to listen to the video again but I do know exactly what you're talking about - the person who wanted to know why they weren't launching code from DVD. They said that they hadn't gotten the key for XYZ, and weren't interested in piracy. I believe they indicated they had the lower level key they needed instead.
Build it, Drive it, Improve it! Hybridz.org
How will the system tell if a game with the current key really is a game and not something else?
Also, you're assuming Sony will bother publishing updates to all games. Sure, they might update the popular ones, but obscure ones they probably wouldn't bother with, leaving them unplayable forever.
To say that is like saying because my dinner was cold I had to beat my wife.
What? You mean that's not a legitimate excuse?
Oh, fuck..... :)
I'd assume that in the imaginary 3.60 update, they'd invalidate the original key by either removing it from the internal certificate store or trusted certificate store, so any binary signed with that key would be treated as an un-signed or incorrectly signed executable and would not run.
That does bring up the point that if the actual SELF does not run due to being signed with an invalid key, would it be able to launch a stub that attempted to upgrade the app? I think they'd have to come up with a secure and crafty way of managing this. Whatever they do will need to ensure that legitimate users with physical discs containing SELF executables signed with the bad key can at bare minimum launch the stub which will download the updated, newly signed SELF binary. In any case, I digress.
I don't think it's too long of a shot to assume they would publish updates to all of the games -- they already have the update data on a centralized server that each game contacts as it is run, it wouldn't be much of a stretch of the imagination that they could take the original un-signed executables (I'd hope they have them stored!) and just write a script that signs the most current executable with the new key and publishes for testing. This does assume that they have a valid database of this information today and that they have the ability to quickly and easily get their hands on the unsigned copies of the binaries -- something that could easily be quite an incorrect assumption.
To the darkened skies once more, and ever onward.
and you cant push updates to the Discs.
Unless they want to make ALL games released on Disc broken, they have to leave those keys in place.
just like how they cant blacklist the new HDCP crack dongles... they will blacklist a giant swath of Sony bluray players if they did.
Do not look at laser with remaining good eye.
Take the root-key of PS3 and then just multiplicate with 360, and woila! you got the Xbox 360 key as well!
...Sony does the geek gamer world a huge honor by throwing open this damned fine machine to exploitation by a horde of geniuses and starts beating the drum really loud about PS4.
...for the first time at a buddy's house. Just sat there looking around while dudes ran by and shot/stabbed/exploded/bombed me. I was helpless.
I can play some NCAA Football 11, though...just takes practice.
Fine, we can call it sell-and-yoink when a vendor pulls features from a captive product.
The obvious lesson to manufacturers is that if you yoink the wrong feature, the captive audience will jailbreak as the necessary solution.
Let's see how many iterations it takes to learn it.
I'm sick of these sorts of comments. This is Slashdot people, news for nerds. Don't make these kinds of comments!
We will not know whether or not lawyers are full of hot air enough to reduce terminal velocity to a survivable speed, until we have taken a significantly large random sample, and dropped them from planes.
I suggest we take some aspiring lawyers, and use them as our control, as I couldn't bear the thought of accidentally killing someone who isn't a lawyer.
Scientific rigour, people. Use it!
This is my footer. There are many like it, but this one is mine.
Did you view the 27C3 talk about the PS3? The first keys ARE in hardware, fixed. It's the first keys used to check anything, and they are set in stone so no hacker can touch them, but also no update can touch them. Also changing them would break everything out there. You might be able to get around those with huge whitelists. But that's not practical in the end at all.
Actually DEC (now HP (now Compaq)) released the Alpha
Alpha is the chip....
Encryption is preventing Alex from seeing what Betty is saying to Charlie.
DRM is trying to prevent Betty from seeing what Betty is saying to Charlie. Since Betty has the keys in her physical possession, it's just a matter of time before the DRM is broken.
"... Sony is breaking new ground here. I don't think normal people ever needed to invent a term for a vendor selling something and then intentionally breaking it by remote control ..."
At least one cell phone carrier (Verizon) has prior art on this. A few years back, they removed the ability of some cell phones to play MP3 files (so they could push their music download service harder.)
From http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/comment-page-1/#comment-6413 :
"You wouldn’t even have seen discussion inside Sony. Their corporate culture is very stovepiped, quite dysfunctionally so since what would be regarded as normal communication channels in other companies (even the highly regulated ones that exist in Japan where as an engineer or developer you’re given a task and perform it to the best of your ability without thinking of questioning any of it) simply don’t exist. So for something like this development team A would have been handed a fait accompli by development team B without any ability to question it, or even an ability to provide feedback if they noticed a problem. In fact the first that one team may hear about some new techology is when it gets shipped to them from some other development group (people complain about the lack of technical info from Sony to work with the PS3 but it’s not much better for people working inside the company, who have extreme difficulty getting the information they need).
So not only would Sony not have employed Root Labs to look at this, they wouldn’t have involved anyone else at Sony outside the narrow stovepipe that worked on it."
For now I guess they will add Keys to the games in order to force the pirates to stay in their separate pirate-PSN. Additionally they will have to release a PS4 soon.
It makes me sad. I like homebrew but i dislike software piracy. Even though there could be a positive effect on the software prices. In comparison the PSN prices for games and DLC are way too high in comparison to the games you can buy from stores located outside the EU or on steam i.e..
Because the monopoly is gone and Sony now has a competitor on their own system, they (Sony and the EU retailers) will have to lower the prices.
The key also cannot be changed without hardware modifications.
Simple. Sony releases a new PS3+ that is backwards compatible with PS3, but with new keys and this exploit patched. Any PS3 can be upgraded to a PS3+ for FREE, you only need to take your PS3 to a service center and wait for 15 minutes for a hardware "upgrade".
PS3 will no longer be sold. Only PS3+ are available.
New games eventually requires PS3+, and as hacks and aimbots start to plagues games that supports the old PS3, PS3 players (those wiling to PAY for games) flock to upgrade and play PS3+ only multiplayer games.
Might cost Sony a bunch, but hardly showstopping if they start to see real damage from pirate games or hacks.
Oliver.
Can someone explain what is the rationale behind keeping the private key inside the device?
If it needed to verify the authenticity of digitally signed applications, did it not need to have just the public key that corresponds to the private key of the signer?
The saddest poem
Buy an Xbox? That thing is even more locked down and probably has far fewre security holes. In other words, you own it even less than a PSP or PS3 or Wii or whatever. Are you sure you're sending the right message? Sony did a lot of things wrong, but fortunately that included the security bit.
Here's what they would have to do (from a high level perspective, all you encryption experts can retract your claws) to fix this [...]
Very good point and I wouldn't... ahem... won't be surprised when this happens. At least this will provide homebrewers with the option to either have an unbound system or not homebrew. This is in contrast to either still being bound with Other OS or bound without.
Actually, it would be almost perfect if Sony succeeded in this. Pirates still lose and homebrew still lives. I mean, I download shit all the time but I know there's millions of people out there and corporations who have to deal with this who provide for these millions of people who will ultimately lose.
I cheer it being broken open, now people can do what they want with the hardware they paid for. Sony doesn't have to lose business over this.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
I expect we'll soon see a signed proxy app that will run on enabled PS3s and tell PSN whatever it wants to hear in regards to version and anything else since there really isn't any technical reason for the new firmwares.
You can output SACD stereo and multi-channel in 176KHz/24-bit over HDMI. You can output SACD stereo over optical also. The only change is you can't have multichannel output converted to DTS over optical, which if you are really using SACD for quality, you didn't want to use anyway.
I realize that the format still exists. And I also realize that talking about "how many titles" are available should really be phrased "how few titles" are available.
I agree the SACD feature never worked perfectly. If you're serious about SACD, a PS3 is a poor choice for several reasons. Get a real SACD player, it'll work better and you can even get DSD direct output.
Again, if you feel SACD was degraded with a firmware update, then THIS IS NOTHING LIKE HOW BACKWARD COMPATIBILITY WAS TREATED. Backward compatibility was not removed at any point. If your PS3 had it before, it has it now. Mine still has full PS2 BC, with firmware 3.55. I just booted up SSX Tricky (PS2 game) last week.
Calling Other OS (removal), SACD (still there, one feature removed) and BC (not altered at all) to be all the same so you can call this a recurring pattern is quite a stretch.
http://lkml.org/lkml/2005/8/20/95
I did, but I don't believe for a second that Sony can't work around this, even if it's not practical for them to do so and even if it involves a huge whitelist -- as mentioned, historically they've proven that they will go to immeasurable lengths to protect their intellectual property, easily at the expense of the customer.
Beyond that, Sony has already come out and acknowledged the flaw and announced that they will have a fix for it that will resolve the issue -- I don't think their PR firm would have been allowed to say that if they couldn't actually fix the problem.
That said, thanks for clarifying some of the misinformation I had -- I watched part of the 27C3 talk but did not view in its entirety, and had not seen the portion where they mentioned that the key was locked tight in the hardware somewhere.
To the darkened skies once more, and ever onward.