Slashdot Mirror
PS3 Encryption Keys Leaked
An anonymous reader writes "PS3 security has been compromised again. The holy grail of the PS3 security encryption keys — LV0 keys — have been found and leaked into the wild. For the homebrew community, this means deeper access into the PS3: the possibility of custom (or modified) firmware up to the most recent version, the possibility of bypassing PS3 hypervisor for installing GNU/Linux with full hardware access, dual firmware booting, homebrew advanced recovery (on the molds of Bootmii on Wii), and more. It might lead to more rampant piracy too, because the LV0 keys could facilitate the discovering of the newer games' encryption keys, ones that require newer firmware."
"In non "nerd" speak: This leak only matters if your PS3 is already hacked. If you updated your PS3 with any official update released in the past 8 months (3.60 or higher), nothing has changed. No free games for you."
The PS3 is nearing the end of its life and it's taken 6 years to do it so it's served its purpose.
Does Sony have ANYONE who understands security?
Fundamentally, client-side security doesn't work. You can obscure the hell out of it and bury it deep within the system, but sooner or later, someone's gonna crack it. If they'd just let the damn homebrew people make backups of their games and install their own software, I doubt the mod community would have sprung up like this. They wanted access to the hardware, not pirated games. If they'd just locked up the portion of the system responsible for validating a game disk with some kind of TPM mechanism but left the possibility of running "unsigned" content, I doubt this breakthrough would have happened within the life of the product.
Sony, like every other big corporation, doesn't understand how hackers think. They don't give a fuck about your games: They want to see the nifty hardware! They want to push it to its limits, make new stuff with it. These are creative people who are endlessly fascinated with how things work. They're bored engineers.
But management got the idea in their head that the hardware is also theirs, not the person who bought it, and they're the only ones that get to say what it does, how it does it, etc. In so doing, they pissed off about a half million people who have the time, patience, resources, and will to tear the damn thing apart piece by piece until it's theirs again. Guys, why couldn't you just let them have their fucking Linux on PS3?
#fuckbeta #iamslashdot #dicemustdie
Today is a good day. Too bad it has taken so long. I wonder if Sony will see any boost in sales.
Say what you will about Sony, but they managed to keep the PS3 almost totally immune to hacking for the entire life of the console up til now. Six years, and only a year or so away from the next hardware iteration. That's pretty much a record for game consoles, a rather impressive achievement.
PlayStation 3.11 for Workgroups
I wonder if any ethical questions arise from using The Three Tuskateers derived key to Kickstart a new OS for the PS3. I've been wanting to play Little Endian Planet for years now.
Dear Google search engine, please locate PS3 encryption keys.
GPU programming, while more difficult, offers higher performance vector computing, on common hardware, unlike the cell processor. The G80 was not released until late 2006, and CUDA took until about 2008. Until then, the Cell processor had mindshare.
It's always a little amazing to see how people cheer on the leaks and cracks when they appear in a closed system, yet continue to support these closed systems with their money and attention when open systems are available.
It's just this very weird disconnect in consumer psychology. You don't have to crack a PC (yet) to do what you want with it. But you make a computer small and flat and suddenly you find yourself having to pay $1+ for every little program, from a collection of programs that somebody else has decided you shall have access to. You don't see the "fuck the man" attitude at the store, you only see it when a Scandinavian high schooler comes up with a crack for your game console and the manufacturer tells you you can't have it.
I just don't get it. How many years past DeCSS are we and banging our heads against the same wall?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Honestly if you have any patience you just wait 3 months and the good games are 25$ a pop - that's 2 lunches for me. I'm in my 30's now and I suspect my heavy piracy days are long gone. I also feel slight guilt when I pirate games now, some of these guys bust their asses to make some really good stuff. If ever do pirate anything it's only the gargantuan huge games which are selling a tonne anyhow.
I'm also really really happy with my PS3. I know Sony is the devil here but the exclusive games for the system, unlike the 360 - don't get ported to PC. There's some genuinely unique and fantastic games on the platform.
If I didn't own a beast little HTPC now (HP Microserver N40L) then I would however be happy that finally XBMC might come to the PS3. (I can't deny it DID piss me off they closed the loophole the developers were considering on the PS3) They honestly coudl've sold a shitload more if the PS3 supported XBMC out of the box with a basic live boot CD / DVD or something.
http://xkcd.com/221/
PS3's random generator code.
Sony can't be crushed soon enough.
You are welcome on my lawn.
As a PS3 owner who refused to upgrade past firmware version 3.15 out of principle, this news means I might finally someday be able to play my store bought copy of Gran Turismo 5 (the reason I bough the system in the first place).
And all TFA says is "found". Just where did these come from? Do we have any source actually saying if it was a leak?
If a console is capable of running unsigned content but as a rule it refuses to, then that's client side no matter how you slice it. Yet this is what you are suggesting they should have done.
As to what they actually did, it's a financial issue not a technical one. If a console is fully functional with unsigned content, then developers will not pay to get their content signed. Since the console business works by getting license fees and the signing is what enforces this, this would mean it would be financially unviable to run make consoles.
The key to making a console isn't really making it impossible to run pirated content. It's to make sure that it is hard enough to make full functionality unsigned games that developers don't feel they can try to go without paying you to get their games signed.
Sony put restrictions on what PS3 linux code could do. But once hackers broke this and accessed full functionality, Sony had little choice from a financial perspective. They had to close the holes. Maybe removing PS3 linux was the only way to close the holes, I dunno.
PS3 linux was crap, you could get a better linux machine for less money before PS3 linux was even removed from the machine. I find it really hard to draw a true link between being denied what PS3 linux offered and hacking the PS3. I far more think it's like you say, these people want to see nifty hardware.
http://lkml.org/lkml/2005/8/20/95
Eating cut gemstones?
Is he named Colby?
They (initially) sold hardware at a loss, planning to make up the cost by selling games.
The homebrewers are not, as stated, interested in the games. Therefore, in Sony's view they are stealing the hardware, just as much as someone downloading Sony brand music is stealing it.
The only reason PS3s were able to make cheap clusters is because Sony subsidized the consumer hardware; otherwise it would make more sense to buy hardware designed for the purpose without the controller ports, blu-ray drives, etc. etc.
It's a result of Sony's business decision, and they were losing too much to the people who would never buy a single game or blu-ray movie, so they cut their losses by killing homebrew capabilities, protecting the price points for their profitable target market.
"You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now"
So they would never have published it if it had not been leaked?
Seems unlikely, but if it's true then props to the leakers for "forcing" them to release it.
If the discoverers were not interested in making money, why would they not share it?
They are going to patch it within a few days, and then everyone will be complaining about how they took away homebrewing on the PS3 again.
Microsoft's solution is to run homebrew in a virtual machine and charge $99 per year for the right to run any software not signed by Microsoft in that virtual machine.
The key to making a console isn't really making it impossible to run pirated content. It's to make sure that it is hard enough to make full functionality unsigned games that developers don't feel they can try to go without paying you to get their games signed.
That or make the user and developer experience of signed software good enough that users won't be tempted to try the unsigned ecosystem. This is what Google has done with Android, what Amazon has done with its customized Android distribution, and what Apple is trying to do with the Mac App Store. Or a console maker might make the signed ecosystem easy enough to get into, with a full set of developer tools costing less than $1,500 for the first year, that homebrewers become tempted to join the signed ecosystem legitimately. This is what Apple has done with iOS and Microsoft has done with Xbox Live Indie Games, Windows Phone 7, and Windows RT. Why is it the case that platforms with physical buttons necessarily have much harsher requirements to join the signed ecosystem?
In addition, developers often have higher incentive to make software for closed system, because piracy is generally smaller and profits larger.
Unless the closed system's developer criteria require the developer to have proved itself on an open system first. This is the case for Microsoft consoles, Nintendo consoles, and Sony consoles, all of whose criteria appear tuned for poaching developers from other platforms rather than for startups.
LV0
erk=CA7A24EC38BDB 45B98CCD7D363EA2A F0C326E65081E0630 CB9AB2D215865878A
riv=F9205F46F6021697E6 70F13DFA726212
pub=A8FD6DB24532D094EFA08 CB41C9A72287D905C6B27B 42BE4AB925AAF4AFFF 34D41EEB54DD128700D
priv=001AD976FCDE 86F5B8FF3E63EF3A7 F94E861975BA3
ctype=33
If I didn't own a beast little HTPC now (HP Microserver N40L) then I would however be happy that finally XBMC might come to the PS3
Would you be willing to buy games tuned for HTPC, with thorough USB gamepad support and possibly even same-screen multiplayer? If people actually bought HTPC games, there might not be as much need to crack consoles to run homebrew because people could just make software for HTPCs.
What's the point of homebrew on a modern console? I can see the point for retro consoles such as the Nintendo Entertainment System, where the limitations of ancient hardware are part of the challenge, much like constrained writing. But instead of homebrew on modern consoles, people could just make software for Windows or Linux, connect the PC to the HDTV through VGA or HDMI, and be done with it.
I can't help but think: Sony is coming out with an updated slim, slim PS3. Conveniently, these keys leak while sales are probably at a plateau. If rampant piracy has taught us anything, it's that it can draw a lot of attention.
If potential hacks come out NOW that spike the sales and keep the PS3 relevant for another 5-6 years, then I think that almost gives Sony more bragging rights. I believe the mod chips for the PS1 and PS2, as well as some hard drive hacks for the PS2 is what really kept the system relevant for the extended length of time it had. I have a PS3 and about 40 bluray games for it, but if some sweet things come out for modded PS3's, I'll buy another to play around.
didn't this already happen a year or two ago? and Sony brought the hammer down on the guy and any website that displayed the keys? what's to stop that from happening again?
to start buying the PS3 en masse.
It costs 100 dollars to develop for iOS. Full stop
True, it's a lot cheaper to develop for iOS than to develop for PlayStation 3, but it's not $100 and done. It's $100 per year, plus $650 for the hardware dongle to run Xcode, even if you already own a computer.
But at least as importantly, iOS devices lack physical buttons other than "quit". As I understand it, very few people are willing to buy a Bluetooth gamepad such as iCade or iControlPad products just for one game. How else should a platformer like Super Mario Bros. series or Mega Man series be controlled on a completely flat sheet of glass?
What open game console has a decent selection of games?
Home theater PC running Windows 7.
to me, it's more bang for the big bucks that modern console cost.
The integrated graphics in Intel's Ivy Bridge CPU has finally caught up to Xbox 360 integrated graphics and PS3 discrete graphics. Case in point: they all run Skyrim, even Ivy Bridge). With this in mind, how much more does it cost to build a PC with Ivy Bridge graphics than it would to buy a PS3 and homebrew it? Or better yet, a PC with AMD integrated graphics?
if you already have a PS3 why not make it more useful?
If there were a culture of hooking a PC up to a TV, fewer people would feel the need to "already have a PS3". Here's the way I see it: There are more PC-exclusive titles than PS3-exclusive titles. There will always be more PC-exclusive titles than PS3-exclusive titles. So why not buy the PC instead of the PS3 in the first place? I seem to remember that six years ago, one could already buy a PC for five hundred ninety-nine U.S. dollars. One could even get a Mac for that much, and two years later one could get an Acer Aspire Revo for only $200. The difference back then was probably that most TVs were still CRT SDTVs, and scan converter cables to convert VGA video signals to composite or S-Video signals for an SDTV were obscure.
Are those private keys sufficient to sign homebrew software such that they will run in unmodified firmware?
and take it to work.
Cheap ass, and damn tasty, if you know what you are doing. If not? Well, there is that Arby's...
Blogging because I can...
The PS3 isn't interesting processing power wise anymore. It has been so far eclipsed by newer hardware. No matter how good it was when it launched (ended up being not as impressive as people hoped) it is 6 years out of date. 6 years ago the Core 2 and GeForce 8800 were the top of cheap consumer computing. Compare those to the Sandy/Ivy Bridge and GTX 680 and there is no comparison.
It's not open in the OSS-speak sense but it is in the sense you can install any software you want on it, write code for it with no license to anyone and so on. You can even run other OSes along side it as a dual boot, or in it with an emulator. Has all kinds of the games.
I do all my gaming (and I do a ton of gaming) on the PC not for any idealistic reasons, but because I like it better. There are very, very few games I don't get to have that consoles do, and a number I get to have that consoles don't. It is a very valid gaming platform, and is open if that matters to you.
Tax breaks in Europe is why they offered it in the first place. But Europe decided a PS3 with Linux on it was not a PC so they lost the tax breaks. So they stopped supporting Linux.
Sony can just ditch the PS3. No money for exclusives. No money for marketing. No new features. They shut off servers for games early. Then release the new console.
I don't remember any cool stuff.
Sony was selling the machines at a loss when the first exploit came out. Sony isn't subsidizing the hardware anymore. There are probably cheaper ways to make clusters. Also I think the main cluster builder was the US Navy. Probably used for controlling drones.
I predict the same emulators I have available on my PC will be ported. People will find a way to pirate games on the PS3. No one will care because those same games have been pirated for years on the PC. PC drm will be ported to the PS3. Only the really obnoxious stuff will work.
The mod community is not motivated by Justice. They did not "spring up" to right some wrong. Modders are motivated by boredom. The same people move from device to device doing the same things. Goehot was hacking Iphones and other hardware. He starting hacking the PS3 because someone sent him one as a gift. Later on the group hacking the PS3 were the people who a year before were hacking the Wii. They started with the Wii first because it was more popular. Look at android phones. Citation needed on your half a million people upset. If you purchased a PS3 with the intention of hacking it your a moron and a traitor. You came into a system that was making people happy and pissed all over it.
... this leak may lead to PS3 start selling like hotcakes ... ... and then ... ... the introductions of PS3+, PS3mini, PS3-NG .... ... and PS4 ... ... and finally, Profit !!
Muchas Gracias, Señor Edward Snowden !
Just FYI, we don't have to abide by your conditions.
The mod points belong to us and we can mod you up or down as we see fit regardless of whether whoever sucks any dog's asshole or not.
Which way you get modded proves nothing.
This is so cool. Now I can load Linux on the PS3!
Sort of like I could load Linux on the PS3 when it was brand new out of the box and had a boot menu option for exactly that purpose. Of course that was a year or two before Sony decided to rescind the feature which had been advertised and for which I had paid. Four years later, I can now, with extreme difficulty, hack the PS3 and use it like I could six years ago.
Who do you think really won? Peasants!
They pretty much reached their goal. Purpose of security and encryption is to slow the process down and for Sony's purposes and intents, it's their goal to simply survive this era of consoles. They learned so much of what works and what not that the PS4 will be tougher to crack.
Here's quoting from a source from san:
"I think Sony are laughing their butts off. The CFW that is out is bricking a lot of 3.55 PS3's - the only people who would benefit from this leak are those who already have CFW installed. Newer PS3's have lv0.2 which can't be cracked (the private keys are with Sony and no where else) so can't go to 3.55 to get the CFW.
So we have pirates who have no real change, they just have an update to their CFW, normal users who can't use the CFW and pirates who have now lost their pride and joy, their 3.55 PS3's so will have to get it repaired or spend a fortune on a used fat with 3.55.
Sony will have learnt a lot about security with the PS3 though so the PS4 should be very secure, I'll be very surprised if it's ever hacked unless Sony make a major mistake with the software or hardware that gives an attack vector.'
It's a hack of a hack people. So only those that have already hacked the PS3 can use it."
I would not be at all surprised to find out that the leak came from Sony, and was deliberate.
I would be very surprised if it came from Sony, although that doesn't mean that you are wrong. I just think it unlikely unless it was done by rogue employees without management approval. Sony has been run for some years now by people from the media conglomerate side of the house (the movie and music people) and they have made it quite clear that they view all human beings as thieves who want to steal their stuff. Remember these are the same guys who brought us the audio CD root kit fiasco. Sony DVDs for years have used ARCCOS, a bad sector copy protection mechanism to thwart certain older DVD ripping programs. Using ARCCOS costs Sony money. Think about that. They are paying extra to try to prevent you from copying their DVDs. They pushed for BluRay and its supposedly "unbreakable" encryption and when that failed, they have now partnered with Cinavia, which also costs them money to use, on both DVDs and BluRays as players with firmware that recognizes Cinavia can recognize that a disc has been copied and will refuse to play it. There is no fix for this yet. There are some half-baked workarounds that probably won't work much longer but that's all so far. In fact, Sony pushed for all BluRay players manufactured after this year to have mandatory support for Cinavia in their firmware. So it certainly would be completely out of character for them to deliberately do this with the support from their consumer-hostile management.
Can you point me at the $2.16 lunch?
A junior sandwich, value fries, and cup of water, or a junior sandwich and a value diet soda. Any fast-food place will have a dollar menu nowadays.
I would.
Thank you for stepping up as a counterexample to CronoCloud's "nobody". I want to incorporate best practices for HTPC games into my own PC games to make the PC an alternative to the PS3. So let's go into details of how this might be accomplished:
The problem with a lot of PC based games is that even when they shouldn't need a keyboard or mouse, they do anyway for something stupid like clicking start or for closing down.
Say a game allows "Start Game" and "Exit" and "Pause" to be mapped to a gamepad. How should the game allow configuration of gamepad controls with no help from the mouse or keyboard? For example, when a game is first installed, which buttons on all the different brands of USB gamepad should the game map to "Menu OK" and "Menu Back" functions? Or should a game that detects that a joystick has been plugged or unplugged since last time it ran enter a "calibration" phase where it tells the user "You have connected a new joystick or gamepad. Please press any button on this controller to begin configuration, or press Escape to use the keyboard instead."? Or should PC games allow the use of only Xbox 360 gamepads and no other USB gamepads, despite that the Xbox 360 gamepad's directional pad is notoriously unresponsive?
I can set up a SNES emulator to run from XBMC so that nothing is needed but the regular remote control and a Logitech wireless gamepad.
I have three questions about Super NES emulation:
Windows. So it's not going to be open for long, if Microsoft have anything to do with it.
True, Windows RT is limited to the WinRT environment, but we're talking about a TV, not a tablet. Windows 8 for PCs adds the WinRT environment but will keep the desktop environment for the foreseeable future. Or can you cite evidence that Microsoft plans to drop the desktop from Windows for PCs any time soon?
PC. So I can't play it slumped on the couch on a big screen TV.
Does your big screen TV have an HDMI input? If so, use your PC's HDMI or DVI-D output. Or if your big screen TV has a VGA input, use your PC's HDMI or DVI-I output. Even the edge case is covered: a big-screen SDTV can be used with a VGA to composite scan converter from SewellDirect.com.
There's also the cost aspect.
What cost aspect? To get all the console games, you need to buy a PS3, a 360, and a Wii. To get substantially all the PC games, you just need one PC. Even integrated graphics has become competent enough lately to run PC games with PS3-class graphical complexity, such as Skyrim, at a playable frame rate.
Or if your big screen TV has a VGA input, use your PC's HDMI or DVI-I output
That was supposed to be "your PC's VGA or DVI-I output".
There are very, very few games I don't get to have that consoles do
PC-only gamers lose every fighting game that isn't Street Fighter 4, for example, such as Smash Bros. or Mortal Kombat. They also tend to have a limited selection of platformers in the vein of Super Mario Galaxy or New Super Mario Bros. Wii. And what's the closest thing to Mario Party, Sonic Shuffle, and the like on a PC?
a number I get to have that consoles don't.
I'll grant you that PCs have the whole indie scene.
PC games in genres designed for controllers (for example, platformers and fighters, not FPS/RTS) tend to work well with an Xbox 360 controller, a retro console controller through an adapter, or any other USB gamepad. Web browser games (HTML5 and Flash) are an exception because those frameworks don't support controllers, but most keyboard-centric browser games work great with a joystick-to-keyboard driver. Or are you complaining that major-label games in genres designed for controllers tend not to end up ported to PC in the first place?
I'm not a game developer, but just a dude who wants to sit on his couch with a handheld wireless controller and play a game designed for that environment with minimal fuckery on my part. I don't care about the politics at the back end. I just want to trade money for games that I enjoy in the particular space that I play them.
Say there's a "game[] that [you] enjoy", but due to "politics at the back end", it hasn't been made available "in the particular space that [you] play" video games. Would not having access to this game steer you toward starting to "care about the politics at the back end", or would you just skip the game in favor of another major label game?
I would suspect that an awful lot of the gamepads use the same numbered buttons for what would be start, select, a,b,x,y.
Unfortunately, what you suspected turned out not to be the case. I plugged five different HID controllers and one Xbox 360 controller into my Linux box, and most of them had their numbered buttons in different layouts. See my results. The only constant I could find among buttons was that Start and Select are late in the order, and at least the first four buttons are primary face buttons in some order.
From there, you just use the directional pad which is going to be the same on all controllers
Not necessarily. Some map the Control Pad to buttons, others to a hat switch, others to the primary axes. But one consistent thing is that all controllers with an analog stick map the left stick to the primary axes, and all controllers without one map the Control Pad to the primary axes.
I have used a device called the "Romulator". It has been more than a few years since I dumped the roms, but the unit supported SNES and Genesis.
A similar device nowadays is called the Retrode. It presents the cartridge as a file in a file system.
I don't think there is any way at this time to make a large scale business with devices that download rom images from SNES carts without having legal troubles.
They'd have legal troubles, but dumping one's own cartridges to play them on a different machine is explicitly "not an infringement of copyright" in at least United States copyright law, 17 USC 117(a)(1).
Again, you're missing the point: if you already have a PS3 why not make it more useful?
Because doing so is a federal crime in Slashdot's home country.
Used to love my PS3 but haven't touched it in a long time. I used the original Geohot ps3 jailbreak to hack my console. I then updated it officially and wiped the jailbreak out. Its now on 4.21 and didnt want to take my console apart to use e3 flasher on it just to downgrade it.Saying this, with this latest turn of events, is a new jailbreak on the way and will I be able to jailbreak my ps3 on the current firmware? Thanks