Slashdot Mirror
PS3 Encryption Keys Leaked
An anonymous reader writes "PS3 security has been compromised again. The holy grail of the PS3 security encryption keys — LV0 keys — have been found and leaked into the wild. For the homebrew community, this means deeper access into the PS3: the possibility of custom (or modified) firmware up to the most recent version, the possibility of bypassing PS3 hypervisor for installing GNU/Linux with full hardware access, dual firmware booting, homebrew advanced recovery (on the molds of Bootmii on Wii), and more. It might lead to more rampant piracy too, because the LV0 keys could facilitate the discovering of the newer games' encryption keys, ones that require newer firmware."
"In non "nerd" speak: This leak only matters if your PS3 is already hacked. If you updated your PS3 with any official update released in the past 8 months (3.60 or higher), nothing has changed. No free games for you."
The PS3 is nearing the end of its life and it's taken 6 years to do it so it's served its purpose.
Fundamentally, client-side security doesn't work. You can obscure the hell out of it and bury it deep within the system, but sooner or later, someone's gonna crack it. If they'd just let the damn homebrew people make backups of their games and install their own software, I doubt the mod community would have sprung up like this. They wanted access to the hardware, not pirated games. If they'd just locked up the portion of the system responsible for validating a game disk with some kind of TPM mechanism but left the possibility of running "unsigned" content, I doubt this breakthrough would have happened within the life of the product.
Sony, like every other big corporation, doesn't understand how hackers think. They don't give a fuck about your games: They want to see the nifty hardware! They want to push it to its limits, make new stuff with it. These are creative people who are endlessly fascinated with how things work. They're bored engineers.
But management got the idea in their head that the hardware is also theirs, not the person who bought it, and they're the only ones that get to say what it does, how it does it, etc. In so doing, they pissed off about a half million people who have the time, patience, resources, and will to tear the damn thing apart piece by piece until it's theirs again. Guys, why couldn't you just let them have their fucking Linux on PS3?
#fuckbeta #iamslashdot #dicemustdie
Say what you will about Sony, but they managed to keep the PS3 almost totally immune to hacking for the entire life of the console up til now. Six years, and only a year or so away from the next hardware iteration. That's pretty much a record for game consoles, a rather impressive achievement.
Does Sony have ANYONE who understands security?
No, Sony only understands how to fuck its customers.
Everything else is a secondary consideration.
Dear Google search engine, please locate PS3 encryption keys.
GPU programming, while more difficult, offers higher performance vector computing, on common hardware, unlike the cell processor. The G80 was not released until late 2006, and CUDA took until about 2008. Until then, the Cell processor had mindshare.
It's always a little amazing to see how people cheer on the leaks and cracks when they appear in a closed system, yet continue to support these closed systems with their money and attention when open systems are available.
It's just this very weird disconnect in consumer psychology. You don't have to crack a PC (yet) to do what you want with it. But you make a computer small and flat and suddenly you find yourself having to pay $1+ for every little program, from a collection of programs that somebody else has decided you shall have access to. You don't see the "fuck the man" attitude at the store, you only see it when a Scandinavian high schooler comes up with a crack for your game console and the manufacturer tells you you can't have it.
I just don't get it. How many years past DeCSS are we and banging our heads against the same wall?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Honestly if you have any patience you just wait 3 months and the good games are 25$ a pop - that's 2 lunches for me. I'm in my 30's now and I suspect my heavy piracy days are long gone. I also feel slight guilt when I pirate games now, some of these guys bust their asses to make some really good stuff. If ever do pirate anything it's only the gargantuan huge games which are selling a tonne anyhow.
I'm also really really happy with my PS3. I know Sony is the devil here but the exclusive games for the system, unlike the 360 - don't get ported to PC. There's some genuinely unique and fantastic games on the platform.
If I didn't own a beast little HTPC now (HP Microserver N40L) then I would however be happy that finally XBMC might come to the PS3. (I can't deny it DID piss me off they closed the loophole the developers were considering on the PS3) They honestly coudl've sold a shitload more if the PS3 supported XBMC out of the box with a basic live boot CD / DVD or something.
Considering this security failure is occurring towards the end of life of the device, it actually did its job this time.
They (initially) sold hardware at a loss, planning to make up the cost by selling games.
The homebrewers are not, as stated, interested in the games. Therefore, in Sony's view they are stealing the hardware, just as much as someone downloading Sony brand music is stealing it.
The only reason PS3s were able to make cheap clusters is because Sony subsidized the consumer hardware; otherwise it would make more sense to buy hardware designed for the purpose without the controller ports, blu-ray drives, etc. etc.
It's a result of Sony's business decision, and they were losing too much to the people who would never buy a single game or blu-ray movie, so they cut their losses by killing homebrew capabilities, protecting the price points for their profitable target market.
Microsoft's solution is to run homebrew in a virtual machine and charge $99 per year for the right to run any software not signed by Microsoft in that virtual machine.
The key to making a console isn't really making it impossible to run pirated content. It's to make sure that it is hard enough to make full functionality unsigned games that developers don't feel they can try to go without paying you to get their games signed.
That or make the user and developer experience of signed software good enough that users won't be tempted to try the unsigned ecosystem. This is what Google has done with Android, what Amazon has done with its customized Android distribution, and what Apple is trying to do with the Mac App Store. Or a console maker might make the signed ecosystem easy enough to get into, with a full set of developer tools costing less than $1,500 for the first year, that homebrewers become tempted to join the signed ecosystem legitimately. This is what Apple has done with iOS and Microsoft has done with Xbox Live Indie Games, Windows Phone 7, and Windows RT. Why is it the case that platforms with physical buttons necessarily have much harsher requirements to join the signed ecosystem?
LV0
erk=CA7A24EC38BDB 45B98CCD7D363EA2A F0C326E65081E0630 CB9AB2D215865878A
riv=F9205F46F6021697E6 70F13DFA726212
pub=A8FD6DB24532D094EFA08 CB41C9A72287D905C6B27B 42BE4AB925AAF4AFFF 34D41EEB54DD128700D
priv=001AD976FCDE 86F5B8FF3E63EF3A7 F94E861975BA3
ctype=33
What's the point of homebrew on a modern console? I can see the point for retro consoles such as the Nintendo Entertainment System, where the limitations of ancient hardware are part of the challenge, much like constrained writing. But instead of homebrew on modern consoles, people could just make software for Windows or Linux, connect the PC to the HDTV through VGA or HDMI, and be done with it.
if you already have a PS3 why not make it more useful?
If there were a culture of hooking a PC up to a TV, fewer people would feel the need to "already have a PS3". Here's the way I see it: There are more PC-exclusive titles than PS3-exclusive titles. There will always be more PC-exclusive titles than PS3-exclusive titles. So why not buy the PC instead of the PS3 in the first place? I seem to remember that six years ago, one could already buy a PC for five hundred ninety-nine U.S. dollars. One could even get a Mac for that much, and two years later one could get an Acer Aspire Revo for only $200. The difference back then was probably that most TVs were still CRT SDTVs, and scan converter cables to convert VGA video signals to composite or S-Video signals for an SDTV were obscure.
No. The keys are used for two purposes: chain of trust and chain of secrecy. The compromise of the keys fully compromises the secrecy of the PS3 platform permanently, as you can just follow the links down the chain (off-line, on a PC) and decrypt any past, current, or future firmware version. Current consoles must be able to use any future firmware update, and we now have access to 100% of the common key material of current PS3s, so it follows that any future firmware decryptable by current PS3s is also decryptable by anyone on a PC.
However, the chain of trust can be re-established at any point along the line that can be updated. The chain of trust is safely rooted in hardware that is near impossible to modify (i.e. the CPU's ROM and eFuse key). The next link down the chain has been compromised (bootldr), and this link cannot be updated as it is specific to each console, so the chain of trust now has a permanent weak second link. However, the third link, lv0, can be updated as it is located in flash memory and signed using public key crypto. This allows Sony to secure the entire chain from there onwards. Unless you find a vulnerability in these updated links, you will not be able to attack them directly (applications, e.g. homebrew software, are verified much further down the chain). The only guaranteed way to break the chain is to attack the weak link directly, which means using a flash writer to overwrite lv0. Once you do so, the entire chain collapses (well, you still need to do some work to modify every subsequent link to turn off security, but that is easy). If you have old firmware, you have at least some other weak links that, when compromised, allow you direct access to break the bootldr link (replacing lv0), but if you run up to date firmware you're out of luck unless you can find a weakness or you use hardware.
Old PS3s are now in the same boat as an old Wii, and in fact we can draw a direct comparison of the boot process. On an old Wii, boot0 (the on-die ROM) securely loads boot1 from flash, which is securely checked against an eFuse hash, and boot1 loads boot2 but insecurely checks its signature. On an old PS3, the Cell boot ROM securely loads bootldr from flash, which is securely decrypted and checked using an eFuse key, and then bootldr loads lv0 but checks its signature against a hardcoded public key whose private counterpart is now known. In both cases, the system can be persistently compromised if you can write to flash, or if you already have code execution in system context (which lets you write to flash). However, in both cases, you need to use some kind of high-level exploit to break into the firmware initially, particularly if you have up-to-date firmware. It just happens that this is trivial on the Wii because there is no game patch system and Nintendo seems to have stopped caring, while this is significantly harder on the PS3 because the system software has more security layers and there is a game patch system.
It's not open in the OSS-speak sense but it is in the sense you can install any software you want on it, write code for it with no license to anyone and so on. You can even run other OSes along side it as a dual boot, or in it with an emulator. Has all kinds of the games.
I do all my gaming (and I do a ton of gaming) on the PC not for any idealistic reasons, but because I like it better. There are very, very few games I don't get to have that consoles do, and a number I get to have that consoles don't. It is a very valid gaming platform, and is open if that matters to you.
Tax breaks in Europe is why they offered it in the first place. But Europe decided a PS3 with Linux on it was not a PC so they lost the tax breaks. So they stopped supporting Linux.
Sure. So you hack you're Wii, but are ethical about it and don't pirate.
Pfft. So many bullshitters on this site. Especially when it comes to a Sony article.
"I might finally someday be able to play my store bought copy of Gran Turismo 5 "
You're going to be disappointed.
... this leak may lead to PS3 start selling like hotcakes ... ... and then ... ... the introductions of PS3+, PS3mini, PS3-NG .... ... and PS4 ... ... and finally, Profit !!
Muchas Gracias, Señor Edward Snowden !
Just FYI, we don't have to abide by your conditions.
The mod points belong to us and we can mod you up or down as we see fit regardless of whether whoever sucks any dog's asshole or not.
Which way you get modded proves nothing.
It pisses me off how many Sony fanboys cheered when OtherOS was revoked, and said that the hackers using it were such a small portion of the market that they deserved to get fucked over anyway.
Whatever happened to truth in advertising? When did it become ok to assrape one part of the market to protect another?
The bottom line is that the people who bought the PS3 for OtherOS were retroactively mislead and someone thought so enough that Sony wound up getting sued in 5 different class action lawsuits over it.
People actually blame hackers for piracy, when it's actually pirates being opportunistic thieves taking advantage of the hacker. Pirates "steal" effort from hackers by subverting hacker work for their own ends just like they "steal" from content creators.
The argument that promises were broken fall on deaf ears because most people think that Sony was cool to flip the bird at OtherOS users, simply because hackers are scum that deserve to be cheated anyway.
They pretty much reached their goal. Purpose of security and encryption is to slow the process down and for Sony's purposes and intents, it's their goal to simply survive this era of consoles. They learned so much of what works and what not that the PS4 will be tougher to crack.
Here's quoting from a source from san:
"I think Sony are laughing their butts off. The CFW that is out is bricking a lot of 3.55 PS3's - the only people who would benefit from this leak are those who already have CFW installed. Newer PS3's have lv0.2 which can't be cracked (the private keys are with Sony and no where else) so can't go to 3.55 to get the CFW.
So we have pirates who have no real change, they just have an update to their CFW, normal users who can't use the CFW and pirates who have now lost their pride and joy, their 3.55 PS3's so will have to get it repaired or spend a fortune on a used fat with 3.55.
Sony will have learnt a lot about security with the PS3 though so the PS4 should be very secure, I'll be very surprised if it's ever hacked unless Sony make a major mistake with the software or hardware that gives an attack vector.'
It's a hack of a hack people. So only those that have already hacked the PS3 can use it."
PC games in genres designed for controllers (for example, platformers and fighters, not FPS/RTS) tend to work well with an Xbox 360 controller, a retro console controller through an adapter, or any other USB gamepad. Web browser games (HTML5 and Flash) are an exception because those frameworks don't support controllers, but most keyboard-centric browser games work great with a joystick-to-keyboard driver. Or are you complaining that major-label games in genres designed for controllers tend not to end up ported to PC in the first place?