PS3 encrypt broken, permanently jailbroken!

http://psgroove.com/content.php?581-Sony-s-PS3-Security-is-Epic-Fail-Videos-Within&

So, homebrew is here to stay.

 

Sony epic fail indeed. :lol:




Really Sony? That's what you call a "random key"?! That code is just a joke really, because they discovered how that worked when numbers start to repeat themselves.

I'm curious to see what will emerge after this. Running homebrew as an official software. I hope it doesn't start an online cheating craziness.

For the record, this is a big issue for Sony as nobody ever discovered the master key for the PSP (they only disabled the check for it, thus making homebrew possible). The jailbreak was a service mode that let homebrew run with no key. But now they can develop anything and it will run as a any official and licensed software. Plus, Sony can't change this otherwise anything released to date will probably stop working.

Sony said the security was great, but now it reminds me of this:

http://www.youtube.com/watch?v=RcL6DwSufMI&feature=player_embedded

I'm glad i didn't joined that jailbreak hype bus.

 

A very good example of why "Security through Obscurity" does not work. It seems they put all their trust into the isolated SPUs (pun intended), which could have covered this implementation mistake if it had worked.

Remember that Sony's "verification key" for the ECDSA is not public as per the definition usually used in cryptography, but was meant to exist only inside the isolated SPU. As I understand this stuff, as long as these numbers are unknown, it would have been nothing but a curiosity that the same random number is used for each signature (a FAIL nonetheless, but nothing fatal). You cannot sign things if some parameters are unknown, and knowledge of the hashes+signatures is not sufficient to calculate the parameters of the elliptic curve. You need to read the "public" parts of the key from the decrypted loader binary, which was expected to be impossible because that code never leaves the isolated SPU's storage. Breaking into the isolated SPU means you can duplicate the verification and decryption algorithm (for example, to decrypt files on your PC), but only the mistake in signature generation really broke the neck of the system.

In case someone wants to read more about the crypto, I found this article quite interesting: http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/

You are right, although there are already some ideas on how they can mitigate the effect: patch the buffer
overflow in the loaders, patch the signing process to read /dev/random (and maybe disallow xkcd in Sony HQ :lol, issue new keys for new software. All software using the old keys is revoked, exceptions go onto a whitelist inside the loaders (alternatively, they could issue new discs and ask their consumers to turn in their old ones for exchange :nod. That should leave only the boot-time hole (which allows going back to alternative firmware), but there really is no fix for that besides a new hardware revision.

I'm curious what comes next. Personally, I don't really care for Linux (that is, if we can execute code under GameOS), but the HV and LV2 could be interesting to reverse engineer, especially if clean dumps are available. Plus I hope someone performs the same stunt for isoldr, not just lv1ldr (for the HV) and appldr (for games), and shares their findings and not just the raw keys. There's a bunch of isolated SPU modules I'm eager to put through a disassembler...
​

 

wait a second, you mean that the new generation homebrews will run without JB dongle, and that sony won't be able to patch it ever?

 

Meh I have a PS3 Slim. If I could downgrade it to boot Linux like the old fat's that would be great, but I doubt I'll be able to?

 

At least on all PS3 models sold so far, yes. Turned out the PS3 security system is seriously borked, including someone sending out DSA signatures having the same random number; one such pair plus knowledge of the public key, and you can build your own signatures. So far, it seems to have been done for lv2ldr (allowing to run basically any operating system, including a modified GameOS), but appldr is certainly comming as well (I think this would allow running unofficial code on otherwise unmodified systems).

Here's the talk from 27C3 (45min): http://www.youtube.com/watch?v=hcbaeKA2moE

There is no need to downgrade, you can boot it directly from flash.

From today's session at 27C3 (4min): http://www.youtube.com/watch?v=lGI0EnNQ5GE

 

Sony will try, and probably will fix on vulnerability and then a week later people will figure out a way around it. I'd be curious to see how someone would have to go about doing this, though I'm not sure I would do it on my main PS3. If a got a spare one I might consider doing it, but not my main one. PS3s are expensive and I really do like mine, though being able to run homebrew would be very nice.

This would be especially nice for PS3s whose blu-ray drives have failed if you know what I mean ;-)

-Disjaukifa

 

This sort of thing is unfixable, unless new hardware is made, at least thats my impression from everything Ive read.

 

it will cost a lot of money for a hardware revision and to ensure compatibility with the older software.... this is too much trouble and if Sony does go through with it, they are likely to lose a lot of money doing so.

 

So PS3 is the new Dreamcast?

 

i wonder if this fail will have equal implementations for the PSP :flamethrower:
if you can also run signed code on normal psps then why not
the more avenues the better

 

The psp is so hacked at the moment it really wouldn't matter. Hell someone just released an ISO loader for PSP-Go & PSP3k models.

 

Hmm if there was any way to personally rip commercial games I'd be all over the used PSP GO's down at my local CEX, only £50 which is ridiculously cheap.

 

£50 for a PSP Go? Christ. I guess that answers the question Sony was asking with the device.

 

I don't own one myself but I believe you can get an app to launch on the PSP that will dump the UMD to an ISO to the Memory Stick which can be read by a PC.

Personal backups made easy!

 

Ripping PSP games is easy, You can go as far as even ripping PSN purchases. But if you want to rip UMDs, you're going to need a PSP with a UMD drive to rip them.
But for that case you can probably just pick up an old use psp1k/2k to use for ripping and use your PSP-Go for gaming.

Personally I love my go and the fact you can use a PS3 pad with it makes it great for long plays at home. My only issue with the device is 2d fighters suck due to the small space. Makes hard for pressing up on the dpad. 3d are fine though.

 

wait, so the day came when the PSP go is 50$? where do I get one for that price Santa?

 

£50 ≠ $50 - ($77)

 

77 is still game in my book, but where? Here in greece they still go for about 180 at least and that's a Euro price quote.

 

My biggest fear is that this will lead to online cheating
I really hope there's something devs can do server side to check/prevent cheaters in future games like Uncharted 3.

Can't stop the piracy but maybe they can make sure it's unaltered code?