Technological discussion on PS3 security and crack.*

A possible failsafe (this is only theoretical, I don't know whether CELL is designed with this in mind or not) is to have a second secret key in the CPU. The CPU checks with the first key, if it failed, then check with the second key. This way, as long as the second key is not compromised, it's still possible to force an encrypted update with the second key when the first key is compromised. It can also be extended to multiple secret keys.
 
But a flash recall will change the firmware but not the root key, leaving system open to flashing custom FW. AFAICS there is no software fix that will stop homebrew (and hence piracy), only delay it by giving the pirates some new problems to solve before they find workarounds to whatever software-based fixes.

It Sony is willing to go through the expense of a recall and modification of firmware, there is a way. They would have to close all the current exploits in the new firmware and never let it out of the factory/company. Then they would have to recall and upgrade all the existing system. As part of the new firmware, they would have to generate hashes of all existing games and install new keys and fix the signing system. All new games would utilize the new keys and secure DSA. All old games would have to be fully hashed and checked against a hash list installed in the new firmware. It may be possible to do this as long as the root/boot ldr isn't compromised (and AFAIK it hasn't been yet, though everything else has been and there are post root/boot exploits that make this useless with public updates).

Effectively they would have to orphan any console that isn't turned in to be reflashed and rekeyed. Realistically you are looking at costs in the billions. So it is likely doable, but not via public upgrade or without huge pain for Sony and their customers.

The thing to get straight is that fundamentally the security architecture for PS3 is sound. The issues are implementation of that architecture. All the cracks rely on pretty basic flaws in the programming of the different parts of the security apparatus. It really is a fundamental failure in validation that is the root issue. Signing, root of trust, public/private keys, isolated security processors, etc, all DO work. It is just that you have to implement them correctly.

The fundamental issue is where Sony is storing the root keys for the boot loader. Is it hardwired? Is it in fuses? Did they put in extra fuses to overwrite the primary keys?

It would certainly be possible to fix the issues in new build consoles. And depending on how and what mechanisms they have for setting root keys in existing consoles, it may be possible to update them via a physical (aka private) update. The fundamental issue is if it is worth the cost for the PS3. That is something the Sony number crunchers are going to have to figure out: is it cost effective to fix new build systems, is it cost effective to orphan existing boxes, is it cost effective to "recall" existing consoles...

This much is certain though: they will fix these flaws in the next gen systems. They will probably also provide a more robust infrastructure to update keys and add delist fuses in the next gen as well to handle bugs that show up in the future. They don't need to re-architect the system from the ground up, but they do need to pay more attention to the implementation and validation of the security infrastructure next gen.

A lot of the issues are along the same lines as some of the issues that have been found in early version of secure boot on x86, where simple things like referencing the wrong table blow massive wholes in a given implementation.
 
Last edited by a moderator:
A possible failsafe (this is only theoretical, I don't know whether CELL is designed with this in mind or not) is to have a second secret key in the CPU. The CPU checks with the first key, if it failed, then check with the second key. This way, as long as the second key is not compromised, it's still possible to force an encrypted update with the second key when the first key is compromised. It can also be extended to multiple secret keys.

That is fairly similar to the xbox 360 "delist" fuses but afaik sony did not include that functionality.
 
The only way I see to remedy this is by completely changing the business model - and I think it is possible for Sony to implement this even on the PS3, no need to wait until PS4.
If each PS3 has an unique ID number encoded, it could be done.

Since the software cannot be protected anymore, and the PS3 will run anything anyway, Sony should swich to a subscription model - where you pay for the utilization of the console. Sort of a monthly rent of 10-15 USD. If you pay this, you can run anything downloaded from the internet, borrowed from friends, received by mail etc. This of course means validation of each PS3 each month over the internet.

Of course, all the games, old and new, will be reencoded with new master key, and you will not be able to play games encoded with the old key on the "updated" PS3. But if you have a legitimate copy, the "upgraded" PS3 can re-code and save your game on the harddrive, and you can then play it from there.

Esentially, the console is locked unless you pay. After you pay, you will have access to all the games ever released, for one month. PS3 will record what you have played and spread the money to the various developers.

People will not be forced to upgrade - but if new games will be only on the new subscription model, people will upgrade.

How will people get the games? This is the fun part - they will be sold freely by any company that wants to make a dollar or two by stamping a disc. The developer will ship the code to whomever wants it and they can freely distribute it - hardcopy or over the net. This will keep Walmart happy, as well as the people who like to have a hard copy of their game.

The "old" PS3 will not be able to play these games, since they are encoded with a different key.

So the incentive to stay on the piratable version is non-existenet, since by upgrading you will anyway have access to ALL the old games, plus the new ones. Also, 15 USD/month is a modic amount that any gamer, even in poorer countries, can afford, but if you manage to swich all 40 mil PS3, this will amount to a hefty 600 milions per month, 7 bilions per year, with no middleman, just Sony and the developers.

If Sony can do this - if they can lock the console should you choose to upgrade, then this is the only way to not only get out of this mess, but to actually turn it into a profit.
 
Last edited by a moderator:
RE: protecting streaming media

That should still be secure or with minor changes still be secure as Adobe DRM with commercial blocking detect and Widevine (Ultraviolet DRM) states that it can detect scrapers, have the tools to detect changes in the PS3 OS. Since most require a reboot to a clean known state and are on-line, changes can be detected and the stream stopped.

Pirating games is the issue and reading this thread, difficult to stop. I don't want Sony to be able to stop homebrew or Linux, my personal view.
 
The only way I see to remedy this is by completely changing the business model - and I think it is possible for Sony to implement this even on the PS3, no need to wait until PS4.
If each PS3 has an unique ID number encoded, it could be done.

Since the software cannot be protected anymore...
If the software can't be protected any more, how do you enforce that the system's ID is referenced, when a custom FW or bootloader or a signed, hacked exectuable can bypass that software step?

As for changing business model, they can't change business model midstream. 40 million PS3's have been sold to people who own them. You can then remove their ownership and say they need to start renting instead. Also the costs of replacing hardware is extravangant, discussed in the business thread.
 
If the software can't be protected any more, how do you enforce that the system's ID is referenced, when a custom FW or bootloader or a signed, hacked exectuable can bypass that software step?

As for changing business model, they can't change business model midstream. 40 million PS3's have been sold to people who own them. You can then remove their ownership and say they need to start renting instead. Also the costs of replacing hardware is extravangant, discussed in the business thread.

You dont need to protect software anymore, you just lock the console. Software will be "free" as long as you pay to "unlock" the console.

I dont think they need to replace hardware for this. A simple firmware upgrade will do. This upgrade will change the keys, and old software will not work anymore. You then log to Sony validation site and unlock the console, and you can play all the games that you want, for one month - of course, the games will be re-encoded with the new key.

And you dont need to remove ownership, since they are renting "usage", and only if they want to. Nobody promised them that games will be released forever in the current format for the PS3.
 
I dont think they need to replace hardware for this. A simple firmware upgrade will do. This upgrade will change the keys, and old software will not work anymore. You then log to Sony validation site and unlock the console, and you can play all the games that you want, for one month - of course, the games will be re-encoded with the new key.

You're calling for the mother of all class action lawsuits, and the instant destruction of Sony.

Please explains to consumers that the console and games they paid in full, suddenly won't work anymore.

Cheers
 
You're calling for the mother of all class action lawsuits, and the instant destruction of Sony.

Please explains to consumers that the console and games they paid in full, suddenly won't work anymore.

Cheers

But they will work - you insert the BD in the drive and it will make a copy on the hard drive or on the usb drive.
 
This business model isn't realistic anyway. I sometimes only have time to play once every other week, other times I spend every free hour with one game only. Others have a gamerscore of several hundred thousand points. I also tend to buy a lot of games 3 to 6 months or even more after release, at lower prices, but sometimes I get something on its release day.

There is no single subscription model that would be fair to everyone. Either I'm going to have to partially finance gamerscore guy's fun, or the devs will end up getting the short end of the stick, and so on. Consider how a lot of people buy a game full price only to just complete the single player part once. Based on time spent on the game these devs would get a fraction of their current income.
It's also impossible to build different subscription models, even with a completely new hardware platform. Even Onlive, having the possibility, has decided to go for a pay per game approach.

This model would never work IMHO.
 
You dont need to protect software anymore, you just lock the console. Software will be "free" as long as you pay to "unlock" the console.
How do you lock the console in a way Sony can unlock but hackers can't, when hackers are able to run any code they want? If it's a FW update, the hackers will just patch the FW or release their own one.
 
How do you lock the console in a way Sony can unlock but hackers can't, when hackers are able to run any code they want? If it's a FW update, the hackers will just patch the FW or release their own one.

This is the big IF - that is if Sony can change the master key with the new update.
I dont know if this can be done.
 

Since the kernel is left unmodified, this means that this custom firmware is really meant for future homebrew installation, and it will not allow piracy. I plan on keeping it that way.

If only others do the same......

What about the reverse of the discussions here. Since game software is the only thing at risk how about games having a copy of checksums for multiple programs in different PS3 firmware versions. A check could determine if changes have been made. New games can implement this and older games will include this with upgrades when they have new features to add.

Sony can provide a simple program to all developers with the programs to check and their checksums; pass or no pass. Of course, the program will have to check it'self also.
 
Last edited by a moderator:
That sounds a reasonable suggestion. At the software level, each prorgam can test the system for authenticity and not run. It'd need to do a full test of the FW though, to prevent simple spoofing. Of course, that won't stop hackers cracking out the security from the games if they can decrypt game packages, so there'd need to be a way to secure the packages first, which need new encruption.keys and a means of securing these systems.

Basically Sony need to figure this out bottom up. They need to secure the root and the lower levels of the kernal so the FW can be changed without the hackers being able to find out how they have changed. Perhaps also bring back Linux with full RSX access to shut up the current hacking ring-leaders! And instigate the original ideas of a more open platform, offering something like Live! Indie where people can create XMB games and apps.
 
This is the big IF - that is if Sony can change the master key with the new update.
I dont know if this can be done.

They can't.

That sounds a reasonable suggestion. At the software level, each prorgam can test the system for authenticity and not run. It'd need to do a full test of the FW though, to prevent simple spoofing. Of course, that won't stop hackers cracking out the security from the games if they can decrypt game packages, so there'd need to be a way to secure the packages first, which need new encruption.keys and a means of securing these systems.

Basically Sony need to figure this out bottom up. They need to secure the root and the lower levels of the kernal so the FW can be changed without the hackers being able to find out how they have changed. Perhaps also bring back Linux with full RSX access to shut up the current hacking ring-leaders! And instigate the original ideas of a more open platform, offering something like Live! Indie where people can create XMB games and apps.

Although it would be a smart approach, i don't think anyone at Sony is gonna allow now to give back OtherOS will full RSX access.
 
Was there a complete summary in the thread of what the new hack exactly does to the BR playback feature, what its ramifications are and what Sony can do with the situation?
 
http://games.slashdot.org/article.pl?sid=11/01/03/1856210

marcansoft at slashdot said:
We (fail0verflow) discovered and released two things:

* An exploit in the revocation list parsing, enabling us to dump a bunch of loaders, and thus their decryption keys
* A humongous screwup by Sony, enabling us to calculate their private signing keys for all of those loaders, and thus sign anything to be loaded by those loaders

We used these techniques to obtain encryption, public, and private keys for lv2ldr, isoldr, the spp verifier, the pkg verifier, and the revocation lists themselves. We could've obtained appldr, (the loader used to load games and apps), but chose not to, since we are not interested in app-level stuff and that just helps piracy. We didn't have lv1ldr, but due to the way lv1 works, we could gain control of it early in the boot process through isoldr, so effectively we also had lv1 control.

With these keys we could decrypt firmware and sign our own firmware. And since the revocation is useless and the lame "anti-downgrade" protection is also easily bypassed, this already enables hardware-based hacks and downgrades forever. Basically, homebrew/Linux on every currently manufactured PS3, through software means now, and through hardware means (flasher/modchip) forever, regardless of what Sony tries to do with future firmwares.

The root of all of the aforementioned loaders is metldr, which remained elusive. Then Geohot announced that he had broken into metldr (with an exploit, analogous to the way we exploited lv2ldr to get its keys) and was thus able to apply our techniques one level higher in the loader chain. He has released the metldr keyset (with the private key calculated using our attack), but not the exploit method that he used.

The metldr key does break the console's security even more (especially with respect to newer, future firmwares - and thus also piracy of newer games), and also makes some things require less workarounds. Geohot clearly did a good job finding an exploit in it, but considering a) he used our key recovery attack verbatim, and b) he found his exploit right after our talk, so he was clearly inspired by something we said when we explained ours, I think we deserve a little more credit than we're getting for this latest bit of news.

There's still bootldr and lv0, which are used at the earliest point during the PS3 boot process. These remain secure, but likely mean little for the PS3 security at this stage.
 
If only others do the same......

What about the reverse of the discussions here. Since game software is the only thing at risk how about games having a copy of checksums for multiple programs in different PS3 firmware versions. A check could determine if changes have been made. New games can implement this and older games will include this with upgrades when they have new features to add.

No possible without new FW, new root keys, etc. The software cannot check anything because it cannot be run securely. You are asking for the equivalent of a PC disk check and we all know those work...
 
Has Sony responded in any way to this situation? Not that they need to say anything publically, but has anybody made any comment on this state of affairs?
 
Back
Top