Technological discussion on PS3 security and crack.*

NathansFortune said:
That's why there is an internal witch-hunt at SCE. The reason why Sony aren't worried is because keys can be revoked by a new firmware update, but until the leaker is found there is no point. It is a relatively easy fix but it needs to come soon so the majority of people update beyond the affected firmware.
Click to expand...

What keys are you talking about? Encryption, decryption, what? Are you suggesting that the hackers can sign code? If that was so, they could create their own signed executable and there would be no need to create hardware that would allow a retail unit to run unsigned code.

Decryption keys are within the system or on the game discs so no need for any leak there, just a ton of reverse-engineering.
 
grandmaster said:
What keys are you talking about? Encryption, decryption, what? Are you suggesting that the hackers can sign code? If that was so, they could create their own signed executable and there would be no need to create hardware that would allow a retail unit to run unsigned code.

Decryption keys are within the system or on the game discs so no need for any leak there, just a ton of reverse-engineering.
Click to expand...

Good point. There was some evidence in the hacker community that geohot and a couple others had decryption working, but it was essentially useless without the ability to run unsigned code on retail units. Enter the jighack...
 
grandmaster said:
What keys are you talking about? Encryption, decryption, what? Are you suggesting that the hackers can sign code? If that was so, they could create their own signed executable and there would be no need to create hardware that would allow a retail unit to run unsigned code.

Decryption keys are within the system or on the game discs so no need for any leak there, just a ton of reverse-engineering.
Click to expand...

You're overthinking this, it's simply that the code on the FOB itself is signed code (as it's stolen remember) and thus is given access to run during the bootstrap. Once the BIOS key has been updated, the signed FOB key becomes invalid and is ignored or the bootup is terminated (which seems to be the case here with the blank screen) or they could do something even more drastic like erasing most of your firmware and effectively bricking the system.
 
androvsky said:
Good point. There was some evidence in the hacker community that geohot and a couple others had decryption working, but it was essentially useless without the ability to run unsigned code on retail units. Enter the jighack...
Click to expand...

But there's no evidence that you can run unsigned code, all that's been shown is that BRD signed code can be temporarily run from the HDD while in service mode.

There's also some additional capabilities that are exposed in the service mode process but even these become hacks of hacks as is shown by needing to do an ftp transfer to get the BRD files onto the HDD.
 
upnorthsox said:
You're overthinking this, it's simply that the code on the FOB itself is signed code (as it's stolen remember) and thus is given access to run during the bootstrap.
Click to expand...

Nope. It's also injecting elements from debug firmware into the retail unit - that's how you install the Backup Manager - via an "Install PKG" option that is only a part of a debug PS3's firmware. And speaking of which...

upnorthsox said:
But there's no evidence that you can run unsigned code, all that's been shown is that BRD signed code can be temporarily run from the HDD while in service mode.
Click to expand...

The backup manager is unsigned code created by the stolen PS3 SDK. That's why I can install it on my debug PS3. The PS3 SDK can *only* create unsigned code. This is also how they can say that this "jailbreak" allows for the provision of homebrew.

There's next to nothing - if not nothing at all - from the factory service firmware in use here, just the means for installing it being repurposed for nefarious ends.
 
From another poster:

Not all games are working with this right now. Supposedly it is a software issue and not a hardware issue and will be updated. Some games that don't work:

Call of Duty 4 Modern Warfare (black screen on startup)
FIFA 10 (hangs before startup)
NHL 10 (hangs before startup)
UFC 2010 Undisputed (hangs before startup)
Click to expand...
 
NathansFortune said:
That's why there is an internal witch-hunt at SCE. The reason why Sony aren't worried is because keys can be revoked by a new firmware update, but until the leaker is found there is no point. It is a relatively easy fix but it needs to come soon so the majority of people update beyond the affected firmware.
Click to expand...

It could also be the case that one of the key Sony staff has his laptop hacked, and remote controlled.

... or someone lost a corporate laptop, which allows outsiders to enter Sony VPN to retrieve sensitive data (assuming they keep sensitive keys on the net, instead of on a standalone box).
 
Someone losing a corporate laptop or having one hacked would be a much easier fix. If Sony were bright they have each place their own unique key and made it so it will time out in 6 months or so on it's own. That way they can at least trace it to the location it was leaked from if not the person and if it has a self timeout it's not really a threat assuming it wasn't something stupid like a self kill in the program vs rotating keys in the firmware.
 
The data is unimportant here as Sony's software for the USB dongle was leaked ages ago. It proved to be useless without the hardware, suggesting a challenge-response mechanism between hardware and software. The important leak here is the Sony dongle - remote-controlling laptops won't achieve that.
 
It could be a simple case of lost & found if it's carried by field technicians. Perhaps the technician didn't report the lost (in time) ?

A field engineer's USB dongle should not be able to bring down the security. There should be contingency plans around the scenario as mentioned by someone above (generate a new set of keys).

Who designed the dongle ? Wouldn't this be an IP theft if someone is selling it without proper license ?
 
patsu said:
It could be a simple case of lost & found if it's carried by field technicians. Perhaps the technician didn't report the lost (in time) ?

A field engineer's USB dongle should not be able to bring down the security. There should be contingency plans around the scenario as mentioned by someone above (generate a new set of keys).
Click to expand...

I seriously doubt those dongles are allowed to leave a repair center. If that was the case we would have seen a clone a long time ago.

About the laptop comment above all VPN products I've used require the user to authenticate and, if the laptop has confidential info on it, everything should be encrypted anyway.

patsu said:
Who designed the dongle ? Wouldn't this be an IP theft if someone is selling it without proper license ?
Click to expand...

If the dongle uses some sort of challenge-response system with a key and this crap is impersonating it it's probably IP theft, and of course the code stored in it was created with an SDK that was not licensed so it's illegal (and prosecutable in most countries) anyway.

I doubt any shop in Europe and USA will carry this thing. You might be able to order it from some shoddy online shop in China, though.
 
mmendez said:
I seriously doubt those dongles are allowed to leave a repair center. If that was the case we would have seen a clone a long time ago.
Click to expand...

As long as it's a portable and important security token, any strong security system would cater for lost -- because within one room, there could be multiple/mixed access levels.

[size=-2]I'm HUNGRY ! Let's go eat.[/size]
 
Yes, hard to enforce in developing countries, but it's a lot more clear cut as a whole. At the tech level, Sony is familiar with the ins and outs. At the regulation level, they have a clear case.

Unless the pirates gain dangerous insights into the system (more than a developer with a dev kit), I doubt this is a big problem. We shall see.

EDIT: Those western retailers may be forced/required to reveal who they are dealing with.
 
I assume that's why the german company that got one played around with it for a bit then decided they wanted no part in it and destroyed it. They know it would fly with regulations here thus they didn't decide to sell it and destroyed it I assume to keep Sony from tr4ying to confiscate it. Though I'm sure it won't take long for Sony to get one.
 
Xenus said:
I assume that's why the german company that got one played around with it for a bit then decided they wanted no part in it and destroyed it. They know it would fly with regulations here thus they didn't decide to sell it and destroyed it I assume to keep Sony from tr4ying to confiscate it. Though I'm sure it won't take long for Sony to get one.
Click to expand...
They could buy one and get it as quickly as anyone else.
 
I'd guess most of us agree that selling this piece of kit is illegal in most western countries. But the question is, is it illegal to use one if you already have it?

There are laws in EU where the buying/selling of something is illegal, but using it is not.
But I'd guess that is a moot point, if Sony stop it from working.
 
You must log in or register to reply here.

Similar threads

C
FAO Linux users on PS3
Replies
12
Views
3K
patsu
P
H
Cell's Security Architecture: Ibm's Prize And Sony's Achilles Heel
2
Replies
28
Views
5K
SPM
S
U
  • Locked
IGN on 360 and PS3 versions of MLB2K7: "So much for spending $600 dollars".
Replies
13
Views
2K
techhead77
T
M
(Simple?) questions about Xbox 360 and PS3 bandwidths
Replies
8
Views
2K
marconelly!
M
T
  • Locked
Some developer comments on PS3/X360 (Edge Magazine)
7 8 9
Replies
162
Views
22K
MonkeyLicker
M
Back
Top