Technological discussion on PS3 security and crack.*

[patsu]

So doesn't the master key make them about a bazillion times more subject to piracy of BR movies? I mean, doesn't the PS3 become a great BR ripper now?

Yap. The implication of this incident is far and wide. It is astounding in so many ways.

Gives a new meaning to "HD doesn't start until Sony says so".

 

[Mize]

Yap. The implication of this incident is far and wide. It is astounding in so many ways.

Gives a new meaning to "HD doesn't start until Sony says so".

Probably belongs in the business thread, but there's a good chance of one hack effectively killing both the PS3 and BluRay in one shot. Wow.

I wonder what the "trade-in allowance" for an old PS3 will be when I want to buy a new "PS3.5" that can run new games and BluRay2 discs?

 

[jonabbey]

So doesn't the master key make them about a bazillion times more subject to piracy of BR movies? I mean, doesn't the PS3 become a great BR ripper now?

BD+ should still provide some protection to them, as it allows discs to run code in a VM to check the environment, read memory layout, etc. Discs will ship scrambled and the BD+ code will need to be executed in a known environment to unscramble the video / audio.

The bad guys will be able to work around that, but it will be street fighting, one disc at a time.

That's one security layer that they hired security experts to design, fortunately.

 

[RobertR1]

Systems get hacked. It so happens to be the PS3 this time. It's not the end of the world.

Let's wait a bit and see where we go with this before whipping out the jump to conclusions mat.

We'll have to see what Sony's countermeasures are, what the modding community comes up with, it's adoption rate and it's effect.

I do not expect Sony, AACS, BDA to make quick drastic changes. They'll wait it out, see the landscape and plan accordingly.

 

[patsu]

BD+ should still provide some protection to them, as it allows discs to run code in a VM to check the environment, read memory layout, etc. Discs will ship scrambled and the BD+ code will need to be executed in a known environment to unscramble the video / audio.

The bad guys will be able to work around that, but it will be street fighting, one disc at a time.

That's one security layer that they hired security experts to design, fortunately.

Yes, but the PS3 is likely the most versatile player (with easily upgradeable HDD) once someone else rip the BR movies. It's not supposed to play AVCHD movies on HDD/thumbdrive at this point. Sony turned off that feature. But...

Most consumers probably don't care, and don't have the patience to download. The savvy ones will look into it. Then again, they probably already have a healthy collection via their PCs -- like the few friends I know who pirated (foreign) movies for personal use.

I do not expect Sony, AACS, BDA to make quick drastic changes. They'll wait it out, see the landscape and plan accordingly.

It's the grand experiment no one had the balls and resources to try. The remedy cost is super high. So yes, all have to wait and see what the consumers do.

 

[BRiT]

I thought they re-encrypted with the older key after repackaging for the older firmware...?

Normally yes, but the steps listed for GT5 and newer games give a slightly different impression. The last step they mention is saving EBOOT.BIN and then giving it a run to see if it works. They never list re-signing or re-encrypting.

One of the changes they have you do is specify that the content of EBOOT.BIN is Not Encrypted. Essentially you manually decrypt the content, copy the unecrypted content into the proper locations of the original file, flip a few flags to indicate it's content is not encrypted, then save, and run the game.

 

[RobertR1]

My take on what Sony can do to counter: A firmware update that introduces "keys done right" into the system and all future games use the new random keys. The current keys remain also for the existing library.

The current library remains exposed but that simply has to be an acceptable loss.

AACS is another issue. They'd have to rely on BD+ going forward.

Would this work?

 

[jonabbey]

PSP master signing key extracted from hacked PS3.. http://dukio.com/gadget/mathieulh-psp-master-keys-ps3.html

Sigh.

 

[corduroygt]

My take on what Sony can do to counter: A firmware update that introduces "keys done right" into the system and all future games use the new random keys. The current keys remain also for the existing library.

The current library remains exposed but that simply has to be an acceptable loss.

AACS is another issue. They'd have to rely on BD+ going forward.

Would this work?

Only on new PS3 hardware revisions with the updated metldr keys. Older PS3's would still be able to patch and play any new releases. In that case, all of our PS3's just appreciated in value

 

[RobertR1]

I'm talking about introducing a new method of authentication that runs in parallel in the current setup.

Older software looks for the current exposed key as now

New software looks for randomized keys in a different location

Are you saying, they'd somehow use the old keys to the sign the new software that is looking for the new random generated keys?

 

[BRiT]

My take on what Sony can do to counter: A firmware update that introduces "keys done right" into the system and all future games use the new random keys. The current keys remain also for the existing library.

Would this work?

I don't think so because the new firmware has to be decryptable on the current systems, thus it's open for hackers to attack and back-port the new "keys done right" to their own custom firmware. At a minimum they need to perform 2 system updates, think of the first one as bootstrapping or bridging the gap to the new and preferred firmware. It just delays the inevitable.

 

[RobertR1]

Cool. Thanks for the explanation. Now I'm very curious to see what their counter measure(s) down the road might be.

Personally, I'd love to be able to install a 2TB HDD in the PS3, rip my BR collection (just the main track and video) to the HDD. That'd make me happy.

 

[KKRT]

They could force developers to use cd-keys like on PC. To prevent cheating and piracy on normal users they just would force authing even singleplayer games on PSN, like EA Store for example.


This would not stop piracy of course, but make it really painful.

 

[Florin]

Cool. Thanks for the explanation. Now I'm very curious to see what their counter measure(s) down the road might be.

Personally, I'd love to be able to install a 2TB HDD in the PS3, rip my BR collection (just the main track and video) to the HDD. That'd make me happy.

Yep, would be nice. But as far as I know, due to the 9.5 mm height restriction for PS3 internal drives, you can't get bigger than 750GB at the moment.

External USB drives are still a possibility but the fact that the PS3 can only deal with FAT32 on external drives brings its own challenges.

 

[Mize]

USB hardware dongle keys here we come!

 

[Butta]

Simple Solution - Pad all the PS3 exclusives with 50GB of data. Make certain to use full extent of BluRay which would make downloads too painfull for anyone. The rest anyone can get hacked on PC or 360 anyway so no increased risk.

 

[Squilliam]

Would this be a factor in the PS4 design, will it threaten or make difficult having backwards compatibility in the future if the PS3 is that compromised now?

 

[Gitaroo]

PSN games might still work, assuming the hardware is capable enough. Since all PSN will have to be re downloaded, they can just add new key or encryption.

 

[eastmen]

Would this be a factor in the PS4 design, will it threaten or make difficult having backwards compatibility in the future if the PS3 is that compromised now?

betchya that ps4 will not be BC and you will have to rebuy the games through psn.

 

[minimoke]

USB hardware dongle keys here we come!

Yes, this maybe an option for the big PS3 exclusives like KZ3, R3 and possibly LBP2 although it may be too late.

Also, couldn't software be shipped with unique activation keys than need to be activated via PSN?