Technological discussion on PS3 security and crack.*

[Shifty Geezer]

I worded it wrong, what i hope is that they don´t need to recall, but can update the firmware, bootloader etc at their service centers. You know, enable efuses, do whatever they can to make things incredible annoying for pirates, change the master code, do whatever they can to secure the future games.

The issue there is how they get owners to willingly hand in their PS3's to update them to become more aggravating to use. I'm not going to hand in my PS3 unless there's something in it for me, and those who would pirate most certainly won't hand their PS3's in, so you wouldn't fix the intended audience anyway.

Thus a recall, all costs and practicalities aside, looks like it wouldn't ever work just because of lack of cooperation from the user base. It's a dead-end plan.

 

[Shifty Geezer]

Important reminder!

• Technological discussion of how the hack works and how it can be fixed is here. (this thread)
• Ethical discussion of how wrong/right this is and what should be done about the hackers is here.
• Business discussion about how this impacts Sony as a business and what they can do as a business to mitigate damage is here.

Three different topics, three different threads so the discussion doesn't become a jumbled, unwieldy mess. Please manage your posts accordingly.

 

[-tkf-]

The issue there is how they get owners to willingly hand in their PS3's to update them to become more aggravating to use. I'm not going to hand in my PS3 unless there's something in it for me, and those who would pirate most certainly won't hand their PS3's in, so you wouldn't fix the intended audience anyway.

Thus a recall, all costs and practicalities aside, looks like it wouldn't ever work just because of lack of cooperation from the user base. It's a dead-end plan.

I don´t see how it should be more agravating to use, it´s the same user experience just that those that choose not to update will be stuck on whatever version of firmware they have and with the games they have, offline..

If technical possibly.

 

[Shifty Geezer]

I've moved the latest recall talk to the business thread, as that's not a technical issue. Although what changes Sony could make at the hardware level is! Please do try (me included!) to see if your post is talking about costs or such, and make the move yourself, if just to preserve discussion integrity which can suffer which bits and bobs getting moved, especially when a post double dips into different subjects.

 

[Squilliam]

Does anyone know if they can protect the PSP2 against the PS3? If the PSP keys were leaked because of a compromised PS3 then what can they do to protect the PSP2 against this threat?

The first obvious solution would be to not let them connect. However ideally they would want the PSP2 and PS3 to have a connection and quite likely they have already built into the devices early firmware various forms of connectivity and the assumption that the PS3 was reasonably secure, this is the quickest method given it is probably easier to remove features rather than add them. However if they miss something it could still provide a vector for attack.

The second is of course to have a firewalled connection. Considering the PS3/PSP connection cost them the last vestiges of PSP security, how can they manage the risk of an unsecure device connecting to a secure device? Can they plug this hole in the 6 months between now and when shipment has to start by?

 

[Mize]

Does anyone know if they can protect the PSP2 against the PS3? If the PSP keys were leaked because of a compromised PS3 then what can they do to protect the PSP2 against this threat?

The first obvious solution would be to not let them connect. However ideally they would want the PSP2 and PS3 to have a connection and quite likely they have already built into the devices early firmware various forms of connectivity and the assumption that the PS3 was reasonably secure, this is the quickest method given it is probably easier to remove features rather than add them. However if they miss something it could still provide a vector for attack.

The second is of course to have a firewalled connection. Considering the PS3/PSP connection cost them the last vestiges of PSP security, how can they manage the risk of an unsecure device connecting to a secure device? Can they plug this hole in the 6 months between now and when shipment has to start by?

AFAIK they discovered the PSP master key, no? If so the PS3 doesn't need to connect to use it - they have the actual key. Am I missing something because I don't understand why the PS3 connecting has much to do with it.

 

[RobertR1]

The issue there is how they get owners to willingly hand in their PS3's to update them to become more aggravating to use. I'm not going to hand in my PS3 unless there's something in it for me, and those who would pirate most certainly won't hand their PS3's in, so you wouldn't fix the intended audience anyway.

Thus a recall, all costs and practicalities aside, looks like it wouldn't ever work just because of lack of cooperation from the user base. It's a dead-end plan.

For someone like me and others who use their PS3 primarily as a BR player, there is pretty much no incentive to send the system in.

I have much more to gain by waiting to see what the Homebrew community can do on the media front.

The ban off PSN is easily worth it if I can use my PS3 as a BR server, region free DVD/BR playback and a host of other possibilties.

 

[RenegadeRocks]

Do you guys mean, noob question here, that the ps3 is compromised now? I mean, Sony can't patch this with a firmware update?
Does this mean......I had got used to seeiing legal games in my friends' houses....the run of law is over?

Can someone explain in simple terms what exactly has been compromised here and why it can't be, supposedly, stopped?

 

[mrcorbo]

Do you guys mean, noob question here, that the ps3 is compromised now? I mean, Sony can't patch this with a firmware update?
Does this mean......I had got used to seeiing legal games in my friends' houses....the run of law is over?

Can someone explain in simple terms what exactly has been compromised here and why it can't be, supposedly, stopped?

The system security has been completely compromised and hackers now have access to every part of the system. To give you an idea, they have been able to extract the AACS key the PS3 uses to decrypt BluRays as well as the PSP keys that are stored in the PS3 to allow it to play PSP minis (thereby compromising that system as well). As for why it will be *difficult* to re-secure the system, one of the keys that has been compromised is a hardware key. This vulnerability would require a new design to close and nothing short of a full recall can address this in systems already in use. As long as this vulnerability exists the hackers will have an "in " to attack any attempts to re-secure the system software. Thus the talk about implementing phone-home DRM and CD-keys as alternatives.

 

[Mize]

Well, that and the fact that the exploit to gain hypervisor access was hardware-based, so, even if Sony could magically change the hardware key, they could just re-root it.

 

[Neb]

Can someone explain in simple terms what exactly has been compromised here and why it can't be, supposedly, stopped?

I think the hardware locked 'master key' is exposed allowing modification of the system at the core thus making anything possible. Like having access to the key for vault door and only way to change key is to replace the key mechanism rendering all PS3s present useless for legal material and the need for new PS3s with new hardware revision and HW locked key(s).

Will be interesting to see if Blu-ray burner and disc sales will increase rampant.

 

[Npl]

The system security has been completely compromised and hackers now have access to every part of the system. To give you an idea, they have been able to extract the AACS key the PS3 uses to decrypt BluRays as well as the PSP keys that are stored in the PS3 to allow it to play PSP minis (thereby compromising that system as well)....

I think its worse than that, I think the PSP-key is used to copy PSN stuff from PS3 to PSP, encrypting and signing it in the process.
Decrypting the PSP-Minis wasnt a problem at all, creating your own signed PSP-executeables is.

 

[Mize]

FYI, the truth is out there...

On January 26, 2010, Hotz released the exploit to the public. It requires the OtherOS function of the machine, and consists of a Linux kernel module and gaining control of the machine's hypervisor via bus glitching.

So a new firmware with no OtherOS could make this exploit useless...the problem is the exploit was used and the master key published.

 

[Cornsnake]

http://www.eurogamer.net/articles/digitalfoundry-ps3-security-in-tatters

Here is the Digital Foundry article on it for anyone who hasn't read it.

 

[2real4tv]

Can down loadable games be fixed via patch?

 

[Mize]

We need a sticky thread or something!
Read the thread. Only phone-home authentication and the type of serial numbers used for PC games will fix this problem as far as anyone can tell.

 

[habbe]

Can it be more Than one masterkey?. Is it possible for Sony to blacklist the key in the wild and switch to another one?

 

[Mize]

oh dear.
post 1116 was my last reply to a question already asked, discussed and answered earlier in this thread.

 

[2real4tv]

We need a sticky thread or something!
Read the thread. Only phone-home authentication and the type of serial numbers used for PC games will fix this problem as far as anyone can tell.

Sorrythought about the question more after posting. If keys were changed for the DD and not on the hardware side it wouldn't work anymore because the keys don't match.

 

[habbe]

I can't see why they can't add another masterkey (with random salt) with a firmware update.
Whitelist every executable signed with the old key if they match the original hashes (the hash values has to be included in the firmware).