A possible failsafe (this is only theoretical, I don't know whether CELL is designed with this in mind or not) is to have a second secret key in the CPU. The CPU checks with the first key, if it failed, then check with the second key. This way, as long as the second key is not compromised, it's still possible to force an encrypted update with the second key when the first key is compromised. It can also be extended to multiple secret keys.
Technological discussion on PS3 security and crack.*
- Thread starter senas8
- Start date
aaronspink
Veteran
It Sony is willing to go through the expense of a recall and modification of firmware, there is a way. They would have to close all the current exploits in the new firmware and never let it out of the factory/company. Then they would have to recall and upgrade all the existing system. As part of the new firmware, they would have to generate hashes of all existing games and install new keys and fix the signing system. All new games would utilize the new keys and secure DSA. All old games would have to be fully hashed and checked against a hash list installed in the new firmware. It may be possible to do this as long as the root/boot ldr isn't compromised (and AFAIK it hasn't been yet, though everything else has been and there are post root/boot exploits that make this useless with public updates).
Effectively they would have to orphan any console that isn't turned in to be reflashed and rekeyed. Realistically you are looking at costs in the billions. So it is likely doable, but not via public upgrade or without huge pain for Sony and their customers.
The thing to get straight is that fundamentally the security architecture for PS3 is sound. The issues are implementation of that architecture. All the cracks rely on pretty basic flaws in the programming of the different parts of the security apparatus. It really is a fundamental failure in validation that is the root issue. Signing, root of trust, public/private keys, isolated security processors, etc, all DO work. It is just that you have to implement them correctly.
The fundamental issue is where Sony is storing the root keys for the boot loader. Is it hardwired? Is it in fuses? Did they put in extra fuses to overwrite the primary keys?
It would certainly be possible to fix the issues in new build consoles. And depending on how and what mechanisms they have for setting root keys in existing consoles, it may be possible to update them via a physical (aka private) update. The fundamental issue is if it is worth the cost for the PS3. That is something the Sony number crunchers are going to have to figure out: is it cost effective to fix new build systems, is it cost effective to orphan existing boxes, is it cost effective to "recall" existing consoles...
This much is certain though: they will fix these flaws in the next gen systems. They will probably also provide a more robust infrastructure to update keys and add delist fuses in the next gen as well to handle bugs that show up in the future. They don't need to re-architect the system from the ground up, but they do need to pay more attention to the implementation and validation of the security infrastructure next gen.
A lot of the issues are along the same lines as some of the issues that have been found in early version of secure boot on x86, where simple things like referencing the wrong table blow massive wholes in a given implementation.
Last edited by a moderator:
aaronspink
Veteran
That is fairly similar to the xbox 360 "delist" fuses but afaik sony did not include that functionality.
The only way I see to remedy this is by completely changing the business model - and I think it is possible for Sony to implement this even on the PS3, no need to wait until PS4.
If each PS3 has an unique ID number encoded, it could be done.
Since the software cannot be protected anymore, and the PS3 will run anything anyway, Sony should swich to a subscription model - where you pay for the utilization of the console. Sort of a monthly rent of 10-15 USD. If you pay this, you can run anything downloaded from the internet, borrowed from friends, received by mail etc. This of course means validation of each PS3 each month over the internet.
Of course, all the games, old and new, will be reencoded with new master key, and you will not be able to play games encoded with the old key on the "updated" PS3. But if you have a legitimate copy, the "upgraded" PS3 can re-code and save your game on the harddrive, and you can then play it from there.
Esentially, the console is locked unless you pay. After you pay, you will have access to all the games ever released, for one month. PS3 will record what you have played and spread the money to the various developers.
People will not be forced to upgrade - but if new games will be only on the new subscription model, people will upgrade.
How will people get the games? This is the fun part - they will be sold freely by any company that wants to make a dollar or two by stamping a disc. The developer will ship the code to whomever wants it and they can freely distribute it - hardcopy or over the net. This will keep Walmart happy, as well as the people who like to have a hard copy of their game.
The "old" PS3 will not be able to play these games, since they are encoded with a different key.
So the incentive to stay on the piratable version is non-existenet, since by upgrading you will anyway have access to ALL the old games, plus the new ones. Also, 15 USD/month is a modic amount that any gamer, even in poorer countries, can afford, but if you manage to swich all 40 mil PS3, this will amount to a hefty 600 milions per month, 7 bilions per year, with no middleman, just Sony and the developers.
If Sony can do this - if they can lock the console should you choose to upgrade, then this is the only way to not only get out of this mess, but to actually turn it into a profit.
If each PS3 has an unique ID number encoded, it could be done.
Since the software cannot be protected anymore, and the PS3 will run anything anyway, Sony should swich to a subscription model - where you pay for the utilization of the console. Sort of a monthly rent of 10-15 USD. If you pay this, you can run anything downloaded from the internet, borrowed from friends, received by mail etc. This of course means validation of each PS3 each month over the internet.
Of course, all the games, old and new, will be reencoded with new master key, and you will not be able to play games encoded with the old key on the "updated" PS3. But if you have a legitimate copy, the "upgraded" PS3 can re-code and save your game on the harddrive, and you can then play it from there.
Esentially, the console is locked unless you pay. After you pay, you will have access to all the games ever released, for one month. PS3 will record what you have played and spread the money to the various developers.
People will not be forced to upgrade - but if new games will be only on the new subscription model, people will upgrade.
How will people get the games? This is the fun part - they will be sold freely by any company that wants to make a dollar or two by stamping a disc. The developer will ship the code to whomever wants it and they can freely distribute it - hardcopy or over the net. This will keep Walmart happy, as well as the people who like to have a hard copy of their game.
The "old" PS3 will not be able to play these games, since they are encoded with a different key.
So the incentive to stay on the piratable version is non-existenet, since by upgrading you will anyway have access to ALL the old games, plus the new ones. Also, 15 USD/month is a modic amount that any gamer, even in poorer countries, can afford, but if you manage to swich all 40 mil PS3, this will amount to a hefty 600 milions per month, 7 bilions per year, with no middleman, just Sony and the developers.
If Sony can do this - if they can lock the console should you choose to upgrade, then this is the only way to not only get out of this mess, but to actually turn it into a profit.
Last edited by a moderator:
jeff_rigby
Banned
RE: protecting streaming media
That should still be secure or with minor changes still be secure as Adobe DRM with commercial blocking detect and Widevine (Ultraviolet DRM) states that it can detect scrapers, have the tools to detect changes in the PS3 OS. Since most require a reboot to a clean known state and are on-line, changes can be detected and the stream stopped.
Pirating games is the issue and reading this thread, difficult to stop. I don't want Sony to be able to stop homebrew or Linux, my personal view.
That should still be secure or with minor changes still be secure as Adobe DRM with commercial blocking detect and Widevine (Ultraviolet DRM) states that it can detect scrapers, have the tools to detect changes in the PS3 OS. Since most require a reboot to a clean known state and are on-line, changes can be detected and the stream stopped.
Pirating games is the issue and reading this thread, difficult to stop. I don't want Sony to be able to stop homebrew or Linux, my personal view.
If the software can't be protected any more, how do you enforce that the system's ID is referenced, when a custom FW or bootloader or a signed, hacked exectuable can bypass that software step?
As for changing business model, they can't change business model midstream. 40 million PS3's have been sold to people who own them. You can then remove their ownership and say they need to start renting instead. Also the costs of replacing hardware is extravangant, discussed in the business thread.
You dont need to protect software anymore, you just lock the console. Software will be "free" as long as you pay to "unlock" the console.
I dont think they need to replace hardware for this. A simple firmware upgrade will do. This upgrade will change the keys, and old software will not work anymore. You then log to Sony validation site and unlock the console, and you can play all the games that you want, for one month - of course, the games will be re-encoded with the new key.
And you dont need to remove ownership, since they are renting "usage", and only if they want to. Nobody promised them that games will be released forever in the current format for the PS3.
You're calling for the mother of all class action lawsuits, and the instant destruction of Sony.
Please explains to consumers that the console and games they paid in full, suddenly won't work anymore.
Cheers
Well, It looks like we have the very first CFW:
http://kakaroto.homelinux.net/2011/01/ps3-first-custom-firmware-now-working/
http://kakaroto.homelinux.net/2011/01/ps3-first-custom-firmware-now-working/
But they will work - you insert the BD in the drive and it will make a copy on the hard drive or on the usb drive.
This business model isn't realistic anyway. I sometimes only have time to play once every other week, other times I spend every free hour with one game only. Others have a gamerscore of several hundred thousand points. I also tend to buy a lot of games 3 to 6 months or even more after release, at lower prices, but sometimes I get something on its release day.
There is no single subscription model that would be fair to everyone. Either I'm going to have to partially finance gamerscore guy's fun, or the devs will end up getting the short end of the stick, and so on. Consider how a lot of people buy a game full price only to just complete the single player part once. Based on time spent on the game these devs would get a fraction of their current income.
It's also impossible to build different subscription models, even with a completely new hardware platform. Even Onlive, having the possibility, has decided to go for a pay per game approach.
This model would never work IMHO.
There is no single subscription model that would be fair to everyone. Either I'm going to have to partially finance gamerscore guy's fun, or the devs will end up getting the short end of the stick, and so on. Consider how a lot of people buy a game full price only to just complete the single player part once. Based on time spent on the game these devs would get a fraction of their current income.
It's also impossible to build different subscription models, even with a completely new hardware platform. Even Onlive, having the possibility, has decided to go for a pay per game approach.
This model would never work IMHO.
How do you lock the console in a way Sony can unlock but hackers can't, when hackers are able to run any code they want? If it's a FW update, the hackers will just patch the FW or release their own one.
This is the big IF - that is if Sony can change the master key with the new update.
I dont know if this can be done.
jeff_rigby
Banned
If only others do the same......
What about the reverse of the discussions here. Since game software is the only thing at risk how about games having a copy of checksums for multiple programs in different PS3 firmware versions. A check could determine if changes have been made. New games can implement this and older games will include this with upgrades when they have new features to add.
Sony can provide a simple program to all developers with the programs to check and their checksums; pass or no pass. Of course, the program will have to check it'self also.
Last edited by a moderator:
That sounds a reasonable suggestion. At the software level, each prorgam can test the system for authenticity and not run. It'd need to do a full test of the FW though, to prevent simple spoofing. Of course, that won't stop hackers cracking out the security from the games if they can decrypt game packages, so there'd need to be a way to secure the packages first, which need new encruption.keys and a means of securing these systems.
Basically Sony need to figure this out bottom up. They need to secure the root and the lower levels of the kernal so the FW can be changed without the hackers being able to find out how they have changed. Perhaps also bring back Linux with full RSX access to shut up the current hacking ring-leaders! And instigate the original ideas of a more open platform, offering something like Live! Indie where people can create XMB games and apps.
Basically Sony need to figure this out bottom up. They need to secure the root and the lower levels of the kernal so the FW can be changed without the hackers being able to find out how they have changed. Perhaps also bring back Linux with full RSX access to shut up the current hacking ring-leaders! And instigate the original ideas of a more open platform, offering something like Live! Indie where people can create XMB games and apps.
D
Deleted member 7537
Guest
They can't.
Although it would be a smart approach, i don't think anyone at Sony is gonna allow now to give back OtherOS will full RSX access.
aaronspink
Veteran
No possible without new FW, new root keys, etc. The software cannot check anything because it cannot be run securely. You are asking for the equivalent of a PC disk check and we all know those work...
RenegadeRocks
Legend
Has Sony responded in any way to this situation? Not that they need to say anything publically, but has anybody made any comment on this state of affairs?
Similar threads
- Locked