Technological discussion on PS3 security and crack.*
- Thread starter senas8
- Start date
RenegadeRocks
Legend
Frankly speaking, they not letting it get cracked uptill now is itself a great feat ! Bravo Sony !
RenegadeRocks
Legend
Yup, but we can't cry over spilled milk, can we ? But still, comparing this to the hacking of Wii and 360, I think its a big feat to hold on for so long when the whole world is against you !
Sounds like something that could be taken straight from some 'SDF' slogan.
But seriously the flaw has always been there it could have been exploited just a few years or even months after it came out had they wished to exploit system but they gave their opinion on why not. Things only get 'cracked' and flaws exposed when there is enough interest from in this case hackers and profitable either as in money or reputation.
I am sure also games being on the costly Blu-ray media and burners (by the time) was something that scared off the lesser teams dedicated to piracy.
Sounds like something that could be taken straight from some 'SDF' slogan.
But seriously the flaw has always been there it could have been exploited just a few years or even months after it came out had they wished to exploit system but they gave their opinion on why not.
Irony is that without otheros it seems impossible to even get close to finding out it was flawed.
aaronspink
Veteran
I pretty sure that is exactly what sony management is doing: crying over spilled milk. The hacks/cracks that have been discovered/used are fairly embarrassing, pointing to major engineering and management issues within Sony. The DSA issue is close to inexcusable considering the resources and people they had working on security for the PS3.
Right. I sort of see two possible reasons for this happening:
1) Developer just didn't understand the algorithm they were tasked with coding.
2) Test/debug code somehow got finalized for production release.
At any rate, it really goes to point out that we don't perform negative testing well enough... and when you have cryptographic algorithms, you need to perform some cryptanalysis based testing as well -- basically have a test team actively try out various attacks.
Indeed. They should have a red team. Honestly, I'm curious to see if they truly understand the gravity of the exploit. I wonder if they'll try some pointless fixes first? It will be interesting to see...
I'd bet it was a relatively junior programmer tasked with coding the algorithm from a description, making an honest mistake.
What should have then happened is the code should have been reviewed, and the mistake should have been caught. On a piece of core security code it should probably have been reviewed by multiple people.
Clearly the second part just didn't happen, or it was reviewed by people who also misunderstood the implementation.
The buffer overruns and timing exploits I mostly understand, you'll see them in any sufficiently complex piece of code, but we're talking about a team fucking up the most important 100 lines of code in the security system.
Probably ERP's theory. A signing tool isn't necessarily a sexy piece of code more experienced engineers would want to jump on, but it is critically important and should have been carefully audited.
I'm sure Sony has code review policies in place, but this is something that should be looked at a little closer before giving it a "Ship It!"
Indeed the PS3 had what it takes to remain untouched.
Silent_Buddha
Legend
Except on the existing 40+ million consoles, you can't protect the new key. So that will be in the wild and available.
You also can't protect the Device ID. Being able to run arbitrary code, you can have your console report back to PSN whatever Device ID you want it to. Spoofing ID's is nothing new. You "could" tie it to your account. But again, with a completely open system, you just end up with the same situation as PC games where the account validation is hacked out and games will be released and available for pirating soon after they are made available to paying customers.
Then you have a problem with how much do you charge. And how much money do the publishers and developers get. It's unlikely that 15 USD a month will be enough. I find it doubtful that even 50 USD a month would be enough. Would consumers be willing to pay 100-200 USD a month?
And that still doesn't address how much companies would get from that. You can't just split it equally. If you did, companies would no longer have any incentive to spend the money to develope something like KZ2, Halo: Reach, GTA4, etc. Base it on time played and some of the smaller developers might get even less money now than they do with the current system.
Which then goes back to how much do you charge each month? Publishers would no longer have the ability to rely on blockbuster sales to fund new IP which might or might not have a positive ROI.
Eventually you'd end up with a system where you'd have mostly PopCap style games. Being a PC gamer, I love this myself, as it would encourage AAA Publishers and Developers to abandon consoles and go back to being PC only.
But that certainly doesn't help the PS3. Regards,
SB
The Cell CPU has a hardware random number generator. It's a mystery why it's not used.
If I've understood right it's the (ECDSA) signature of the firmwares/EXEs that was broken. Signing the update/EXE package is most likely done on some linux/window system far deep in the back office running on x86 or sparc. It's that signing program that has the incredible bug of using a constant as a cryptographic random number. Anyone who has read a bit of cryptography knows the importance of using a cryptographic-grade RNG. Whoever implemented that feature had very little interest in cryptography.
Possibly it wasn't specced into that kind of detail because the security design team took it for granted. They should have specced it down to user-friendly level, i.e. "Is your monitor plugged in and powered on?"-level. In this case: "Is your RNG cryptographic grade?".
Maybe the EXE signing was implemented per PDF spec in a different development division. Like the security guys passed the PDF to the deployment guys.
It must be demoralizing to the core security designers to see all blown to hell by a literally clueless deployment workflow.
Only thing that could save it now would be if there was a shadow security system with a 2nd set of root keys. Call it the "2nd and last chance"(TM) security feature.
Similar threads
- Locked