Technological discussion on PS3 security and crack.*

[jeff_rigby]

No possible without new FW, new root keys, etc. The software cannot check anything because it cannot be run securely. You are asking for the equivalent of a PC disk check and we all know those work...

It appears to work for streaming Media DRM, that's where I got the idea. Perhaps the downloading of a new version of a DRM tool periodically makes it more difficult for hacker to keep up.

Scrapers and detecting commercial blocking....DRM for PCs. IF it works there it should work for the PS3 games.

 

[ban25]

It appears to work for streaming Media DRM, that's where I got the idea. Perhaps the downloading of a new version of a DRM tool periodically makes it more difficult for hacker to keep up.

Scrapers and detecting commercial blocking....DRM for PCs. IF it works there it should work for the PS3 games.

Sure, they may be able to play a cat and mouse game which could be effective in delaying day zero piracy (though not much more). Of course, if it results in a painful firmware upgrade for legitimate users every week, it will be certain to make a lot of people unhappy. My PS3 takes too long to update already!

 

[baten]

Then you have a problem with how much do you charge. And how much money do the publishers and developers get. It's unlikely that 15 USD a month will be enough. I find it doubtful that even 50 USD a month would be enough. Would consumers be willing to pay 100-200 USD a month?

And that still doesn't address how much companies would get from that. You can't just split it equally. If you did, companies would no longer have any incentive to spend the money to develope something like KZ2, Halo: Reach, GTA4, etc. Base it on time played and some of the smaller developers might get even less money now than they do with the current system.

Which then goes back to how much do you charge each month? Publishers would no longer have the ability to rely on blockbuster sales to fund new IP which might or might not have a positive ROI.

Eventually you'd end up with a system where you'd have mostly PopCap style games. Being a PC gamer, I love this myself, as it would encourage AAA Publishers and Developers to abandon consoles and go back to being PC only. But that certainly doesn't help the PS3.

Regards,
SB

I dont think so.
What is the attach rate of games on a console? For the lifetime of the console it is somewhere around 12 games. If you calculate at around 40 USD/game this puts the total sales from software at 70 mil consoles X 12 x 40 = 33,6 bilion USD.
Now if you calculate subscription you get 40 milion X 12 months X 15 USD X 10 years = 72 billion USD, which is twice as much money - and please note that it does not include any costs from distribution, middleman, etc. (I put only 40 mil, since in the first years you will have less consoles on the market, so I average at 40.
So actualy both Sony/MS/Nintendo and the developers will make a lot more money - and this with only 15 USD/month. Probably they can charge as well 20 or 25, of have different subscription models, like 5 dollars for 10 hours, 15 dollars for 50 hours and 30 dollars for unlimited hours.

Splitting the money is easy - the PS3 will record what you have played

Also, this "Pay for Gameplay" sistem gets rid of secondary market, of rentals and of gamesharing that is so annoying for publishers and developers in the current "Pay for Game" sistem.

It is a much better sistem for basically everybody, except for crap games developers/publishers that a lot of people buy but nobody actually plays.

Regarding the implementation on a PS3 V2 (with new masterkey and corrected security) - it could be done for sure. However, I am not sure if you can upgrade the PS3 V1 (the hacked one) to PS3 V2 with a simple FW upgrade.

 

[jeff_rigby]

Sure, they may be able to play a cat and mouse game which could be effective in delaying day zero piracy (though not much more). Of course, if it results in a painful firmware upgrade for legitimate users every week, it will be certain to make a lot of people unhappy. My PS3 takes too long to update already!

When you add to the above all the evils that plague the PC world like Virus and Trojan programs, perhaps some might stay in legitimate channels.

Dialup modems for the PS3 for those who do not have a fast internet connection just for Sony to check their PS3 for a virus.

Someone else to blame when their PS3 crashes. Silver lining.....

 

[Silent_Buddha]

When you add to the above all the evils that plague the PC world like Virus and Trojan programs, perhaps some might stay in legitimate channels.

That's something else potentially worrying. With a 40+ million install base, the PS3 would be an attractive target to use for a botnet, especially since there is no protection available for it. Any potential virus, trojan, worm, etc. writer can self sign their malware and potentially get it to run even on legitimate non-hacked PS3s.

As the PS3 also has a web browser that opens up a very attractive entry point for malware targeting the platform.

Jailbroken iPhones and Android devices are already being used to form botnets. Apparently it's quite rampant in China with even non-jailbroken devices being used in Botnets via insufficient application scanning by the local app houses there. So you buy an app from an official outlet and bam, your device is now part of a botnet.

I can easily see the PS3 being the next device targetted.

Regards,
SB

 

[Mize]

As the PS3 also has a web browser that opens up a very attractive entry point for malware targeting the platform.

Is there actually someone out there patient enough to use the PS3's poor excuse for a browser? Ugh.
I would see the most likely route for a botnet to be pirated games.

 

[draconian]

Is there actually someone out there patient enough to use the PS3's poor excuse for a browser? Ugh.
I would see the most likely route for a botnet to be pirated games.

This. Why in the world does sony stick with this crappy browser. At the very least, give people options. Contract with Opera/Mozilla to provide a $10 downloadable browser. Sony gets a cut, Opera/mozilla gets a cut, ps3 users have good browser. So simple, yet so elusive to sony.

The ps3 hardware system is open forever (at least the existing install based), a custom firmware can be installed forever. But assuming they plug all holes in the hypervisor/OS, they can again make their official firmware pretty secure.

 

[jeff_rigby]

This. Why in the world does sony stick with this crappy browser. At the very least, give people options. Contract with Opera/Mozilla to provide a $10 downloadable browser. Sony gets a cut, Opera/mozilla gets a cut, ps3 users have good browser. So simple, yet so elusive to sony.

The ps3 hardware system is open forever (at least the existing install based), a custom firmware can be installed forever. But assuming they plug all holes in the hypervisor/OS, they can again make their official firmware pretty secure.

A new browser has been confirmed.

I wrote an Email to Geoff Levand (Sony programmer in charge of the Javascript port, his name is in the GNU license disclosure)

On 12/16/2010 10:50 AM, jeff wrote:

Quote:

Yes, we have a port of webkit that runs on PS3. It
is actually a generic Cairo/POSIX port. You can get
what we have for release here:

http://downloads.snei-opensource.com/pub/webkit/

It is now just javascript core, but we will be releasing
updates with more support in the coming months

 

[habbe]

According to draconians quote from slashdot i wonder if they have the cell hardware root key ?.

They got a bunch of lvl.2 keys but did they get the lvl.1 key ?.

Looking at this Ibm document http://www.ibm.com/developerworks/power/library/pa-cellsecurity/ the root key is stored in hardware, and i guess the os that runs above the cell in fig.5 is the hypervisor and not the gameos. (i think gameos is an application that runs on top of hypervisor).

My thoughts on this is, If theres possible to do an update of the hypervisor securely (with a signed lvl1 executable inside an signed lvl.2 executable). If the lvl.1 key is not generated with the random salt there is of course very stupid to expose the key.

All of the above could be very wrong anyway this guy was pretty spot on in an article from 2006 http://arstechnica.com/old/content/2006/04/6694.ars

 

[aaronspink]

It appears to work for streaming Media DRM, that's where I got the idea. Perhaps the downloading of a new version of a DRM tool periodically makes it more difficult for hacker to keep up.

Not really. Any steaming media DRMs that haven't been cracked are only because no one cares.

 

[Deleted member 7537]

http://www.computerandvideogames.com/article.php?id=282455

Sony's firsts comments on this, they say they can fix this trought a series of network updates...

 

[Shifty Geezer]

They're not going to fix the current holes. This suggests they are looking at online security? Would it be acceptible to have games marked as "internet connection required" and so enforce server-side, and hence secure, checks? That wouldn't contravene the console use, although it'd be most irritating for non-online users. But hey, it's 2011 already! There's no excuse not to be on the web. Your TV will be, and soon your toaster and fridge, uploading what you eat and how you like your toast to various marketing arms!

 

[patsu]

They can resort to software DRM and regular cat and mouse. They only need to protect the DRM and launching. If this is the stance they take, they may be able to embed frequent firmware update in every game releases (without network). Let's see.

We should be able to install our own OS though, regardless of what Sony does.

 

[Npl]

They're not going to fix the current holes. This suggests they are looking at online security? Would it be acceptible to have games marked as "internet connection required" and so enforce server-side, and hence secure, checks? That wouldn't contravene the console use, although it'd be most irritating for non-online users. But hey, it's 2011 already! There's no excuse not to be on the web. Your TV will be, and soon your toaster and fridge, uploading what you eat and how you like your toast to various marketing arms!

They can make life hard for hackers though, but this should probably primary done by per-game-checks. Whatever they do I think the worst would be some quick incremental duct-tape jobs.
The homebrewers would be satisfied if they could just run their stuff from XMB (or XBM, I never get that right), the real annoying thing obviously would be pirated games and hacks - so focus on making this as hard as possible and hope the best hackers are content with poking their way only through the layer that boots up Apps. without selling some sort of modchip there shouldnt be commercial interest in enabling piracy.

 

[Npl]

We should be able to install our own OS though, regardless of what Sony does.

Is that really a big interest? Launching Apps from XMB seems way more interesting to me (aslong as they cant interfere with anything else).

 

[Shifty Geezer]

They can resort to software DRM and regular cat and mouse. They only need to protect the DRM and launching. If this is the stance they take, they may be able to embed frequent firmware update in every game releases (without network). Let's see.

We should be able to install our own OS though, regardless of what Sony does.

I think that's actually the best outcome. Linux homebrew has it's space, AmigaDOS gets ported (yeah, right!), while piracy is tackled. I don't think Sony will be chasing after the Linux-type hackers, only chasing after pirates. Only if OtherOS type access provides lots of attack vectors does it behoove Sony to try and lock that side out too, but that looks impossible at the moment.

 

[patsu]

Is that really a big interest? Launching Apps from XMB seems way more interesting to me (aslong as they cant interfere with anything else).

Yeap , I think so too. Usually it's hard for corporates to accept this because there are liabilities. I expect they will try to take it away (best effort). I don't they will be successful... but at least they are off the hook within reasonable bounds.

The commercial apps should be noticeably better than homebrew stuff anyway, so they should not be afraid of our spare-time software, economically speaking.

 

[-tkf-]

Ehmm

http://www.next-gen.biz/news/sony-responds-to-ps3-hacks

“We are aware of this, and are currently looking into it,” Sony told us in a brief statement. “We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details.”

Lies or just not informed..

 

[Xenus]

It's theoretically possible to fix depending on what got them them the master key and what is updatable at one time. The PS3 firmware needs to decrypt the the new firmware so it can be in stalled but theoretically you could inject multiple keys into the update process. done right this time. That way you inject keys into the update allow the system to read the new firmware that is encrypted with those keys and stall in encrypted with different keys not giving the hacker the chance to use the old keys to exploit the system to get the keys unless they can run something in parallel to get the updates. All this plus the white listing and all that in a single large update and of course all this could be useless if they cannot revoke or stop the exploit of the master key. It's going to be a great challenge to fix their mistakes and regain some semblance of the closed system they had before though.

 

[mrcorbo]

It's theoretically possible to fix depending on what got them them the master key and what is updatable at one time. The PS3 firmware needs to decrypt the the new firmware so it can be in stalled but theoretically you could inject multiple keys into the update process. done right this time. That way you inject keys into the update allow the system to read the new firmware that is encrypted with those keys and stall in encrypted with different keys not giving the hacker the chance to use the old keys to exploit the system to get the keys unless they can run something in parallel to get the updates. All this plus the white listing and all that in a single large update and of course all this could be useless if they cannot revoke or stop the exploit of the master key. It's going to be a great challenge to fix their mistakes and regain some semblance of the closed system they had before though.

As I understand it, though, there would be nothing stopping a hacker from flashing custom firmware right back onto the system using the master key that GeoHot leaked and find ways to defeat that update (probably by spoofing that the update had already taken place).