Technological discussion on PS3 security and crack.*

BRiT said:
You do know the same hacking occurs on Steam games, right?

Also, I beg to differ. The XB Jtag hacks are quickly detected and dealt with on XBLive, the longest it takes is 4 hours. I'd even be so bold as to say they are dealt with faster than Steam hacks.
Click to expand...

On steam the worst that happened (and addressed within one week) same modification on the public profile.
There is no hack,that can access the game data,like on the xb or on the ps.

And when someone cheat on the steam version of the Black Ops,then you will know that he will have to re-purchase again the software for hadr money after the ban :)
 
-tkf- said:
The Cat and Mouse game has started, the most important job for Sony is to shutdown PSN so the thiefs don´t get in there. That will force them to either upgrade to play "for real" or stay single player only.

And the Homebrew lovers have all they need now anyway.
Click to expand...

And whoops:

Mathieulh just posted about it on IRC.

Essentially Sony can now remotely execute code on the PS3 as soon as you connect. This can do whatever Sony wants it to do such as verifying system files or searching for homebrew. Sony can change the code and add new detection methods without any firmware updates and as the code executes remotely there is no reliable way to forge the replies.
Click to expand...
 
Npl said:
Technically possible yes, financially feasible no.

pressing discs takes building one rather expensive "glass master" and then using it to stamp 100 000`s of discs. creating one master per disc would result in those discs costing upwards of 200€ to produce (without the cost of the content).
And more importantly this would be impossible to do in a timely manner - would be faster and cheaper just to burn everything to BDR`s and ship those, which would still take to long
Click to expand...

It is possible.
The BD part of the AACS define the Burst Cutting Area, similar one like on the DVDs.
Actually,in the case of the DVDs it is used only on the Gamecube/WII.
The Gamecube (WII) copy protection in a nutshell:they record specific,random parameters from the disc,coding them and recording it with a YAG laser around the middle of the disc.
It is look like a bar code, you can check it on a gamecube/wii disc
It is overlapped with the lead-in section,so the laser can read it in a special mode (it is a low frequency stuff)

The BD can store 20 bytes of data on it.
If it is supported by the PS3 (?) then it could be a perfect protection for the PSN(if there is more than one game with the same serial,BAN)
 
@bomlat: good point, havent thought about that.

PS.
In the Wii case they have used the same key on all discs (of one title) AFAIK, so I dint think of putting unique stuff there
 
Npl said:
@bomlat: good point, havent thought about that.

PS.
In the Wii case they have used the same key on all discs (of one title) AFAIK, so I dint think of putting unique stuff there
Click to expand...

Realy?
Shame on them.I love the GC copy protection.
And the BCA could be interesting for network authentication.
It could contain 80 byte.
 
http://www.engadget.com/2011/01/27/court-grants-sonys-temporary-restraining-order-against-geohot/

It looked for a moment like Geohot and fail0verflow might beat Sony's DMCA lawsuit over the PS3 jailbreak on a jurisdictional technicality, but things didn't go their way: the US District Court for the Northern District of California granted Sony's request for a temporary restraining order forbidding Mr. Hotz and his merry men from distributing or linking to the jailbreak, helping or encouraging others to jailbreak, hacking into the PS3 or PSN, or distributing any information they've found while hacking. What's more, they've been ordered to turn over any computers or storage media used to create the jailbreak to Sony's lawyers -- although we've got a feeling Geohot's attorneys will raise a bit of a fuss about that.

[blah]
Click to expand...
 
It is good to summarize:
They issued a new private key,if you install the 3.56 then the new key have to be used to sign all of the .self files that is not on an original Blue-ray disc.
The firmware update requiring after the 3.56 the new key (which is properly generated,so the big noise about "we found the key and hacked this stuff after ten minutes" has been simply about the now useless public key)

The network requiring the new keys/firmware,so they have to de-package the 3.56,re-signature it with the hacked keys,and install it as a 3.56 CFW.
Of course currently the Sony work around the clock,so if the hackers will be too quick,then they just issue a firmware periodical,so the hackers can have only 10-30% of the time on-line,and (hopefully) there will be same anti-cheat method.
At the end of the day,the Sony developer get money for it,but the hackers do it until they get a girlfriend,and at that point of time he will have to move out from his mother's basement.

The 3.56 OFW machines are not hackable (of course they can found same kind of hack,but that take time and easily patchable) .
It is funny.Common sense ,and minimal cryptography knowledge is a rare commodity on this forum :)
 
bomlat, do not be so smug as you are wrong on at least two fronts and even if you were absolutely correct every now and then a blind rat finds the cheese.

The first wrong front:
The FAT PS3 units with 3.56 OFW are still hackable. You can use the decrypt hard drive method to downgrade/sidegrade to CFW.
The Slim PS3 units are hardware patched against the decrypt hard drive method.

The second wrong front:
All current hardware model PS3s are vulnerable to a mod-chip style hack since the boot chain is hacked.

The new 3.56 OFW allows for arbitrary code running that is deployed from the network. This is a possible attack vector for hackers using a PS3 Proxy.
 
bomlat said:
It is funny.Common sense ,and minimal cryptography knowledge is a rare commodity on this forum :)
Click to expand...

It's funny, I agree with this statement, but with a different meaning (I think) from your intentions.

Yes, there's a lack in "common sense" and "knowledge of cryptographic techniques" -- but I read that as:

Common sense shows us that in the history of computing systems, it is a significantly difficult problem to protect a closed system that isn't subject to open review.

Lack of cryptographic knowledge is also similar - there is a significant body of computer scientists and cryptographic researchers who feel that for any cryptographic implementation to be truly proven secure is nearly impossible given enough time and resources for a cryptanalyst. Therefore, having a technique/algorithm or implementation subject to peer/open review (and cryptanalysis) by anyone is a good way to "test" or provide a higher degree of comfort that a specific technique/implementation is secure enough.
 
Oh, with the size of their current problems, it doesn't add to their problem. It's actually a good thing for Sony to add in. It means the hackers will have to keep up or put in place network analysis of the packets to be sure they're not being counter-measured. I'm just identifying possible attack vectors the hackers might use to re-hack a 3.56 OFW system.

Sony could have also added in system calls for file consistency checks that may be activated later.
 
BRiT said:
bomlat, do not be so smug as you are wrong on at least two fronts and even if you were absolutely correct every now and then a blind rat finds the cheese.

The first wrong front:
The FAT PS3 units with 3.56 OFW are still hackable. You can use the decrypt hard drive method to downgrade/sidegrade to CFW.
The Slim PS3 units are hardware patched against the decrypt hard drive method.

The second wrong front:
All current hardware model PS3s are vulnerable to a mod-chip style hack since the boot chain is hacked.

The new 3.56 OFW allows for arbitrary code running that is deployed from the network. This is a possible attack vector for hackers using a PS3 Proxy.
Click to expand...

First:
they need the server side fix,ie. re-encoding al PSN content,and force everyone to re-download them.Currently the revocation of the old ,compromised keys are not full.
Second
Check for the world "ASIC" in one of my previous message :p
 
Last edited by a moderator:
Yup. The BLOPS ban have nothing to do with overall PS3 hacking. You can be BLOPS banned for merely glitching on a map (abusing the poor map layout to get to areas you shouldn't be able to) or abusing coding bugs (like infinite care packages for killstreak rewards) and that doesn't require a hacked console at all.
 
One of my mates has given in and I found him installing CFW 3.55 last evening. He was too curious and says he'll be back on OFW when KZ3 hits. I doubt it. Once one gets a taste of free games,there's no coming back. Add to that we all grew up on modded PS2s.

What I want to share is that he showed me that he could still go online, into PSN store too, by using a special DNS address which fools the systems in place into thinking that his ps3 has the latest firmware.
Even though OFW 3.56 is out, he went online with 3.55, started downloads from PSN, right in front of me.

If such a simple method of going online with Old FWs exists, why hasn't it been corrected? He says this method was used to go online by people who refused to upgrade when Linux was removed. Such a simple method, and so old.
 
You must log in or register to reply here.

Similar threads

C
FAO Linux users on PS3
Replies
12
Views
4K
patsu
P
H
Cell's Security Architecture: Ibm's Prize And Sony's Achilles Heel
2
Replies
28
Views
5K
SPM
S
U
  • Locked
IGN on 360 and PS3 versions of MLB2K7: "So much for spending $600 dollars".
Replies
13
Views
3K
techhead77
T
M
(Simple?) questions about Xbox 360 and PS3 bandwidths
Replies
8
Views
2K
marconelly!
M
T
  • Locked
Some developer comments on PS3/X360 (Edge Magazine)
7 8 9
Replies
162
Views
23K
MonkeyLicker
M
Back
Top