Technological discussion on PS3 security and crack.*

[bomlat]

Nope. It won't work like that. Anything built on 3.55 or below will remain open to hacking/pirating. Everything made from 3.56 onwards will require the new key after a certain timestamp.

?I don't get your point.
After this week thursday the only machines with 3.55 or bellow will be the ones without PSN connection.So,the new keys will be not important for them.
With a simple update (later,if someone will decript properly the 3.55) the 3.56 games/PSN softwares will run on them - and they will be able to connect to the PSN (for a limited time )

On the 3.56 after the shop update the old key will not work,only from BD:

The timestam not make any sense:they have to validate the old executables with the compomised key-so any timestamp diferentiation not make sense.I can make a homebrew,and timestamp it with the 1757 date , and It will be good for the fw.

 

[-tkf-]

So Sony did the impossible or the impossible was just extremely possible..
Phew, i am happy that PSN is saved and the homebrewers got what they want..

Pirates, i guess they stick to 3.55 and the games that will run there...

 

[Xenus]

All he is saying is they won't force a re-key for every program below 3.56. So anything on 3.55 or below will still work. Basically it comes down to it's too much work to be worth it and it might annoy the customers.

 

[baten]

How can the new key be securely fed to the PS3 through a firmware update that is completely descifrable for the hackers?

 

[Gubbi]

How can the new key be securely fed to the PS3 through a firmware update that is completely descifrable for the hackers?

Tha'ts what I'm wondering too. Hacked 3.56 firmwares will crop up 12-24 hours after release.

Cheers

 

[deathkiller]

How can the new key be securely fed to the PS3 through a firmware update that is completely descifrable for the hackers?

The firmware only has the new public key and if Sony doesn't make the same mistake again nobody will be able to obtain the private key from it.

 

[baten]

Tha'ts what I'm wondering too. Hacked 3.56 firmwares will crop up 12-24 hours after release.

Cheers

Well, maybe not that fast, but I dont see how it can be stopped.

However, it seems that there is some sort of rootkit in the new 3.56 that gives Sony undetected access to your PS3 and the ability to remotely run whatever code they want. Maybe this could be the way to feed the new key - after the upgrad is done, and not with the update. Sony will first check if everything is OK inside the console, and then fed the new key.
Anyone has better insight?

 

[baten]

The firmware only has the new public key and if Sony doesn't make the same mistake again nobody will be able to obtain the private key from it.

Does this mean that hackers will not be able to sigh homebrew, but backup games will be able to run through MFW?

 

[Shifty Geezer]

Well, maybe not that fast, but I dont see how it can be stopped.

However, it seems that there is some sort of rootkit in the new 3.56 that gives Sony undetected access to your PS3 and the ability to remotely run whatever code they want. Maybe this could be the way to feed the new key - after the upgrad is done, and not with the update. Sony will first check if everything is OK inside the console, and then fed the new key.
Anyone has better insight?

They can't rely on every PS3 being online. If this FW was uniquely one that had to be performed directly on PS3 connected to the internet, perhaps. But as long as you can update from a USB drive, there's no way Sony can provide server-side or secrete-program security functions.

 

[Gubbi]

Well, maybe not that fast, but I dont see how it can be stopped.

However, it seems that there is some sort of rootkit in the new 3.56 that gives Sony undetected access to your PS3 and the ability to remotely run whatever code they want. Maybe this could be the way to feed the new key - after the upgrad is done, and not with the update. Sony will first check if everything is OK inside the console, and then fed the new key.
Anyone has better insight?

How will Sony ensure that this rootkit isn't compromised ?

Cheers

 

[NathansFortune]

How can the new key be securely fed to the PS3 through a firmware update that is completely descifrable for the hackers?

Because Sony closed the security hole that allowed hackers to sign code. The actual private key never really leaked, the method to sign code using the private key was found to be very easy because of someone's incompetence in using a constant in their random number generator. Now code signing requires a truly random number to get access to the private key they don't have access anymore.

The public key is still out there though and that is out there for a long time, changing that will almost certainly break compatibility with all current games. Again, there is probably a plan to change it and whitelist current software once they have the private key properly locked down but that will come with a future firmware update.

The private key is never actually visible to the end user, it requires the use of a function using a random number generator, the PS3 will then check that it has been correctly calculated and then sign code automatically using the private key. It remains hidden at all times, now that the random number generator has been fixed access to the private key (and ability to sign code) has gone.

Eventually Sony will reflash everything on the PS3 and stage by stage they will retake control of the PS3. At the end of the day the homebrew guys have got 3.55 and private key access while Sony have got 2011 blockbusters to force people to either buy another console for legitimate play or update and give up CFW. Anyone who uses CFW on PSN is asking for trouble and a probable ban from PSN and their IP logged so that any future connections from the same location will be tested for CFW.

 

[NathansFortune]

How will Sony ensure that this rootkit isn't compromised ?

Cheers

PS3 access requires privileged access and signed code using the new private key. That key hasn't leaked and access to the key is almost impossible now that the code signing method has been fixed.

 

[-tkf-]

How will Sony ensure that this rootkit isn't compromised ?

Cheers

If compromised, they update the firmware, yet again.

 

[bomlat]

There is two ,different "fight" area:
1., to make a console,that is difficult and expensive to modify to do anything else than to play official games.This requirement is important because the Sony/ms burn money with each produced unit,so they have to recover it from the software sales.However now it is not as important as it was five years ago,because the ps3 slowly will be profitable.
2.,To prevent the cheating on the PSN,and protect the digital distribution channel.For this ,a not compromised PS3 is a good thing,but not necessary.It is possible even on the PC,example Steam.


For the xbox,the first point cost 20-50$(for anyone).For the PS3 it cost currently 10$,later on they can increase the price to 30-40$ too.
But the main point,the PSN is secure again,and of course they can make the life of the not-paying customers really difficult later on.

 

[Gitaroo]

kind of off topic, but I thought the PS3 was sold at profit since last summer. Imagine this was happen on the PS2, with no firmware update. People basically have modchip for free on all the compromised models?

 

[bomlat]

kind of off topic, but I thought the PS3 was sold at profit since last summer. Imagine this was happen on the PS2, with no firmware update. People basically have modchip for free on all the compromised models?

It happened on the PS2 and Xbox1-free mcboot and the splinter cell hack.

The issue with the last generation is the not-update ability.
Due to that if you learn some security flaw,you can build the next hack onto that,and slowly breach the whole security of the machine,and reach the complete,soft hackable system.
It is not possible any more.The Sony can update all console-and even the off line users will face the problem of the late game crack in the case of the most important games.

 

[Gitaroo]

can games that require 3.56+ be decrypted and force to run on fw? assuming they dont use any of the new features.

 

[NathansFortune]

Yes, but they have to decrypted, patched and encrypted using the old hack. Even then they won't work on 3.56 or later.

Once Sony change the public key that won't be possible either.

 

[bomlat]

Yes, but they have to decrypted, patched and encrypted using the old hack. Even then they won't work on 3.56 or later.

Once Sony change the public key that won't be possible either.

The Sony can't change the public key !
It will be easy to decrypt,and update the old firmware to be able to play the new games on it.
(easy mean it is not impossible mathematical,but the guy who will do that have to do this for free,and the Sony engineer do the software protection for a living )

So,in the medium-long term the hackers will lose,simply because they do it for the fun,and for the fame-but not for the living.
hack the PS3 - it can make your name famous.
hack the 235.32a firmware- and you get a few "gash,you could be faster next time" from a few forum visitor.

 

[NathansFortune]

Sure they can. The same way they just changed the private key. As long as the old public key can still be accessed by old games and older firmwares then it's fine. The reason Sony will want to change it is to protect newer games from piracy and force people to buy a new console or update from CFW to OFW if they can't afford a new console.

I will be very surprised if CFW guys bother with anything beyond 3.55 now. The fact that they have private key access is awesome for them and any CFW beyond 3.55 will just use the old private key anyway. Honestly it is the best of both worlds for them. They get to play games if they get ripped and patched with the old private key and they get their homebrew programs as well. It will be once Sony start using 3.60 firmware features that it becomes difficult and people will have to buy new consoles or hope for a new CFW with access to the new private key.