Technological discussion on PS3 security and crack.*

Discussion in 'Console Technology' started by senas8, Jan 23, 2010.

  1. Gitaroo

    Veteran

    Joined:
    Nov 10, 2007
    Messages:
    1,921
    Likes Received:
    62
    not hard to do 2 different version of FW I guess, either check model automatically through PSN or 2 separate FW from their site. It just has to closed down all possible future exploit that current lv0 key might bring.
     
  2. Trejser

    Regular

    Joined:
    Dec 4, 2009
    Messages:
    621
    Likes Received:
    0
  3. Gitaroo

    Veteran

    Joined:
    Nov 10, 2007
    Messages:
    1,921
    Likes Received:
    62
    took a peek at neogaf, seems like there are multiple version of the cfw in work already. So there is no way that PSN can detect cfw at all now? I thought someone said before that there a rootkit or something that Sony implemented pass fw 3.56 that can the detect it. As long as this doesn't cause chaos on popular online game, I don't care. There are still many online games that doesn't require online pass.
     
  4. Trejser

    Regular

    Joined:
    Dec 4, 2009
    Messages:
    621
    Likes Received:
    0
    I suspect OP unlocks will be available on warez sites, I don't think it's going to be a mojor obstacle for motivated people.

    I just hope that majority of current CFW users are mature enough to not play online with cheats :|
     
  5. Rangers

    Legend

    Joined:
    Aug 4, 2006
    Messages:
    12,693
    Likes Received:
    1,516
    that seems to be the real problem with ps3 hacks. from what i can gather a bit here and there, some people are pretty frustrated with the amount of hacks going on on psn and even quit the ps3 because of it.

    say you're a serious cod player or something, going online to hacks and cheats all the time would put you off the ps3. i have seen i think some youtubers who went through just that cycle. from "ps3 is the best ps3 foreva" to " thats it, too much hacking online, i quit ps3"
     
  6. senas8

    Newcomer

    Joined:
    Jan 19, 2005
    Messages:
    89
    Likes Received:
    0
    Marcan of Wii and PS3 hacking has this to say:


    Q: So what can we do with the lv0 signing key?
    A: In short, we can use it to decrypt lv0, modify it to patch out any lv0 security checks, and resign it with a legitimate key that bootldr will accept. With the chain of trust broken and lv0 no longer enforcing the security of the modules that it controls, we can then start modifying lv1ldr, lv2ldr, appldr, isoldr, etc to patch out their security checks and add CFW functionality.

    Q: Can Sony "fix" this like they did for the 3.55 exploit?
    A: To the best of anyone's knowledge, no. With 3.55 the keys metldr used to verify its dependent modules were recovered. So Sony simply stopped using the now-insecure metldr and started using bootldr (which was still secure) to load up everything instead. Sony doesn't have any more secure modules like bootldr left; without getting too technical, we now have the keys to every "common" hardware module that is able to decrypt Sony-signed modules. The only thing left are the modules that use per-console keys, which are useless for booting common firmware (which must be decryptable by every PS3)

    Q: So bootldr is fixed in hardware?
    A: Correct. Like metldr, bootldr cannot be software updated by Sony. It's hard-coded in hardware. As a reminder, bootldr/metldr themselves can't be exploited, but because of the keys we have recovered we can make them load anything we want, nullifying whatever security they provide.

    Q: What about future firmwares?
    A: Good news! We can decrypt those too. Sony can use various coding tricks to make the process more difficult (this is called obfuscation), but they can't stop us by using keys. We will always be able to decrypt lv0, and as long as we can figure out how to navigate lv0 we can figure out how to decrypt and modify its dependent modules. For those of you that follow Sony hardware this is much like how the earlier PSPs were hacked. So we can always decrypt the firmware and will be able to create newer CFWs as long as we can get past any obfuscation by Sony.

    Q: So the PS3 is utterly and completely broken?
    A: Right again! Unlike the 3.55 hack we really do have it all this time. Sony will never be able to re-secure existing consoles.

    Q: What about consoles running firmware newer than 3.55?
    A: Because all "old" consoles use the same keys to verify modules like lv0, at a minimum we can decrypt, patch, and resign the firmware. The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn't an insurmountable problem - hardware flashers will always work - but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW.

    Q: What about newer consoles?
    A: Ahh. So there's the real problem. Remember how we said bootldr and metldr are fixed in hardware? Sony can create new hardware, and update those modules in the process. By using new hardware in conjunction with new firmware for that hardware, Sony could completely change the keys used to secure the system. Without getting too technical, all of this progress comes from the fact that Sony was sloppy and did a poor job of implementing their security on earlier consoles, which is what lead to the first keys being leaked. Sony could always issue new hardware with new keys and a fixed security system at which point we'd be completely locked out of that new hardware. It's entirely possible they'll do this (if they haven't done so already), so much like the PSP we're going to end up with a limited number of consoles that have hardware-based flaws that can be exploited. Of course we then found new ways of exploiting the PSP anyhow, and ultimately were able to exploit every PSP made in one way or another.

    Alot more from source: http://wololo.net/talk/viewtopic.php?p=189997#p189997
     
    #1626 senas8, Oct 24, 2012
    Last edited by a moderator: Oct 24, 2012
  7. Shifty Geezer

    Shifty Geezer uber-Troll!
    Moderator Legend

    Joined:
    Dec 7, 2004
    Messages:
    43,576
    Likes Received:
    16,034
    Location:
    Under my bridge
    That's encouraging for future platforms. The security system should be robust going forwards as long as properly implemented.
     
  8. Squilliam

    Squilliam Beyond3d isn't defined yet
    Veteran

    Joined:
    Jan 11, 2008
    Messages:
    3,495
    Likes Received:
    114
    Location:
    New Zealand
    Does this mean that playing on PSN will be hell in a couple of months? I.E. Is this a good reason to reactivate my gold subscription?
     
  9. Brad Grenz

    Brad Grenz Philosopher & Poet
    Veteran

    Joined:
    Mar 3, 2005
    Messages:
    2,531
    Likes Received:
    2
    Location:
    Oregon
    If by "hell" you mean exactly like it already is on Xbox Live, yes.
     
  10. Squilliam

    Squilliam Beyond3d isn't defined yet
    Veteran

    Joined:
    Jan 11, 2008
    Messages:
    3,495
    Likes Received:
    114
    Location:
    New Zealand
    Ahh well. I guess I can play with my train set.
     
  11. CopyCat

    Newcomer

    Joined:
    May 20, 2004
    Messages:
    20
    Likes Received:
    0
    PSN was already accessible several times with CFW so this new hack doesn't change much in this regard and and even though the PS3 might be unable to differentiate between a official firmware and a proper signed custom firmware, I don't see a reason why when PSN is involved it wouldn't be able to see if the firmware is as expected or modified and block the access again.
    Since you still need a PS3 on 3.55 (or a hardware flasher to downgrade) I wouldn't suspect a sudden increase of PS3s with CFW either.
     
  12. senas8

    Newcomer

    Joined:
    Jan 19, 2005
    Messages:
    89
    Likes Received:
    0
    Is that multiplayer? Id like to join :p
     
  13. senas8

    Newcomer

    Joined:
    Jan 19, 2005
    Messages:
    89
    Likes Received:
    0
    This is the beginning of a very long and heavily scheduled future of the PS3 hacking scene. The release of the LV0 key means that any system update released by Sony going forward can be decrypted fully with no effort. And in time... soon very soon.. people will be able to update to cfw .. regardless of what firmware their on.
     
  14. CopyCat

    Newcomer

    Joined:
    May 20, 2004
    Messages:
    20
    Likes Received:
    0
    Maybe but that's just speculation right now because it requires the discovery of a completely new exploit that enables this possibility. So far we don't have any indication whether such an exploit does exist/will be found or not.
     
  15. Gitaroo

    Veteran

    Joined:
    Nov 10, 2007
    Messages:
    1,921
    Likes Received:
    62
    I think one of the cfw dev rebug or something already said CFW 4.3 is coming....

    The newer PSP was fully open was because of the of the key leaked from the PS3 hack, the PS3 was able to sign all the minis for PSP hardware. It wasn't really a new discovery irc. From what it looks like to me, this may open the sale opportunities to the 3rd world countries but they have to stick to selling older PS3 models and sell pre hacked systems. To be honest, PS2 didn't really reach that 150m+ sales for being secured, neither did the wii.... Since no body even track the software sales in those 3rd world countries, all pirate has to buy serial number in order to play. That's at least some money coming in for the publishers compare to back then on PS2 time.
     
  16. Squilliam

    Squilliam Beyond3d isn't defined yet
    Veteran

    Joined:
    Jan 11, 2008
    Messages:
    3,495
    Likes Received:
    114
    Location:
    New Zealand
    It is co-op but anyone can freely join a game in session.
     
  17. CopyCat

    Newcomer

    Joined:
    May 20, 2004
    Messages:
    20
    Likes Received:
    0
    I don't think a cfw 4.30 would be very surprising. That's exactly what this new leak enables. Decrypt new firmwares, modify them and resign them with the old private key that is already known.
    But this doesn't mean you can install this cfw 4.30 on any PS3 you want. There's still the 3.55 limit because higher private keys are unknown and not possible to get.

    In the Q&A senas8 posted above Marcan said it as well:
    "Q: What about consoles running firmware newer than 3.55?
    A: Because all "old" consols use the same keys to verify modules like lv0, at a minimum we can decrypt, patch, and resign the firmware. The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn't an insurmountable problem - hardware flashers will always work - but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW."

    So yes, with a hardware flasher you can of cause downgrade (with supported models) and then use the newer cfws from 3.55 but the necessity of 3.55 will only change if someone finds a new exploit.
     
  18. minimoke

    Newcomer

    Joined:
    Jun 5, 2008
    Messages:
    129
    Likes Received:
    0
    So I gather that the lvl0 exploit will not work on the new super slim PS3s as Sony would have changed the keys etc?
     
  19. Gitaroo

    Veteran

    Joined:
    Nov 10, 2007
    Messages:
    1,921
    Likes Received:
    62
    super slim and the slim in 3k models, they added a new lvl0.2 I think.
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...