There goes the PS3

Scotty · January 06, 2011, 02:47:55 PM

Widely regarded as being the (formerly) most secure of gaming consoles:

http://www.bbc.co.uk/news/technology-12116051

CherryPie · January 06, 2011, 03:02:19 PM

lol old news. But seriously, the ps3 was "gone" already with the jailbreak hack, now the ps3 kinda "came back" with a lot of people buying it in future only because homebrew can be installed now. Same happened to the psp. In the end, half of the psp devices were being sold only because of homebrew software like SNES/N64 emulators.

Chaos · January 06, 2011, 03:10:09 PM

Quote from: Scotty on January 06, 2011, 02:47:55 PM
Widely regarded as being the (formerly) most secure of gaming consoles:

http://www.bbc.co.uk/news/technology-12116051

AHahahahahahahahahahahahahahahahahaha.

AHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

Checkmate. Now I won't have to worry about my firmware and shit for my PSP. :3

Scotty · January 06, 2011, 03:28:23 PM

Hey SONY!!!

ARTgames · January 06, 2011, 04:19:30 PM

"However, Sony wrote their own signing software, which used a constant number for each signature."
If that's true what noob's. Some one will get fired. Companies keep trying to reinvent the wheel and keep getting a square when it come's to security. Good free knowledge is know on how to keep things safe. Why not just use it insted of making up your own untested stuff.

Forum · January 06, 2011, 04:38:40 PM

And http://news.bbc.co.uk/2/hi/technology/6963696.stm

"Some of my friends think I wasted my summer but I think it was worth it," he told US newspaper The Record of Bergen County.

ARTgames · January 06, 2011, 04:50:22 PM

Smart person. He would be a great person to hire if you need tech security support.

T-Rok · January 08, 2011, 11:31:28 AM

I thought about posting this the day it happened, but couldn't really figure out how to make it good xD. But Geohotz release of the Root Keys actually doesn't cause homebrew, it allows it to be easier to make, he did it because fail0verflow achieved the other half of the issue. fail0verflows' actions are what originally allowed for homebrew because they were able to get the private keys by reverse engineering Sony's code, which failed by the way. The reason they were able to do this is because Sony's security is actually terrible despite everyones beliefs. In all technicality, the Wii has better security than the PS3 strictly because the LV2 does not have any security checks. So by hacking 20% of the security, which only used buffer overflows along with a USB flaw and I believe one other thing, they allowed 100% of what Sony was trying to stop. But back to Sony's fail code:

Signature 1

R=(mG)_x

S₁=e₁+kR/m

Signature 2

R=(mG)_x

S₂=e₂+kR/m

Information Table

R = Private key
m = random number

Now since m is the same for both signatures, so is R, this means that m, which is supposed to be a random is not random at all. So all they did was reverse engineer this algorithm inside the PS3 using Sony's OWN randomization code for m, it's below.

Code Select


int getRandomNumber()
{
 return 4;//chosen by fair dice roll
 //guaranteed to be random
}

If you don't understand anything I said, here is a great video of fail0verflow pretty much explaining everything above+more Click me

Might I also add, due to the release of these root and private keys, people who used to them poke around the PS3 have also found the root keys for the PSP (every model, up until this recently only 1000 and 2000 were able to be 100% hacked using the Pandora method) AND the root keys for Blu-Ray.

krele · January 08, 2011, 12:21:36 PM

I surely am missing something...

So all they did was encrypt the software with a key? Just like that?... How come it took people so long to crack it?
I personally believe they thought it was random so they did all that useless and nasty stuff, while they could've simply cracked the key if they knew it wasn't random at all.
If you ask me, this is not a win, this is a fail.

T-Rok · January 08, 2011, 12:28:12 PM

Quote from: krele on January 08, 2011, 12:21:36 PM
I surely am missing something...

So all they did was encrypt the software with a key? Just like that?... How come it took people so long to crack it?
I personally believe they thought it was random so they did all that useless and nasty stuff, while they could've simply cracked the key if they knew it wasn't random at all.
If you ask me, this is not a win, this is a fail.

Actually this is what every single system does as far back as the I believe.. umm.. PS1. This includes original Xbox, Gamecube, etc. But I'm probably wrong about how far back it goes but it is not just the PS3. The reason its a single key is because that m that I mentioned that is SUPPOSED to be random is a very very important part of it. Without that random m, you go from up to 8000 years to decrypt it down to 5 minutes. However, thats just the private keys. The root keys were, or so the story goes even though the article contradicts this, given to Geohot by a disgruntled Sony ex-employee who was fired. Personally, I believe that more than the articles version because there has been lots of talk about said employee for the past month or two.

ARTgames · January 08, 2011, 05:28:19 PM

This is what they were trying to do and failed.
http://en.wikipedia.org/wiki/Public-key_cryptography

Stick Online Forums

News:

There goes the PS3

Scotty

CherryPie

Chaos

Scotty

ARTgames

Forum

ARTgames

T-Rok

krele

T-Rok

ARTgames