• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

fail0verflow - PS3 Private Key + PSP Key + PS3's Blu-Ray Key found, FW 3.50 decrypted

N

N.A

Banned
Updates 09/01: (newer updates at the top)

Geohot Releases Signing Tools

Geohot Releases 3.55 Jailbreak

Updates 08/01:

Summary of the hack by GamesIndustry.biz

Updates 07/01:

Geohot Demos Homebrew on 3.55

KaKaRoTo Downgrades v3.55 PS3 Console to v3.41

Updates 06/01:

Marcan shows Linux demo on PS3 Slim

Excellent BBC Summary of Events

Updates 05/01:

KaKaRoToKS releases first PoC Custom Firmware (not recommended for use)

Updates 03/01:

Digital Foundry Article: Hackers leave PS3 security in tatters

3.50/3.55 appldr keys found

PSP Keys Found
From Mathieu's Twitter:
Got the kirk engine keyz :p

I can encrypt/sign anything on psp now.
Click to expand...

PS3 Blu Ray AACS Keys Vulnerable
<@Mathieulh> so, question, who's gonna grab sony's AACS keys from the .isoself module and leak them ? xD
<@Mathieulh> I don't want to leak AACS shit
<@Mathieulh> too risky xD
Click to expand...

Geohot Releases Metldr Key - All other keys vulnerable

fail0verflow opens git, releases tools.




Original Post from 29/12:


This is from the guys behind the Homebrew Channel. Revealed today at 27c3.

Video of presentation:
Part 1: http://www.youtube.com/watch?v=X6CA4fqAdsc
Part 2: http://www.youtube.com/watch?v=X8ohOy8_XO4
Part 3: http://www.youtube.com/watch?v=Eag0VyRTld8


Nice summary from PSGroove.com:

Sony's PS3 Security is Epic Fail

The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot's memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.

Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

The team then displayed the website http://fail0verflow.com/ were we assume will host examples of the new exploits and further details. They stated that easy to use tools would be coming next month.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-Sony-s-PS3-Security-is-Epic-Fail#ixzz19WMUJZAE
Click to expand...

Essentially this will allow anyone to sign executables and run them on any retail PS3.

e9jUO.png


http://www.fail0verflow.com/

From fail0verflow's twitter:

Our current PS3 goal: AsbestOS.pup
Click to expand...
(AsbestOS is marcan's linux loader for PS3)
our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.
Click to expand...
 
N

N.A

Banned
PetriP-TNT said:
The private key is 4?
Click to expand...

No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.
 
C

Chris R

Member
PetriP-TNT said:
The private key is 4?
Click to expand...
Picture is from a webcomic. Check out xkcd. I'd link the actual comic but I'm on my phone.

Can't wait to see what the best homebrew people can do with this.
 
X

xero273

Member
Nuclear Muffin said:
What is this for? Activating debug mode on any firmware?

I thought that hackers already found a code?
Click to expand...

my guess is they should be able to do something like cfw now since they have the private keys.
 
S

Superblatt

Member
N.A said:
No. The 'random' number used to create the private key is always 4. Some hippy guy then showed some extremely long equation to work out the private key.
Click to expand...

So what does this mean as of today? Or better yet, what are the implications?
 
N

N.A

Banned
The implications are (and they pretty much said) that they can now sign executables and the PS3 can't tell the difference.
 
C

captmcblack

Member
If and only if this leads to CFW and true, straight-to-the-metal hacking/homebrew/apps/emulation like on the original Xbox and in the good-old PSP days, I am interested and will move to a PS3 Slim (leaving my OG 60GB for the hacking).
 
P

PetriP-TNT

Member
N.A said:
No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.
Click to expand...
Oh, you're right. I thought that was getprivatekey instead of getrandomnumber :/

(and yeah, I know that that is from a webcomic)
 
T

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
LovingSteam said:
Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.
Click to expand...

Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?
 
H

H_Prestige

Banned
LovingSteam said:
Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.
Click to expand...

Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

Or does this mean we can run homebrew apps without hacking?
 
M

miserable

Member
TheSeks said:
Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?
Click to expand...


I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.

Dunno bout CWcheat, but it would be nice.
 
pcostabel

pcostabel

Gold Member
H_Prestige said:
Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.
Click to expand...

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.
 
B

badcrumble

Member
CWCheat would basically be fantastic for some games, but I'd rather not get locked out of the PSN.

On the other hand if this means we can make the .mkv container playable and enable cross-game voice chat (already in the debug firmware) that'd be awfully nice. Also, region-free PS2 gaming would be nice.
 
T

test_account

XP-39C²
I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?


H_Prestige said:
Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.
Click to expand...
No, i dont think that will work.

EDIT: Assuming that you mean that it is possible to jailbreak a PS3 with a usb stick?
 
T

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
snk2 said:
I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.
Click to expand...

The current downgrader has a very small chance of breaking the blu-ray drive's playback. Which makes me leery.

And open-source downgrader is more than once now, maybe? I haven't honestly been following, but the "LOL ONE DOWNGRADE ONLY" totally turned me off when it was released by the PSjailbreak team or whatever.

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.
Click to expand...

Give me CWCheat ability for offline applications and MMMMM-yes on OFW.

Free money in Ass Creed 2/3's singleplayer? Yes, please.
 
N

N.A

Banned
test_account said:
I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?
Click to expand...

Those unsigned programs can be signed and run on any retail PS3.
 
N

Nuclear Muffin

Banned
So from my understanding, they can make homebrew applications that have the official Sony signature key. This means that you don't even need to hack the PS3 anymore, you just load the file onto your unmodified system using any USB device and the PS3 just treats it as a normal PSN game.

So basically, Sony are completely fucked.
 
L

Lostconfused

Member
carlosp said:
this mean CFW. We will soon get our own update files just like on PSP and will be able to run homebrew.
Click to expand...
Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?
 
C

ClovingWestbrook

Banned
BladeoftheImmortal said:
So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?
Click to expand...

From what it sounds like, yes. Just sign the program and you're good to go.
 
M

Mr_Brit

Banned
Lostconfused said:
Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?
Click to expand...
Yeah, if this is true doesn't it mean we can run homebrew on any PS3 whether it's hacked or not?
 
ReyBrujo

ReyBrujo

Member
This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.
 
C

ClovingWestbrook

Banned
Psgroove said:
Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. The talk got very technical at this point, and I'm still grasping at understanding it all. The major highlights though were, dongle-less jailbreaking and the ability to sign our own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-Sony-s-PS3-Security-is-Epic-Fail#ixzz19WDqEa9r
Click to expand...

Here
 
M

mugurumakensei

Member
ReyBrujo said:
This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.
Click to expand...

Nah, they showed how to generate a private key using this constant.
 
N

N.A

Banned
BladeoftheImmortal said:
So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?
Click to expand...

I believe the backup manager uses BDEMU which Sony could (and maybe already have) removed from retail PS3 firmware. Though a workaround will probably be made.
 
C

carlosp

Banned
Lostconfused said:
Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?
Click to expand...

no, because you need a way to put them on your ps3 and the normal system doesnt allow any kind of executable data transfer between a USB stick and the PS3 file system. This means we need some kind of hack which allows us do so. Even installing a FTP client needs access to the file system first, but that is only a matter of hours then days. I will probably be able to hack my ps3 tomorrow already.
 
H

H_Prestige

Banned
BladeoftheImmortal said:
Damn, so it's even more vulnerable than the PSP was now.
Click to expand...

Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.
 
V

Valkyr Junkie

Member
H_Prestige said:
Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.
Click to expand...

Technically even as the "most locked down system" from a security standpoint, it was still by far the most open platform in other regards.
 
You must log in or register to reply here.

Similar threads

Analysis of PS4's security and the state of hacking
35
10K
hesido replied
  • Locked
Opinion: The PS4 will support 4K blu-ray
14 15 16 17 18
862
333K
-ImaginaryInsider replied
PS3 hacked with CFW "LV0 decryption keys will circumvent any future security updates"
4
6K
Sielys replied
PS3 custom firmware issue linked to PSN access
2 3
102
16K
test_account replied
  • Locked
Sony sues George 'geohot' Hotz and fail0verflow over PS3 jailbreak.
80 81 82 83 84
4K
231K
TommyT replied
Top Bottom