Support NeoGAF

BSTF · Dec 29, 2010

LovingSteam said:
Hypervisor security broken
No need for dongles
New exploits
Can sign homebrew on all systems
Potentially offers the ability to offer updates without Sony official updates

So yea, none of that was possible before today's announcement. Still not seeing where you get the notion that CFW has been possible since the first unsigned code was running on the PS3.

Hypervisor security was already broken.

Dongles, yes although unsure what they're going to use for to put the executables on the PS3. Probably PS Store but that can be patched, so then you'd have to go through hard drive editing, not sure how that's much easier than a dongle.

Jailbroken PS3s already ran unsigned homebrew, no need to sign it. Potential to update was offered on Jailbroken PS3s.

CFW was a possibility the day the PS3 was released. All I'm saying is that this news doesn't mean that there's magically going to be CFW, CWCheat, MKV support like some people here have suggested. And if it does it's because of the renewed interest in it.

N.A said:
Update .pup's and the contents of them are all signed and couldn't be modified (without the PS3 detecting it) before this key was found.

The downgrader used a modified PUP.

throwawayname · Dec 29, 2010

At what time the demo of their exploit will be tomorrow? Cant find it in the official schedule.

NVM found it

Fuzzy · Dec 29, 2010

FunkyPajamas said:
Does this mean I can mod my games so that Nolan North voices them all?

I think I already accidentally did that.

Diablos · Dec 29, 2010

Can't wait to sit through YET ANOTHER UPDATE the next time I turn on my ps3.

N.A · Dec 29, 2010

PNstyle said:
At what time the demo of their exploit will be tomorrow? Cant find it in the official schedule.

From twitter:

FWIW lightning talks tomorrow are at 11:30-13:45. PS3 demo will be 4 minutes _somewhere_ within that range (to be determined)

ClovingWestbrook · Dec 29, 2010

BSTF said:
Hypervisor security was already broken.

Dongles, yes although unsure what they're going to use for to put the executables on the PS3. Probably PS Store but that can be patched, so then you'd have to go through hard drive editing, not sure how that's much easier than a dongle.

Jailbroken PS3s already ran unsigned homebrew, no need to sign it. Potential to update was offered on Jailbroken PS3s.

CFW was a possibility the day the PS3 was released. All I'm saying is that this news doesn't mean that there's magically going to be CFW, CWCheat, MKV support like some people here have suggested. And if it does it's because of the renewed interest in it.

The downgrader used a modified PUP.

I am not trying to be argumentative but do you have any source or links stating that the hypervisor was already broken before this announcement?

N.A · Dec 29, 2010

Diablos said:
Can't wait to sit through YET ANOTHER UPDATE the next time I turn on my ps3.

Nothing Sony can do about it through firmware.

tokkun · Dec 29, 2010

It always baffles me how some people can be extremely tech savvy, and not realize how stupid they look using terms like "epic fail". Did the presentation also state that all Sony's base belong to them, followed by a picture of a cat making a Chuck Norris joke with poor grammar?

Megadragon15 · Dec 29, 2010

N.A said:
Nothing Sony can do about it through firmware.

Doesn't mean Sony won't try.

Jomjom · Dec 29, 2010

Is there any way this can lead to getting region free PS1 and PS2 gaming on the original BC PS3? A console that can play every PS1, 2, and 3 game from anywhere would be my most cherished console of all time.

Feorax · Dec 29, 2010

Yup, it's Sony's security that an epic fail. Nevermind that the system has been on the market for 4 years now and not one of these guys has managed to break the security in a substantial or useful way.

And besides which, Sony was pretty open with it's platform in the first place, allowing linux installations etc. It's only because these fuckwads keep trying to do stupid shit and being "l33t h4xorz" that we keep losing these features.

Fed up of this shit now. Stop goading the platform holders assholes, you'll only end up fucking it up for the rest of us.

Valkyr Junkie · Dec 29, 2010

tokkun said:
It always baffles me how some people can be extremely tech savvy, and not realize how stupid they look using terms like "epic fail". Did the presentation also state that all Sony's base belong to them, followed by a picture of a cat making a Chuck Norris joke with poor grammar?

You're just now realizing extremely tech savvy individuals are frequently social retards?

ClovingWestbrook · Dec 29, 2010

Feorax said:
Yup, it's Sony's security that an epic fail. Nevermind that the system has been on the market for 4 years now and not one of these guys has managed to break the security in a substantial or useful way.

And besides which, Sony was pretty open with it's platform in the first place, allowing linux installations etc. It's only because these fuckwads keep trying to do stupid shit and being "l33t h4xorz" that we keep losing these features.

Fed up of this shit now. Stop goading the platform holders assholes, you'll only end up fucking it up for the rest of us.

:lol :lol :lol

phosphor112 · Dec 29, 2010

tokkun said:
It always baffles me how some people can be extremely tech savvy, and not realize how stupid they look using terms like "epic fail". Did the presentation also state that all Sony's base belong to them, followed by a picture of a cat making a Chuck Norris joke with poor grammar?

:lol

Very true. I haven't heard the term "epic fail" from anyone other than fanboys and 13 year olds in a long time.

ephemeral garbage · Dec 29, 2010

marcan said:
They can try to whitelist every existing piece of official PS3 code... but good luck with that.

I'm a little confused about that. Sure, there's a lot of PS3 code out there, but literally -all- of it has had to go through Sony. It's not like they have to track down shit in the wild.

Would it really be that hard to create a whitelist, create a new and hopefully secure signing algorithm, push a firmware update, then require that all binaries either be on the whitelist or be signed by the new algo?

ClovingWestbrook · Dec 29, 2010

Not A Fur said:
I'm a little confused about that. Sure, there's a lot of PS3 code out there, but literally -all- of it has had to go through Sony. It's not like they have to track down shit in the wild.

Would it really be that hard to create a whitelist, create a new and hopefully secure signing algorithm, push a firmware update, then require that all binaries either be on the whitelist or be signed by the new algo?

He was being facetious.

Megadragon15 · Dec 29, 2010

tokkun said:
It always baffles me how some people can be extremely tech savvy, and not realize how stupid they look using terms like "epic fail". Did the presentation also state that all Sony's base belong to them, followed by a picture of a cat making a Chuck Norris joke with poor grammar?

I guess you haven't read read any of the Kinect threads on GAF.

ephemeral garbage · Dec 29, 2010

LovingSteam said:
He was being facetious.

I think I caught that, yeah. As far as I can tell, that would actually be a viable thing for Sony to do.

phosphor112 · Dec 29, 2010

How hard would it be to whitelist the allowed code?

Megadragon15 said:
I guess you haven't read read any of the Kinect threads on GAF.

I personally avoid that thread at all costs. Brings too many fanboys to the yard.

ClovingWestbrook · Dec 29, 2010

Link to pics showing what Markan had to do to dump/change NOR chip.

Also

MPlayer port to PS3 in the works, confirmed by lantus on IRC

MiloFoxburr · Dec 29, 2010

Not A Fur said:
I think I caught that, yeah. As far as I can tell, that would actually be a viable thing for Sony to do.

Wouldn't that be a fairly big list? And with the system entirely open what's to stop people modding that list in the firmware before updating?

Degen · Dec 29, 2010

Can't wait to see what gets removed in the next mandatory security update as a result of this.

BladeoftheImmortal · Dec 29, 2010

LovingSteam said:
Link to pics showing what Markan had to do to dump/change NOR chip.

Also

I wish I could be more tech savvy. Those pics just leave me scratching my head.

jett · Dec 29, 2010

year of the ps3

ClovingWestbrook · Dec 29, 2010

Degen said:
Can't wait to see what gets removed in the next mandatory security update as a result of this.

Hopefully it will be GameOS, BluRay playback, and PSN. Then you'll REALLY have something to complain about.

phosphor112 · Dec 29, 2010

http://www.youtube.com/watch?v=GPjd6gHY6A4

video.

anonymousAversa · Dec 29, 2010

Valkyr Junkie said:
You're just now realizing extremely tech savvy individuals are frequently social retards?

:lol :lol :lol

Wazzim · Dec 29, 2010

Not A Fur said:
I'm a little confused about that. Sure, there's a lot of PS3 code out there, but literally -all- of it has had to go through Sony. It's not like they have to track down shit in the wild.

Would it really be that hard to create a whitelist, create a new and hopefully secure signing algorithm, push a firmware update, then require that all binaries either be on the whitelist or be signed by the new algo?

New decryption? They try that all the time on the psp, it only slow things down for a week or two.

Pooya · Dec 29, 2010

Not A Fur said:
I'm a little confused about that. Sure, there's a lot of PS3 code out there, but literally -all- of it has had to go through Sony. It's not like they have to track down shit in the wild.

Would it really be that hard to create a whitelist, create a new and hopefully secure signing algorithm, push a firmware update, then require that all binaries either be on the whitelist or be signed by the new algo?

They claim their digital signature is as good as Sony's if it is true then for Sony to possibly detect and ban these signatures they need to disable every single digital signature released over the past four years, including the content on discs. This means they need to release a new patch for every PS3 game ever released, every piece of content on PSN needs to be resigned etc, doing this is too expensive, not worth it. and all of this will work if hackers can't possibly hack it again.

Lyonaz · Dec 29, 2010

All I want is region free blu-ray and MKV support bitches!!!

phosphor112 · Dec 29, 2010

miladesn said:
They claim their digital signature is as good as Sony's if it is true then for Sony to possibly detect and ban these signatures they need to disable every single digital signature released over the past four years, including the content on discs. This means they need to release a new patch for every PS3 game ever released, every piece of content on PSN needs to be resigned etc, doing this is too expensive, not worth it. and all of this will work if hackers can't possibly hack it again.

Not blacklist, whitelist. Just approve of the digital signatures of what is signed by them. Detect a program that's not on the whitelist? Ban/disable. That would force users who have hacked consoles to stay off line. Which is the most important thing. Making sure hackers (online vg hacking type) don't affect the other users.

demosthenes · Dec 29, 2010

I don't care if unpopular, I don't like this news.

Massa · Dec 29, 2010

Wazzim said:
New decryption? They try that all the time on the psp, it only slow things down for a week or two.

The PSP situation would be a dream scenario for Sony if the PS3 keys are actually leaked.

Magic Mushroom · Dec 29, 2010

demosthenes said:
I don't care if unpopular, I don't like this news.

If it leads to massive piracy (which remains to be seen) and lots of online cheating, it would indeed be pretty shitty news.

LegatoB · Dec 29, 2010

phosphor112 said:
Not blacklist, whitelist. Just approve of the digital signatures of what is signed by them. Detect a program that's not on the whitelist? Ban/disable. That would force users who have hacked consoles to stay off line. Which is the most important thing. Making sure hackers (online vg hacking type) don't affect the other users.

The problem with this method is the obvious one: you still need to whitelist every legitimate piece of PS3 content that exists in every region, or you're going to get very upset customers wondering why they can't use the games, DLC, etc. they purchased. I would be incredibly surprised if Sony had the foresight to create a "master list" of all the content they'd ever officially signed, if such a thing is even possible. It's not an impossible tactic, but it's one that would still require an immense amount of manpower and time to do reasonably and with an unacceptably high failure rate.

phosphor112 · Dec 29, 2010

demosthenes said:
I don't care if unpopular, I don't like this news.

I don't either. I love homebrew, but more people end up hurting the industry than those who use homebrew for legitimate features.

I don't know much about video, but why would anyone need MKV support on a PS3? As far as I know MKV containers are used for blurays (typically)... so why would you need to play a digital file of a bluray movie when you supposedly own the movie? I can understand owning a digital copy of a game... Games aren't nearly as large as 1080p movies with 7.1... but why need MKV again?

Someone enlighten me, as I said, I honestly don't know much of video other than blurays are typically in MKV containers...

LegatoB said:
The problem with this method is the obvious one: you still need to whitelist every legitimate piece of PS3 content that exists in every region, or you're going to get very upset customers wondering why they can't use the games, DLC, etc. they purchased. I would be incredibly surprised if Sony had the foresight to create a "master list" of all the content they'd ever officially signed, if such a thing is even possible. It's not an impossible tactic, but it's one that would still require an immense amount of manpower and time to do reasonably and with an unacceptably high failure rate.

Why wouldn't they have all their official digital signatures archived? I'm sure any software that requires(or uses) online has one, and it wouldn't be hard to get an official list. Certainly is easier than a blacklist.

brotkasten · Dec 29, 2010

I wonder if the guys at SCE have an emergency meeting right now. I'd love to see that.

Valkyr Junkie said:
You're just now realizing extremely tech savvy individuals are frequently social retards?

Yeah, it's kinda disappointing. The Xbox 360 presentation three years ago was more professional.
24C3 - Why silicon security is still that hard

You guys should watch the first four minutes for the lulz. It's like Sony completely forgot about this.

Wazzim · Dec 29, 2010

Massa said:
The PSP situation would be a dream scenario for Sony if the PS3 keys are actually leaked.

Why? They don't ban people like MS, that's when it gets tricky.

WickedLaharl · Dec 29, 2010

Infinite Justice · Dec 29, 2010

WickedLaharl said:

indeed

phosphor112 · Dec 29, 2010

brotkasten said:
I wonder if the guys at SCE have an emergency meeting right now. I'd love to see that.

I'm 100% sure they are, probably had one within an hour of that presentation and probably have CS workers and engineers working on a possible fix, along with lawyers and legal representatives on modifying the TOU etc.

Pooya · Dec 29, 2010

phosphor112 said:
Not blacklist, whitelist. Just approve of the digital signatures of what is signed by them. Detect a program that's not on the whitelist? Ban/disable. That would force users who have hacked consoles to stay off line. Which is the most important thing. Making sure hackers (online vg hacking type) don't affect the other users.

I don't think that's doable, Sony needs to include a growing whitelist with every firmware release so expect a firmware update each week as new content is released on PSN or new games are out. Not to mention that including a list of keys in the firmware will introduce a huge security flaw; if the signatures are in the firmware files, they can be found by the hackers sooner or later, this is a very stupid thing to do.
The other thing Sony can do is do the verification process online; for example you need to activate your games or everything else once online before executing like some PC games; no need to say how people will react to this...

Donos · Dec 29, 2010

Kagari said:
Unlikely. People have been pirating on 360, Wii and PS2 for years and that never really impacted software sales.

But you need modchips and stuff to use pirated games on the 360 or not ? (i don't know how it works on the wii)

That's not the same as "joe sixpack" plugging his USB stick into the PS3 and using a oneclicktool he just downloaded from the web to make his PS3 play "backups" without opening the PS3. This would spread way faster and would do more damage in the end than the modchip scene.

Although saying that Sony can't and won't do anything is a little bit early. ( but i don't even understand 1/6 of the techstuff regarding this "key")

Drkirby · Dec 29, 2010

I guess they could whiteless and checksum every official PS3 game and software.

ClovingWestbrook · Dec 29, 2010

Donos said:
But you need modchips and stuff to use pirated games on the 360 or not ? (i don't know how it works on the wii)

That's not the same as "joe sixpack" plugging his USB stick into the PS3 and using a oneclicktool he just downloaded from the web make his PS3 play "backups" without opening the PS3. This would spread way faster and would do more damage in the end than the modchip scene.

Although saying that Sony can't and won't do anything is a little bit early. ( but i don't even understand 1/6 of the techstuff regarding this "key")

No modchips needed for the 360.

Brannon · Dec 29, 2010

So the hypervisors, they do nothing?

Lord Error · Dec 29, 2010

This is a very impressive development! I for one cannot wait to be able to install a few of the most favorite games permanently to a HDD using some easy to use boot loader that doesn't require ridiculous USB keys. I don't think there's really a way for Sony to check for existence of such software on your console through PSN either, which would be the only danger of keeping it. They can't check every piece of software you have installed on your console every time you log into PSN. They might check it when you run it and only if the software connects PSN (because the whitelist would have to be stored online), but I don't plan to play installed games online anyway.

Blimblim said:
It *definitely* impacted Wii games sales. I've asked this question to quite a few PR people over at different publishers, and they all told me Wii piracy was a real problem (360, not so much).

It impacted PSP and DC too for sure. I think PS3 should be at the level of mainstream penetration now that this shouldn't affect it much.

BSTF · Dec 29, 2010

LovingSteam said:
I am not trying to be argumentative but do you have any source or links stating that the hypervisor was already broken before this announcement?

Do you not know what the hypervisor was for? Unless you're talking about them saying they can sign the hypervisor configuration file. Which still isn't a huge deal, but I should have waited until I watched the video. The download is just so slow :/ and I am impatient. Will wait until watching.

Degen said:
Can't wait to see what gets removed in the next mandatory security update as a result of this.

Gamesharing might be the only thing :/

phosphor112 · Dec 29, 2010

miladesn said:
I don't think that's doable, Sony needs to include a growing whitelist with every firmware release so expect a firmware update each week as new content is released on PSN or new games are out. Not to mention that including a list of keys in the firmware will introduce a huge security flaw; if the signatures are in the firmware files, they can be found by the hackers sooner or later, this is a very stupid thing to do.
The other thing Sony can do is do the verification process online; for example you need to activate your games or everything else once online before executing like some PC games; no need to say how people will react to this...

Why do a full fledged update when they can update a simple file? PSN checks that file on login for an integrity check. Of course hackers can modify it but if PSN sees a difference. Bam. Booted.

Let me elaborate more on how that would work. Firmware update includes a new "digital signature" program. It compiles a list of all the software on your PS3 to be checked with PSN. PSN does a quick check (file can easily be less than 100kb). Even the slowest of connections can still do a check of that size.

Like I said, hackers can easily get around that check.. but that removes their online.

LegatoB · Dec 29, 2010

miladesn said:
I don't think that's doable, Sony needs to include a growing whitelist with every firmware release so expect a firmware update each week as new content is released on PSN or new games are out. Not to mention that including a list of keys in the firmware will introduce a huge security flaw; if the signatures are in the firmware files, they can be found by the hackers sooner or later, this is a very stupid thing to do.
The other thing Sony can do is do the verification process online; for example you need to activate your games or everything else once online before executing like some PC games; no need to say how people will react to this...

Well, phosphor is just talking about blocking this stuff from working online only, which is a lot easier to do. If all the checks are done server-side, presumably, there'd be no need to ever give the client a copy of the whitelist.

Support NeoGAF

fail0verflow - PS3 Private Key + PSP Key + PS3's Blu-Ray Key found, FW 3.50 decrypted

this post rates 1/10

Member

I would bang a hot farmer!

Member

Banned

Banned

Banned

Member

Member

Banned

Member

Member

Banned

Banned

Member

Banned

Member

Member

Banned

Banned

Member

Member

Member

D-Member

Banned

Banned

Member

Banned

Member

Member

Banned

Member

Member

Member

Member

Banned

Member

Banned

Member

Member

Banned

Member

Member

Corporate Apologist

Banned

Member

Insane For Sony

this post rates 1/10

Banned

Member

Similar threads