• Register
  • TOS
  • Privacy
  • @NeoGAF

N.A
Member
(12-29-2010, 03:59 PM)
N.A's Avatar
Updates 09/01: (newer updates at the top)

Geohot Releases Signing Tools


Geohot Releases 3.55 Jailbreak


Updates 08/01:

Summary of the hack by GamesIndustry.biz


Updates 07/01:

Geohot Demos Homebrew on 3.55

KaKaRoTo Downgrades v3.55 PS3 Console to v3.41

Updates 06/01:

Marcan shows Linux demo on PS3 Slim


Excellent BBC Summary of Events

Updates 05/01:

KaKaRoToKS releases first PoC Custom Firmware (not recommended for use)


Updates 03/01:

Digital Foundry Article: Hackers leave PS3 security in tatters

3.50/3.55 appldr keys found

PSP Keys Found

From Mathieu's Twitter:
Got the kirk engine keyz :P

I can encrypt/sign anything on psp now.

PS3 Blu Ray AACS Keys Vulnerable

<@Mathieulh> so, question, who's gonna grab sony's AACS keys from the .isoself module and leak them ? xD
<@Mathieulh> I don't want to leak AACS shit
<@Mathieulh> too risky xD

Geohot Releases Metldr Key - All other keys vulnerable

fail0verflow opens git, releases tools.





Original Post from 29/12:



This is from the guys behind the Homebrew Channel. Revealed today at 27c3.

Video of presentation:
Part 1: http://www.youtube.com/watch?v=X6CA4fqAdsc
Part 2: http://www.youtube.com/watch?v=X8ohOy8_XO4
Part 3: http://www.youtube.com/watch?v=Eag0VyRTld8


Nice summary from PSGroove.com:

Sony's PS3 Security is Epic Fail

The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot's memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.

Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

The team then displayed the website http://fail0verflow.com/ were we assume will host examples of the new exploits and further details. They stated that easy to use tools would be coming next month.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-...#ixzz19WMUJZAE

Essentially this will allow anyone to sign executables and run them on any retail PS3.



http://www.fail0verflow.com/

From fail0verflow's twitter:

Our current PS3 goal: AsbestOS.pup

(AsbestOS is marcan's linux loader for PS3)

our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.

Last edited by N.A; 01-09-2011 at 06:58 PM.
badcrumble
Member
(12-29-2010, 04:01 PM)
badcrumble's Avatar
Soooo... is that somehow different from this? http://www.neogaf.com/forum/showthread.php?t=415191 What are the 'private keys' exactly?
PetriP-TNT
Member
(12-29-2010, 04:01 PM)
PetriP-TNT's Avatar
The private key is 4?
Nuclear Muffin
Banned
(12-29-2010, 04:02 PM)
Nuclear Muffin's Avatar
What is this for? Activating debug mode on any firmware?

I thought that hackers already found a code?
N.A
Member
(12-29-2010, 04:02 PM)
N.A's Avatar

Originally Posted by PetriP-TNT

The private key is 4?

No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.
rhfb
Member
(12-29-2010, 04:04 PM)
rhfb's Avatar

Originally Posted by PetriP-TNT

The private key is 4?

Picture is from a webcomic. Check out xkcd. I'd link the actual comic but I'm on my phone.

Can't wait to see what the best homebrew people can do with this.
xero273
Member
(12-29-2010, 04:04 PM)
xero273's Avatar

Originally Posted by Nuclear Muffin

What is this for? Activating debug mode on any firmware?

I thought that hackers already found a code?

my guess is they should be able to do something like cfw now since they have the private keys.
Superblatt
Member
(12-29-2010, 04:05 PM)
Superblatt's Avatar

Originally Posted by N.A

No. The 'random' number used to create the private key is always 4. Some hippy guy then showed some extremely long equation to work out the private key.

So what does this mean as of today? Or better yet, what are the implications?
N.A
Member
(12-29-2010, 04:06 PM)
N.A's Avatar
The implications are (and they pretty much said) that they can now sign executables and the PS3 can't tell the difference.
BladeoftheImmortal
Member
(12-29-2010, 04:07 PM)
BladeoftheImmortal's Avatar
This means CFW, right? no more PS3 jailbreaker everytime I turn it on? *Squeal*
captmcblack
God-Tier ghetto pass
(12-29-2010, 04:07 PM)
captmcblack's Avatar
If and only if this leads to CFW and true, straight-to-the-metal hacking/homebrew/apps/emulation like on the original Xbox and in the good-old PSP days, I am interested and will move to a PS3 Slim (leaving my OG 60GB for the hacking).
ClovingWestbrook
Banned
(12-29-2010, 04:07 PM)
ClovingWestbrook's Avatar
Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.
PetriP-TNT
Member
(12-29-2010, 04:10 PM)
PetriP-TNT's Avatar

Originally Posted by N.A

No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.

Oh, you're right. I thought that was getprivatekey instead of getrandomnumber :/

(and yeah, I know that that is from a webcomic)
TheSeks
Blinded by the luminous glory that is David Bowie's physical manifestation.
(12-29-2010, 04:11 PM)
TheSeks's Avatar

Originally Posted by LovingSteam

Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.

Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?
Double D
Member
(12-29-2010, 04:11 PM)
Double D's Avatar
CozMick
Member
(12-29-2010, 04:11 PM)
CozMick's Avatar
So firmware updates are now useless correct?
BladeoftheImmortal
Member
(12-29-2010, 04:12 PM)
BladeoftheImmortal's Avatar

Originally Posted by CozMick

So firmware updates are now useless correct?

Until they change the internals of the system, like they did with PSP3000, yes.
H_Prestige
Banned
(12-29-2010, 04:14 PM)

Originally Posted by LovingSteam

Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.

Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

Or does this mean we can run homebrew apps without hacking?
Last edited by H_Prestige; 12-29-2010 at 04:17 PM.
snk2
Member
(12-29-2010, 04:15 PM)
snk2's Avatar

Originally Posted by TheSeks

Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?


I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.

Dunno bout CWcheat, but it would be nice.
pcostabel
Member
(12-29-2010, 04:17 PM)

Originally Posted by H_Prestige

Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.
Metalmurphy
Banned
(12-29-2010, 04:18 PM)
Metalmurphy's Avatar

Originally Posted by pcostabel

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.

Any firmware?


I fear for online cheaters :/
alr1ght
bish gets all the credit :)
(12-29-2010, 04:18 PM)
alr1ght's Avatar
interesting. Keep that shit offline and all is good.
H_Prestige
Banned
(12-29-2010, 04:18 PM)

Originally Posted by pcostabel

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.

Damn, that sounds awesome.
badcrumble
Member
(12-29-2010, 04:18 PM)
badcrumble's Avatar
CWCheat would basically be fantastic for some games, but I'd rather not get locked out of the PSN.

On the other hand if this means we can make the .mkv container playable and enable cross-game voice chat (already in the debug firmware) that'd be awfully nice. Also, region-free PS2 gaming would be nice.
test_account
XP-39Cē
(12-29-2010, 04:18 PM)
test_account's Avatar
I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?


Originally Posted by H_Prestige

Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

No, i dont think that will work.

EDIT: Assuming that you mean that it is possible to jailbreak a PS3 with a usb stick?
TheSeks
Blinded by the luminous glory that is David Bowie's physical manifestation.
(12-29-2010, 04:18 PM)
TheSeks's Avatar

Originally Posted by snk2

I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.

The current downgrader has a very small chance of breaking the blu-ray drive's playback. Which makes me leery.

And open-source downgrader is more than once now, maybe? I haven't honestly been following, but the "LOL ONE DOWNGRADE ONLY" totally turned me off when it was released by the PSjailbreak team or whatever.

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.

Give me CWCheat ability for offline applications and MMMMM-yes on OFW.

Free money in Ass Creed 2/3's singleplayer? Yes, please.
N.A
Member
(12-29-2010, 04:21 PM)
N.A's Avatar

Originally Posted by test_account

I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?

Those unsigned programs can be signed and run on any retail PS3.
carlosp
Banned
(12-29-2010, 04:21 PM)
this mean CFW. We will soon get our own update files just like on PSP and will be able to run homebrew.
Nuclear Muffin
Banned
(12-29-2010, 04:22 PM)
Nuclear Muffin's Avatar
So from my understanding, they can make homebrew applications that have the official Sony signature key. This means that you don't even need to hack the PS3 anymore, you just load the file onto your unmodified system using any USB device and the PS3 just treats it as a normal PSN game.

So basically, Sony are completely fucked.
ClovingWestbrook
Banned
(12-29-2010, 04:22 PM)
ClovingWestbrook's Avatar
And it means that 3.5 and beyond has been hacked. Until Sony creates new hardware from what others are saying.
Lostconfused
I can make you pick a fight
With someone twice your size
(12-29-2010, 04:22 PM)
Lostconfused's Avatar

Originally Posted by carlosp

this mean CFW. We will soon get our own update files just like on PSP and will be able to run homebrew.

Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?
test_account
XP-39Cē
(12-29-2010, 04:23 PM)
test_account's Avatar

Originally Posted by N.A

Those unsigned programs can be signed and run on any retail PS3.

Ah ok, i see, so no need to jailbreak the PS3 first, just run the files like original files. Thanks for the info! :)
BladeoftheImmortal
Member
(12-29-2010, 04:23 PM)
BladeoftheImmortal's Avatar

Originally Posted by N.A

Those unsigned programs can be signed and run on any retail PS3.

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?
ClovingWestbrook
Banned
(12-29-2010, 04:24 PM)
ClovingWestbrook's Avatar

Originally Posted by BladeoftheImmortal

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

From what it sounds like, yes. Just sign the program and you're good to go.
Mr_Brit
Banned
(12-29-2010, 04:25 PM)
Mr_Brit's Avatar

Originally Posted by Lostconfused

Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?

Yeah, if this is true doesn't it mean we can run homebrew on any PS3 whether it's hacked or not?
MjFrancis
Member
(12-29-2010, 04:26 PM)
MjFrancis's Avatar
CFW? For my PS3? Christmas lingers on, folks!
mugurumakensei
Member
(12-29-2010, 04:26 PM)
mugurumakensei's Avatar

Originally Posted by Mr_Brit

Yeah, if this is true doesn't it mean we can run homebrew on any PS3 whether it's hacked or not?

That's pretty much it.
BladeoftheImmortal
Member
(12-29-2010, 04:26 PM)
BladeoftheImmortal's Avatar

Originally Posted by LovingSteam

From what it sounds like, yes. Just sign the program and you're good to go.

Damn, so it's even more vulnerable than the PSP was now.
ReyBrujo
Member
(12-29-2010, 04:26 PM)
ReyBrujo's Avatar
This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.
Nuclear Muffin
Banned
(12-29-2010, 04:27 PM)
Nuclear Muffin's Avatar

Originally Posted by BladeoftheImmortal

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

Yes, you don't need CFW.
ClovingWestbrook
Banned
(12-29-2010, 04:27 PM)
ClovingWestbrook's Avatar

Originally Posted by Psgroove

Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. The talk got very technical at this point, and I'm still grasping at understanding it all. The major highlights though were, dongle-less jailbreaking and the ability to sign our own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-...#ixzz19WDqEa9r

Here
mugurumakensei
Member
(12-29-2010, 04:27 PM)
mugurumakensei's Avatar

Originally Posted by ReyBrujo

This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.

Nah, they showed how to generate a private key using this constant.
N.A
Member
(12-29-2010, 04:28 PM)
N.A's Avatar

Originally Posted by BladeoftheImmortal

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

I believe the backup manager uses BDEMU which Sony could (and maybe already have) removed from retail PS3 firmware. Though a workaround will probably be made.
Sporran
Member
(12-29-2010, 04:28 PM)
Sporran's Avatar

Originally Posted by Metalmurphy

I fear for online cheaters :/

Anything but this :(
Machado
Member
(12-29-2010, 04:28 PM)
Machado's Avatar
what does this finally mean?
carlosp
Banned
(12-29-2010, 04:29 PM)

Originally Posted by Lostconfused

Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?

no, because you need a way to put them on your ps3 and the normal system doesnt allow any kind of executable data transfer between a USB stick and the PS3 file system. This means we need some kind of hack which allows us do so. Even installing a FTP client needs access to the file system first, but that is only a matter of hours then days. I will probably be able to hack my ps3 tomorrow already.
H_Prestige
Banned
(12-29-2010, 04:29 PM)

Originally Posted by BladeoftheImmortal

Damn, so it's even more vulnerable than the PSP was now.

Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.
Valkyr Junkie
Member
(12-29-2010, 04:31 PM)
Valkyr Junkie's Avatar

Originally Posted by H_Prestige

Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.

Technically even as the "most locked down system" from a security standpoint, it was still by far the most open platform in other regards.
alr1ght
bish gets all the credit :)
(12-29-2010, 04:31 PM)
alr1ght's Avatar

Originally Posted by Sporran

Anything but this :(

Hopefully they can detect and ban.
xero273
Member
(12-29-2010, 04:31 PM)
xero273's Avatar
maybe now we can get hddloader on bc ps3 which doesn't require a boot disc

Thread Tools