NeoGAF

N.A · 05:58 PM

Updates 09/01: (newer updates at the top)

Geohot Releases Signing Tools

Geohot Releases 3.55 Jailbreak

Updates 08/01:

Summary of the hack by GamesIndustry.biz

Updates 07/01:

Geohot Demos Homebrew on 3.55

KaKaRoTo Downgrades v3.55 PS3 Console to v3.41

Updates 06/01:

Marcan shows Linux demo on PS3 Slim

Excellent BBC Summary of Events

Updates 05/01:

KaKaRoToKS releases first PoC Custom Firmware (not recommended for use)

Updates 03/01:

Digital Foundry Article: Hackers leave PS3 security in tatters

3.50/3.55 appldr keys found

PSP Keys Found

Quote:

From Mathieu's Twitter:
Got the kirk engine keyz :P

I can encrypt/sign anything on psp now.

PS3 Blu Ray AACS Keys Vulnerable

Quote:

<@Mathieulh> so, question, who's gonna grab sony's AACS keys from the .isoself module and leak them ? xD
<@Mathieulh> I don't want to leak AACS shit
<@Mathieulh> too risky xD

Geohot Releases Metldr Key - All other keys vulnerable

fail0verflow opens git, releases tools.

Original Post from 29/12:

This is from the guys behind the Homebrew Channel. Revealed today at 27c3.

Video of presentation:
Part 1: http://www.youtube.com/watch?v=X6CA4fqAdsc
Part 2: http://www.youtube.com/watch?v=X8ohOy8_XO4
Part 3: http://www.youtube.com/watch?v=Eag0VyRTld8

Nice summary from PSGroove.com:

Quote:

Sony's PS3 Security is Epic Fail

The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot's memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.

Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

The team then displayed the website http://fail0verflow.com/ were we assume will host examples of the new exploits and further details. They stated that easy to use tools would be coming next month.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-...#ixzz19WMUJZAE

Essentially this will allow anyone to sign executables and run them on any retail PS3.

http://www.fail0verflow.com/

From fail0verflow's twitter:

Quote:

Our current PS3 goal: AsbestOS.pup

(AsbestOS is marcan's linux loader for PS3)

Quote:

our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.

badcrumble · (12-29-2010, 03:01 PM)

Soooo... is that somehow different from this? http://www.neogaf.com/forum/showthread.php?t=415191 What are the 'private keys' exactly?

PetriP-TNT · (12-29-2010, 03:01 PM)

The private key is 4?

Nuclear Muffin · (12-29-2010, 03:02 PM)

What is this for? Activating debug mode on any firmware?

I thought that hackers already found a code?

N.A · (12-29-2010, 03:02 PM)

Originally Posted by PetriP-TNT:

The private key is 4?

No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.

rhfb · (12-29-2010, 03:04 PM)

Originally Posted by PetriP-TNT:

The private key is 4?

Picture is from a webcomic. Check out xkcd. I'd link the actual comic but I'm on my phone.

Can't wait to see what the best homebrew people can do with this.

xero273 · (12-29-2010, 03:04 PM)

Originally Posted by Nuclear Muffin:

What is this for? Activating debug mode on any firmware?

I thought that hackers already found a code?

my guess is they should be able to do something like cfw now since they have the private keys.

Superblatt · (12-29-2010, 03:05 PM)

Originally Posted by N.A:

No. The 'random' number used to create the private key is always 4. Some hippy guy then showed some extremely long equation to work out the private key.

So what does this mean as of today? Or better yet, what are the implications?

N.A · (12-29-2010, 03:06 PM)

The implications are (and they pretty much said) that they can now sign executables and the PS3 can't tell the difference.

BladeoftheImmortal · (12-29-2010, 03:07 PM)

This means CFW, right? no more PS3 jailbreaker everytime I turn it on? *Squeal*

captmcblack · (12-29-2010, 03:07 PM)

If and only if this leads to CFW and true, straight-to-the-metal hacking/homebrew/apps/emulation like on the original Xbox and in the good-old PSP days, I am interested and will move to a PS3 Slim (leaving my OG 60GB for the hacking).

ClovingWestbrook · (12-29-2010, 03:07 PM)

Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.

PetriP-TNT · (12-29-2010, 03:10 PM)

Originally Posted by N.A:

No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.

Oh, you're right. I thought that was getprivatekey instead of getrandomnumber :/

(and yeah, I know that that is from a webcomic)

TheSeks · (12-29-2010, 03:11 PM)

Originally Posted by LovingSteam:

Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.

Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?

Double D · (12-29-2010, 03:11 PM)

CozMick · (12-29-2010, 03:11 PM)

So firmware updates are now useless correct?

BladeoftheImmortal · (12-29-2010, 03:12 PM)

Originally Posted by CozMick:

So firmware updates are now useless correct?

Until they change the internals of the system, like they did with PSP3000, yes.

H_Prestige · 03:17 PM

Originally Posted by LovingSteam:

Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.

Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

Or does this mean we can run homebrew apps without hacking?

snk2 · (12-29-2010, 03:15 PM)

Originally Posted by TheSeks:

Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?

I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.

Dunno bout CWcheat, but it would be nice.

pcostabel · (12-29-2010, 03:17 PM)

Originally Posted by H_Prestige:

Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.

Metalmurphy · (12-29-2010, 03:18 PM)

Originally Posted by pcostabel:

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.

Any firmware?

I fear for online cheaters :/

alr1ght · (12-29-2010, 03:18 PM)

interesting. Keep that shit offline and all is good.

H_Prestige · (12-29-2010, 03:18 PM)

Originally Posted by pcostabel:

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.

Damn, that sounds awesome.

badcrumble · (12-29-2010, 03:18 PM)

CWCheat would basically be fantastic for some games, but I'd rather not get locked out of the PSN.

On the other hand if this means we can make the .mkv container playable and enable cross-game voice chat (already in the debug firmware) that'd be awfully nice. Also, region-free PS2 gaming would be nice.

test_account · (12-29-2010, 03:18 PM)

I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?

Originally Posted by H_Prestige:

Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

No, i dont think that will work.

EDIT: Assuming that you mean that it is possible to jailbreak a PS3 with a usb stick?

TheSeks · (12-29-2010, 03:18 PM)

Originally Posted by snk2:

I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.

The current downgrader has a very small chance of breaking the blu-ray drive's playback. Which makes me leery.

And open-source downgrader is more than once now, maybe? I haven't honestly been following, but the "LOL ONE DOWNGRADE ONLY" totally turned me off when it was released by the PSjailbreak team or whatever.

Quote:

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.

Give me CWCheat ability for offline applications and MMMMM-yes on OFW.

Free money in Ass Creed 2/3's singleplayer? Yes, please.

N.A · (12-29-2010, 03:21 PM)

Originally Posted by test_account:

I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?

Those unsigned programs can be signed and run on any retail PS3.

carlosp · (12-29-2010, 03:21 PM)

this mean CFW. We will soon get our own update files just like on PSP and will be able to run homebrew.

Nuclear Muffin · (12-29-2010, 03:22 PM)

So from my understanding, they can make homebrew applications that have the official Sony signature key. This means that you don't even need to hack the PS3 anymore, you just load the file onto your unmodified system using any USB device and the PS3 just treats it as a normal PSN game.

So basically, Sony are completely fucked.

ClovingWestbrook · (12-29-2010, 03:22 PM)

And it means that 3.5 and beyond has been hacked. Until Sony creates new hardware from what others are saying.

Lostconfused · (12-29-2010, 03:22 PM)

Originally Posted by carlosp:

this mean CFW. We will soon get our own update files just like on PSP and will be able to run homebrew.

Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?

test_account · (12-29-2010, 03:23 PM)

Originally Posted by N.A:

Those unsigned programs can be signed and run on any retail PS3.

Ah ok, i see, so no need to jailbreak the PS3 first, just run the files like original files. Thanks for the info! :)

BladeoftheImmortal · (12-29-2010, 03:23 PM)

Originally Posted by N.A:

Those unsigned programs can be signed and run on any retail PS3.

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

ClovingWestbrook · (12-29-2010, 03:24 PM)

Originally Posted by BladeoftheImmortal:

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

From what it sounds like, yes. Just sign the program and you're good to go.

Mr_Brit · (12-29-2010, 03:25 PM)

Originally Posted by Lostconfused:

Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?

Yeah, if this is true doesn't it mean we can run homebrew on any PS3 whether it's hacked or not?

MjFrancis · (12-29-2010, 03:26 PM)

CFW? For my PS3? Christmas lingers on, folks!

mugurumakensei · (12-29-2010, 03:26 PM)

Originally Posted by Mr_Brit:

Yeah, if this is true doesn't it mean we can run homebrew on any PS3 whether it's hacked or not?

That's pretty much it.

BladeoftheImmortal · (12-29-2010, 03:26 PM)

Originally Posted by LovingSteam:

From what it sounds like, yes. Just sign the program and you're good to go.

Damn, so it's even more vulnerable than the PSP was now.

ReyBrujo · (12-29-2010, 03:26 PM)

This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.

Nuclear Muffin · (12-29-2010, 03:27 PM)

Originally Posted by BladeoftheImmortal:

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

Yes, you don't need CFW.

ClovingWestbrook · (12-29-2010, 03:27 PM)

Originally Posted by Psgroove:

Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. The talk got very technical at this point, and I'm still grasping at understanding it all. The major highlights though were, dongle-less jailbreaking and the ability to sign our own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-...#ixzz19WDqEa9r

Here

mugurumakensei · (12-29-2010, 03:27 PM)

Originally Posted by ReyBrujo:

This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.

Nah, they showed how to generate a private key using this constant.

N.A · (12-29-2010, 03:28 PM)

Originally Posted by BladeoftheImmortal:

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

I believe the backup manager uses BDEMU which Sony could (and maybe already have) removed from retail PS3 firmware. Though a workaround will probably be made.

Sporran · (12-29-2010, 03:28 PM)

Originally Posted by Metalmurphy:

I fear for online cheaters :/

Anything but this :(

Machado · (12-29-2010, 03:28 PM)

what does this finally mean?

carlosp · (12-29-2010, 03:29 PM)

Originally Posted by Lostconfused:

Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?

no, because you need a way to put them on your ps3 and the normal system doesnt allow any kind of executable data transfer between a USB stick and the PS3 file system. This means we need some kind of hack which allows us do so. Even installing a FTP client needs access to the file system first, but that is only a matter of hours then days. I will probably be able to hack my ps3 tomorrow already.

H_Prestige · (12-29-2010, 03:29 PM)

Originally Posted by BladeoftheImmortal:

Damn, so it's even more vulnerable than the PSP was now.

Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.

Valkyr Junkie · (12-29-2010, 03:31 PM)

Originally Posted by H_Prestige:

Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.

Technically even as the "most locked down system" from a security standpoint, it was still by far the most open platform in other regards.

alr1ght · (12-29-2010, 03:31 PM)

Originally Posted by Sporran:

Anything but this :(

Hopefully they can detect and ban.

xero273 · (12-29-2010, 03:31 PM)

maybe now we can get hddloader on bc ps3 which doesn't require a boot disc