So they starting hacking PS3 to bring Linux back huh...what a bunch of bull shit. Without the USB jig none of these so called hackers would come to the scene or be able to actually write exploits for running unsigned code. The jig was the catalyst behind everything that followed afterward; they would have stayed where they were with or without linux if not for the Jig. Plain and fucking simple.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
fail0verflow - PS3 Private Key + PSP Key + PS3's Blu-Ray Key found, FW 3.50 decrypted
- Thread starter N.A
- Start date
badcrumble
Member
Given that the feature was supposedly up and running perfectly well in the debug firmware about two years ago, it might just be a matter of enabling it. Who knows.greatestjediever said:
Truespeed said:
Hmmm, my memory is vague on this, it might've been better kernel and multitasking support. Either way, I'm quite certain the GameOS/SDK side quickly grew to have superior SPU support, but there was an awkward phase where there were a few complaints, iirc. My point was that Sony wasn't limiting Cell access at all.
All I've seen are compile fixes. It wasn't in a usable state before Sony yanked linux, and I'd be shocked if that's changed. glgears ran, slowly. I don't think texture-mapping ever worked. I used to build MesaGL for the cell every couple of months to see how it was doing. I think they decided to concentrate on llvm for the Cell a long time ago (which is why the regular Cell driver was so dead), but the llvm Cell port isn't doing much better from what I can tell.
luca_29_bg
Member
The "epic" part really came about due to the completely inexcusable ECDSA signature screwup. We were left speechless by that one. However, as a whole, the entire PS3 architecture is terrible. Especially after breaking it open and properly analyzing it and finding a ton of screwups (many critical), there is absolutely no doubt in our mind that the sole reason why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system (that, and maybe hype around their hypervisor and isolated SPE security, both of which turned out to be terribly bad). If you watch the talk you'll actually see that we make this point clear and address the time-to-hack of the PS3. Given our experience and what we've learned from people who work on console hacks, almost nobody tried until OtherOS was removed, so the only valid measurement for "time to hack", as a strength-of-security measure, is the time since OtherOS was removed (9-12 months or so).
OtherOS was Sony's single best security feature.
From Marcan (take it from another forum)
Someone don't believe this right ?
OtherOS was Sony's single best security feature.
From Marcan (take it from another forum)
Someone don't believe this right ?
The Faceless Master
Member
sure. i mean *it just works* in debug consoles right? like how they showed in that old video...mysticwhip said:
The Faceless Master
Member
using the same random number to generate multiple sigs! crazy beard math guy explained.njmzhang said:
Metalmurphy
Member
luca_29_bg said:
I remember a few years ago in another hacking convention people were saying the opposite... sure, it's epic fail now, and easy as pie... after it's done, and 4 years later.
Metalmurphy
Member
brotkasten said:
You'd be using memory that's allocated to the games. Custom soundtracks can be used, but they cost memory, games that don't use it are most likely using that memory for something else.
Elfforkusu
Member
Much easier to spout nonsense than bother to learn anything, I guessRobertM said:
Watched all three parts of the conference. So the they hacked ps3 because Linux was removed because it needs to run on everything including a toaster. They mentioned the USB exploit but would not identify the source of how that exploit was obtained. Their work was an extension of what's been done by Geohot and the USB exploit (which I believe was obtained illegally and it was somewhat joked on as the source was from the "southern hemisphere"!)
Congratulations!
I don't get these guys. I guess they love Linux! Lesson for Sony, Microsoft, and Nintendo. You need to offer Linux support in some form. Everything needs to be a open platform. You need to run to be able run homebrew on your platform!!
Congratulations!
I don't get these guys. I guess they love Linux! Lesson for Sony, Microsoft, and Nintendo. You need to offer Linux support in some form. Everything needs to be a open platform. You need to run to be able run homebrew on your platform!!
Elfforkusu
Member
Yes?sajj316 said:
People like to run what they want on the hardware they paid for, and a subset of those people are very skilled at (and enjoy) breaking things and figuring out how they work.
The USB exploit (more specifically, an imitation that did the same thing) was assuredly used in their work exploring the inner workings of the PS3, but it's patently ridiculous to argue that nothing would've gotten off the ground without it. It just would've taken a little longer. The wheels have been turning since Sony removed OtherOS, and now the deed is done. OtherOS is back, albeit in a different form.
Basileus777
Member
njmzhang said:
They explain it with fair amount of detail in the third part of their conference. Start from about 5:10.
http://www.youtube.com/watch?v=Eag0VyRTld8&playnext=2&list=UL
H_Prestige
Banned
I wonder if it is possible to obtain the 360's private key as well. Is the ps3 the first console to be broken open like this?
MrTroubleMaker
Member
Interesting stuff, thanks for posting the videos.
onken
Member
OK just watched the whole thing. Shame they didn't say anything to distance themselves from the piracy aspect (crowd clapping and cheering when they spoke about piracy being possible, urgh).
No I think it's a crock of shit. The whole thing was blasted open by the PSJailbreak group, who wanted to make money off Geohot's exploit. Remember, Geohot's exploit was created BEFORE otheros was removed. So this revisionist history bullshit doesn't hold water at all.
I can see why they'd want to say that, though. Removal of otheros was a shitty thing to do and they want to look like they're punishing Sony by saying the piracy is because of that. Completely pointless of course, as if Sony are just going suddenly see the error of their ways and reintroduce it. No console maker is ever going to include Linux support again thanks to Geohot, end of story. That's the real tragedy to come out of all this.
luca_29_bg said:
No I think it's a crock of shit. The whole thing was blasted open by the PSJailbreak group, who wanted to make money off Geohot's exploit. Remember, Geohot's exploit was created BEFORE otheros was removed. So this revisionist history bullshit doesn't hold water at all.
I can see why they'd want to say that, though. Removal of otheros was a shitty thing to do and they want to look like they're punishing Sony by saying the piracy is because of that. Completely pointless of course, as if Sony are just going suddenly see the error of their ways and reintroduce it. No console maker is ever going to include Linux support again thanks to Geohot, end of story. That's the real tragedy to come out of all this.
SapientWolf
Trucker Sexologist
Maybe, but now the hackers get to be smug and self-righteous about it. It cost Sony goodwill but it didn't even buy them time.Metalmurphy said:
I'm just going by memory, but IIRC, Geohot's exploit wasn't until January 2010, whereas Linux was removed from the PS3 Slim (and all future PS3s) in September 2009. It seems abundantly clear at this point that the real hackers didn't have any interest in the PS3 until Sony pulled Linux from the Slim. And then that was magnified further when OtherOS was pulled altogether from all systems with firmware updates.onken said:
In any case, the whole decision to pull OtherOS seemed bewildering at the time, and has ultimately proven to be a complete waste. There were already millions of PS3s in the marketplace capable of running Linux, so removing it was never going to slow down hackers in any way at all, but it created a lot of PR backlash and lawsuits which Sony is still paying lawyers to defend. It was all just so absolutely pointless.
yurinka
Member
luca_29_bg said:
I respect Marcan, but this is bullshit.
They needed a couple of leaks from Sony to hack it:
-One to do the Jailbreak.
-Other to do the downgrade.
-Other for the Sony SDK leak.
They weren't able to start to hack until they had these leaked stuff.
OtherOs is just an excuse.
onken said:
No, yours is "revisionist bullshit."
2009: Slims launched. OtherOS in Slims is GONE. AKA: Writings on the wall. Sony won't support Linux anymore.
2010: Geohot.
2010 month later: Sony removes OtherOS from Phats. Thereby, perma-killing Linux. Before you could still use Linux on Phats in an unofficial capacity. Hackers get on board to get Linux restored, not just for the Phats. But for the Slims as well.
One argument that I would like to bring up in response to people who claim they hack because they want to be able run whatever they want on their own hardware is that I think it's apples to oranges when you buy/build a new PC and buy a game console.
When you buy/build a PC, that comes with the right to run an operating system and to multi-task by editing documents, browsing the web, ect.
Especially in the case where you build your own PC, it would be BS if Microsoft wouldn't let you install anything other than official Windows products on an intel chipset.
When you buy a video game console...you are buying a machine to play video games. There is no understood knowledge that you are building new applications or adding your own software and why should you? That's what we have PCs for.
What I'm trying to say is that when I buy a video game console, I'm not buying it for the cell processor or the video card. I'm buying it to play games on. I think it's BS when people say they should be able to do what they want on the console hardware.
When you buy/build a PC, that comes with the right to run an operating system and to multi-task by editing documents, browsing the web, ect.
Especially in the case where you build your own PC, it would be BS if Microsoft wouldn't let you install anything other than official Windows products on an intel chipset.
When you buy a video game console...you are buying a machine to play video games. There is no understood knowledge that you are building new applications or adding your own software and why should you? That's what we have PCs for.
What I'm trying to say is that when I buy a video game console, I'm not buying it for the cell processor or the video card. I'm buying it to play games on. I think it's BS when people say they should be able to do what they want on the console hardware.
j-wood said:
Going by your logic, I shouldn't be able to use my Dual Shock 3 on my computer via the Motionjoy drivers (which work great and are fantastic).
Why, Sony made the controller to only work with the PS3, not a PC. Therefore, I shouldn't be allowed to use it on anything other then a PS3. Same with the Wiimote.
Hell, by your logic the Air Force shouldn't be using the PS3s to run Linux as a cluster.
I really don't care what people do with their property just as long as they don't use it for piracy. If someone wants to install a media center on their PS3, I have no problem with them doing it.
Fusebox said:
That's true. I would also agree that it was BS that Sony removed that feature.
But I also feel like it was an added bonus. When I purchased my PS3, I thought "Oh that's a cool bonus, I can install Linux." Then I played some games.
I don't think the people at Sony ever thought that people would buy a PS3 with the intention of using the linux partition in a major way. Should they have? Maybe so.
But I personally don't understand why anyone would purchase a PS3 just to use it as a Linux box. I would build a PC for that any day of the week over using it on the PS3.
UntoldDreams said:
Watch the video. They didn't use RSA, they used an Elliptic Curve based hash algorithm (http://en.wikipedia.org/wiki/Elliptic_Curve_DSA) that requires the generation of a random number for every signature made with a given signing key. If you neglect to inject randomness in, then the private key can be easily calculated from two signatures by that key.
Sony did not incorporate a random number in their code signing facility at Sony Central, or wherever, thus the private key was easily obtainable.
They failed to use the crypto properly, and ran into the most severe failure mode possible.
ClovingWestbrook
Banned
:lol :lol :lolj-wood said:
Infinite Justice
Member
jonabbey said:
So it was the elliptic curve and sony managed to fuck it up at step 2 in the creation?
ouch
marathonfool
Member
I hope this turn of events doesn't negatively affect me as a PS3 owner. I don't care what you do with your console. But if it starts messing with my experience, then I will be against all forms of modding on the PS3.
Gravijah said:
I think consoles fall under a different umbrella here. When you buy a music CD, it's then your property, why can't you put that online and give it to other people? It's your property to give away after all.
Consoles are a closed eco-system. That's a caveat you accept when you buy one. It's why backwards compatibility isn't always guaranteed. You can't play a SNES game on an NES.
When you buy a console, it is your property. You can set it on fire, you can move it to a new house, you can sell it. But you can't modify it because it's a closed eco-system. As much as companies try sometimes to market it that way, consoles are not PCs. It's a mistake to try and push it that way because the companies do NOT want people to use it like a PC.
InsaneZero
Member
marathonfool said:
You're just better off hating them now, since regardless of whether or not this will kickstart a wave of piracy (which it will) a security breach of this magnitude will start off a storm of new preventive measures that'll ruin the experience for everyone without doing much of anything.
j-wood said:
Are you making an ethical point or a legal point? Because legally, it's not at all clear that I can't disassemble my (60 gig) PS3 and use the Cell chip as the heating element in a toaster if I wanted to.
In the United States, the DMCA comes into play if I attempt to sell or distribute tools to violate copyright, but EULAs are not valid contracts, and what I do with my property is largely my business.
Sony is, of course, free to retaliate in whatever way they see fit. They could tinker with PSN to ban modded consoles, they could come out with a new version of the PS3 with a lot of these low level issues fixed so that they regain the exclusive ability to provide runnable firmware, they could call it quits on this generation and move PS4 up by a year.
None of that is cheap, and none of it gets them off the hook of public scorn for being so incredibly careless with their security on PS3.