The demo will be here: http://saal3.h264.27c3.fem-net.de/ sometime in the next couple of hours.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
fail0verflow - PS3 Private Key + PSP Key + PS3's Blu-Ray Key found, FW 3.50 decrypted
- Thread starter N.A
- Start date
intheinbetween
Member
UntoldDreams said:
What you're suggesting doesn't solve the problem. The problem is that Sony's private signing key is now public. That means anyone can create an executable that your PS3 thinks is a legitimate Sony-signed executable.
This is akin to someone stealing Amazon's private SSL key. This means they can pretend to be Amazon, and neither your browser nor you would be able to tell that they're not Amazon.
Sony is in a big bind here. If they revoke the old key, then none of the old games will work. If they leave the old key alone, then anyone can sign something as Sony, and any PS3 will accept that signature as legitimate. Including firmware that bypasses piracy checks. Or game executables with cheats hacked in.
If they revoke the old key and then implement a white list to do a secondary hash check on executables signed with the old key, people can still downgrade the firmware because the PS3 doesn't have a working anti-downgrade check, unlike the 360.
IMHO the only solution is a hardware revision. New games will be signed with a new key. New PS3s will use the new key, and a whitelist for old games. New PS3s will need to have a working anti-downgrade check.
I'm pretty sure existing PS3s will be unfixable though they'll probably try to hack something into the firmware to at least check new games against the new key (even if bootloader/firmware updates can't be made totally secure).
MrNyarlathotep
Banned
Slavik81 said:
I have to say you've got off pretty lucky.
I see people blatantly wallhacking / speedhacking / aimbotting on TF2 at least a couple of times a month, although I tend to play on servers where there are active admins so they can be dealt with.
lowrider007
Licorice-flavoured booze?
I'm probably being naive but don't these hackers realise the potential consequences of their actions? why do they do this shit?, I'd honestly feel too guilty myself thinking about potential job loses and effect it has on developers and consumers etc
As one of the guys working on one of the bigger USB Loaders for Wii, I can say that I don't feel guilty for what people do with it, but I do despise them for it. We veto any new feature proposals that can only be used for piracy, though, as none of the developers on the current team condone it.
We can't stop the users pirating, but if there is a valid benefit for non-pirates, I see it as useful to provide it to those that can use it responsibly.
Oh, and it's also fun to play with the idiot pirates sometimes. I love receiving complaints about the pirate trap I added to the IOS236 Installer as it's nice to deal some relatively harmless retribution to those not using the software for its intended use.
We can't stop the users pirating, but if there is a valid benefit for non-pirates, I see it as useful to provide it to those that can use it responsibly.
Oh, and it's also fun to play with the idiot pirates sometimes. I love receiving complaints about the pirate trap I added to the IOS236 Installer as it's nice to deal some relatively harmless retribution to those not using the software for its intended use.
Subliminal
Member
This is really funny.
This is nowhere near the end of the ps3.
Piracy will still be very difficult (Big game sizes. No proper HDD Loader.)
This is nowhere near the end of the ps3.
Piracy will still be very difficult (Big game sizes. No proper HDD Loader.)
demo is on: http://saal3.h264.27c3.fem-net.de/
darkpaladinmfc
Member
You can run games off the HDD already, and game sizes are mostly around 10GB -- the only 'big' games I know of are FF13 and God of War 3 which both are 40GB or something like that.Subliminal said:
MarkMclovin
Member
hteng said:
Not many and I'm sure are easily found. But being able to easily cheat on MP games on your PS3 will produce a large wave of mother fuckers who will have a laugh doing it.
Secondly, it's easier to find a lobby/server that will have legit players on the PC. And the servers run tools that find people with exploits. Do the servers for console games have the same tools?
Mailenstein
Member
I saw marcan for a minute... Did I miss the whole thing?Valru said:
Starwolf_UK
Member
Ugh, missed most of it. Saw the linux terminal working but it buffered during the questions so I missed most of that. From what I did hear of the questions though marcan (?) said the plan was to release a firmware update that essentially replaces the game side of things with Linux and he also reiterated the fact that its not an exploit but an epic fail as Sony effectively gave away the private key mathematically so they don't have to exploit anything, just sign stuff.Valru said:
Diablohead
Member
Half of this info is way over my head yet I still love hearing about it, it feels like I am learning!Valru said:
Mailenstein
Member
Too bad I missed it live, but I will catch up via YT later. Thanks for the info tho, mateJADS said:
.aaaaa0 said:
Actually I don't think that ppl will be forced to downgrade ever again dude. One of the slides (third vid, 1:55) is listing all the levels of code and whether they are updateable and revocable. The chain goes like this: bootldr -> lv0 -> metldr loading lv1ldr loading lv1 -> other stuff. They said this chain is busted due to second read and validation on that second read which also indicated that they can bait and switch lv0 lv1ldr and lv1 code at will. And since decryption starts with lv1ldr and you can run something underneath it, whatever changes in firmware security Sony comes up with, they can decrypt, analyze, change and repackage as "vanilla" firmware.
kitch9 said:
Microsoft has dealt with this well with the JTAG exploit. They remotely upload code to your system whilst you are connected to live that checks for anything that shouldn't be there and anyone with a JTAG'd console is banned within a couple of hours. Unless there is some amazing way they can hide every piece of homebrew on a system and prevent Sony from detecting anything that shouldn't be in RAM Sony should be able to detect cheaters.
The way I see it going:
Offline Play/Piracy: Cat & mouse but Sony won't permanently shut the door.
PSN: Cheating for a couple of months but Sony will eventually stop people going online.
Mailenstein
Member
Dreamgazer
Member
Dead Man said:
Don't tell him to calm down!
This is serious business! BFBC2 is like crack to some of us!
Mailenstein
Member
Well, Sony can't patch this, mate. And as far as PSN goes, it won't be a problem to go online, even with a modified game image. It's gonna happen and we all know that.darkwing said:
Mailenstein
Member
Comparing the 360 (even jtagged) and PS3 is the mistake you are doing here.Mr_Brit said:
darkpaladinmfc
Member
JTAG lets your 360 run unsigned code, so the game will still be unsigned and therefore different to a real copy. This hack presumably will let you sign your games, so the game will be exactly the same as a real copy.darkwing said:
Mailenstein
Member
I'm really not pro online hacking, but what does let you believe Sony can win this? There is always a way around and there will be for PSN@PS3. People also said "You flash your PSP, you loose PSN access.". And then PSNlover/-fucker came around the corner.darkwing said:
Exactly.darkpaladinmfc said:
test_account
XP-39C²
It's always possible to include cd-keys. This wont be used for offline gaming, but it is needed for online gaming. Some PS3 games already have this (mostly to battle used game sales), like Medal of Honor, so it is possible. I dont think that this will be the first solution that is chosen, but if everything else fails, cd-keys is a solution at least.Mailenstein said: