Support NeoGAF

[Jocchan]

I guess they could whiteless

That's racist.

 

[AranhaHunter]

The PSP situation would be a dream scenario for Sony if the PS3 keys are actually leaked.

Indeed. Sounds like Sony's fucked with this one. CFW will be great and even I'll probably use it, but IMO, piracy will run rampant on the system, even more so than on the PSP, if this leak is what I think it is.

 

[Travado]

It took "just" 5 years for pirates to broke the PS3 security and now we have to hear things like "PS3 security is a joke, worst security ever, epic fail". :lol :lol :lol

 

[Donos]

No modchips needed for the 360.

Ok, i'm not into this stuff. Don't you have to open the 360 at all ? Then scratch half of my post. Just more HW sales for Sony then.

Also holy shit at the hacker keynotes in huge halls. Underground basement times are over.

 

[Rur0ni]

It took "just" 5 years for pirates to broke the PS3 security and now we have to hear things like "PS3 security is a joke, worst security ever, epic fail". :lol :lol :lol

Well it just took some talented individuals to take a look at it. Starting with geohot, followed by usb exploit, and then the whirlwind of interest.

 

[Prime crotch]

Unlikely. People have been pirating on 360, Wii and PS2 for years and that never really impacted software sales.

Piracy impacts games as probably does with movies, big titles aren't affected much by it, but the more nicher titles suffer, that's one of the reasons movie studios are less willing risk and churn out wider appeal titles.
So in games, even if every pirate downloads FIFA 11 it still sells by a big margin to not hurt it as much as other titles.

No modchips needed for the 360.

It's still much of a hassle for people to do it on their own, unlike how this seems to work.

 

[androvsky]

It took "just" 5 years for pirates to broke the PS3 security and now we have to hear things like "PS3 security is a joke, worst security ever, epic fail". :lol :lol :lol

It is a joke if what I'm reading is true. It's just no one bothered to read the joke until Sony decided the Slims didn't need linux.

Okay, sure, Sony did a lot of things right with the PS3's security, but it looks like they completely screwed up the most basic aspect of public-key encryption.

 

[DieH@rd]

Ok, i'm not into this stuff. Don't you have to open the 360 at all ? Then scratch half of my post. Just more HW sales for Sony then.

Yes, you have to open X360 to connect its DVD drive to PC and flash its firmware. Warranty is voided off course the moment you do that.

 

[Raist]

Well it just took some talented individuals to take a look at it. Starting with geohot, followed by usb exploit, and then the whirlwind of interest.

Yeah, I'm sure absolutely no one tried to hack the PS3 from day 1.

 

[Drkirby]

That's racist.

The whitelist and blacklist are separate but equal!

 

[Stumpokapow]

It took "just" 5 years for pirates to broke the PS3 security and now we have to hear things like "PS3 security is a joke, worst security ever, epic fail". :lol :lol :lol

You know, it is possible for the security set on the PS3 to simultaneously be very strong, use many modern techniques, and have an incredibly unprofessional failure in it as well. Because security is only as strong as the weakest link (imagine a prison with 100 security features, retinal scanners for the front door, etc but a first floor window unlocked and accessible by prisoners), once someone finds that weak element, the entire security system retroactively becomes weak.

Also the people in question aren't pirates.

 

[Gravijah]

The whitelist and blacklist are separate but equal!

HOW COME THE BLACKLIST GOTTA BE A BAD THING

 

[androvsky]

Yeah, I'm sure absolutely no one tried to hack the PS3 from day 1.

People did try, just not the right people. iirc, these guys were among those that refused to touch the PS3 while linux was still officially supported by Sony.

 

[phosphor112]

It is a joke if what I'm reading is true. It's just no one bothered to read the joke until Sony decided the Slims didn't need linux.

Okay, sure, Sony did a lot of things right with the PS3's security, but it looks like they completely screwed up the most basic aspect of public-key encryption.

It's kinda sad. They had such a great security system. Imagine what it would have been without that screw up.

Also, it's kind of sad that it took this long to hack a console with such a big screw up.

Well, phosphor is just talking about blocking this stuff from working online only, which is a lot easier to do. If all the checks are done server-side, presumably, there'd be no need to ever give the client a copy of the whitelist.

EXACTLY! Sony can protect themselves from the general population by doing this simple check. Most people want to buy COD or w/e trash game to play online. Force a check to keep them online, otherwise boot them.

 

[-viper-]

I hope this shit doesn't come any where near the online segment of the PS3.

 

[iammeiam]

Have any of the other current-gen consoles been broken in a way that allows people to sign their own random code? I thought most of the existing exploits were about glitching the systems into running unsigned code. Maybe the DSi? I know if you use a flashcart on recent DSi Firmware it fakes the headers of a random other game to pass the code-check.

 

[Rur0ni]

Yeah, I'm sure absolutely no one tried to hack the PS3 from day 1.

Yeah. People tried. There's a few billion out there. geohot gets on it for a few months and makes way for the usb jb, then comes marcan and company.

 

[Gravijah]

It's kinda sad. They had such a great security system. Imagine what it would have been without that screw up.

Also, it's kind of sad that it took this long to hack a console with such a big screw up.

Everything has a hole, someone just has to find it.

 

[Drkirby]

HOW COME THE BLACKLIST GOTTA BE A BAD THING

It all goes back several thousand years, when people worshipped sunlight and feared the dark...

 

[MrPink93485]

Sounds pretty bad. Something about hearing doomsday rampant piracy predictions and such is kind of saddening, especially when software on the PS3 isn't exactly astounding in the first place. I assume if this gets real bad, Sony will begin moving on to the next Playstation for 2012.

 

[Donos]

Yes, you have to open X360 to connect its DVD drive to PC and flash its firmware. Warranty is voided off course the moment you do that.

That's what i mean. Go to someone and say
"hey just open your Xbox dothisandthat and the you can play for free"
J6P: "nahhw"

but say
"hey go to www.CrackYourForemangrillInOneClick.ru and download this shit to your usb stick and your PS3 is ready to rock"
J6P: "done, woohoo"

I know i'm exaggerating the onclick stuff but if i read some post here correct this maybe could be possible (with CFW just like with PSP).

Also i know that CFW is made for many good things and homebrew stuff but the piratetuff sadly comes inevitable with it.

 

[Horns]

Sounds interesting, but so far the PS3 modding community hasn't really taken off even after the Jailbreak. We'll have to see how this pans out before getting excited about it.

 

[androvsky]

That's what i mean. Go to someone and say
"hey just open your Xbox dothisandthat and the you can play for free"
J6P: "nahhw"

but say
"hey go to www.CrackYourForemangrillInOneClick.ru and download this shit to your usb stick and your PS3 is ready to rock"
J6P: "done, woohoo"

I know i'm exaggerating the onclick stuff but if i read some post here correct this maybe could be possible (with CFW just like with PSP).

You could probably do it from the PS3's web browser, depending on how Sony's install permissions work.

 

[Lord Error]

Well it just took some talented individuals to take a look at it. Starting with geohot, followed by usb exploit, and then the whirlwind of interest.

Talented people were trying to do it from day one, if anything to enable GPU support under Linux, and of course other people trying to make piracy possible. Noone is going to keep trying forever of course, but eventually someone else is going to try something no one else tried before and get it. Even with Geohot he gave up first time and then next year did something different to do what he did. Whatever SCE did for their protection it has been the most successful consumer product protection I can think of. 4+ years of non existent piracy is just an unheard of on a multi-million selling product. Everything usually goes down in a matter of months, no matter how open or closed the system is.

 

[Raist]

Yeah. People tried. There's a few billion out there. geohot gets on it for a few months and makes way for the usb jb, then comes marcan and company.

That's the point, either way. The Wii was cracked day one (because of exactly the same flaw than the GC) and it didn't take long for the 360 as well.
Even if in the end it looks simple (by their standards. although it sure did take a bunch of the best people and tons of custom hardware) it's by far the most secure system we've seen so far. Not so much of an epic fail.

 

[ZAK]

So I guess Linux support does help security?

 

[Sp3eD]

All I want from this are some high quality emulators from Atari to N64. Then I can finally put my modded Xbox to bed.

 

[Zombie James]

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond.

So does this mean people running 3.41+ can get on board (eventually)? I needed to upgrade because of Netflix + GT5, I really miss having quick access to my library from the HDD

 

[Phantast2k]

So I guess Linux support does help security?

I guess so. Having Linux out of the box might have been the reason for serious hackers (like the German Chaos Computer Club, CCC) to leave the system alone.

 

[phosphor112]

Everything has a hole, someone just has to find it.

:lol

 

[loosus]

That's fucking huge if they can sign their own software using the official encryption key. It's not like they just found a file with the encryption key in it. The encryption key is not supposed to be on the silicon at all; it's supposed to be something that's stored only at Sony's headquarters.

It's similar to the public-key situation when you visit a SSL-enabled Web site. If someone had all the public and private keys for those transactions, we'd be looking at a worldwide Level 10 Fuuuuck situation.

Essentially, you can write any piece of software you want, and the PS3 isn't going to even have a clue that it's not officially licensed code. If that's not big, I don't know what is.

And it cannot be fixed to any discernible degree in future firmware versions. If Sony disables this encryption (and thus, it's resulting decryption) key, Sony kills all existing licensed PS3 software. Do you really think that is feasible? That situation would be bad both for Sony and its licencees.

As far as whitelisting/blacklisting...that's not really realistic. What is Sony going to do? Transfer your entire Blu-ray disc code to Sony through the Internet, check it, and then give you a green light? Do you know how long that would take? And what if you did just a MD5 or SHA hash? That'd be an easy workaround; just always send the same legitimate hash.

Blacklisting is more realistic in terms of "could it be done," but it'd be extremely easy to get around.

 

[androvsky]

All I want from this are some high quality emulators from Atari to N64. Then I can finally put my modded Xbox to bed.

Might as well add Dreamcast to that, it's looking like it'll run great on the PS3.

 

[ClovingWestbrook]

That's the point, either way. The Wii was cracked day one (because of exactly the same flaw than the GC) and it didn't take long for the 360 as well.
Even if in the end it looks simple (by their standards. although it sure did take a bunch of the best people and tons of custom hardware) it's by far the most secure system we've seen so far. Not so much of an epic fail.

Not true. As Stump said, they may have locked the doors, used the top of the line security system, built the home in Fort Knox with bullet proof shields around the fortress but they forgot about the screen door on the side.

 

[Agent Icebeezy]

Has the 360 hypervisor been compromised?

 

[Jex]

It took me a number of posts to realise quite how bid a deal this is.

Crikey. That's some bad news for Sony.

 

[loosus]

There is no way you can compare this to anything that -- to my knowledge -- has been done on other systems. This trumps all other security problems by default.

 

[JudgeN]

So is this key the same as the "master key"? If so I thought that wasn't suppose to be in the PS3 at all?

Hell I thought the PSP master key hadn't been found yet, so why Sony put the PS3 key in the actual PS3.

 

[H_Prestige]

Might as well add Dreamcast to that, it's looking like it'll run great on the PS3.

Is it possible for Wii games to run since they both share PPC CPU?

 

[60_gig_PS3]

All I want from this are some high quality emulators from Atari to N64. Then I can finally put my modded Xbox to bed.

I want this too.

"It only does everything" Make it so!

 

[loosus]

So is this key the same as the "master key"? If so I thought that wasn't suppose to be in the PS3 at all? Hell I thought the PSP master key hadn't been found yet.

Not sure what this "master key" thing is that you're talking about, but yeah, the whole idea of the public-private key system is that -- surprise surprise -- one key stays private. :lol

EDIT: By the way, I doubt that the key was actually stored on the PS3. Public and private keys are mathematically related, which is why they even work together. It sounds like they found a more mathematically efficient way to discover the private key than is usually the case.

 

[ClovingWestbrook]

It took me a number of posts to realise quite how bid a deal this is.

Crikey. That's some bad news for Sony.

Its akin to requiring an iris scan to enter the top security sector in tbe pentagon and someone rippying the eyes out of a person with clearance and handing a copy to all of their friends abd family.

 

[N.A]

Has the 360 hypervisor been compromised?

Only on really old systems that haven't updated the dashboard which can use the JTAG exploit.

 

[dak1dsk1]

Great news. My ps3 is collecting dust. Ultimate I hope this will lead to region free ps2 gaming, installing ps2 iso's to internal hdd and ofcourse ps2 action replay support.

 

[Zombie James]

Its akin to requiring an iris scan to enter the top security sector in tbe pentagon and someone rippying the eyes out of a person with clearance and handing a copy to all of their friends abd family.

 

[dude]

Well, phosphor is just talking about blocking this stuff from working online only, which is a lot easier to do. If all the checks are done server-side, presumably, there'd be no need to ever give the client a copy of the whitelist.

Unless 100% of PS3 consoles are online, they couldn't do it. Just think of requiring every game to be online to be activated...

 

[Mr_Brit]

Has the 360 hypervisor been compromised?

Yes but only on pre NXE systems, dvd drive flashing aside, only pre NXE 360are hackable so in a way Microsoft's security beat Sony's.

 

[loosus]

Just going to say this again: requiring a system to be online to play a game wouldn't really fix this problem to begin with. There is no feasible way to whitelist a large piece of code.

 

[androvsky]

Yes but only on pre NXE systems, dvd drive flashing aside, only pre NXE 360are hackable so in a way Microsoft's security beat Sony's.

In a way that ignores piracy, which is really all the device makers care about.

 

[Cataferal]

This is fantastic news. My PS3's Blu-ray drive has gone kaput (and I'm out of warranty), so to have a working ISO loader would mean my catalogue won't be going to waste.

 

[human5892]

Unless 100% of PS3 consoles are online, they couldn't do it. Just think of requiring every game to be online to be activated...

What they're suggesting is the use of a whitelist to stop modded code from going online -- nothing would prevent it from running locally on an offline PS3. It's obviously not a complete solution by any means, but it would at least prevent rampant cheating from hitting PSN.