Support NeoGAF

[Infinite Justice]

So let me get this straight, this hack could lead to the possibility of playing any backup games no matter the firmware, and also will let us play online.

Since they can now sign their stuff, then yes?

maybe sony can do something about online since thats their side

 

[timetokill]

Merry Christmas to us all! I'm interested to see what happens with this. So funny that these guys were encouraged after Sony took out OtherOS :lol

 

[sajj316]

Since they can now sign their stuff, then yes?

maybe sony can do something about online since thats their side

Right. You own the machine. You don't own PSN.

Merry Christmas to us all! I'm interested to see what happens with this. So funny that these guys were encouraged after Sony took out OtherOS :lol

This is interesting to me as well. All these years and it wasn't even in their sight. Sony takes out OtherOS ... hackers say, "Sony, we gonna own you now".

 

[UntoldDreams]

I'd like to take this moment to explain two security concepts.

#1) Security through obscurity

Something Microsoft was very guilty of in the past and why Windows sucked hard for such a long time.

This means you try to protect your treasure chest of gold by burying it somewhere secret and write the location on a treasure map. If someone finds the map or secretly watches you digging it up... They can EASILY go and get your gold.

#2) Security without obscurity

This means we take a treasure chest and place it in a 10 ton steel safe in a bomb shelter buried 2 miles under the earth. Armed guards walk around the entrance with robotic dogs immune to biological attack. The dogs shoot lasers as well.

Even if you know where the treasure is won't matter. Its impossible to break through security unless you are Superman.

=====
Security through obscurity is a cheap, effective method only so far as no one figures out what you did. History has proven its a crappy system though for large scale high volume solutions.

Hence you must always have a combination of #1 and #2 and not rely predominantly on obscurity alone.

Sony apparently was relying a lot more on #1 than they should have. The robustness of their system relies on private keys which apparently weren't that hard to reverse engineer. There are several brute force techniques they could have/should have used which everyone in the PC computer world is well aware of.

 

[ClovingWestbrook]

I'd like to take this moment to explain two security concepts.

#1) Security through obscurity

Something Microsoft was very guilty of in the past and why Windows sucked hard for such a long time.

This means you try to protect your treasure chest of gold by burying it somewhere secret and write the location on a treasure map. If someone finds the map or secretly watches you digging it up... They can EASILY go and get your gold.

#2) Security without obscurity

This means we take a treasure chest and place it in a 10 ton steel safe in a bomb shelter buried 2 miles under the earth. Armed guards walk around the entrance with robotic dogs immune to biological attack. The dogs shoot lasers as well.

Even if you know where the treasure is won't matter. Its impossible to break through security unless you are Superman.

=====
Security through obscurity is a cheap, effective method only so far as no one figures out what you did. History has proven its a crappy system though for large scale high volume solutions.

Hence you must always have a combination of #1 and #2 and not rely predominantly on obscurity alone.

Sony apparently was relying a lot more on #1 than they should have. The robustness of their system relies on private keys which apparently weren't that hard to reverse engineer. There are several brute force techniques they could have/should have used which everyone in the PC computer world is well aware of.

If I could give you rep for this post, I would.

 

[Tiduz]

Well fuck. If this works out how i think its going too, i might have to jump ship to 360 online.

i HATE HATE HATE cheaters and hope they get aids.
(the cheaters, not the exploit guys)

 

[Slayer-33]

Ah well, at least PS3 can finally start selling in 3rd world countries.

Sad but It's true :lol ... shit will sell ass tons now... Sony just needs to start shipping

Well fuck. If this works out how i think its going too, i might have to jump ship to 360 online.

i HATE HATE HATE cheaters and hope they get aids.
(the cheaters, not the exploit guys)

Cheating is such a bitch I feel you.

 

[darkpaladinmfc]

Well fuck. If this works out how i think its going too, i might have to jump ship to 360 online.

i HATE HATE HATE cheaters and hope they get aids.
(the cheaters, not the exploit guys)

There are cheaters on 360 too :lol.

 

[Tiduz]

There are cheaters on 360 too :lol.

yeah but atleast they get a nice ban. Sony seems to not care.

 

[ClovingWestbrook]

Well fuck. If this works out how i think its going too, i might have to jump ship to 360 online.

i HATE HATE HATE cheaters and hope they get aids.
(the cheaters, not the exploit guys)

What a dumbass statement to make. Hopefully you're being facetious. Secondly, you DO realize that the 360 is rampant with cheaters as well, right?

 

[sajj316]

Sony apparently was relying a lot more on #1 than they should have. The robustness of their system relies on private keys which apparently weren't that hard to reverse engineer. There are several brute force techniques they could have/should have used which everyone in the PC computer world is well aware of.

Good post. Rep + 1

An overflow ... a freaking overflow did it. It took this long?? You can't tell me that PS3 was not popular enough or the elite hackers didn't care because OtherOS was an 'olive' branch.

 

[Dorfdad]

So does this mean we will be able to install games to the HD to run from? This would be a GOD SEND FOR those of us with 500 GB drives I own 45 games but I hate switching them in and out would love an install feature to speed things up!

Also will they be able to tell who has this online?

 

[Mr. Mister]

Attempts to study direct causal effects of piracy show, if anything, the opposite: the promotional benefits of piracy tend to apply only to relatively niche and unknown properties, which means they actually make up for lost sales by finding new customers in a way that blockbuster content does not.

This got my attention. Mind showing me this research?

 

[Tiduz]

What a dumbass statement to make. Hopefully you're being facetious. Secondly, you DO realize that the 360 is rampant with cheaters as well, right?

yeah but atleast they get a nice ban. Sony seems to not care.

You do realize how many crying threads are over on xbox.com on a daily basis cuz they got banned right?

MW2 ps3 was a POS, did sony do ANYTHING? no. i think ive only heard of ONE person being banned on psn and that was for HOME harrassment :lol

 

[Dorfdad]

PS3 sales will increase 100% next month NPD..

 

[UntoldDreams]

To clarify PSN should be protected because the entirety of the Internet works on the fact that you control your desktop computer but "WE" control the servers.

As long as the servers are under "OUR" control then you are not able to screw around too much. Its why Amazon.com is able to stay in business and YELP reviews aren't all scripted fake reviews.

*** If you control the server, you control the online network.

Anything touching PSN is still under Sony lock and key.

 

[darkpaladinmfc]

yeah but atleast they get a nice ban. Sony seems to not care.

Well I don't have XBL, but from what I've heard there are still lots of cheaters around. Also, I don't see how you can decide Sony doesn't care when nothing has even happened yet in regards to cheating :lol.

MW2 ps3 was a POS, did sony do ANYTHING? no. i think ive only heard of ONE person being banned on psn and that was for HOME harrassment :lol

It was a POS on all platforms *trollface*.

 

[charlequin]

You can't tell me that PS3 was not popular enough or the elite hackers didn't care because OtherOS was an 'olive' branch.

Err, why exactly can't I? Again, the results of hacking are somewhat binary (find a vulnerability or don't) but the efforts are very much a matter of volume: the more people you have working on a problem, and the more talented those people are, and the more different approaches they try, the more likely a vulnerability is to be found. There were certainly people working to hack PS3 from the beginning; there are also certainly more people working it now, for a variety of reasons. That would certainly influence, but not necessarily determine completely, how and when the system was cracked.

 

[Dorfdad]

You do realize how many crying threads are over on xbox.com on a daily basis cuz they got banned right?

MW2 ps3 was a POS, did sony do ANYTHING? no. i think ive only heard of ONE person being banned on psn and that was for HOME harrassment :lol

Not to make light of your concern but maybe hackers on the PS3 can fix Black Ops because the game is horrible on my PS3!!!!! Hackers please fix what Activision wont!

 

[Dorfdad]

To clarify PSN should be protected because the entirety of the Internet works on the fact that you control your desktop computer but "WE" control the servers.

As long as the servers are under "OUR" control then you are not able to screw around too much. Its why Amazon.com is able to stay in business and YELP reviews aren't all scripted fake reviews.

*** If you control the server, you control the online network.

Anything touching PSN is still under Sony lock and key.

So your saying GAMES will not run online as they use PSN? SO this is for offline use only?

 

[undu]

Sony apparently was relying a lot more on #1 than they should have. The robustness of their system relies on private keys which apparently weren't that hard to reverse engineer. There are several brute force techniques they could have/should have used which everyone in the PC computer world is well aware of.

No, the problem here is that sony would have had a very secure method of signing if it weren't for the cryptographically critical flaw.

Even though the public-key cryptography relies on a secret key, obscurity hasn't been the problem here.

 

[Elfforkusu]

The only thing that annoys me about this is that they are calling this an "epic fail"


What are they smoking? I want some

The "epic fail" is this:

The "random number generator" the PS3 uses for key signing always returns the same number. Randomness is one of the vital building blocks of cryptography.

It's difficult to fail harder.

To clarify PSN should be protected because the entirety of the Internet works on the fact that you control your desktop computer but "WE" control the servers.

As long as the servers are under "OUR" control then you are not able to screw around too much. Its why Amazon.com is able to stay in business and YELP reviews aren't all scripted fake reviews.

*** If you control the server, you control the online network.

Anything touching PSN is still under Sony lock and key.

Yes, if it looks or acts different from a normal PS3, PSN should be able to detect it.

 

[Infinite Justice]

i wonder what kind of algorithm they were using.

and how could they let it give back the same number? (if true) :lol

 

[test_account]

Not to make light of your concern but maybe hackers on the PS3 can fix Black Ops because the game is horrible on my PS3!!!!! Hackers please fix what Activision wont!

Wouldnt that require access to the game's source code, so they know what to fix?

 

[UntoldDreams]

No, the problem here is that sony would have had a very secure method of signing if it weren't for the cryptographically critical flaw.

Even though the public-key cryptography relies on a secret key, obscurity wasn't a problem here.

I was not implying public-key cryptography is flawed. That's simply untrue. There is nothing obscure about having a math number so large than all the computers on earth cannot calculate the solution without "help from a secret number".

*** I was however implying the robustness of their system allowed for this to happen in the first place. Also, I kinda disagree about obscurity not being a problem.

I think many designers if they operated under the assumption that obscurity doesn't exist will create simpler, more robust designs. The "locked safe" rather than the "buried treasure".

 

[Elfforkusu]

Err, why exactly can't I? Again, the results of hacking are somewhat binary (find a vulnerability or don't) but the efforts are very much a matter of volume: the more people you have working on a problem, and the more talented those people are, and the more different approaches they try, the more likely a vulnerability is to be found. There were certainly people working to hack PS3 from the beginning; there are also certainly more people working it now, for a variety of reasons. That would certainly influence, but not necessarily determine completely, how and when the system was cracked.

The kind of low level hacking required to expose a vulnerability of this sort almost demands a closed system to be considered worthwhile by anyone.

In more general terms, there's a lot more incentive to reinvent the wheel after somebody takes your wheel away.

 

[undu]

I was not implying public-key cryptography is flawed. That's simply untrue. There is nothing obscure about having a math number so large than all the computers on earth cannot calculate the solution without "help from a secret number".

*** I was however implying the robustness of their system allowed for this to happen in the first place. Also, I kinda disagree about obscurity not being a problem.

I think many designers if they operated under the assumption that obscurity doesn't exist will create simpler, more robust designs. The "locked safe" rather than the "buried treasure".

I agree that the public-key cryptography is secure.

But I don't really see how the rest of the security system was based on obscurity. I see that most of the security was based in public-key cryptograohy, at least when booting, the supervisor stuff is just a mess.

Alright, sorry for asking this again. But to get it straight.

Does this mean that you can run homebrew without any CFW or any kind of downgrading/ hacking?.

Yes.

 

[-PXG-]

Alright, sorry for asking this again. But to get it straight.

Does this mean that you can run homebrew without any CFW or any kind of downgrading/ hacking?

If so..holy shit. I might have to deflower my 60 GB black mamba then.

 

[sajj316]

The kind of low level hacking required to expose a vulnerability of this sort almost demands a closed system to be considered worthwhile by anyone.

In more general terms, there's a lot more incentive to reinvent the wheel after somebody takes your wheel away.

OK, I get the taking away the wheel part. If anything I would have expected hackers to expose more of the system (SPU usage) to be used by Linux (when it was offered) versus using Linux to completely open up the system.

Err, why exactly can't I? Again, the results of hacking are somewhat binary (find a vulnerability or don't) but the efforts are very much a matter of volume: the more people you have working on a problem, and the more talented those people are, and the more different approaches they try, the more likely a vulnerability is to be found. There were certainly people working to hack PS3 from the beginning; there are also certainly more people working it now, for a variety of reasons. That would certainly influence, but not necessarily determine completely, how and when the system was cracked.

Now Mr. Quin, I understand that the probability of exploiting a vulnerability is higher if you put 100 hackers in a room versus putting 25. What tipped them off? Was it as simple as .. you took my wheel away so I'm going to reinvent it? If the method to hack the PS3 was so low level yet simplistic in execution (I'm assuming), why did it take this long to find it? I believe the hackers mentioned they did not seriously work or even think about it until OtherOS was removed.

 

[-PXG-]

Imagine...a custom made web browser...mkv support...improved mouse support...being able to bypass region coding for PS1 and PS2 games... O______O

 

[TheSeks]

You do realize how many crying threads are over on xbox.com on a daily basis cuz they got banned right?

MW2 ps3 was a POS, did sony do ANYTHING? no. i think ive only heard of ONE person being banned on psn and that was for HOME harrassment :lol

And yet, TF2 Orange Box 360 has rampant cheaters, report them for hacking the console. Nothing happens.

PSN and 360 are both equal in terms of bans and do nothings. Cry more.

 

[InfiniteNine]

Imagine...a custom made web browser...mkv support...improved mouse support...being able to bypass region coding for PS1 and PS2 games... O______O

This would make me jump on this in a second.

 

[UntoldDreams]

I agree that the public-key cryptography is secure.

But I don't really see how the rest of the security system was based on obscurity. I see that most of the security was based in public-key cryptograohy, at least when booting, the supervisor stuff is just a mess.

Yes.

I'll admit that I would have to study the actual attack vector in detail before "railing against Sony" any further but...

Look this is a public-key cryptography system right?

How do you lose your private keys short of someone breaking into your office and stealing your servers? This is simply not supposed to be exposed to the public and supposed to be so computationally HEAVY that its improbable to ever determine the answer through reverse engineering.

Given that... I have a hard time accepting that there wasn't some really, really, really bad decision involved. I don't accept it because its just not supposed to happen and it shouldn't be hard to protect your private keys.

Its like me accepting that a meteor struck your car which caused you to be late rather than assuming you overslept.

 

[test_account]

Now Mr. Quin, I understand that the probability of exploiting a vulnerability is higher if you put 100 hackers in a room versus putting 25. What tipped them off? Was it as simple as .. you took my wheel away so I'm going to reinvent it? If the method to hack the PS3 was so low level yet simplistic in execution (I'm assuming), why did it take this long to find it? I believe the hackers mentioned they did not seriously work or even think about it until OtherOS was removed.

Maybe they needed the PS3 Jailbreak device first before they could find it. Kinda like the PS Jailbreak device was the key that unlocked the door which made it much easier to open the door completely. Without the PS3 Jailbreak device, i dont think that the PS3 would have been hacked by now (not sure if GeoHot's method really did much when it comes to more "heavy" PS3 hacking).

 

[phosphor112]

Just ask yourself if the PS1/PS2 were dead when they got hacked.

Completely different situations. I'm not saying PS3 will die (that's laughable) it's just that hacks and games are easier to get than ever, and if what they say is true, these pirates will be able to simply plug in an external hard drive and play a game, unlike requiring soft/hard mods.

 

[test_account]

Imagine...a custom made web browser...mkv support...improved mouse support...being able to bypass region coding for PS1 and PS2 games... O______O

I dont have to imagine it, we already have it on the PC hehe (i know what you mean though, it would be a bit different if it was on the PS3, i agree to that ).

 

[Dreams-Visions]

I'll admit that I would have to study the actual attack vector in detail before "railing against Sony" any further but...

Look this is a public-key cryptography system right?

How do you lose your private keys short of someone breaking into your office and stealing your servers? This is simply not supposed to be exposed to the public and supposed to be so computationally HEAVY that its improbable to ever determine the answer through reverse engineering.

Given that... I have a hard time accepting that there wasn't some really, really, really bad decision involved. I don't accept it because its just not supposed to happen and it shouldn't be hard to protect your private keys.

Its like me accepting that a meteor struck your car which caused you to be late rather than assuming you overslept.

word.

 

[undu]

I'll admit that I would have to study the actual attack vector in detail before "railing against Sony" any further but...

Look this is a public-key cryptography system right?

How do you lose your private keys short of someone breaking into your office and stealing your servers? This is simply not supposed to be exposed to the public and supposed to be so computationally HEAVY that its improbable to ever determine the answer through reverse engineering.

Given that... I have a hard time accepting that there wasn't some really, really, really bad decision involved. I don't accept it because its just not supposed to happen and it shouldn't be hard to protect your private keys.

Its like me accepting that a meteor struck your car which caused you to be late rather than assuming you overslept.

The private key was very well physically protected, the problem was that in the signing process every single signature was made with the same number, instead of a random number, this exposes mathematically the private key, and thus it was reverse-engineered.

You should take a look at the conference videos. (the key-cracking stuff is explained in the third video)

 

[UntoldDreams]

The private key was very well physically protected, the problem was that in the signing process every single signature was made with the same number, instead of a random number, this exposes mathematically the private key, and thus it was reverse-engineered.

You should take a look at the conference videos. (the key-cracking stuff is explained in the third video)

...
...
...
That is just plain sad. I can agree with you then that this is beyond "comfortable belief in obscurity" and extends into simple negligence. Its really is like leaving the keys to the jail under the door mat.

Edit: I'll actually watch the videos later when I'm not at work

 

[Dead Prince]

And yet, TF2 Orange Box 360 has rampant cheaters, report them for hacking the console. Nothing happens.

PSN and 360 are both equal in terms of bans and do nothings. Cry more.

something did happen. no update for 360 ;P

 

[linkboy]

Wow, so basically Sony actually went full stupid.

Can't believe they were that careless.

 

[charlequin]

What tipped them off? Was it as simple as .. you took my wheel away so I'm going to reinvent it?

Like I said: some people (in this case, some of the specific higher-profile hackers who were previously known in the Wii homebrew scene at very least) jumped in because Linux was removed. Probably some people moved to PS3 as the platform became more popular, or as other platforms became compromised and PS3 became the single uncracked system. Others probably jumped in after initial efforts yielded some success (probably a lot of people didn't bother to look until the Geohot hack, as minor as it was, suggested that the system might not be as impenetrable as advertised.) Probably all of these factors played a part to different degrees.

If the method to hack the PS3 was so low level yet simplistic in execution (I'm assuming), why did it take this long to find it?

One aspect of it is that there were lots of places people needed to look. Another is that this vulnerability builds on the others previously found. To extend the tortured metaphors further, imagine someone has an extremely well-secured house except for one tiny window that has a nearly invisible crack in it that you can get a wire through. That wire lets you prise the window open about three inches -- not enough to actually get a person into the house -- but on the windowsill inside there's a garage door opener, and it turns out this person locks their garage door but not the door from the garage itself into the house.

That's what we're looking at here, basically: a rather elementary security mistake in a place that was far enough "inside" the system that people would have been unlikely or unable to find it until the earlier, harder hacks were implemented so they could get inside and find that particular opening.

 

[NHale]

yeah but atleast they get a nice ban. Sony seems to not care.

They care about Home and it seems people get banned very easily there. And now they will have to care about PSN.

I just hope they use the ban hammer once a day, not only when a major first-party title is about to launch...

 

[Zoe]

Completely different situations. I'm not saying PS3 will die (that's laughable) it's just that hacks and games are easier to get than ever, and if what they say is true, these pirates will be able to simply plug in an external hard drive and play a game, unlike requiring soft/hard mods.

There is still more work to be done before they can get to a P&P state, and it probably would require some soft-modding on the user's side. Right now, plugging in a harddrive will only show files that the PS3 is expecting to see from an external FAT32 HDD.

 

[TheSeks]

something did happen. no update for 360 ;P

No class update. No "Hat Fortress 2" update.

Fuck yeah, TF2 360 > PC TF2. Confirmed.

Only thing they need to do is stamp out hackers, and it'd be game of the year every year. Screw the PC version and screw what it became.

 

[Durante]

I'm of two minds on this. On the one hand, I like having full access to all the hardware I own.

On the other hand, people will use this in arguments that "anything can be hacked", when it was just caused by a particularly inept way of using public key cryptography.

I just wonder how it can happen that none of the people involved in the design process for such a security scheme spot such an elementary problem. You learn about the obvious traps and common implementation problems of cryptographic systems in undergraduate courses :/

 

[PetriP-TNT]

One thing I don't understand after watching the videos: did they find out that the "random" number is the same every time by random (try-catch), did someone tip them off or did they figure it out from something else that was already busted?

 

[sajj316]

Like I said: some people (in this case, some of the specific higher-profile hackers who were previously known in the Wii homebrew scene at very least) jumped in because Linux was removed. Probably some people moved to PS3 as the platform became more popular, or as other platforms became compromised and PS3 became the single uncracked system. Others probably jumped in after initial efforts yielded some success (probably a lot of people didn't bother to look until the Geohot hack, as minor as it was, suggested that the system might not be as impenetrable as advertised.) Probably all of these factors played a part to different degrees.



One aspect of it is that there were lots of places people needed to look. Another is that this vulnerability builds on the others previously found. To extend the tortured metaphors further, imagine someone has an extremely well-secured house except for one tiny window that has a nearly invisible crack in it that you can get a wire through. That wire lets you prise the window open about three inches -- not enough to actually get a person into the house -- but on the windowsill inside there's a garage door opener, and it turns out this person locks their garage door but not the door from the garage itself into the house.

That's what we're looking at here, basically: a rather elementary security mistake in a place that was far enough "inside" the system that people would have been unlikely or unable to find it until the earlier, harder hacks were implemented so they could get inside and find that particular opening.

That was a very well though metaphor. Good stuff sir!

If anything this will allow me to run games off the HDD and save by blu ray drive from wear and tear. I'd be less likely to run the hack if Sony offered this like MS does now.

 

[yurinka]

So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?

I think that in addition to this, they would be able to patch the game, making it self bootable from the hd as a PSN game.

 

[greatestjediever]

...
...
...
That is just plain sad. I can agree with you then that this is beyond "comfortable belief in obscurity" and extends into simple negligence. Its really is like leaving the keys to the jail under the door mat.

Edit: I'll actually watch the videos later when I'm not at work

Totally. Had they used an actual random number generator, it would be extremely difficult to determine the private key, just like finding the private key in any elliptical curve cryptography system. But if the random number is fixed, the equation can be simplified much more easily. Absurd oversight.