-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
fail0verflow - PS3 Private Key + PSP Key + PS3's Blu-Ray Key found, FW 3.50 decrypted
- Thread starter N.A
- Start date
blindrocket
Member
It's lasted how many years, yet they claim epic fail?
EDIT: Okay, I get it now. It was easily avoidable if they would have made it random, but they didn't.
EDIT: Okay, I get it now. It was easily avoidable if they would have made it random, but they didn't.
Sony pretty much shot themselves in the foot by disabling OtherOS. Maybe they were worried any vulnerabilities would be found quicker, but it seems leaving it would've delayed the inevitable. Apart from GeoHot's efforts, there just wasn't much active interest in hacking it prior to the OtherOS removal.
If so this is going to be crazy, people can release ISO loaders, video players, web aps, emulators on official firmware. Also I how will sony detect people doing hacks when it's on official firmware, this could mean we can still get access to PSN.
Can this hack be fixed on a future firmware update from Sony.
Raist said:
Uhh I doubt it. Marcan and Bushing are very talented hackers. I doubt they relied on any 'insider' material, it's just not like them. Hell, Marcan got Kinect working on his PC in three hours, the day it was released in Europe, and there was a $3000 bounty on coding an open source driver at the time.
ConfusedMan09
Neo Member
KAL2006 said:
Not according to one of the main guys working on this. From his Twitter:
Myth #2: Sony can change keys. No, they can't. These aren't encryption keys, they're signing keys. If they change them GAMES STOP WORKING.
Love. That's what I feel for this post.UntoldDreams said:
So...how long until HBCPS3 and XMBC? Actually...would this allow any user to gain access to the assembly language level and, say, program their own homebrew apps as signed PS3 executables? All without the PS3 or PSN knowing/being able to stop them? Because that's how I'm understanding this news.
test_account
XP-39C²
I dont think that they relied on inside information regarding finding the PS3 private key indeed, but Raist is probably thinking about the PS3 Jailbreak device. I dont think that Marcan and Bushing hacked the PS3 completely from scratch without using the PS3 Jailbreak device. I am pretty sure that the PS3 Jailbreak device made their work much easier. Not that the work in itself is easy though, but i think that the PS3 Jailbreak dongle made things much easier than hacking the PS3 from scratch.x3sphere said:
charlequin
Banned
Durante said:
I'm surprised you're trying to argue about this. People citing the PS3's unbroken status and prognosticating on its relationship to the future of security in closed gaming systems were... pretty darn wrong, inasmuch as the PS3 is now very much not a harbinger of the future unhackable era, so that kind of puts this position on the defensive just to start.
I'm sure there are people who will look at this and derive the "supply-side" position for why future systems will be unhackable (i.e. enough people will always put their minds to it and "somehow" find a way.) That position isn't really justifiable or correct, but getting into why is pretty complex -- and also not really necessary, since it's not really the right argument to be using.
The real reason that most future systems are still likely to be hacked to some degree is that systemic complexity increases the amount of effort needed to secure against vulnerabilities and systems are designed by people, not by perfect AIs. Unbreakable security requires absolute, unwaveringly perfect execution; that's easy to achieve if your goal is just sending a set number of messages between two agents (just use a one-time pad) but increasingly difficult the more moving parts your system needs to have and the more of your system needs to be in the hands of the enemy. It's not sheer coincidence that even nominally well-architected security systems like those in the 360 and PS3 have ultimately had vulnerabilities; it's a logical outcome from the complexity of the systems being secured, the amount of resources available to field-test that security before launch, and the inability to simply replace equipment out in the world when a breach is discovered (as would be done with actual mission-critical systems.)
But in the end, distributing games from a controlled source (the platform holder) to a controlled destination (the console -- as we can see in PS3 you can lock down the keys in hardware pretty effectively) is very similar to sending a number of messages. All the complexity around that -- and I agree that it is vast and growing -- can exist in user-land.charlequin said:
It was 4 years this time. Let's see how long the next iteration holds out.
VivaciousSoul
Member
I never cheat. Give me the tools to cheat and tell me that know one will ever find out and I still won't do it. Cheating isn't fun to me. I do however derive fun from outwitting people.
I feel like I would enjoy cheating a lot more if I also enjoyed spoilers and reading what happens at the end of the story before I even begin.
I feel like I would enjoy cheating a lot more if I also enjoyed spoilers and reading what happens at the end of the story before I even begin.
ClovingWestbrook
Banned
Durante said:
Lets see if other companies learn from Sony and give a carrot to the community in the form of Linux out of the box, however limited it may be.
Yeah, it'd be great if the patches worked like the Fatal Frame 4 hack on Wii (that is, the translation code being separate from a legit copy of the game/s, so you still needed to buy it), but I'm sure a way would be found around that, as it unfortunately was with FF4.Jigsaw said:tales of vesperia and graces f here i come
i hope someone will make a patch for yakuza kenzan too someday
Not saying that that's inevitable or anything, or makes such a patch any less necessary or desirable. Bring it on, translators! Show Namco how it's done!
So far I don't see the implications of this. Well I don't see how Sony is screwed. Ya it's "potentially" a piracy problem, but I'm sure Sony can figure out a way to ban consoles using this exploit. I don't know many people with the BW to download games of that size, and with games getting to $10-$30 within the first year of release (sometimes within the first few months!) i don't see why people would want to pirate anyway.
I'm actually interested on seeing what Sony will do in response to this. I'm sure Sony figured the vulnerabilty was there in the first place. It was just a waiting game. If they can lock people off PSN/PS Store that would be great.
Homebrew is always fun when it's new so I'm excited to see what the scene will come up with, but I always get bored with it after awhile. The only homebrew app i ever used all the time was XBMC on the original xbox and the ability to install games to the HdD. I used my PC for everything else. I already have so many video viewing options with my PS3 (netflix etc. just bring hulu+ to Canada damnit!), So if Sony allows me to install my games to the HDD I won't even bother with modding my PS3.
I'm actually interested on seeing what Sony will do in response to this. I'm sure Sony figured the vulnerabilty was there in the first place. It was just a waiting game. If they can lock people off PSN/PS Store that would be great.
Homebrew is always fun when it's new so I'm excited to see what the scene will come up with, but I always get bored with it after awhile. The only homebrew app i ever used all the time was XBMC on the original xbox and the ability to install games to the HdD. I used my PC for everything else. I already have so many video viewing options with my PS3 (netflix etc. just bring hulu+ to Canada damnit!), So if Sony allows me to install my games to the HDD I won't even bother with modding my PS3.
It's not an exploit that runs on the console. Anyone can install any software on any PS3 now (edit: err, soon, whenever marcan releases the tools), hacked or not. The whole point of this is that there's no way for the PS3 to tell it's not legit, since the software can be signed with the same key Sony uses. And Sony can't change the keys without causing real games to stop working.Om3ga said:
Wait, you want Sony to lock people off the store? As punishment for possibly pirating software?
In two months or so, you'll be able to install any PS3 (or pre-PS2) game to your HDD without modding the system. That's what's going on here.
ClovingWestbrook
Banned
Om3ga said:
Well, even though these guys say they won't release the GameOS keys, someone will and that will set the stage for bootleg games. Also with compression, most games aren't 30 gigs. Just take a look on any newsgroup site. Also, nothing stopping one person from downloading the game, copying it to his HDD, then going to his buddies house and installing it onto his HDD.
LovingSteam said:
Oh, they did? They said they were going to release tools... what are they going to do? I can't watch the videos yet, but simply knowing that Sony didn't use a random key is going to make it much easier for someone else to figure it out. Maybe add a few months to my estimates to when the PS3 is blown wide open.
ClovingWestbrook
Banned
androvsky said:
That is what I read elsewhere. Now, if a CFW arrives then technically the GameOS key wouldn't even be needed, would it? Just don't include the requirement for a gamekey to be required in order for it to boot up.
Grampa Simpson
Banned
This very much demonstrates that given enough time, effort, and skill, any closed system can be hacked wide open.
That said, four years is pretty damn impressive.
That said, four years is pretty damn impressive.
Counterargument - they wouldn't have even really tried if Sony hadn't locked out Linux.
Saint Gregory
Member
Well all three manufacturers block you from their online stores if you refuse to update your firmware, is going that extra step much different?androvsky said:Wait, you want Sony to lock people off the store? As punishment for possibly pirating software?
I really can't think of another company that brought as many problems onto themselves as Sony has this gen. It's like they're the LeBron James of videogaming.
Didn't Marcan say that Sony could create some sort of "whitelist"? That's one way for them to tell. Also as apps become widely available and known, couldn't Sony just detect and blacklist then ban those consoles for using those apps? (though that would be pointless since the names can always change)androvsky said:
If you can't access PSN you can't access the store.Wait, you want Sony to lock people off the store? As punishment for possibly pirating software?
I'm saying I'd prefer Sony to give me that option, similar to what Microsoft has done with the Xbox360. Then I won't care for it at all.
darkpaladinmfc
Member
You wouldn't have to switch discs like you have to with the 360.Om3ga said:
H_Prestige
Banned
darkpaladinmfc said:
The ps3 backup manager still requires there to be a real ps3 game in the drive. Would it now be possible to bypass that requirement or is that something we need CFW for?
Truespeed
Member
androvsky said:
By "better tool support" are you referring to the freely available tools that were released by IBM for Cell development under Linux - which could have also easily been used for game development?
androvsky said:
I wouldn't call it dead. I beleive the Cell MesaGL Driver was merged into the Gallium3D framework. And if you look at the commits for src/gallium/drivers/cell you notice that there's still activity even in 2010.
ClovingWestbrook
Banned
Om3ga said:
Except Microsoft hasn't given you the option. They have given you the option of using a disc AND installing the game to your HDD. Many folks don't want to use the disc at all and neither Sony or Microsoft will be offering that this generation.
charlequin
Banned
Durante said:
While on a basic level that's true, in practice the number of complications is immense. Even just going from one-to-one to one-to-many communication makes using OTP impossible; differing delivery systems for content, the existence of add-on (DLC) content, the ability to move content from system to system (and re-authorize its use for different users), the ability to interact with external network systems, the numerous physical components of a system, and the ability to upgrade the system's functioning via firmware upgrades -- every one of these things (and many other features) represents a new potential point of weakness, and so does each place where any two such features interact. In some ways, modern systems are actually less secure due to their flexibility -- in the olden days, physical modifications were necessary to run pirated copies or unsigned code, but the PSP and PS3 can now be modified without opening the case, and the Wii doesn't even require extra hardware.
NullPointer
Member
Microsoft does have a pretty large Games On Demand storefront which is purely digital downloads of full 360 and original xbox games. No disk needed.LovingSteam said:
test_account
XP-39C²
I dont know about this. I mean, they used the arguement about getting homebrew and Linux to work on the PS3, right? But these things are possible without having to publish the PS3 private key, so why do they have to publish the PS3 private key? Well, it would be much easier for sure to run homebrew etc., but it would also mean more pirate possibilities, and do they want that?BMF said:
To me, it kinda seems more about bragging (running a own conference and everything) rather than to mainly focus on getting Linux to work on the PS3 again. Marcan already worked on AsBestOS before this, so if their main goal was to enable Linux again, i dont see why they need to release the PS3 private key to do that. They could have worked more on AsBestOS instead and achieved the same goal (if their main goal was to enable Linux on the PS3 again).
Dr. Kitty Muffins
Member
Xilium said:
I would love some Tales action........
To be fair, hacking a Wii does require having an SD card with either BannerBomb or a hacked save on it, but I think we all see your point.charlequin said:
Obviously, they did this so that you don't have to hack your PS3 open with a freaking $100+ USB dongle to get your Linux back. I would've thought that was obvious, but eh.test_account said:
The Faceless Master
Member
a whitelist only stops systems that aren't already compromised.
if your system is already compromised you can do many things.
- ignore the whitelist completely
- make your own whitelist
- have a set of canned vslid whitelist responses based on what they use (valid checksum etc)
if your system is already compromised you can do many things.
- ignore the whitelist completely
- make your own whitelist
- have a set of canned vslid whitelist responses based on what they use (valid checksum etc)
mysticwhip
Banned
Could this lead to custom soundtracks on all PS3 games?
Metalmurphy
Member
mysticwhip said:
Not really
brotkasten
Member
Why not?Metalmurphy said:
Oh yeah ...Dr. Kitty Muffins said:
http://www.youtube.com/watch?v=zEB98GnFKs8
greatestjediever
Member
brotkasten said:
Well, running custom soundtracks is function of the operating system. This is not a trivial task to implement, I would imagine. Not that it couldn't be done, but who knows if theres any group out there willing to put in the time and effort to develop and enable functionality like that.