• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PS3 custom firmware issue linked to PSN access

Garcia

Garcia

Member
Gamesindustry.biz :

Custom firmware puts compromised consoles on PSN, leak of LV0 decryption keys to thwart future security measures

Sony is facing new PlayStation 3 security headaches today, as Eurogamer reports that hackers have released custom firmware that allows for compromised consoles to go on the PlayStation Network, and LV0 decryption keys that will facilitate circumvention of future security updates.

PlayStation 3 security was largely undermined in early 2011 after hacking team Fail0verflow detailed a technique to get unauthorized code running on Sony's console. At the time, the group said they attacked the console's security as a response to Sony removing the OtherOS feature that allowed installation of the Linux operating system on the PS3. Eurogamer notes that Sony's 3.60 firmware actually managed to plug many of the security holes from that event, but piracy has persisted for those willing to run older firmware and not take their systems onto PSN.

However, the newly released custom firmware contains the current PSN passphrase security protocol. And even if Sony changes that with new firmware, the release of the LV0 decryption keys means that hackers should be able to easily lay bare future security measures in system updates.

According to Eurogamer, Chinese hacking group BlueDiskCFW had planned to sell the custom firmware circumventions, which prompted another group called The Three Tuskateers to release the LV0 keys. They also released a statement claiming to have discovered the keys some time ago, adding, "only the fear of our work being used by others to make money out of it has forced us to release this now."
Click to expand...
 
T

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
Shouldn't really say "hacked," since it makes you think of the PSN leak.

It's more a "crack," since they're basically unlocking the PS3's hardware with these keys.
 
D

Derrick01

Banned
I need this translated to english. This doesn't mean they can steal CC info or anything else right? Just custom firmware stuff for their own consoles?
 
Z

zulux21

Member
from my understanding it's not so much hacked again, as cracked more as this will still only work on the ps3s that could currently run custom firmware, and all it allows is them to play some later games with less work arounds and allows them to play online.
 
N

Nemo

Will Eat Your Children
Wasn't the whole lv0 whatever key hacked already the first time? They patched that up pretty quick
 
C

Carl

Member
As far as i can understand it only works on hardware that's already hacked/running CFW

So who cares, really.
 
K

KojiKnight

Member
Title is a little misleading, it just means it's easier for people currently on custom firmwares to update to new ones and still access PSN... I'll be more excited when they find new exploits in official firmware.
 
S

Stewox

Banned
Now this, is much more than just a hack.

As noted, Sony has no ability to lock out old consoles from accessing PSN ... millions of consoles, or any consoles , i wasn't following that deeply but the super-slim editions shouldn't be vurnable to the same hack if they really fixed it.

If they want to fix this, all they can do is to totally redesign the new currently manufacturing consoles with a totally different security system to render those hacks/keys useless. The only good new is, PS3 is slowly ending it's lifecycle, but also makes it very unlikely they'll go to a full redesign at this point.
 
J

Jburton

Banned
Only works on PS3's already on CFW?


Waste of time, hack of a hack?


Laughable! ........................Eurogamer needs a slap.

OP your thread title is misleading.
 
K

KojiKnight

Member
"only works on already CFW consoles?"

This is misleading, currently there is nothing for any consoles. This release does nothing for the end user currently. This isn't CFW, it's not an exploit for new systems, it won't make current homebrew better, and it doesn't magically make CFW systems able to play all games into the future.

What this is, is promise. It's a means to unlock future official firmwares and make them custom ones for systems that are already hacked, but it also may open the door for finding and using future exploits on official firmwares.

As of right now, all it is is simply promise... we'd still need to find some hero devs able to do things with this AND feel alright with releasing it... The PS3 scene in general is a LOT more cautious than it used to be.
 
M

Mama Robotnik

Member
So, it only affects already-cracked consoles? Not really much of a headline.

Hopefully Sony won't go mental this time with subpoenaing IP address of anyone who views a video related to the crack on YouTube, or demanding personal information on Slashdot users who dared to discuss the issue.

Given that last time this all exploded, there were people Neogaf writing fanfiction of George Hotz being sexually assaulted for his affront to Sony, lets hope things are a bit more sensible this time round.

On a personal note, while I'm clearly a believer in the right to open your hardware and explore the potential of homebrew (not to mention restoring unjustly-removed features such as OtherOS), I have no objection to Sony banning cracked consoles from their free online service.
 
F

funkystudent

Member
heard it all before.


Sony will release another FW update in a while and these kids will be back to square 1.


Edit.. wait and its only for people who are already on CFW? well thats even less news worthy.
 
Garcia

Garcia

Member
Yep, I updated the thread title since this hack only affects modified consoles. Not truly misleading but more of a letdown for people expecting a new crack.
 
M

marrec

Banned
You guys are reading this wrong.

It's not even a hack of a hack.

It's an exploit that allows CFW PS3s access to PSN. That is all.

It's not even a hack.

WTF.
 
jediyoshi

jediyoshi

Member
marrec said:
You guys are reading this wrong.

It's not even a hack of a hack.

It's an exploit that allows CFW PS3s access to PSN. That is all.

It's not even a hack.

WTF.
Click to expand...

Fun fact: CFW access to PSN is something that's been happening for months on and off. So no, that's not the implication.
 
C

cpp_is_king

Member
funkystudent said:
heard it all before.


Sony will release another FW update in a while and these kids will be back to square 1.


Edit.. wait and its only for people who are already on CFW? well thats even less news worthy.
Click to expand...

Not sure you really understand.

Sony can't go and change the LV0 encryption key after the fact. What this does is make it so that for all current past, and future firmwares, regardless of what security measures sony tries to implement, you will be able to use a custom version of that firmware and still get on PSN
 
M

marrec

Banned
jediyoshi said:
Fun fact: CFW access to PSN is something that's been happening for months on and off. So no, that's not the implication.
Click to expand...

Original Post said:
Eurogamer reports that hackers have released custom firmware that allows for compromised consoles to go on the PlayStation Network, and LV0 decryption keys that will facilitate circumvention of future security updates.
Click to expand...

Really? What the hell else are they talking about then?
 
T

test_account

XP-39C²
I'm surprised that a site like Gameindustry.biz wrote an article about this. I thought this was a site more about industry stuff. Hopefully someone who doesnt know too much about this doesnt understands it as PSN being hacked again.

The PS3 has actually been hacked for a long time before this. It is just that it is being released now. The question is if the people will continue to release new updates for custom firmware.
 
K

KojiKnight

Member
marrec said:
You guys are reading this wrong.

It's not even a hack of a hack.

It's an exploit that allows CFW PS3s access to PSN. That is all.

It's not even a hack.

WTF.
Click to expand...

There is a lot of misunderstanding involved in this, and this is just more of it.

Lv0 is basically the first level of security on the PS3... If you break this (which they just said they have) it basically means you have access to everything. This isn't simply access to PSN... it means that all future updates to the PS3 will be able to be fully decrypted, meaning you can alter them and retain access to all of the features if you are already on CFW.

If you had a CFW PS3, you'd know just how long they were stuck on modified 3.55, and that meant they were locked out of a lot of different games/features. This means anyone currently on a custom firmware won't have to deal with that (for long) in theory.

What does this mean to people only on OFW? Not much... at first. There is still an exploit needed to run unsigned code (or fake signed) on the PS3... but being able to fully decode PS3 firmware has it's perks for this. It should (again, in theory) be easier to find working exploits in the latest firmwares that could mean homebrew and custom firmwares for all eventually.

(edit) To explain a bit more... For the PS3 to be able to read encrypted updates, it has to have a means to DECRYPT them before applying them. PS3 keys are basically signed, and then access to them is signed again, etc until you get to the starting point. Lv0 is what decrypts keys when you first turn on your PS3. It's the keys that Lv0 decrypts that eventually leads to decrypting the keys for your hard drive, games, PS3 updates, etc.

This encryption is built into the hardware, it can't be changed. The only way to change it would be to release a new revision of the PS3. Even if it COULD be changed, the PS3 would need to be able to READ those keys to apply the update, and now we can too... so it would become a game of cat and mouse.

(edit 2) This is how I understand the whole situation... it may be a little off, but it still comes down to the PS3 having a chain of trust, and lv0 being the lowest level... as long as have the keys to the first link in the chain of trust, you can find the keys to the rest.
 
M

marrec

Banned
KojiKnight said:
There is a lot of misunderstanding involved in this, and this is just more of it.

Lv0 is basically the first level of security on the PS3... If you break this (which they just said they have) it basically means you have access to everything. This isn't simply access to PSN... it means that all future updates to the PS3 will be able to be fully decrypted, meaning you can alter them and retain access to all of the features if you are already on CFW.

If you had a CFW PS3, you'd know just how long they were stuck on modified 3.55, and that meant they were locked out of a lot of different games/features. This means anyone currently on a custom firmware won't have to deal with that (for long) in theory.

What does this mean to people only on OFW? Not much... at first. There is still an exploit needed to run unsigned code (or fake signed) on the PS3... but being able to fully decode PS3 firmware has it's perks for this. It should (again, in theory) be easier to find working exploits in the latest firmwares that could mean homebrew and custom firmwares for all eventually.

(edit) To explain a bit more... For the PS3 to be able to read encrypted updates, it has to have a means to DECRYPT them before applying them. PS3 keys are basically signed, and then access to them is signed again, etc until you get to the starting point. Lv0 is what decrypts keys when you first turn on your PS3. It's the keys that Lv0 decrypts that eventually leads to decrypting the keys for your hard drive, games, PS3 updates, etc.

This encryption is built into the hardware, it can't be changed. The only way to change it would be to release a new revision of the PS3. Even if it COULD be changed, the PS3 would need to be able to READ those keys to apply the update, and now we can too... so it would become a game of cat and mouse.
Click to expand...

This entire post should just replace the OP.

Thanks for the in depth explanation.
 
T

test_account

XP-39C²
Not that it matters that much, but the group is called "The Three Musketeer", not "The Three Tuskateers" as the article mentions.
 
D

DarknessTear

Banned
The title is so bad. It reminds me of the stuff that news companies pull to get people to click their article, only for it to be something entirely different.
 
Darkangel

Darkangel

Member
Nice, hopefully this can help development of a CFW past 3.55.

This might also lead to an increase in multiplayer cheating...
 
You must log in or register to reply here.

Similar threads

PS5: Flat_z dumps PS5 Secure Processor, confirms he has a PS5 Hypervisor exploit (via a PS4 Game Save exploit)
Game Dev Hardware
10
2K
Red5 replied
PS3 Gets Firmware Update 4.90
Retro Platform 2
59
5K
Lysandros replied
Modern Vintage Gamer: How the Nintendo Switch Security was defeated
Opinion Trailer Hardware
2
825
Celcius replied
[VGC] Denuvo security is now on Switch, including new tech to block PC Switch emulation
News 2 3 4 5
206
10K
ReBurn replied
  • Poll
SONY/SIE: The Balance Of Chasing Margins, Multiplat Expansion, And Maximizing The Console
Opinion Business Analysis 2 3
101
7K
vaibhavpisal replied
Top Bottom