fail0verflow - PS3 Private Key + PSP Key + PS3's Blu-Ray Key found, FW 3.50 decrypted

N.A

Banned
Jun 6, 2007
3,249
0
0
#1
Updates 09/01: (newer updates at the top)

Geohot Releases Signing Tools


Geohot Releases 3.55 Jailbreak


Updates 08/01:

Summary of the hack by GamesIndustry.biz


Updates 07/01:

Geohot Demos Homebrew on 3.55

KaKaRoTo Downgrades v3.55 PS3 Console to v3.41

Updates 06/01:

Marcan shows Linux demo on PS3 Slim


Excellent BBC Summary of Events

Updates 05/01:

KaKaRoToKS releases first PoC Custom Firmware (not recommended for use)


Updates 03/01:

Digital Foundry Article: Hackers leave PS3 security in tatters

3.50/3.55 appldr keys found

PSP Keys Found
PS3 Blu Ray AACS Keys Vulnerable
<@Mathieulh> so, question, who's gonna grab sony's AACS keys from the .isoself module and leak them ? xD
<@Mathieulh> I don't want to leak AACS shit
<@Mathieulh> too risky xD
Geohot Releases Metldr Key - All other keys vulnerable

fail0verflow opens git, releases tools.





Original Post from 29/12:



This is from the guys behind the Homebrew Channel. Revealed today at 27c3.

Video of presentation:
Part 1: http://www.youtube.com/watch?v=X6CA4fqAdsc
Part 2: http://www.youtube.com/watch?v=X8ohOy8_XO4
Part 3: http://www.youtube.com/watch?v=Eag0VyRTld8


Nice summary from PSGroove.com:

Sony's PS3 Security is Epic Fail

The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot's memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.

Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

The team then displayed the website http://fail0verflow.com/ were we assume will host examples of the new exploits and further details. They stated that easy to use tools would be coming next month.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-Sony-s-PS3-Security-is-Epic-Fail#ixzz19WMUJZAE
Essentially this will allow anyone to sign executables and run them on any retail PS3.



http://www.fail0verflow.com/

From fail0verflow's twitter:

Our current PS3 goal: AsbestOS.pup
(AsbestOS is marcan's linux loader for PS3)
our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.
 

N.A

Banned
Jun 6, 2007
3,249
0
0
#5
PetriP-TNT said:
The private key is 4?
No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.
 
Nov 27, 2007
3,669
0
0
#7
Nuclear Muffin said:
What is this for? Activating debug mode on any firmware?

I thought that hackers already found a code?
my guess is they should be able to do something like cfw now since they have the private keys.
 

N.A

Banned
Jun 6, 2007
3,249
0
0
#9
The implications are (and they pretty much said) that they can now sign executables and the PS3 can't tell the difference.
 
Oct 4, 2004
18,193
0
1,150
#11
If and only if this leads to CFW and true, straight-to-the-metal hacking/homebrew/apps/emulation like on the original Xbox and in the good-old PSP days, I am interested and will move to a PS3 Slim (leaving my OG 60GB for the hacking).
 
Jul 13, 2007
21,470
0
0
Finland
#13
N.A said:
No. The 'random' number used to create the private key is always the same. Some hippy guy then showed some extremely long equation to work out the private key.
Oh, you're right. I thought that was getprivatekey instead of getrandomnumber :/

(and yeah, I know that that is from a webcomic)
 

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
Feb 14, 2009
56,116
0
800
#14
LovingSteam said:
Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.
Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?
 
Aug 2, 2008
15,476
0
0
#18
LovingSteam said:
Supposedly dongles will now be useless. They'll be able to offer downgrades, jailbreaks without the need for a dongle.
Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.

Or does this mean we can run homebrew apps without hacking?
 
Jan 10, 2008
6,556
0
780
#19
TheSeks said:
Will I be able to downgrade without breaking the Blu-ray player like the current downgrader wants?

More than one time, unlike the current downgrader?

Is there a CWCheat/Gameshark application yet?

I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.

Dunno bout CWcheat, but it would be nice.
 
May 12, 2006
26,793
3
0
#24
CWCheat would basically be fantastic for some games, but I'd rather not get locked out of the PSN.

On the other hand if this means we can make the .mkv container playable and enable cross-game voice chat (already in the debug firmware) that'd be awfully nice. Also, region-free PS2 gaming would be nice.
 
Mar 22, 2007
23,613
2
1,000
#25
I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?


H_Prestige said:
Will we be able to hack just through plain usb sticks now? Sorry, I don't understand this stuff.
No, i dont think that will work.

EDIT: Assuming that you mean that it is possible to jailbreak a PS3 with a usb stick?
 

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
Feb 14, 2009
56,116
0
800
#26
snk2 said:
I have downgraded a 3.50 PS3 (250gb slim) without breaking Blu-ray playback.

I'm pretty sure you can downgrade more than once.
The current downgrader has a very small chance of breaking the blu-ray drive's playback. Which makes me leery.

And open-source downgrader is more than once now, maybe? I haven't honestly been following, but the "LOL ONE DOWNGRADE ONLY" totally turned me off when it was released by the PSjailbreak team or whatever.

No need of USB sticks anymore. Homebrew can be signed like legitimate Sony software and run on unmodified PS3s.
Give me CWCheat ability for offline applications and MMMMM-yes on OFW.

Free money in Ass Creed 2/3's singleplayer? Yes, please.
 

N.A

Banned
Jun 6, 2007
3,249
0
0
#27
test_account said:
I dont quite understand. Running unsigned programs on the PS3 has already worked for months. How does this private key change anything?
Those unsigned programs can be signed and run on any retail PS3.
 
Aug 14, 2006
11,638
0
0
#29
So from my understanding, they can make homebrew applications that have the official Sony signature key. This means that you don't even need to hack the PS3 anymore, you just load the file onto your unmodified system using any USB device and the PS3 just treats it as a normal PSN game.

So basically, Sony are completely fucked.
 
Sep 23, 2009
4,102
0
0
#35
Lostconfused said:
Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?
Yeah, if this is true doesn't it mean we can run homebrew on any PS3 whether it's hacked or not?
 
Dec 5, 2008
645
0
0
Argentina
#39
This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.
 
Aug 10, 2008
38,702
0
0
U.S.A.
#41
Psgroove said:
Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. The talk got very technical at this point, and I'm still grasping at understanding it all. The major highlights though were, dongle-less jailbreaking and the ability to sign our own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

Read more: PSGroove.com - Sony's PS3 Security is Epic Fail http://psgroove.com/content.php?581-Sony-s-PS3-Security-is-Epic-Fail#ixzz19WDqEa9r
Here
 
Aug 24, 2009
8,988
0
0
#42
ReyBrujo said:
This doesn't ensure anything. It, however, decreases the strength of the protection algorithm, since crackers now need to deal with one less variable (which turned to be a constant). If they still have 20 variables to deal with, they advanced a very small pace. If they have only a couple left, they are around pretty near.
Nah, they showed how to generate a private key using this constant.
 

N.A

Banned
Jun 6, 2007
3,249
0
0
#43
BladeoftheImmortal said:
So does this mean an app like the backup manager could run on an OFW machine or that we would still need a CFW to get it working?
I believe the backup manager uses BDEMU which Sony could (and maybe already have) removed from retail PS3 firmware. Though a workaround will probably be made.
 
Jun 6, 2006
1,473
0
0
#45
Lostconfused said:
Wouldn't you just be able to sign any homebrew app and just run it on any PS3 without doing anything to the firmware?
no, because you need a way to put them on your ps3 and the normal system doesnt allow any kind of executable data transfer between a USB stick and the PS3 file system. This means we need some kind of hack which allows us do so. Even installing a FTP client needs access to the file system first, but that is only a matter of hours then days. I will probably be able to hack my ps3 tomorrow already.
 
Aug 2, 2008
15,476
0
0
#46
BladeoftheImmortal said:
Damn, so it's even more vulnerable than the PSP was now.
Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.
 
Mar 29, 2007
12,487
0
0
#47
H_Prestige said:
Yeah, wouldn't this make the ps3 the most open system of all? That sounds kind of hard to believe that it could go from the most locked down system to the most open over night.
Technically even as the "most locked down system" from a security standpoint, it was still by far the most open platform in other regards.