• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PS3 OFW 3.56 New Feature: Rootkit (allegedly)

Vagabundo

Member
New thread to avoid polluting the CFW thread; the natives there were getting restless.

Apparently, examination of the OFW has found a new feature that will allow Sony to download and run code when you login to PSN. The code they can run is obviously to check for CFW or whatever, but the code could change to check for anything really.

And with the current state of PS3 security there is the possibility that others might be able to run their code on your PS3 without your knowledge.

I don't run CFW and I'm pretty pissed about this. What they are doing might be illegal in the EU.

If anyone has the original IRC logs or other info please post it and I'll update the OP.


N.A said:
For those who are curious about the new PS3 security, it seems Sony has implemented something in 3.56 I mentioned here a few weeks ago that is the same as Microsoft uses to detect and ban 360's.

Mathieulh just posted about it on IRC.

Essentially Sony can now remotely execute code on the PS3 as soon as you connect. This can do whatever Sony wants it to do such as verifying system files or searching for homebrew. Sony can change the code and add new detection methods without any firmware updates and as the code executes remotely there is no reliable way to forge the replies.

Whilst it is possible to patch or remove this code from the firmware this will likely mean the end of playing CFW online (as PSN can just check before login that this is active) or at the very least mean it will be even easier for Sony to detect and ban users.

Judging from the fact that people can still connect using the proxy method it seems Sony hasn't activated any of this yet but the functions are there in the new firmware.

Thanks Chesskid1

IRC said:
Jan 27 14:44:32 <Mathieulh> 3.56 has nice new stuffs in there :p
Jan 27 14:44:43 <Mathieulh> like remote code execution upon login
Jan 27 14:44:45 <Sorrowuk> They will just release patches so people who have hacked cant go online
Jan 27 14:44:46 <Mathieulh> yummy :p
Jan 27 14:44:50 <noone> WAT
Jan 27 14:45:00 <noone> RFE built-in the fw!?
Jan 27 14:45:25 <Mathieulh> 3.56 pretty much has a built in psn rootkit
Jan 27 14:45:30 <noone> dude, that's the only stuff i'd be afraid of
Jan 27 14:45:31 <Mathieulh> don't tell me I haven't warned you
Jan 27 14:45:43 <Sorrowuk> psn rootkit ?
Jan 27 14:46:05 <noone> but if we could rip-off the fw that shit would be erased
Jan 27 14:46:20 <noone> that was the only thing stopped sony to _auto_ update your fw
Jan 27 14:46:22 <Mathieulh> noone it's not that simple
Jan 27 14:46:29 <Mathieulh> the server awaits a proper reply
Jan 27 14:46:34 <Mathieulh> and that reply isn't in the firmware

Thanks N.A.
 

Fersis

It is illegal to Tag Fish in Tag Fishing Sanctuaries by law 38.36 of the GAF Wildlife Act
OH DAMN YOU SONY FOR RUNNING YOUR CODE ON YOUR CONSOLE!
>8(
 

LiquidMetal14

hide your water-based mammals
Smart on them. Sorry for you legit guys but these kinds of resources spent to fight hacking/pirates brought it to this. Hopefully it's smart enough to only do something if you've been running backups and not just simple stuff like emulators.
 

Choc

Banned
guys if you want an insight into why rootkits are not a good idea look up sony bmg 2005 rootkit windows

and what it meant and did, apply that to ps3

basically ps3s with 3.56 *could* if this is true be a backdoor to home networks via sony installed trojan

before you can it hyperbole look up the BMG issue


this is huge if true and sony has broken the law again. Even if its apparently 'sony's console, tehy are not allowed to install root kits that are trojans
 
This isn't new, and this isn't a rootkit...

11. MAINTENANCE AND UPGRADES

From time to time, it may become necessary for SCEA to provide certain content to you to ensure that Sony Online Services and content offered through Sony Online Services, your PlayStation®3 computer entertainment system, the PSP® (PlayStation® Portable) system or other SCEA-authorized hardware is functioning properly in accordance with SCEA guidelines. Some content may be provided automatically without notice when you sign in. Such content may include automatic updates or upgrades which may change your current operating system, cause a loss of data or content or cause a loss of functionalities or utilities. Such upgrades or updates may be provided for system software for your PlayStation®3 computer entertainment system, the PSP® (PlayStation® Portable) system, or other SCEA-authorized hardware. Access or use to any system software is subject to terms and conditions of a separate end user license agreement found at http://www.us.playstation.com/termsofuse. You authorize SCEA to provide such content and agree that SCEA shall not be liable for any damages, loss of data or loss of functionalities arising from provision of such content or maintenance services. It is recommended that you regularly back up any archivable data located on the hard disk.

But do continue making a big deal out of it.
 
Fersis said:
OH DAMN YOU SONY FOR RUNNING YOUR CODE ON YOUR CONSOLE!
>8(
It's your console, not theirs. You bought it from them.

That being said, when connecting to PSN you do agree to their TOS and that may include downloads to your system.
 
Baha said:
Doesn't the 360 have a similar security feature for banning modded consoles?

A different situation, AFAIK you still can't run unsigned code on the 360, which is the concern here.

Megadragon15 said:
Sony, if true, never change and never forget: "Most people, I think, don't even know what a rootkit is, so why should they care about it?" - Thomas Hesse, Sony BMG's Global Digital Business President.

Surely that's taken out of context. He couldn't really mean that how it sounds.
 

jorma

is now taking requests
Fersis said:
OH DAMN YOU SONY FOR RUNNING YOUR CODE ON YOUR CONSOLE!
>8(

Consoles are like copyrighted materials now? They can sell their product but still claim they own it?
 

LiquidMetal14

hide your water-based mammals
Metalmurphy said:
This isn't new, and this isn't a rootkit...
Thanks, I remember reading someone post that TOS thing. People are just doing the mod thing now so they are definitely more aware of this.
 

shuri

Banned
It's in the TOS, you agreed to it. Please stop using word and technical terms you have no idea what they actually mean/do.
 
So the problem for us non-hacked gamers is not the fact that sony can run code on our system and check it out...but someone running CFW could do the exact same thing to us?
 

Fersis

It is illegal to Tag Fish in Tag Fishing Sanctuaries by law 38.36 of the GAF Wildlife Act
DoctorWho said:
It's your console, not theirs. You bought it from them.

That being said, when connecting to PSN you do agree to their TOS and that may include downloads to your system.

jorma said:
Consoles are like copyrighted materials now? They can sell their product but still claim they own it?

m_dee6028a399c47b380e1ff35b61b17d3.jpg


WHAMMY !!!
 

Choc

Banned
hey if tis the live system im all for it

if its 2005 all over again with bmg, get fucked

sony has done it before guys, dont write off until its proven not true.

i dont pirate, i dont homebrew but i dont want an insecure fucking ps3 in my network either.
 

LiquidMetal14

hide your water-based mammals
jorma said:
Consoles are like copyrighted materials now? They can sell their product but still claim they own it?
Oh boy, the entitlement without understanding the TOS is hilarious. I won't explain it as someone already made a small not so large worded post stating such.

abstract alien said:
So the problem for us non-hacked gamers is not the fact that sony can run code on our system and check it out...but someone running CFW could do the exact same thing to us?
But the CFW hackers and makers are the good guys no? Yes I was being sarcastic because I agree with your sentiments.
 

Vagabundo

Member
DoctorWho said:
It's your console, not theirs. You bought it from them.

That being said, when connecting to PSN you do agree to their TOS and that may include downloads to your system.

The problem is that this rootkit is installed even if you don't use PSN. Leaving a potential security hole there.
 
abstract alien said:
So the problem for us non-hacked gamers is not the fact that sony can run code on our system and check it out...but someone running CFW could do the exact same thing to us?
In the same way that someone can hack the US Government or your ISP and access your PC, yes.
 

shuri

Banned
to be honest.

Can you really tell whats going on in those modified firmwares? Who knows what could had been done.. I'd rather trust Sony than some random irc scener who releases his hacked firmwares on megaupload. When running hacked stuff, you gotta accept that shady stuff and extreme retaliation can and will happen :p

multiman could easily send out a log of what you are doing with it to anyone, and you would have no idea about it.
 

Choc

Banned
abstract alien said:
So the problem for us non-hacked gamers is not the fact that sony can run code on our system and check it out...but someone running CFW could do the exact same thing to us?

the problem is with the keys in the wild, people can 'sign' remote code and execute it on your system and the ps3 woudl accept it

they can see if a ps3 is on a network via a port scan, if the ps3 is online it would be past the firewall and the port woudl be open as it has to be for teh ps3 to work

if they can sign viruses and pass them to ps3s as the keys are known publicly thats rather a big problem........

the entire system is compromised with the public keys now availble. it cant be fixed without a hardware update. so this means people can sign anything and the ps3 will run it including malicious code

if tehy can impersonate psn, ding.
 

gofreak

GAF's Bob Woodward
That's one way to get CoD hackers offline, I guess.

If I were homebrewing I would never have held much hope of keeping a CFW PS3 online, tbh.
 

Vagabundo

Member
shuri said:
to be honest.

Can you really tell whats going on in those modified firmwares? Who knows what could had been done.. I'd rather trust Sony than some random irc scener who releases his hacked firmwares on megaupload :p

With the new update you might get a nice mix of both now.

This change is new to 3.56. And, considering the keys are out, if someone spoofs PSN they can run code on your PS3.
 
Choc said:
the problem is with the keys in the wild, people can 'sign' remote code and execute it on your system and the ps3 woudl accept it

they can see if a ps3 is on a network via a port scan, if the ps3 is online it would be past the firewall and the port woudl be open as it has to be for teh ps3 to work

if they can sign viruses and pass them to ps3s as the keys are known publicly thats rather a big problem........

the entire system is compromised with the public keys now availble. it cant be fixed without a hardware update. so this means people can sign anything and the ps3 will run it including malicious code

if tehy can impersonate psn, ding.
Dude you have no idea what the hell you are talking about. Who told you that the code running on boot is just an executable sent by Sony, the same type of executables people are signing for homebrew?

Please don't state such stupid things like they were facts.

And once again... THIS ISN'T NEW. If that danger was real (which it isn't), then you have had this hypothetical problem already.
 

Choc

Banned
Metalmurphy said:
In the same way that someone can hack the US Government or your ISP and access your PC, yes.


are you kidding? what a strawman argument if ever i saw one


have you not read how routers work. routers block ports. it would typically BLOCK the psn port, you open that port the ps3 is allowed BUT hackers can see it

until now it may have been protected, now it *may* (rumor) have a rootkit which is a trojan to allow remote execution of code

that is a big issue
 

Raist

Banned
Choc said:
the problem is with the keys in the wild, people can 'sign' remote code and execute it on your system and the ps3 woudl accept it

they can see if a ps3 is on a network via a port scan, if the ps3 is online it would be past the firewall and the port woudl be open as it has to be for teh ps3 to work

if they can sign viruses and pass them to ps3s as the keys are known publicly thats rather a big problem........

the entire system is compromised with the public keys now availble. it cant be fixed without a hardware update. so this means people can sign anything and the ps3 will run it including malicious code

if tehy can impersonate psn, ding.

People can already precisely do that anyway since all the keys leaked, 3.56 or not. So it's moot.
 

Vagabundo

Member
Metalmurphy said:
In the same way that someone can hack the US Government or your ISP and access your PC, yes.

You're avoiding the issue here. Sony are deliberately injecting a potential security hole. They got slapped for doing it before. Why you defending them?

This looks like a knee jerk move and pretty heavy handed.
 
Choc said:
are you kidding? what a strawman argument if ever i saw one


have you not read how routers work. routers block ports. it would typically BLOCK the psn port, you open that port the ps3 is allowed BUT hackers can see it

until now it may have been protected, now it *may* (rumor) have a rootkit which is a trojan to allow remote execution of code

that is a big issue
There's not a facepalm.gif big enough in the world for that post...

Vagabundo said:
You're avoiding the issue here. Sony are deliberately injecting a potential security hole. They got slapped for doing it before. Why you defending them?

This looks like a knee jerk move and pretty heavy handed.
1. No, this isn't the same.
2. Sony has been doing this on the PS3 for a long time, not just now.
3. Anything can be a potential security hole. Even cross game voice chat but I'm sure you wouldn't be against that.
 
gofreak said:
If I were homebrewing I would never have held much hope of keeping a CFW PS3 online, tbh.

While I'm sure the "hackers" can strip out anything they want from these firmwares, including stuff like this, I wouldn't count on being able to access PSN moving forward. I'd buy a separate homebrew system and have another for PSN if I was concerned about it.
 

LiquidMetal14

hide your water-based mammals
Choc said:
are you kidding? what a strawman argument if ever i saw one


have you not read how routers work. routers block ports. it would typically BLOCK the psn port, you open that port the ps3 is allowed BUT hackers can see it

until now it may have been protected, now it *may* (rumor) have a rootkit which is a trojan to allow remote execution of code

that is a big issue
Don't mod your console then lol

And READ THE TOS portion that is in this very thread. Is that hard to understand when you AGREE TO USE THE PSN?

If you never use the PSN and are offline well then I suggest you stay offline.
 

Choc

Banned
Metalmurphy said:
Please don't state such stupid things like they were facts.

i have a degree in network engineering and info systems. i think i know how a fucking computer network works and its security.......


No one has told us but there is a rumor the remote execution is being done by a rootkit trojan rather then when you connect to psn.

Sony recently came out and said they could kill ps3s even without them connecting to psn, oh how do you do that you say, with a remote kill switch which *could* have been in 3.56

its all speculation and rumor right now but if its true its a problem.

FOR THE ONE HUNDREDTH TIME I DO NOT HACK MY PS3 SYSTEM I DO NOT PIRATE GAMES AND I DO NOT INSTALL CFW

You are all missing the point. This is potentially opening a trojan horse on legitimate ps3 users for hackers to abuse the shit of just like in 2005 with teh rootkit and Sony BMG music cds

they have history, all im saying....
 

Inanna

Not pure anymore!
Choc said:
are you kidding? what a strawman argument if ever i saw one


have you not read how routers work. routers block ports. it would typically BLOCK the psn port, you open that port the ps3 is allowed BUT hackers can see it

until now it may have been protected, now it *may* (rumor) have a rootkit which is a trojan to allow remote execution of code

that is a big issue
Goddamn... Do you even know what you are talking about???
 

LiquidMetal14

hide your water-based mammals
Vagabundo said:
You're avoiding the issue here. Sony are deliberately injecting a potential security hole. They got slapped for doing it before. Why you defending them?

This looks like a knee jerk move and pretty heavy handed.
Again, stay off PSN if you don't want your homebrew impacted. I'm not condemning it but I am certainly not sympathetic if your console ends up harmed due to logging in on PSN with altered SW.
 
Choc said:
i have a degree in network engineering and info systems. i think i know how a fucking computer network works and its security.......


No one has told us but there is a rumor the remote execution is being done by a rootkit trojan rather then when you connect to psn.

Sony recently came out and said they could kill ps3s even without them connecting to psn, oh how do you do that you say, with a remote kill switch which *could* have been in 3.56

its all speculation and rumor right now but if its true its a problem.

FOR THE ONE HUNDREDTH TIME I DO NOT HACK MY PS3 SYSTEM I DO NOT PIRATE GAMES AND I DO NOT INSTALL CFW

You are all missing the point. This is potentially opening a trojan horse on legitimate ps3 users for hackers to abuse the shit of just like in 2005 with teh rootkit and Sony BMG music cds

they have history, all im saying....

Haha. Ok.
 
Choc said:
Sony recently came out and said they could kill ps3s even without them connecting to psn, oh how do you do that you say, with a remote kill switch which *could* have been in 3.56

Sony never said that they can brick your PS3, that's something that DigitalFoundry mentioned. And they had that ability before this update. If you read that DF article it mentions that Sony can do a lot more with the PS3 than many people think.
 

jorma

is now taking requests
LiquidMetal14 said:
Oh boy, the entitlement without understanding the TOS is hilarious. I won't explain it as someone already made a small not so large worded post stating such.


But the CFW hackers and makers are the good guys no? Yes I was being sarcastic because I agree with your sentiments.

People are arguing that my PS3 belongs to Sony and i'm the one called the e-word?

That's rich.
 

Vagabundo

Member
LiquidMetal14 said:
Again, stay off PSN if you don't want your homebrew impacted. I'm not condemning it but I am certainly not sympathetic if your console ends up harmed due to logging in on PSN with altered SW.

Read the OP. I'm not running homebrew.
 

spwolf

Member
Vagabundo said:
You're avoiding the issue here. Sony are deliberately injecting a potential security hole. They got slapped for doing it before. Why you defending them?

This looks like a knee jerk move and pretty heavy handed.

any code you run on your PS3 is possible security hole though, this is nothing extra. There is no magic there.
 
SolidSnakex said:
Sony never said that they can brick your PS3, that's something that DigitalFoundry mentioned. And they had that ability before this update. If you read that DF article it mentions that Sony can do a lot more with the PS3 than many people think.

Bricking your PS3 on purpose would probably be illegal anyway.
 

LiquidMetal14

hide your water-based mammals
So are the homebrew modders who sign into PSN more right that Sony on this? Serious question? Or is the TOS for PSN useless and to be ignored?

Vagabundo said:
Read the OP. I'm not running homebrew.
It's cool. I'm arguing the bigger crowd. No disrespect and such. I'm looking at it more broadly is all :)
 

Choc

Banned
you're all a bunch of naive people

i'm out but don't come crying or whinging when its exposed ps3s are getting hacked via rootkit sony secretly put in. IF that is what happened

i am not saying fors ure it did, i am pointing out the potential dire consequences if it HAS happened

if its purelike xbox live i dontcare

if its a root kit, well then

2005 all over again.

for those saying the ps3 was already on the internet and therefore exposd, true, but it never had a bloody trojan in it (if it does now) before did it

fuck.
 

Ploid 3.0

Member
Wow this update is turning out to be a awesome move so far. The first day people laughed it out of the room (the locked new firmware thread). Now it's proven to be a solid defense.

4

P.S. Not as cool as Directv's "Game Over" checkmate but it looks like Sony is lining up it's attempt at one.
 

kitch9

Banned
Inanna said:
Goddamn... Do you even know what you are talking about???

No he's been rambling incoherent babble in a few threads now.

He seems to think the PS3 is a PC, and that Sony have no right to protect their networks and legit users of their machine. He keeps calling the 3.56 firmware a rootkit too which is just plain daft.


Choc said:
you're all a bunch of naive people

i'm out but don't come crying or whinging when its exposed ps3s are getting hacked via rootkit sony secretly put in. IF that is what happened

i am not saying fors ure it did, i am pointing out the potential dire consequences if it HAS happened

if its purelike xbox live i dontcare

if its a root kit, well then

2005 all over again.

for those saying the ps3 was already on the internet and therefore exposd, true, but it never had a bloody trojan in it (if it does now) before did it

fuck.


Go read some shit, get educated, and come back....... Bye.
 
NemesisPrime said:
Bricking your PS3 on purpose would probably be illegal anyway.

Yeah, that's definitely something that they won't do. I was just pointing out that they had that ability to do that before this update. Just as they have the ability to ban anyone they want from PSN.
 

RyanDG

Member
Choc said:
i have a degree in network engineering and info systems. i think i know how a fucking computer network works and its security.......


No one has told us but there is a rumor the remote execution is being done by a rootkit trojan rather then when you connect to psn.

Sony recently came out and said they could kill ps3s even without them connecting to psn, oh how do you do that you say, with a remote kill switch which *could* have been in 3.56

its all speculation and rumor right now but if its true its a problem.

FOR THE ONE HUNDREDTH TIME I DO NOT HACK MY PS3 SYSTEM I DO NOT PIRATE GAMES AND I DO NOT INSTALL CFW

You are all missing the point. This is potentially opening a trojan horse on legitimate ps3 users for hackers to abuse the shit of just like in 2005 with teh rootkit and Sony BMG music cds

they have history, all im saying....


Where is this rumor source that it's a rootkit trojan? Secondly, where has Sony stated that they have a kill switch (including offline) in the PS3? I've never seen an official acknowledgment of that.
 
Top Bottom