Post: [UPDATED] PS3 'Private Key,' Enabling Unauthorized Code
Options
12-29-2010, 10:52 PM
#1
CLM
[b]They say sorry Mr. West is..[/b]
PS3 'Private Key,' Enabling Unauthorized Code
UPDATE: Some tools for ps3 files. Expect some fail, this is still WIP. Check it out here: You must login or register to view this content.
UPDATE:
UPDATE: Sha1 hashes for some keys
UPDATE: The scam videos are gone now but the fake Fail0verflow account is still there. Don't get fooled by imposter's.
UPDATE: Watch out for Fail0verflow impersonators. They will scam you.
UPDATE: What Sony has to do to patch this! (Thanks manster)
1) Respin the hardware. There's an incredible exploit in that the verification of bootloaders loaded off the NAND/NOR is verified after they've been loaded, and then they're allowed to continue to execute. This is why ALL EXISTING PS3s on the market are from now on hackable. Really. There's nothing that can be done to stop this.
2) Design new firmware(s) that contains the infamous "whitelist" of all previously (and erroneously) signed software, but with new keys and new signature verification algorithms. Deploy these firmwares/loaders ONLY on the respinned hardware (see above).
3) For older hardware (that is, everything already produced from the factory and on the market) release new firmware that contains the new signature verification algorithms, but NOT any of the new keys. Remember, what you deploy on the old hardware is fully transparent. Update the loaders as well, as talked about in the presentation, since that will force everyone who wants to have a still jailbroken console to install a modchip (see #1).
4) Dual-sign all new stuff. Old broken consoles will be able to run it, and the new secure model will verify with new keys. Previously signed software will only execute on the new systems if they pass the whitelist-test.
UPDATE: What Marcan had to install in order to dump/change the NOR chip. This is probably what your going to have to do.
UPDATE:
This should be released by January
Fail0verflow releases this statement about Geohot
UPDATE: Marcan @ 27C3 Lightning Talk
[ame]https://www.youtube.com/watch?v=lGI0EnNQ5GE[/ame]
Read the slide presentation during the conference here: You must login or register to view this content.
UPDATE: PS3 Demo NOW in #Saal3 at #27c3
You must login or register to view this content.
WATCH HERE: You must login or register to view this content.
(Note: Streaming from that room is a little overloaded atm. If you can't connect be patient)
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
WATCH HERE: You must login or register to view this content.
(Note: Streaming from that room is a little overloaded atm. If you can't connect be patient)
You must login or register to view this content.
You must login or register to view this content.
Fail0verflow, the hackers responsible for the Wii's Homebrew channel, gave a presentation during the Chaos Communication Conference 27C3 in which they are claiming they have figured out the 'private key' used by Sony to authorize code to run on retail PS3 systems. This could potentially give "full control of the PS3 system," without having to use a usb device. For those of you who don’t understand yet, this will make us able to sign our own files with Sony’s encryption will and allow us to create our own software/homebrew and load it without even needing to jailbreak the PS3, because it will look like a legit piece of software from Sony.
Btw: PSN ACCESS NOT YET CONFIRMED
The group will explain more when their website launches, and have planned a demo for tomorrow's conference. But what they have explained is how Sony didn't bother generating any random numbers to secure the PS3. Look at the picture below.
Read the tweet below on what this is supposed to do. As it is not meant to enable PS3 game piracy.
But don't expect to see the website launch tomorrow. Fail0verflow told Joystiq the folllowing via twitter.
UPDATE: Full presentation after the break, courtesy of PSGroove.
[ame]https://www.youtube.com/watch?v=HEFMAP0mTvY[/ame]
[ame]https://www.youtube.com/watch?v=qFuTCEtK6l8[/ame]
[ame]https://www.youtube.com/watch?v=84WI-jSgNMQ[/ame]
Fail0verflow just launched another statement on the PS3's security
To keep up to date with Fail0verflow's progress and work, check out their You must login or register to view this content. and You must login or register to view this content.
Note: Their website is currently down at the moment because they are working on a demo.
Source: You must login or register to view this content.
Last edited by
CLM ; 01-02-2011 at 11:15 PM.
The following 64 users say thank you to CLM for this useful post:
-Smurf-, $oulja, Alpha, Analdogfag, angel_of_deth, balerdoni, benyon, BooshMayne, Carbon0x, MikeOxBig, Clutch Hunterr, CRACKbomber, CRaZyY, danielsarpa, davirus_, dela_tiges12, divybc, DR-Dizzy, egonadrian, Extrazior, helpmeoprah, I'm A Rep Whore, I3LaCkOuTz, ihatecompvir, ihaxgames, johndahon94-PS3, JP, jubz-2k10, juddylovespizza, kaliboi, Kill_tony485, kjoshi, Kombust, LAD_Dodgers, legitmod, Lick, Lucy Pinder, Matteram, MBO, Mr. DarkKV, Mr. Star, Mr.MoldyOrange, Mw21212, Night Wolf, NorskTnaka, NwO_OweN, ogbrandon, River J, CHAOZ, sauronith, Shieldsy, ShottinG STarzz, Sk8erFerSur, Skylines, snipedu7512, sofeball, tcwyw, Teh Niganator, the stuff, Vampytwistッ, w8t4it, Weehuntz, xCamoLegend, xMagiik
12-29-2010, 11:50 PM
#11
adamjbh
Haxor!
What this means is that the ps3 could be hacked as easily as pc games! This will most likely be ended when the next major update comes out, not so sure though. This should allow people to run linux on any firmware and be able to be hacked fully! So we could control the whole system not just certain parts they want us to see
12-30-2010, 12:31 AM
#12
ihaxgames
Treasure hunter
Originally posted by F
The next firmware updated will probably change the private key or something...
That would require re-signing all .SELFs for all games, updates, DLC, demos, and everything else, they would need to resign almost ALL PSN STORE CONTENT. Sony would not be able to do all that, and I'm not even sure that's possible to change, and if sony changed the private key, it would be changed for all firmwares, as if an older firmware console had an update installed with the "New" private key that would definitely screw things up. plus they bypassed most of the security, so Sony is ****ed to say the least
12-30-2010, 12:32 AM
#13
Deadpool
Cake is a lie
Originally posted by ihaxgames
That would require re-signing all .SELFs for all games, updates, DLC, demos, and everything else, they would need to resign almost ALL PSN STORE CONTENT. Sony would not be able to do all that, and I'm not even sure that's possible to change, and if sony changed the private key, it would be changed for all firmwares, as if an older firmware console had an update installed with the "New" private key that would definitely screw things up. plus they bypassed most of the security, so Sony is ****ed to say the least
They could change it and make a list to accept the old ones... Not as the random but accept JUST the WHOLE key.
12-30-2010, 12:36 AM
#14
ihaxgames
Treasure hunter
Originally posted by F
They could change it and make a list to accept the old ones... Not as the random but accept JUST the WHOLE key.
Yes, but they're using the official key to sign the .SELFs, so technically they would need to change the key on everything, and they'd need to either revoke the old key (If possible) or revoke individual .SELFs (Which probably won't be done except for backup managers)
12-30-2010, 12:39 AM
#15
Deadpool
Cake is a lie
Originally posted by ihaxgames
Yes, but they're using the official key to sign the .SELFs, so technically they would need to change the key on everything, and they'd need to either revoke the old key (If possible) or revoke individual .SELFs (Which probably won't be done except for backup managers)
Yes but even if they use the same method the WHOLE key will still be different. They accept ALL old WHOLE keys and use a new method for new games...
12-30-2010, 12:39 AM
#16
manster
League Champion
Originally posted by ihaxgames
Yes, but they're using the official key to sign the .SELFs, so technically they would need to change the key on everything, and they'd need to either revoke the old key (If possible) or revoke individual .SELFs (Which probably won't be done except for backup managers)
Myth #2: Sony can change keys. No, they can't. These aren't encryption keys, they're signing keys. If they change them GAMES STOP WORKING.
source:
You must login or register to view this content.
The following 2 users say thank you to manster for this useful post:
12-30-2010, 01:13 AM
#19
MarioDaKid
.:SwagTeam or Die:.
I hope they don't release this thing. Hacking is only fun when few people are doing it, but when everyone gets their hands on it then it becomes gay. Just saying 
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
