Post: fail0verflow! - Sony's ECDSA code
Options
12-29-2010, 04:08 PM
#1
manster
League Champion
Hi!
Featured News from You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
JAILBREAK -> DOWNGRADE -> fail0verflow
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Well the big PS3 Exploit talk is now officially over at the annual 27C3 conference. All the big names in the developer scene world was there giving a one hour talk regarding Sony's EPIC FAIL
You must login or register to view this content.
But basically they talked about how the PS3 totally failed in security, by botching the pki implementation it became possible to calculate the keys needed to sign everything. PUBLIC PRIVATE KEYS, and replacing the "revoke-list" with super-large one (overflow) during the bootup NOR flash at startup, giving them full control of the PS3 system.
Featured News from You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
JAILBREAK -> DOWNGRADE -> fail0verflow
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Well the big PS3 Exploit talk is now officially over at the annual 27C3 conference. All the big names in the developer scene world was there giving a one hour talk regarding Sony's EPIC FAIL
You must login or register to view this content.
But basically they talked about how the PS3 totally failed in security, by botching the pki implementation it became possible to calculate the keys needed to sign everything. PUBLIC PRIVATE KEYS, and replacing the "revoke-list" with super-large one (overflow) during the bootup NOR flash at startup, giving them full control of the PS3 system.
The 360 console is now more of secure system then the PS3 after all these years!
This site was announcend at the conference
You must login or register to view this content. - Coming Soon
You must login or register to view this content.
check this site too
You must login or register to view this content.
"The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits."
"we can now run unsigned code on an non-exploited PS3."
@KushanTheCat our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.
Our current PS3 goal: AsbestOS.pup
Myth #1: It took us 3-4 years to do this. Negative, this exploit only took a few months after we started working. We weren't trying before.
Myth #2: Sony can change keys. No, they can't. These aren't encryption keys, they're signing keys. If they change them GAMES STOP WORKING.
Clarification #3: The private keys refer to keys that Sony HQ uses. PS3s don't have these keys (but we calculated them due to the fail).
Clarification #4: the random number isn't 4, it's more like 007eabbb79360e14df1457a4194b82f71a0dc39280 (example). But it's still constant.
Note: we won't be working long-term on CFW or similar. We'll release tools and a PoC, someone else can take over. The fun part is done
Myth: Geohot -> Sony pulls OtherOS -> JB -> Fail. Fact: Slim had no OtherOS -> Geohot -> ... . Geohot started his work due to the Slim.
@You must login or register to view this content. yes, we'll release all our tools as soon as we cleaned them up in january or so.
Great news for all PS3 User's 
Console Hacking 2010 - Chaos Communication Congress
Screenshots:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
short videos from the conference:
[ame]https://www.youtube.com/watch?v=YbUVgxw1yWc&feature=player_embedded[/ame]
[ame]https://www.youtube.com/watch?v=GPjd6gHY6A4[/ame]
[ame]https://www.youtube.com/watch?v=ClnvJe4_u0Q&feature=player_embedded[/ame]
Full Video
[ame]https://www.youtube.com/watch?v=hcbaeKA2moE[/ame]
Splitted in 3 parts:
[ame]https://www.youtube.com/watch?v=X6CA4fqAdsc&feature=player_embedded[/ame]
[ame]https://www.youtube.com/watch?v=X8ohOy8_XO4&feature=player_embedded[/ame]
[ame]https://www.youtube.com/watch?v=Eag0VyRTld8&feature=player_embedded[/ame]
Download full video here (right click -> save as):
You must login or register to view this content.
Marcan @ 27C3 Lightning Talk
[ame]https://www.youtube.com/watch?v=lGI0EnNQ5GE&feature=player_embedded[/ame]
Have fun watching
Sources:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
This site was announcend at the conference
You must login or register to view this content. - Coming Soon
You must login or register to view this content.
check this site too
You must login or register to view this content.
Originally posted by another user
"The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits."
"we can now run unsigned code on an non-exploited PS3."
@KushanTheCat our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.
Our current PS3 goal: AsbestOS.pup
Myth #1: It took us 3-4 years to do this. Negative, this exploit only took a few months after we started working. We weren't trying before.
Myth #2: Sony can change keys. No, they can't. These aren't encryption keys, they're signing keys. If they change them GAMES STOP WORKING.
Clarification #3: The private keys refer to keys that Sony HQ uses. PS3s don't have these keys (but we calculated them due to the fail).
Clarification #4: the random number isn't 4, it's more like 007eabbb79360e14df1457a4194b82f71a0dc39280 (example). But it's still constant.
Note: we won't be working long-term on CFW or similar. We'll release tools and a PoC, someone else can take over. The fun part is done
Myth: Geohot -> Sony pulls OtherOS -> JB -> Fail. Fact: Slim had no OtherOS -> Geohot -> ... . Geohot started his work due to the Slim.
@You must login or register to view this content. yes, we'll release all our tools as soon as we cleaned them up in january or so.
Console Hacking 2010 - Chaos Communication Congress
Screenshots:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
short videos from the conference:
[ame]https://www.youtube.com/watch?v=YbUVgxw1yWc&feature=player_embedded[/ame]
[ame]https://www.youtube.com/watch?v=GPjd6gHY6A4[/ame]
[ame]https://www.youtube.com/watch?v=ClnvJe4_u0Q&feature=player_embedded[/ame]
Full Video
[ame]https://www.youtube.com/watch?v=hcbaeKA2moE[/ame]
Splitted in 3 parts:
[ame]https://www.youtube.com/watch?v=X6CA4fqAdsc&feature=player_embedded[/ame]
[ame]https://www.youtube.com/watch?v=X8ohOy8_XO4&feature=player_embedded[/ame]
[ame]https://www.youtube.com/watch?v=Eag0VyRTld8&feature=player_embedded[/ame]
You must login or register to view this content.
Marcan @ 27C3 Lightning Talk
[ame]https://www.youtube.com/watch?v=lGI0EnNQ5GE&feature=player_embedded[/ame]
Have fun watching
Sources:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Last edited by
manster ; 12-31-2010 at 11:43 PM.
The following 29 users say thank you to manster for this useful post:
369lo, 8======D----, bcb, Cain, CHuRCHYx, CRACKbomber, Fallen152039, Geigers, GetDeleted -_-, Hells, ihaxgames, IRiSe_GodFather, iSergeant-Adam, KimKardashian, MarioDaKid, Mark00agent, Mr. Aimbot, Mr. Star, Nicky74me, ProjectPartial, Slashey, Solid Snake, Suxh4rd2bu, That Guy_, The InvadeR, The Overdose, Uk_ViiPeR, UMD, XxLuisMaxX
The following user thanked qwerew for this useful post:
12-31-2010, 03:54 AM
#57
Skylines
The Forgotten
Originally posted by manster
Hi!
Featured News from You must login or register to view this content.
You must login or register to view this content.
Sony got pwned
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Well the big PS3 Exploit talk is now officially over at the annual 27C3 conference. All the big names in the developer scene world was there giving a one hour talk regarding Sony's EPIC FAIL
This site was announcend at the conference
You must login or register to view this content. - Coming Soon
You must login or register to view this content.
check this site too
You must login or register to view this content.
Great news for all PS3 User's
Console Hacking 2010 - Chaos Communication Congress
screenshots:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
short videos from the conference:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Full Video
You must login or register to view this content.
Splitted in 3 parts:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Download full video here (right click -> save as):
You must login or register to view this content.
Marcan @ 27C3 Lightning Talk
You must login or register to view this content.
Have fun watching
Sources:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Featured News from You must login or register to view this content.
You must login or register to view this content.
Sony got pwned
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Well the big PS3 Exploit talk is now officially over at the annual 27C3 conference. All the big names in the developer scene world was there giving a one hour talk regarding Sony's EPIC FAIL
You must login or register to view this content.
But basically they talked about how the PS3 totally failed in security, by botching the pki implementation it became possible to calculate the keys needed to sign everything. PUBLIC PRIVATE KEYS, and replacing the "revoke-list" with super-large one (overflow) during the bootup NOR flash at startup, giving them full control of the PS3 system.
The 360 console is now more of secure system then the PS3 after all these years!
But basically they talked about how the PS3 totally failed in security, by botching the pki implementation it became possible to calculate the keys needed to sign everything. PUBLIC PRIVATE KEYS, and replacing the "revoke-list" with super-large one (overflow) during the bootup NOR flash at startup, giving them full control of the PS3 system.
The 360 console is now more of secure system then the PS3 after all these years!
This site was announcend at the conference
You must login or register to view this content. - Coming Soon
You must login or register to view this content.
check this site too
You must login or register to view this content.
Great news for all PS3 User's
Console Hacking 2010 - Chaos Communication Congress
screenshots:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
short videos from the conference:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Full Video
You must login or register to view this content.
Splitted in 3 parts:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
Marcan @ 27C3 Lightning Talk
You must login or register to view this content.
Have fun watching
Sources:
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
I like how you keep posting that Sony epic fail shit picture everywhere, but if I'm not wrong I see right there under your rep and crap it says you have a ps3? Wtf are you? A double agent? No you might be a retard, but hey what do I know.
12-31-2010, 07:54 AM
#58
DCLXVI
Smoke weed.
Originally posted by skylines4life
I like how you keep posting that Sony epic fail shit picture everywhere, but if I'm not wrong I see right there under your rep and crap it says you have a ps3? Wtf are you? A double agent? No you might be a retard, but hey what do I know.
Sony ****ing failed dude, thats the good part of having a ps3
12-31-2010, 10:36 AM
#59
The InvadeR
Who’s Jim Erased?
12-31-2010, 04:13 PM
#60
manster
League Champion
Originally posted by skylines4life
I like how you keep posting that Sony epic fail shit picture everywhere, but if I'm not wrong I see right there under your rep and crap it says you have a ps3? Wtf are you? A double agent? No you might be a retard, but hey what do I know.
i have 2 ps3 (in my family 5 ps3)
double agent? lol
why a retard
i'm just happy to get Linux or whatever on my slim (firefox, mame, n64, ...)
JAILBREAK -> DOWNGRADE -> fail0verflow
12-31-2010, 06:38 PM
#61
Goone
Looking for Suzzy
I can't see why everyones pissed. Who the hell gives a rats ass if we get hacking done in pubs, get over yourself. Play another game, back out or don't play the game. Or, hacking for yourself. There is guaranteed atleast half the people on PS3 who will not hack either way once the key is released. Too many stupid people.
12-31-2010, 11:22 PM
#62
ProjectPartial
Simplicity.
Originally posted by ZYMI
I can't see why everyones pissed. Who the hell gives a rats ass if we get hacking done in pubs, get over yourself. Play another game, back out or don't play the game. Or, hacking for yourself. There is guaranteed atleast half the people on PS3 who will not hack either way once the key is released. Too many stupid people.
One of my friends on PSN deleted me because I was explaining the fail0verflow Private Key exploit (not really an exploit...) and what we can do with it (eg. Anything
)...he sends me a message after he deleted me:go gt a life u ****** ****
I reply back:
Pedo-bear iz coming for yu
I'm pretty sure I scared the s*** out him...
The following user thanked ProjectPartial for this useful post:
01-01-2011, 12:00 AM
#63
LilGrim504
Save Point
01-01-2011, 11:31 AM
#64
Ada Wong
So cute!
Originally posted by packarda12
Are you stupid how are they going to patch this with a new firmware they cant block signed code can they.
If they block signed code previous games and maybe even stuff like controllers would not work.
The only possible way to patch it is if they implement a new signature which i don't even think is possible as the system would have to be modified.
If they block signed code previous games and maybe even stuff like controllers would not work.
The only possible way to patch it is if they implement a new signature which i don't even think is possible as the system would have to be modified.
it is possible cause the codes of games going to change with a single patch....
and the controler its going to "say connect the controller using a USB to use the controller" then the code is rewrited
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
