Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Playstation 3 Code Signing Cracked For Good

samzenpus posted more than 3 years ago | from the forever-is-a-long-time dept.

Sony 534

ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"

Sorry! There are no comments related to the filter you selected.

frist psot (-1)

Anonymous Coward | more than 3 years ago | (#34703428)

The PS3 is pants.

Sigh (4, Insightful)

Anonymous Coward | more than 3 years ago | (#34703434)

"Following this, the team declared Sony's security to be EPIC FAIL!"

Is it really necessary for everybody to talk like complete dicks nowadays?

Re:Sigh (1)

Nadaka (224565) | more than 3 years ago | (#34703482)

No. Only people who announce their 733t #@xor 5k177s or those who p0wn newbs.

Re:Sigh (4, Funny)

socceroos (1374367) | more than 3 years ago | (#34703874)

The only 733ts I'm aware of are my wife's.

Re:Sigh (5, Interesting)

Raineer (1002750) | more than 3 years ago | (#34703668)

"Following this, the team declared Sony's security to be EPIC FAIL!"

Is it really necessary for everybody to talk like complete dicks nowadays?

To be honest I'm not sure how you can call Sony security a failure. As far as popular consumer devices go, the PS3 lasted for eons. I am both a Sony and Apple fanboy (somewhat), and have to laugh at the hours (literally) it takes any Apple product to be cracked while Sony (as dysfunctional as any company there is) makes a product that lasts for years. Cracking the keys was inevitable, but Sony should be recognized for making it more difficult than anyone else :) I still sit on the side of the fence where the damn thing should have been open from the get-go...but meh

Re:Sigh (5, Insightful)

MoonBuggy (611105) | more than 3 years ago | (#34703734)

I get the impression that the moderate openness of the PS3 at release was exactly what did preserve its uncracked status for so long. As soon as they locked out the 'Other OS' option, they pissed off the precise segment of the userbase who also have the skill to crack any subsequent security improvements.

Re:Sigh (5, Interesting)

MoonBuggy (611105) | more than 3 years ago | (#34703846)

Having followed the finest Slashdot tradition and only read TFA after posting, it appears that there was truth in my speculation. Fail0verflow [fail0verflow.com] , the group that found the keys, posted on twitter [twitter.com] that "we only started looking at the ps3 after otheros was killed.". That means they did this in nine months.

Re:Sigh (0)

JavaBear (9872) | more than 3 years ago | (#34703818)

Agreed, the PS3 withstood the hacking attempts for about 6 years, compared to the competition that is a VERY long time.

Re:Sigh (2)

neokushan (932374) | more than 3 years ago | (#34703924)

I wasn't aware that the PS3 was released in 2004.

Re:Sigh (0)

Anonymous Coward | more than 3 years ago | (#34703946)

6 years? Are you from the future?

Re:Sigh (1, Insightful)

sp1nny (1350037) | more than 3 years ago | (#34703964)

"Following this, the team declared Sony's security to be EPIC FAIL!"

Is it really necessary for everybody to talk like complete dicks nowadays?

It really does reflect on the mentality of the people doing this doesn't it? Reading through the summary, my impression of these people went from "hey, those are a bunch of smart guys" to "probably a bunch of socially misfit dickwads".

Comfort Level (1)

BigSes (1623417) | more than 3 years ago | (#34703448)

I feel a bit more comfortable jailbreaking a game system with a dongle or some other easily removable device, if I would like to resell it, etc. I guess I'm just that paranoid.

Re:Comfort Level (0)

Anonymous Coward | more than 3 years ago | (#34703544)

Reselling a PS3 is like reselling used car tires: not worth messing with. you'll make more money if you spend the same amount of time pretending to be a hot jailbait girl typing in random shit on a blog with ads on it.

Epic Fail? WTF? (4, Insightful)

scum-e-bag (211846) | more than 3 years ago | (#34703450)

Epic Fail? WTF?

How many years has it taken to crack the PS3?

I'd say that Sony has done a remarkable job.

Re:Epic Fail? WTF? (0)

Anonymous Coward | more than 3 years ago | (#34703496)

41 million units sold, only 4 million behind the 360 which had a year head start. Not too bad really considering the number of 360 owners that run one unit for legit online play, and a second for pirated games.

That said, both consoles are long in the tooth and showing their age, time for the wheel to turn and get on with xbox3 and ps4.

Re:Epic Fail? WTF? (0)

Anonymous Coward | more than 3 years ago | (#34703534)

Long in the tooth? The fuck are you talking about? Both consoles have at least another year or two of mileage. Only the Wii is technologically outdated, and it's been that way since it was released.

Re:Epic Fail? WTF? (1)

mark72005 (1233572) | more than 3 years ago | (#34703646)

Or the ones who run one unit until it burns up, then buy a new one!

Re:Epic Fail? WTF? (1)

alen (225700) | more than 3 years ago | (#34703714)

i have both, and only game on my 360. PS3 is great as a blu ray/media player. same price as the other blu ray players but a lot more functionality. no reason to ever buy a single game for it

Re:Epic Fail? WTF? (-1, Troll)

MichaelKristopeit340 (1967534) | more than 3 years ago | (#34703500)

i'm sure the same idiots would also consider allowing a system to enter the public field an act of botched security.

slashdot = stagnated

Re:Epic Fail? WTF? (0)

MichaelKristopeit340 (1967534) | more than 3 years ago | (#34703752)

the truth = troll.

slashdot = stagnated

Re:Epic Fail? WTF? (0)

Anonymous Coward | more than 3 years ago | (#34703516)

How many years? Has it even been a single year since they removed OtherOS? Nobody gave a shit before that.

Re:Epic Fail? WTF? (4, Insightful)

Riceballsan (816702) | more than 3 years ago | (#34703726)

It's pretty true there, before the other OS, there weren't even known attempts, beyond one lame idiot saying he thought he might someday be able to do it through the other OS, that caused sony to go crazy and remove the other OS feature. Before then sony had the best possible security possible for a console, give the modders an outlet, modders/homebrewers with high inteligence usually are not the same as the modders that want to sell to pirates, so you keep the smart ones busy, and the pirates won't have anyone to do their dirty work for them. You flip the finger at them and tell them they are a security risk and can no longer keep what you sold them... well expect the most determined wave of security breaks in history.

Re:Epic Fail? WTF? (1)

nedlohs (1335013) | more than 3 years ago | (#34703572)

That's right, how long when otherOS was available did it last without such a crack?

And once it was removed, how long?

Re:Epic Fail? WTF? (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34703616)

I think that the "epic fail" part isn't the overall security of the PS3(which has generally been a pretty good sinister representative of the dystopian "trusted computing" future); but the fact that they somehow managed to build a code-signing verification mechanism that allowed their private key to be computed by an outside party.

Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify that a private key was used to sign something with nothing more than the public key, from which the private key should be computable only in a time longer than the lifespan of the universe's remaining protons. That is the part that they apparently managed to fuck up. In terms of generally being a tough nut to crack, Sony did a pretty decent job. However, if TFA is true and not misleading, they failed to implement an absolutely foundational part of practical cryptography properly...

Re:Epic Fail? WTF? (-1, Troll)

MichaelKristopeit339 (1967532) | more than 3 years ago | (#34703800)

the private key should be computable only in a time longer than the lifespan of the universe's remaining protons.

do you know how i know you're an idiot?

i assure you, my knowledge of your idiocy is true and not misleading.

cower behind your chosen pseudonym some more, feeb.

you're completely pathetic.

Re:Epic Fail? WTF? (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34703838)

Are you going to tell me why I'm wrong, or is computing the fact that I am wrong, with certainty; without revealing the wrongness, part of some very subtle public/private key pun on your part?

Re:Epic Fail? WTF? (0)

Anonymous Coward | more than 3 years ago | (#34703866)

you're completely pathetic.

First correct thing you've posted here MKP. Too bad it's self incriminating...

Re:Epic Fail? WTF? (1)

neokushan (932374) | more than 3 years ago | (#34703960)

In a nutshell, Sony did really well with their security but managed to fuck up the one thing that everyone else (Apple, Microsoft, Nintendo, etc.) got right.

Re:Epic Fail? WTF? (1)

Demize (55201) | more than 3 years ago | (#34703682)

Back before Sony disabled the "Other OS" option on the PS3, trying to subvert its security was not a high priority. The first security hacks arrived within weeks. This shows that once hackers were incentivized, the security was never really that good to begin with. Dongle-less cracking is really just the next step in the inevitable. It's actually a bit surprising it took this long, but it was expected.

What wasn't expected was getting access to the signing keys. This is fairly unprecedented, as far as I know. There have always been rooting/jailbreaking/etc. hacks, but they've always worked around or suppressed the key/certificate model. You can think of these methods as picking a lock or breaking the door. Some solutions are more elegant than others. The "Epic Fail" on Sony's part came when a mildly interested party discovered the keys under the welcome mat. That's some pretty terrible security.

Not altogether unprecedented... (1)

SuperKendall (25149) | more than 3 years ago | (#34703944)

...access to the signing keys. This is fairly unprecedented, as far as I know

The HDCP master key was also recently found [pcmag.com] .

Re:Epic Fail? WTF? (1)

sqlrob (173498) | more than 3 years ago | (#34703742)

A flaw that exposes private keys? That's an epic fail and far from remarkable.

A regular jailbreak? Yeah, understandable and a fail, but not epic.

Re:Epic Fail? WTF? (1)

crow_t_robot (528562) | more than 3 years ago | (#34703880)

I think it should be taken into consideration that the people that worked on this were most likely (I haven't confirmed this but is usually the case) amateurs working on this stuff in their free time. I am sure that a professional crew could have accomplished this in a few days.

Invalidate Private Keys (4, Insightful)

VGPowerlord (621254) | more than 3 years ago | (#34703466)

It's a bit late to invalidate private keys.

My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.

Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.

Re:Invalidate Private Keys (2)

SuricouRaven (1897204) | more than 3 years ago | (#34703564)

They won't. But they might hasten the release of the PS4.

Re:Invalidate Private Keys (1)

afidel (530433) | more than 3 years ago | (#34703940)

Why? They are now making money on the console so they don't really care if it has a lower attach rate and it won the war vs HD-DVD which for Sony was half the point of releasing it.

Re:Invalidate Private Keys (0)

kesuki (321456) | more than 3 years ago | (#34703678)

"My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work."

and that is bad in which universe? video gaming is fun but gamers have gone off the deep end when it comes to how to use computer tech wisely. reminds me of when the q put humanity on trial. ah good times.

Re:Invalidate Private Keys (0)

Anonymous Coward | more than 3 years ago | (#34703756)

The universe where people that purchased a product expect it to work. Forget about Star Trek and try living in the real world.

Re:Invalidate Private Keys (1)

Anonymous Coward | more than 3 years ago | (#34703872)

That is terrible advice, Counselor Troi. Why do you dress like that, anyway?

Re:Invalidate Private Keys (5, Insightful)

igreaterthanu (1942456) | more than 3 years ago | (#34703690)

My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

They already have a list of all genuine games signed by the now compromised keys. They could potentially release an update that used new keys but also accepted the old keys provided it had signed something on the already known genuine list of games.

precisely. (0)

spazdor (902907) | more than 3 years ago | (#34703928)

Mod parent up, folks. This is exactly the fix we should expect from them.

Re:Invalidate Private Keys (2)

The MAZZTer (911996) | more than 3 years ago | (#34703696)

Via a firmware update, they could invalidate the keys for any new titles, while still allowing old titles to work via a whitelist. Thus anything new signed with the old key would be rejected.

Of course then you just create a loader that has a matching checksum to a legitimate title and the cat and mouse game continues.

Re:Invalidate Private Keys (1)

Kartu (1490911) | more than 3 years ago | (#34703706)

Sony could still whitelist existing games and sign new ones with new key. Not sure if it is worth the effort though.

Re:Invalidate Private Keys (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34703718)

Not that I want them to succeed; but they could always do something like: "Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."

The number of existing PS3 games, DLCs, etc., while not small, is finite and pretty well characterized. It would be a pain in the ass; but not fundamentally difficult, to compute the hash of each one that is tainted by the compromised key and hardcode trust of it into the same patch that otherwise nukes that key and anything signed by it.

Now, since the private keys presumably also control verification of patches, it is likely that some number of PS3s will permanently leave their control, with hacked patches applied that spoof acceptance of future patches, thus leaving them in control of their owners; but regaining control of all unsophisticated updaters and all PS3s leaving the factory from now on doesn't seem fundamentally impractical...

Re:Invalidate Private Keys (1)

afidel (530433) | more than 3 years ago | (#34703962)

So the console is going to read a BD-ROM and compute the SHA-1 on each startup? And you thought it was slow to start playing now!

Re:Invalidate Private Keys (0)

NitroWolf (72977) | more than 3 years ago | (#34703724)

It's a bit late to invalidate private keys.

My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.

Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.

When has massive technological failure and massive PR failure ever stopped Sony? Last time I remember was in the 1980's. Since then, it's been one PR disaster after another and their technological edge is long, long gone. Invaliding all the private keys would be right along the lines of something they'd do without a second thought. They still think they are the cream of the crop when it comes to hardware, so they think they can get away with anything. The reality of the situation a bit different, though, sadly... but they still behave like everyone wants their electronic junk. The only piece of superior electronics they've made in the past decade I can think of was the original PRS eBook readers. They were superior to every other eBook reader on the market two or three years ago. They are about on par now, though. Otherwise, they have absolutely nothing worth two shits technologically that isn't already done by someone else, and usually done better.

Epic Fail? (1)

dunezone (899268) | more than 3 years ago | (#34703468)

Please, the Dreamcast was epic fail it shipped with accessible debug mode.

Re:Epic Fail? (2)

rhook (943951) | more than 3 years ago | (#34703504)

That was intentionally done for game developers.

Re:Epic Fail? (1)

Nrrqshrr (1879148) | more than 3 years ago | (#34703686)

That would have been an epic win if it helped the console survive. But it didn't.
Fail?

Re:Epic Fail? (0)

commodore64_love (1445365) | more than 3 years ago | (#34703700)

I still can't figure out why Sony stopped the Dreamcast. When it was discontinued at the end of 2001, the DC was still in the #1 spot for most units sold (although PS2 was catching up). I think Sega gave up too quickly, and if they had stayed with the DC it would have sold more units than the Nintendo Gamecube or Xbox. (i.e. ended in second place for the 2000-05 generation)

Re:Epic Fail? (1)

hardburn (141468) | more than 3 years ago | (#34703758)

I fail to see how that's a bad thing.

Epic Fail? Hardly. (4, Informative)

Weaselmancer (533834) | more than 3 years ago | (#34703474)

From the blurb:

'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system.

Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.

Compared to DVD and Blu-Ray, that is actually pretty darn good.

Re:Epic Fail? Hardly. (3, Interesting)

SuricouRaven (1897204) | more than 3 years ago | (#34703506)

It is impressive indeed. Though I do note that it didn't completly resist attack for four years. It just took for years to be completly, irrepairably and conveniently broken. There have been wayst o break the PS3s DRM for years, but their complexity put the beyond the ability of all but the most technologically capable users. With the code-signing cracked, it's as simple as burning an ISO.

Re:Epic Fail? Hardly. (1)

Anonymous Coward | more than 3 years ago | (#34703584)

To be fair, until Firmware version 3.21, which was released in April this year, it was officially supported to install an alternative OS on the PS3 - so there was little motivation to break the code signing system.

Re:Epic Fail? Hardly. (1)

madsenj37 (612413) | more than 3 years ago | (#34703822)

Only on the original models. Slim has never had this option.

Re:Epic Fail? Hardly. (5, Informative)

jchillerup (1140775) | more than 3 years ago | (#34703600)

Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.

Compared to DVD and Blu-Ray, that is actually pretty darn good.

I was at the presentation in Berlin today. They did bring up this exact point.

Their counter argument was that people don't take into consideration that the console did support homebrew until Sony declared they'd drop that. The argument for that action was they'd save money not having to support it for their then-new PS3 Slim models, which turned out to be bullshit after hackers discovered that the Slim (with some hacking) could actually run the same Linux distros as the PS3 Fat. They then disabled OtherOS on the PS3 Fat, too.

This was 12 months ago (can't cite a source other than the slides), making it take only 12 months of actual effort for it to get cracked, as opposed to other (closed) platforms where the homebrew hacking efforts begin at day 0.

Re:Epic Fail? Hardly. (1)

hardburn (141468) | more than 3 years ago | (#34703798)

In other words, Sony has just gone and proved that the only DRM that remains unhacked is the kind that nobody cares to hack. See also: SACD.

Re:Epic Fail? Hardly. (2)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34703900)

In other words, Sony has just gone and proved that the only DRM that remains unhacked is the kind that nobody cares to hack. See also: SACD.

SACD is cracked. Or at least worked around enough so that it doesn't matter.
There are two hacks for SACD:

1) Physical modification of various players to extract the PCM audio after conversion from DSD, this approach is a few years old now.
2) The widespread crack of HDCP enabled extraction of the original DSD audio from any HDMI equipped SACD player.

There are plenty of SACD rips floating around the net

Re:Epic Fail? Hardly. (5, Informative)

Terrasque (796014) | more than 3 years ago | (#34703618)

That's true. And Sony have been boasting of having the toughest DRM of all consoles.

However, it only took half a year [joystiq.com] from removing Linux support, and in that short period have had many partially successful attacks against it. Before, while they had the Linux support, such stories were remarkably rarer.

Many critics meant that the continued security of the console was partially because they allowed linux to run on it, and so many of the talented people had no reason to look closer at it. Since PS3, after four year of "DRM cracking almost never heard of" have now gone to "Completely broken" in just over half a year's time, I think they have a point there.

It's not that it was that much more secure, it's just that most of the really talented people had no reason to look into it.

Re:Epic Fail? Hardly. (1)

Kartu (1490911) | more than 3 years ago | (#34703740)

It's a known myth, but actually it was broken because Sony allowed Linux to run in it.
Geohot's mem glitch exploit would not work, if not OtherOS (Linux).
And all existing hacks used dumps made using mentioned exploit.

Re:Epic Fail? Hardly. (1)

F-3582 (996772) | more than 3 years ago | (#34703630)

Yeah, but during the first three of those four years the only reason was piracy why people would want to break it. Which is clearly not the intention of those guys. So, technically it was only twelve months since SONY removed the OtherOS mode.

Re:Epic Fail? Hardly. (1)

Fireye (415617) | more than 3 years ago | (#34703638)

The people that did this exploit/hack/whatever reportedly only chose this method of action after Sony decided to remove OtherOS support from PS3's. Their stated goal is to get Linux up and running on retail PS3s. Maybe this would've occured a lot quicker if OtherOS never existed.

Re:Epic Fail? Hardly. (0)

kyz (225372) | more than 3 years ago | (#34703676)

Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.

No, it took 8 months to be broken.

The Other OS functionality of the PS3 was unilaterally removed by Sony on April 1st 2010. The years before are of no importance, because you could freely boot Linux. Nobody who had the skills to crack the PS3 even bothered to look.

When they removed Other OS, Sony signed their own fucking death warrant.

Re:Epic Fail? Hardly. (1)

The MAZZTer (911996) | more than 3 years ago | (#34703768)

Ah, but users have been able to run Linux for most of that time. Jailbreaks started being introduced only AFTER Sony removed Linux... I don't recall hearing about attempts before then.

Re:Epic Fail? Hardly. (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34703820)

Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.

Another way to look at is that on April 1st, 2010 the "other OS" option was retroactively removed from all PS3s with current firmware.
That makes it 5 months from pissing off the wrong people to the first widespread jailbreak and 9 months to a permanent crack.

But the commentards! (1, Insightful)

Simmeh (1320813) | more than 3 years ago | (#34703476)

Thousands of commentards said this couldn't happen. How can people on the Internet be wrong?!

Re:But the commentards! (1)

Anonymous Coward | more than 3 years ago | (#34703554)

This couldn't happen? You mean Sony bypassing the traditional channels to deliver an affordable, entry level super computing environment to the masses? I couldn't believe they got the thing to market in the first place.

It has been mentioned before by Sony execs... That the public wasn't going to be able to harness the full power of the platform for several years. Here we are - ahead of schedule, I might add.

For all you know those commentators were laughing milk out of their noses while writing.

Re:But the commentards! (-1)

Anonymous Coward | more than 3 years ago | (#34703580)

Thousands of commentards said this couldn't happen.

How can people on the Internet be wrong?!

Their InterTubes don't go all the way up?

Re:But the commentards! (0)

Anonymous Coward | more than 3 years ago | (#34703958)

Thousands of commentards said this couldn't happen.

How can people on the Internet be wrong?!

Is that the new I'm-so-CLEVAR!!!1! copycat meme going around? Suffix every word with "-tard"? Commentard? /b/tard? Slashtard? Farktard?

Because seriously, Sarah Palin might be (well, definitely is) an airheaded moron when she bitches about not using the word "retard", but doing this as a reactionary thing? Come on, already. You can do better than THAT.

Wow... (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34703536)

How did Sony fuck that one up?

It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.

With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).

What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?

I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".

How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?

Re:Wow... (4, Informative)

Fireye (415617) | more than 3 years ago | (#34703764)

What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
 

From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 [youtube.com] ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.

Re:Wow... (1)

John Napkintosh (140126) | more than 3 years ago | (#34703952)

People seem to be saying "big whoop - they just invalidate the private key for use with anything but list of titles which which they know it was signed". But did I hear him say in that video that it's possible also to calculate more private keys that are totally indistinguishable from original? Meaning that would do nothing at all to resolve that problem?

Re:Wow... (0)

Anonymous Coward | more than 3 years ago | (#34703810)

I'm not even going to bother trying to wrap my brain around this issue, but I'm guessing it works the same way most other cracks work; by breaking the lock itself.

There are some things which can be considered reliably safe with encryption, but all that needs to happen for jailbreaking hardware is more akin to cutting a padlock than slowly navigating through some 256-bit maze.

Re:Wow... (1)

hardburn (141468) | more than 3 years ago | (#34703910)

It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed . . .

That last bit right there is the hard part. Making algorithms was a hard task, to be sure. It took eons before humanity had the right mathematics to make RSA possible, but that work is all done now. There isn't all that much work being done in making new crypto algorithms, because we're pretty sure the ones we have will stand up. Even a breakthrough in Quantum Computing or Complexity Theory wouldn't completely destroy everything out there. There is some work to do in hash algorithms (MD5/SHA1), but that's the exception.

However, putting those algorithms into a practical system is hard, and the work has to be more or less started from scratch with each new system. Every single entry point to the system has to be secured, including a lot of non-obvious ones. DeCSS was done because just one software DVD player mishandled the keys, and that toppled everything else.

Re:Wow... (3, Interesting)

Rich0 (548339) | more than 3 years ago | (#34703914)

Dunno, but I can make a comment regarding HDCP.

HDCP isn't really doing the same thing as Sony's code-signing, and it suffers from the DRM problem where Bob and Eve are the same person.

As you say, Sony's use case is just traditional public-key digital signatures, and should be completely immune to attack barring major advances, or compromise of the signing key. So, they are without excuse.

HDCP accomplishes a different mission. HDCP needs to allow any two random and unrelated pieces of AV equipment to talk to each other without anything in-between intercepting the communication. That means that each device must contain a keypair, and not a single key, which means that private keys are inside every HD TV sold today. If you can extract the keypair from any one of those TVs you can fully impersonate that TV which is all you need to crack the system barring key revocation, since HDCP dictates that any device trust any other device with full-quality streams unless it has a revoked key.

If you crack one TV set you break HDCP somewhat. The manufacturer can of course revoke the key and recall all TVs containing that key at considerable expense, and then re-secure the rest of the system (once the revocation fully propagates, which of course involves a lag).

The next problem with HDCP is that all the device keys are related to a master key (which is how devices can figure out if any particular keypair is a good one or not without having any prior relationship). The nature of that relationship allows the master key to be brute-forced once a sufficient number of device keys are obtained. Over time a sufficient number of device keys were obtained, and thus the master key was obtained. That makes revocation of individual devices no longer an option, and the only solution at this point is to invalidate every HDMI-sporting device out there.

The protection on BluRay had similar issues. Again, this is all DRM and it is theoretically insecure since the threat model is an attacker who has physical possession of the keys, which of course there is no mathematical defense against.

None of this applied to the PS3 - at least not regarding code authentication. Code encryption is a different story - if discs are encrypted then if you extract a private key from any valid console you can decrypt every disc out there, but you can't modify and run them without having the signing key or jailbreaking individual devices.

I'm curious as to how they did it as well. If they didn't provide details I'd be suspicious that the key wasn't simply leaked. Key management is the achilles heel of public key crypto.

Re:Wow... (1)

bushing (20804) | more than 3 years ago | (#34703922)

How did Sony fuck that one up? It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

Close. These algorithms only work correctly if implemented correctly. There are various known pitfalls with each of these algorithms; for example, the original iPhone was unlocked using an RSA implementation error (Bleichenbacher attack against an RSA implementation that does not correctly validate padding and uses exponent 3). ECDSA happens to have a "pitfall" that leaks information inside the signatures it makes.

This doesn't make it a bad algorithm -- it can achieve the same security of RSA using smaller keys and in less time -- but the "pitfall" here is particularly bad.

Beowulf cluster (1)

threaded (89367) | more than 3 years ago | (#34703538)

Yipee, replacement parts for the Beowulf cluster!

Just give me back my Other OS functionality (2)

Mick R (932337) | more than 3 years ago | (#34703546)

I wanted to commit a PS3 to biomedical research on a project of MY choosing, as well as play LEGIT games but that was taken because ... well it doesn't matter as it's too late now.

I wouldn't say Epic Fail (0)

Nom du Keyboard (633989) | more than 3 years ago | (#34703562)

I wouldn't say Epic Fail:

1: PS3 was released to retail on November 11, 2006. That's over 4 years of security when you had both the lock and the key.

2: As is pointed out, if they want to pay the price for it Sony can invalidate and replace the keys revealed. Expensive and a PITB, but certainly possible if it matters enough.

Re:I wouldn't say Epic Fail (1)

seebs (15766) | more than 3 years ago | (#34703654)

Not even all that hard, I suspect, to replace the keys. They don't need to accept all code signed with the old keys -- only the set of code signed with the old keys that they know they signed, which is a very small number compared to modern storage and computation.

Re:I wouldn't say Epic Fail (2)

h4rr4r (612664) | more than 3 years ago | (#34703918)

Which then means any ps3 not connected to the internet cannot play new games. That would be epic fail.

Re:I wouldn't say Epic Fail (1)

Rich0 (548339) | more than 3 years ago | (#34703948)

True - they could update the firmware to accept the old key only for signatures that have particular hashes, and supply a list of hashes. If there are 1000 games out there for the PS3 and a hash of the signature is 20 bytes long then you only need 20kb to store the whole table - a trivial amount to include in a firmware blob.

Now, if you can get the keys needed to update the firmware that is a different matter...

What Would Epic Fail Look Like? (4, Funny)

W. Justice Black (11445) | more than 3 years ago | (#34703650)

Folks toss about the phrase "Epic Fail" far too loosely. Here's what a real Epic Fail looks like:

The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.

As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.

THAT is an epic fail.

Re:What Would Epic Fail Look Like? (2, Funny)

NitroWolf (72977) | more than 3 years ago | (#34703784)

Folks toss about the phrase "Epic Fail" far too loosely. Here's what a real Epic Fail looks like:

The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.

As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.

THAT is an epic fail.

While I tend to agree that it's not exactly an Epic Fail on Sony's part, your description goes far beyond Epic Fail... that would probably be the most Awesome Fail in the history of electronics.

Re:What Would Epic Fail Look Like? (1)

Eric Smith (4379) | more than 3 years ago | (#34703816)

That would be way beyond "epic". I'm not sure that a suitable adjective for that level of fail has even been invented.

Re:What Would Epic Fail Look Like? (1)

ChoboMog (917656) | more than 3 years ago | (#34703896)

Folks toss about the phrase "Epic Fail" far too loosely. Here's what a real Epic Fail looks like:

The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.

As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.

THAT is an epic fail.

No... That would be a "pretty sweet burn"... =P

I wouldnt call it an EPIC FAIL for sony (1)

bobjr94 (1120555) | more than 3 years ago | (#34703652)

It took probably thousands or more hackers and modders since 2006 to crack it, so epic fail would be an overstatement. If they did it in an afternoon, then I would agree it would be an epic failure.

OtherOS (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34703672)

From @fail0verflow:

"we only started looking at the ps3 after otheros was killed."

and

"our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."

If Sony would have left OtherOS alone, they wouldn't be in this predicament.

How did they get the private key, if they did? (1)

Animats (122034) | more than 3 years ago | (#34703694)

Do they really have Sony's signing key?

Of course, the real win would be to get the Windows Update private key. That, and a BGP exploit, and you can rule the Windows world. I still consider Windows Update an unacceptable backdoor. Someday, that's going to backfire.

Re:How did they get the private key, if they did? (1)

Fireye (415617) | more than 3 years ago | (#34703720)

They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself:
http://www.youtube.com/watch?v=GPjd6gHY6A4 [youtube.com]

Re:How did they get the private key, if they did? (2)

bushing (20804) | more than 3 years ago | (#34703782)

They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself: http://www.youtube.com/watch?v=GPjd6gHY6A4 [youtube.com]

No, GP was right. The exact signing key used by Sony may be derived from the public components of their ECDSA signatures. Not something close; not something equivalent.

Cheats? (1)

dave562 (969951) | more than 3 years ago | (#34703722)

What does this mean for hacks and other programs that modify program code or execute and stay resident alongside game code? Does the cracking of the keys allow custom boot loaders that will open the doors for hacking?

If so, this is a sad day. The primary reason I bought a PS3 was to play in a hack free environment.

Re:Cheats? (0)

Anonymous Coward | more than 3 years ago | (#34703876)

This article does not concern you. Move along.

Worthy Technobabble (1)

Sponge Bath (413667) | more than 3 years ago | (#34703736)

"dongle-less jailbreaking by overflowing the bootup NOR flash"

Awesome. I expect to hear this line in a sci-fi movie someday.

Just because SONY stopped to support Linux boot ? (1)

Schwarzy (70560) | more than 3 years ago | (#34703738)

I remember that cracking PS3 got a huge soar when SONY killed Linux support with a firmware update.

I wonder if current motives are still Linux booting. If this is the case, SONY executives are truly dumb.

Does someone knows what are (practical) counter measures sony have against secret key leak ?

Re:Just because SONY stopped to support Linux boot (0)

Anonymous Coward | more than 3 years ago | (#34703770)

I wonder if current motives are still Linux booting.

You ever actually thought that was the real motive when the first uses of all these jailbreaks was to pirate games? How naive you are.

Re:Just because SONY stopped to support Linux boot (0)

Anonymous Coward | more than 3 years ago | (#34703778)

Yeah this all has to do with Sony killing linux support. That is why the 360 has hacked firmware and the Wii has been hacked, because of linux... . Really can we really stop being hypocrites about telling this all has to do with regarding of free software and linux.

video mirrors and updates (0)

Anonymous Coward | more than 3 years ago | (#34703746)

there are video mirrors and updates here: http://www.ps3news.com/PS3-Hacks/Fail0verflow-27C3-PS3-Exploit-Hacker-Conference-2010-Highlights/

Re:video mirrors and updates (0)

Anonymous Coward | more than 3 years ago | (#34703780)

Thanks for this!

What's this mean for linux? (2)

Joe Snipe (224958) | more than 3 years ago | (#34703786)

So does this mean a hypervisor free linux is around the corner? I may change my stance on buying a PS3.

LOL Homebrew (0)

Anonymous Coward | more than 3 years ago | (#34703894)

Yeah, homebrew. That's it. People are dying to run homebrew... like a custom-copied version of LittleBigPlanet 2

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?