×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PS3 Encryption Keys Leaked

Soulskill posted about a year and a half ago | from the andrei,-you've-lost-another-submarine? dept.

Encryption 284

An anonymous reader writes "PS3 security has been compromised again. The holy grail of the PS3 security encryption keys — LV0 keys — have been found and leaked into the wild. For the homebrew community, this means deeper access into the PS3: the possibility of custom (or modified) firmware up to the most recent version, the possibility of bypassing PS3 hypervisor for installing GNU/Linux with full hardware access, dual firmware booting, homebrew advanced recovery (on the molds of Bootmii on Wii), and more. It might lead to more rampant piracy too, because the LV0 keys could facilitate the discovering of the newer games' encryption keys, ones that require newer firmware."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

284 comments

subject (3, Informative)

Anonymous Coward | about a year and a half ago | (#41746323)

"In non "nerd" speak: This leak only matters if your PS3 is already hacked. If you updated your PS3 with any official update released in the past 8 months (3.60 or higher), nothing has changed. No free games for you."

Re:subject (5, Informative)

girlintraining (1395911) | about a year and a half ago | (#41746409)

"In non "nerd" speak: This leak only matters if your PS3 is already hacked. If you updated your PS3 with any official update released in the past 8 months (3.60 or higher), nothing has changed. No free games for you."

Not entirely accurate: There aren't any free games for you today. But within the next few months, you can be sure firmware will be available to give you free games forever. Start downloading now, non-nerd.

Re:subject (3, Informative)

Anonymous Coward | about a year and a half ago | (#41746421)

Is this true? I thought the LV0 keys would be able to decrypt any firmware that will be released in the future assuming they want backward compatibility with any hardware already produced.

Re:subject (5, Informative)

Anonymous Coward | about a year and a half ago | (#41746599)

LV0 keys encrypt LV0, the loader that loads all other loaders (no joking - http://www.ps3devwiki.com/wiki/Boot_Order). So, in theory (if Sony doesn't manage to create a clever new way to secure the loaders), yes, you can manage to decrypt any newer firmware they release.

Re:subject (2)

Dahamma (304068) | about a year and a half ago | (#41746857)

Sony must have some seriously incompetent people working on their security to let this leak.

Any reasonable secure platform puts the initial bootloader keys in tamper-resistant silicon with some secure hardware with onboard and/or scrambled RAM, etc to decrypt, and stores those keys on a physically isolated machine used just for encrypting the bootloader.

But I guess it's not that surprising, Sony has already proven their incompetence with security many times over...

Re:subject (2, Informative)

Anonymous Coward | about a year and a half ago | (#41746977)

If they're asymmetric keys, like I would assume they are, this leak is even worse: It means either they have 'secure' systems on the 'insecure' network. Or they have a personnel leak at the 'highest' security level within the company.

Because either way the LV0 signing key should be airgapped and have a short enough list of suspects to quickly root out who leaked it.

If not then sony is just piled full of MBA pushing dumbasses now.

Re:subject (1)

Anonymous Coward | about a year and a half ago | (#41747057)

Geohott hack, this leak, and others are all consequences of the fail0verflow work. Sony postponed this leak (LV0 keys) with theirs lawsuits. This is not entirely new work, it has expected, but delayed.

Re:subject (5, Informative)

marcansoft (727665) | about a year and a half ago | (#41747075)

The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it). This second-stage bootloader verifies lv0. Sony signed lv0 using the same broken process that they used for everything else, which leaks their private key. This means that the lv0 private key was doomed from the start, ever since we demonstrated the screwup at the Chaos Communication Congress two years ago.

However, because lv0 is also encrypted, including its signature block, we need that decryption key (which is part of bootldr) before we can decrypt the signature and apply the algorithm to derive the private key. We did this for several later-stage loaders by using an exploit to dump them, and Geohot did it for metldr (the "second root" in the PS3's bizarre boot process) using a different exploit (we replicated this, although our exploit might be different). At the time, this was enough to break the security of all released firmware to date, since everything that mattered was rooted in metldr (which is bootldr's brother and is also decrypted by the per-console key). However, Sony took a last ditch effort after that hack and wrapped everything after metldr into lv0, effectively using the only security they had left (bootldr and lv0) to attempt to re-secure their platform.

Bootldr suffers from the same exploit as metldr, so it was also doomed. However, because bootldr is designed to run from a cold boot, it cannot be loaded into a "sandboxed" SPU like metldr can from the comfort of OS-mode code execution (which we had via the USB lv2 exploit), so the exploit is harder to pull off because you don't have control over the rest of the software. For the exploit that we knew about, it would've required hardware assistance to repeatedly reboot the PS3 and some kind of flash emulator to set up the exploit with varying parameters each boot, and it probably would've taken several hours or days of automated attempts to hit the right combination (basically the exploit would work by executing random garbage as code, and hoping that it jumps to somewhere within a segment that we control - the probabilities are high enough that it would work out within a reasonable timeframe). We never bothered to do this after the whole lawsuit episode.

Presumably, 18 months later, some other group has finally figured this out and either used our exploit and the hardware assistance, or some other equivalent trick/exploit, to dump bootldr. Once the lv0 decryption key is known, the signing private key can be computed (thanks to Sony's epic failure).

The effect of this is essentially the same that the metldr key release had: all existing and future firmwares can be decrypted, except Sony no longer has the lv0 trick up their sleeve. What this means is that there is no way for Sony to wrap future firmware to hide it from anyone, because old PS3s must be able to use all future firmware (assuming Sony doesn't just decide to brick them all...), and those old PS3s now have no remaining seeds of security that aren't known. This means that all future firmwares and all future games are decryptable, and this time around they really can't do anything about it. By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s. From the homebrew side, it means that it should be possible to have hombrew/linux and current games at the same time. From the piracy side, it means that all future games can be pirated. Note that this doesn't mean that these things will be easy (Sony can obfuscate things to annoy people as much as their want), but from the fundamental security standpoint, Sony doesn't have any security leg to stand on now.

It does not mean that current firmwares are exploitable. Firmware upgrades are still signed, so you need an exploit in your current firmware to downgrade. Also, newer PS3s presumably have fixed this (probably by using newer bootldr/metldrs as trust roots, and proper signing all along).

Re:subject (0)

Anonymous Coward | about a year and a half ago | (#41747513)

One of the fail0verflow team talking! Thanks Marcan for you contribution for the homebrew community on Wii and PS3!

Re:subject (4, Interesting)

TsuruchiBrian (2731979) | about a year and a half ago | (#41747563)

Playing devils advocate... For the same reason the court seemed to side with Sony about being able to remove features (e.g. Linux support), why wouldn't they also be allowed to remove other features (e.g. all of them), by bricking the whole thing, especially if it's out of warranty. It would be a total dick move to do, but it's Sony. PS3 is 6 years old. PS4 is in development. They can manufacture slim PS3s cheaply now. The games are where they make their money. Just send everyone (who bought a PS3 in the last year) a new slim PS3 with new keys, and nuke the rest. They lose maybe $100 per customer, but they get to secure their machine. and as long as they sell at least 2 new games for each free PS3 they send out, they break even. Presumably anyone who bought a PS3 within the last year, intends to buy games for it. Naive people will be glad to get a new PS3 because it's new. If I was a corporate douchebag at Sony, I know I'd be pushing to nuke the old PS3s and screw over all my customers (because I would be in character).

Re:subject (-1)

Anonymous Coward | about a year and a half ago | (#41747631)

If they do this they ill lost much more than $100 per costumer. Believe-me, i'm a law student...

Re:subject (1)

b4dc0d3r (1268512) | about a year and a half ago | (#41747181)

Especially after being hacked several times already. Standard response among large companies is to make new rules and clamp down everything. That should have happened two breaches ago.

Re:subject (0, Troll)

Anonymous Coward | about a year and a half ago | (#41747215)

You mean security that was not cracked for nearly five years, and is pretty much moot because Sony will have a next gen console out fairly soon?

That is almost an eternity in the Internet age.

Sony's security has worked -- 0% piracy rate for a long time, and still 0% for any PSN games.

Yes, it was cracked, but Sony's goal was accomplished.

Re:subject (2)

cronot (530669) | about a year and a half ago | (#41746427)

Honest question: I do have an updated PS3 (yeah slashdot, judge me). I'm not interested on pirated games, but I may be interested on homebrew stuff (emulators and stuff like that). That leak will make that possible for me?

Re:subject (1)

CastrTroy (595695) | about a year and a half ago | (#41746477)

This is really the kind of stuff that interests me too. I love the fact that it's possible to load games from a hard drive plugged into the USB port of my Wii. I love the fact that I never have to put another disc in the Wii. I could download games and get games for free, but personally, I only have time to play 1 or 2 new games per year, so the cost of the games isn't killing me. Being able to use my Wii to play emulated games, play video files from my windows share, and play Wii games from a USB hard drive makes it so much better.

Re:subject (0)

Anonymous Coward | about a year and a half ago | (#41746639)

Only if you buy an hardware flasher.
The new signing keys, after fail0verflow fiasco (post-3.60 firmware), are still secured and cannot be found by this method.

Re:subject (1)

Baloroth (2370816) | about a year and a half ago | (#41746961)

Nope, thats the point of the LV0 keys. They are literally the keys to the PS3's hardware loader. You can do anything with them. The only way to stop it would be to revoke them, and since they are tied to the hardware, that would in turn mean newer updates would not work on older machines. Basically, unless Sony plans to physically mail PS3 owners new hardware or break all backwards compatibility, they can't fix it. Any newer update can be cracked, period. It'd be impossible to use Sony's updates if they couldn't.

Re:subject (1)

Anonymous Coward | about a year and a half ago | (#41746541)

On some models you need a nand hardware flasher to downgrade to 3.55 firmware (not sure if it is possible on the newest "super slim" models).
You do not need an already hacked PS3, only one that could rum 3.55 firmware.

Re:subject (0)

Anonymous Coward | about a year and a half ago | (#41746557)

Sorry, run. Bad English...

Re:subject (0)

Anonymous Coward | about a year and a half ago | (#41746559)

In "nerd" speak: Did you forget to escape your quotation marks for nerd? That means that nerd doesn't belong or is it a second level?

Boy those things disturb me! I'm not going to be able to sleep! Thanks!

Re:subject (4, Funny)

Culture20 (968837) | about a year and a half ago | (#41746727)

That means that nerd doesn't belong or is it a second level?

Nerds never belong, especially not at second level. They require name-level (10 or greater) to attract followers, and only after constructing a keep.

Frost Nixon (-1)

Anonymous Coward | about a year and a half ago | (#41746345)

Frosted corn flakes.

It's nice but... (5, Insightful)

thetoadwarrior (1268702) | about a year and a half ago | (#41746351)

The PS3 is nearing the end of its life and it's taken 6 years to do it so it's served its purpose.

Re:It's nice but... (4, Insightful)

OrangeTide (124937) | about a year and a half ago | (#41746515)

Yea, the amount of time it took for this to happen is just too long for pirates to take it seriously.
But it's nice that this has been hacked so we can repurpose discarded PS3s when a console for this upcoming generation is released.

Re:It's nice but... (0)

Anonymous Coward | about a year and a half ago | (#41746717)

Sony says they ill support PS3 for at least 10 years. By my accounts 4 to go...
Have you look at they launch library for 2012 - 2013 and beyond? One word - rock solid!

Re:It's nice but... (4, Interesting)

petsounds (593538) | about a year and a half ago | (#41746879)

Served its purpose? It's still a powerful machine. Would be a brilliant media center with better software. Homebrew, emulators. Sounds like a purpose is just starting to me.

The only disappointing part is this is coming about not through Sony coming to their senses or the courts forcing them to restore Linux functionality to the PS3, but through the tenacity of hacktivists. But such is the world we live in.

Re:It's nice but... (4, Interesting)

Gaygirlie (1657131) | about a year and a half ago | (#41747429)

Well, I for one have been waiting for this. I've kept a modified firmware on my PS3 in order to be able to use various media players and emulators on it, and I don't like that fact that the stock firmware periodically sends a list of every single action you've taken to Sony -- including filenames, sizes, the names of the devices they were opened from and so on.

I've found myself not playing games on the PS3 much, but it makes for a great media player. As such with the release of these LV0 keys I'm hoping to get to use Netflix on it soon.

My kingdom for an expert. (0)

Anonymous Coward | about a year and a half ago | (#41746353)

Does Sony have ANYONE who understands security?

Re:My kingdom for an expert. (2, Insightful)

Anonymous Coward | about a year and a half ago | (#41746407)

Does Sony have ANYONE who understands security?

No, Sony only understands how to fuck its customers.
Everything else is a secondary consideration.

Re:My kingdom for an expert. (3, Insightful)

GigaplexNZ (1233886) | about a year and a half ago | (#41746617)

Considering this security failure is occurring towards the end of life of the device, it actually did its job this time.

fuck you Sony! (-1)

Anonymous Coward | about a year and a half ago | (#41746355)

Mod up if Sony sucks my dog's asshole.

Mod down if you suck my dog's asshole.

Re:fuck you Sony! (-1)

Anonymous Coward | about a year and a half ago | (#41746397)

Wow I'm impressed at how much sucking your dog's asshole gets. Simply incredible I want to know what it's doing to get that kind of action.

Re:fuck you Sony! (0)

Anonymous Coward | about a year and a half ago | (#41746767)

Eating cut gemstones?

Re:fuck you Sony! (-1)

Anonymous Coward | about a year and a half ago | (#41746641)

What do I do if your dog sucks my asshole?

Why yes, that is peanut butter. Don't judge me.

About your dog... (0)

Anonymous Coward | about a year and a half ago | (#41746785)

Is he named Colby?

Sony did this to themselves (5, Insightful)

girlintraining (1395911) | about a year and a half ago | (#41746357)

Fundamentally, client-side security doesn't work. You can obscure the hell out of it and bury it deep within the system, but sooner or later, someone's gonna crack it. If they'd just let the damn homebrew people make backups of their games and install their own software, I doubt the mod community would have sprung up like this. They wanted access to the hardware, not pirated games. If they'd just locked up the portion of the system responsible for validating a game disk with some kind of TPM mechanism but left the possibility of running "unsigned" content, I doubt this breakthrough would have happened within the life of the product.

Sony, like every other big corporation, doesn't understand how hackers think. They don't give a fuck about your games: They want to see the nifty hardware! They want to push it to its limits, make new stuff with it. These are creative people who are endlessly fascinated with how things work. They're bored engineers.

But management got the idea in their head that the hardware is also theirs, not the person who bought it, and they're the only ones that get to say what it does, how it does it, etc. In so doing, they pissed off about a half million people who have the time, patience, resources, and will to tear the damn thing apart piece by piece until it's theirs again. Guys, why couldn't you just let them have their fucking Linux on PS3?

Re:Sony did this to themselves (3, Interesting)

darkfeline (1890882) | about a year and a half ago | (#41746391)

IIRC, the US military was one of the biggest users of PS3 as cheap hardware for Linux "racks". How much says that they'll now resume installing Linux on PS3? Heck, how much says that it was a hacker working for the military who leaked the keys in the first place?

GPU programming killed off Cell's value (2, Interesting)

Anonymous Coward | about a year and a half ago | (#41746461)

GPU programming, while more difficult, offers higher performance vector computing, on common hardware, unlike the cell processor. The G80 was not released until late 2006, and CUDA took until about 2008. Until then, the Cell processor had mindshare.

Re:Sony did this to themselves (2)

Anrego (830717) | about a year and a half ago | (#41746583)

I seem to remember sony produced a firmware just for them.. can't remember the source of this though.

Re:Sony did this to themselves (1)

Anonymous Coward | about a year and a half ago | (#41746585)

The military probably don't need PSN access or the latest games, so why would they they update them to a non working version?

Re:Sony did this to themselves (0)

Anonymous Coward | about a year and a half ago | (#41746725)

Who said they updated their existing ps3 nodes? You seem to be implying hardware never ever fails and requires replacements.

When a unit fails and needs replaced, it's not like you can hop over to the non-updated-ps3 store and pick up a new one.
Sony just assured all future tax dollars will be directed elsewhere for replacement nodes, and in fact the DOE already started their CUDA migration upon the first announcement of removing the Linux booting features.

Re:Sony did this to themselves (1)

westlake (615356) | about a year and a half ago | (#41747599)

he US military was one of the biggest users of PS3 as cheap hardware for Linux "racks". How much says that they'll now resume installing Linux on PS3? Heck, how much says that it was a hacker working for the military who leaked the keys in the first place?

The HPC hack takes thousands or tens of thousands of consoles out of retail distribution channels --- expensive hardware that remains on the market only because it is subsidized globally by the sale of video games and services.

The hack doesn't solve the problem of making HPC affordable --- it just passes the costs along to someone else, who won't be willing to foot the bill forever,

Re:Sony did this to themselves (5, Funny)

Anonymous Coward | about a year and a half ago | (#41746411)

Yeah, they want to mod it to run on a Generation 1 LCD photo frame...

Re:Sony did this to themselves (2)

BumpyCarrot (775949) | about a year and a half ago | (#41746457)

I wish I had mod points for you, AC, I really do.

Re:Sony did this to themselves (0)

Anonymous Coward | about a year and a half ago | (#41746505)

Thanks. I'm just glad to know that someone liked it.

Re:Sony did this to themselves (2)

CastrTroy (595695) | about a year and a half ago | (#41746519)

The problem is that the hardware can't tell the difference between unsigned homebrew software and unsigned pirated games. So they lock down the hardware so that it only loads signed code. If you allow the console to easily run unsigned code, you are also allowing people to play pirated games. You could possibly encrypt the entire game disk, and therefore take make it more difficult to copy them, but you only need 1 person smart enough to copy the game, and then distribute it all over the internet. But if your hardware won't play unsigned games at all, or requires complicated modifications to play unsigned games, then you'll discourage a lot of users from using pirated games.

Re:Sony did this to themselves (4, Insightful)

dgatwood (11270) | about a year and a half ago | (#41746653)

Very true. The right solution is to make signing free for homebrew creators, but either:

  • Require server-side signing where you upload the game and get back a signature. That way, they can do various checksum-style tests to see if the signed content is likely pirated before signing it.
  • Require that each homebrew game be signed using a private key that is specific to each device, and design the hardware/OS so that only factory-signed code can use that private key. Add factory-signed tools that perform those various checksum tests locally and ask the servers for permission before signing the binary. The servers could reject requests from out-of-date versions of the signing tools, so you could have the same sort of forced-updating process for the signing tools that you'd have with a server-side solution, but you wouldn't have to push the whole binary across the wire.
  • Charge a small amount of money for the ability to sign homebrew binaries.

Either way, it's a cat-and-mouse game, but at least with those sorts of schemes, the pirates are on their own when trying to gain hardware access instead of having the homebrew folks working alongside them. Many eyes make all security holes public, and all.

XNA Creators Club (2)

tepples (727027) | about a year and a half ago | (#41747127)

Microsoft's solution is to run homebrew in a virtual machine and charge $99 per year for the right to run any software not signed by Microsoft in that virtual machine.

Re:Sony did this to themselves (3, Insightful)

Charliemopps (1157495) | about a year and a half ago | (#41747089)

Pirates pirate... period. If they want to play free games, they are going to. If you lock your hardware down so they can't play pirated games on it, they just use someone elses hardware. At least you could have made some cash off the console. Oh wait... You're selling the console for less than it costs to make it so you can lock in customers and then screw them with overpriced games? Well shit... I think you just figured out why people are trying to pirate your software. Get a business model that doesn't involve screwing people over and manipulating teenagers into dumping all their cash into your shitty console and maybe they wont spend half their adult lives trying to screw you back. Piracy is such an easy problem to solve... instead you spend stupendous amounts of money trying to prevent it so that you can keep your 1980s business model. You get what you deserve.

Re:Sony did this to themselves (5, Interesting)

Anonymous Coward | about a year and a half ago | (#41746535)

Fundamentally, client-side security doesn't work. You can obscure the hell out of it and bury it deep within the system, but sooner or later, someone's gonna crack it.

It lasted six years. The PS3 doesn't have much life left as a flagship console. Better security would have been a waste of money.

I can't even tell what you're saying. (1)

YesIAmAScript (886271) | about a year and a half ago | (#41746645)

If a console is capable of running unsigned content but as a rule it refuses to, then that's client side no matter how you slice it. Yet this is what you are suggesting they should have done.

As to what they actually did, it's a financial issue not a technical one. If a console is fully functional with unsigned content, then developers will not pay to get their content signed. Since the console business works by getting license fees and the signing is what enforces this, this would mean it would be financially unviable to run make consoles.

The key to making a console isn't really making it impossible to run pirated content. It's to make sure that it is hard enough to make full functionality unsigned games that developers don't feel they can try to go without paying you to get their games signed.

Sony put restrictions on what PS3 linux code could do. But once hackers broke this and accessed full functionality, Sony had little choice from a financial perspective. They had to close the holes. Maybe removing PS3 linux was the only way to close the holes, I dunno.

PS3 linux was crap, you could get a better linux machine for less money before PS3 linux was even removed from the machine. I find it really hard to draw a true link between being denied what PS3 linux offered and hacking the PS3. I far more think it's like you say, these people want to see nifty hardware.

Incentive for developers to get signed (2)

tepples (727027) | about a year and a half ago | (#41747529)

The key to making a console isn't really making it impossible to run pirated content. It's to make sure that it is hard enough to make full functionality unsigned games that developers don't feel they can try to go without paying you to get their games signed.

That or make the user and developer experience of signed software good enough that users won't be tempted to try the unsigned ecosystem. This is what Google has done with Android, what Amazon has done with its customized Android distribution, and what Apple is trying to do with the Mac App Store. Or a console maker might make the signed ecosystem easy enough to get into, with a full set of developer tools costing less than $1,500 for the first year, that homebrewers become tempted to join the signed ecosystem legitimately. This is what Apple has done with iOS and Microsoft has done with Xbox Live Indie Games, Windows Phone 7, and Windows RT. Why is it the case that platforms with physical buttons necessarily have much harsher requirements to join the signed ecosystem?

Re:Sony did this to themselves (1)

mkraft (200694) | about a year and a half ago | (#41746797)

Not just Sony, but game developers as well. Last time the PS3 was hacked, rampant cheating occurred in many online games from developers that relied solely on client side protections so no server checks were done.

Here's hoping those developers learned from their mistakes and that won't be a problem this time. Let's also hope Sony has learned and protected the PSN and store from client side attacks since decrypting PSN traffic will be possible. I believe they did bolster PSN security after the PSN hacking, but we'll see if it holds.

Re:Sony did this to themselves (1)

UnknownSoldier (67820) | about a year and a half ago | (#41747053)

> Sony, like every other big corporation, doesn't understand how hackers think.

Exactly! The fastest way to motivate a hacker*/programmer is to Tell him/her that they can't do something!

* Using the orriginal definition of hacker not the bastardized media version -- Hacker, noun, Someone interested in exploring places they normally couldn't access for the sake of learning & acquiring knowledge - no malicious intent intended.

--
Any ideology taken to an extreme is never a good idea in the long run.

Re:Sony did this to themselves (1)

alvinrod (889928) | about a year and a half ago | (#41747083)

That's great and all, but Sony doesn't care about them. If they're just in it for the hardware (which at certain points of the consoles lifecycle is subsidized) the manufacturer (Sony in this case, but it applies to all of them) doesn't want you as a customer as they really need you to buy games. Also, while it's nifty that there are some hobbyists out there who get a lot of joy out of tinkering with the technology and discovering how to bend it to their will, the vast majority of the people who would use these results are just going to do so to pirate games. They don't give a damn about the free software movement, open source, or anything else. They're just cheapskates who don't want to pay for a game.

Yeah, Sony probably shouldn't sell the hardware at a loss, and it's really stupid to expect any security to hold up for very long if someone really wants to crack it, but that's the way the market is right now and no console manufacturer could survive if they couldn't subsidize the hardware, especially early on when it's rather expensive to make.

Sony understands perfectly well how hackers think. They just make poor customers for Sony's business model so there's no interest at all to cater to them. That's why you're not going to see the kinds of features that hackers want.

Re:Sony did this to themselves (0)

Anonymous Coward | about a year and a half ago | (#41747451)

Fundamentally, client-side security doesn't work. You can obscure the hell out of it and bury it deep within the system, but sooner or later, someone's gonna crack it.

Mathematically, DRM offers no protection, but in practice it does. This scares me. The PS3 was cracked due to a blunder on Sony's part, rather than a generalizable flaw in the implementation. Smart phones are using similar hardware DRM that has proven even more resilient. Now that DRM can be expected to hold for the useful life of the product, it is starting to become rampant.

Today is a good day. (1)

Anonymous Coward | about a year and a half ago | (#41746363)

Today is a good day. Too bad it has taken so long. I wonder if Sony will see any boost in sales.

Slashdot is for Fat Ass Geeks (-1)

Anonymous Coward | about a year and a half ago | (#41746377)

Sent from my Mac Pro with retina Cinema Display and MacOS X 10.9 Sea Lion.

Re:Slashdot is for Fat Ass Geeks (0)

zenlessyank (748553) | about a year and a half ago | (#41746393)

Takes one to know one, and since you are reading/posting then you must know two. Now go troll yourself off a bridge.

Six years later... (2, Insightful)

Anonymous Coward | about a year and a half ago | (#41746387)

Say what you will about Sony, but they managed to keep the PS3 almost totally immune to hacking for the entire life of the console up til now. Six years, and only a year or so away from the next hardware iteration. That's pretty much a record for game consoles, a rather impressive achievement.

Re:Six years later... (0)

Anonymous Coward | about a year and a half ago | (#41746431)

Say what you will about Sony, but they managed to keep the PS3 almost totally immune to hacking for the entire life of the console up til now.

Too bad millions of people can't say the same about PSN.

Re:Six years later... (2)

jonwil (467024) | about a year and a half ago | (#41746781)

Ironically (given Microsoft's reputation for poor security) the XBOX 360 is the least hackable of the 3 major consoles right now. (although one would hope Nintendo has learned from the Wii and improved the security in the Wii U)

Re:Six years later... (2, Insightful)

Anonymous Coward | about a year and a half ago | (#41746843)

Piracy on XBOX 360 is rampant. Ceva launch updates to racked dvd units firmwares every month.

Re:Six years later... (0)

Anonymous Coward | about a year and a half ago | (#41746927)

Hacked sorry...

Six Years in the Making (0)

Anonymous Coward | about a year and a half ago | (#41746453)

PlayStation 3.11 for Workgroups

I wonder if any ethical questions arise from using The Three Tuskateers derived key to Kickstart a new OS for the PS3. I've been wanting to play Little Endian Planet for years now.

Google already knows the keys, check it out: (3, Informative)

Anonymous Coward | about a year and a half ago | (#41746459)

Re:Google already knows the keys, check it out: (1)

EETech1 (1179269) | about a year and a half ago | (#41746959)

It's always fun to reload the page and watch how fast the number of results grows over time.

Anyone care to graph this over the next few days?

About 217 results:)

The trend is towards closed computing. (4, Interesting)

Sheetrock (152993) | about a year and a half ago | (#41746463)

It's always a little amazing to see how people cheer on the leaks and cracks when they appear in a closed system, yet continue to support these closed systems with their money and attention when open systems are available.

It's just this very weird disconnect in consumer psychology. You don't have to crack a PC (yet) to do what you want with it. But you make a computer small and flat and suddenly you find yourself having to pay $1+ for every little program, from a collection of programs that somebody else has decided you shall have access to. You don't see the "fuck the man" attitude at the store, you only see it when a Scandinavian high schooler comes up with a crack for your game console and the manufacturer tells you you can't have it.

I just don't get it. How many years past DeCSS are we and banging our heads against the same wall?

Re:The trend is towards closed computing. (1)

foniksonik (573572) | about a year and a half ago | (#41746491)

Woosh!

They hack it because its there, not because alternatives don't exist.

Re:The trend is towards closed computing. (0)

Anonymous Coward | about a year and a half ago | (#41746891)

Right. Now how about the users, who were the topic of the post above.

Re:The trend is towards closed computing. (0)

Anonymous Coward | about a year and a half ago | (#41746677)

It's because apple knows what the hell they are doing. They bridged the magical gap between low cost, ease of use, security, and low barrier of entry.

To develop for the PS3 you need to own a non-trivial software development business and hand your financial statements to Sony, then pony up 10's of thousands of dollars for dev equipment/software. And, if you're lucky, they'll publish your game.

It costs 100 dollars to develop for iOS. Full stop

This translates in to 1 dollar apps developed by whoever wants to develop them, and bought by whoever wants to buy them. The entire end-to-end process is now only constrained by initiative and effort. The creator publishes their ware with no upfront cost, and the buyer buys with a few taps of their fingers. Everything just works. Everyone walks away happy.

Re:The trend is towards closed computing. (0)

Anonymous Coward | about a year and a half ago | (#41746931)

Closed computing has this awesome premise, companies will often sell closed system at much lower (and even negative) profit margin in hopes of regaining profits through later sales. People won't pay more for the ideal.

In addition, developers often have higher incentive to make software for closed system, because piracy is generally smaller and profits larger.

Developer criteria tuned for poaching (1)

tepples (727027) | about a year and a half ago | (#41747553)

In addition, developers often have higher incentive to make software for closed system, because piracy is generally smaller and profits larger.

Unless the closed system's developer criteria require the developer to have proved itself on an open system first. This is the case for Microsoft consoles, Nintendo consoles, and Sony consoles, all of whose criteria appear tuned for poaching developers from other platforms rather than for startups.

Re:The trend is towards closed computing. (4, Insightful)

metamatic (202216) | about a year and a half ago | (#41747461)

It's always a little amazing to see how people cheer on the leaks and cracks when they appear in a closed system, yet continue to support these closed systems with their money and attention when open systems are available.

What open game console has a decent selection of games?

This changes nothing for me. (4, Insightful)

AbRASiON (589899) | about a year and a half ago | (#41746489)

Honestly if you have any patience you just wait 3 months and the good games are 25$ a pop - that's 2 lunches for me. I'm in my 30's now and I suspect my heavy piracy days are long gone. I also feel slight guilt when I pirate games now, some of these guys bust their asses to make some really good stuff. If ever do pirate anything it's only the gargantuan huge games which are selling a tonne anyhow.

I'm also really really happy with my PS3. I know Sony is the devil here but the exclusive games for the system, unlike the 360 - don't get ported to PC. There's some genuinely unique and fantastic games on the platform.

If I didn't own a beast little HTPC now (HP Microserver N40L) then I would however be happy that finally XBMC might come to the PS3. (I can't deny it DID piss me off they closed the loophole the developers were considering on the PS3) They honestly coudl've sold a shitload more if the PS3 supported XBMC out of the box with a basic live boot CD / DVD or something.

Re:This changes nothing for me. (0)

Anonymous Coward | about a year and a half ago | (#41746983)

Same here, but the only feature I want with this is dumping the game I bought on a disk and stack the game somewhere else.
Also reading mkv with subtitles, and 10bit videos.

That's pretty much it.

Re:This changes nothing for me. (0)

Anonymous Coward | about a year and a half ago | (#41747055)

Sony used to make a (substantial) loss on every console. Software sales would make their profits (if any), so getting more consoles out there for people who use it mostly for non-gaming use is suicide.

Re:This changes nothing for me. (1)

Gaygirlie (1657131) | about a year and a half ago | (#41747555)

Not everyone uses custom firmwares for piracy. I know, I know, MOST people do, but there's also plenty of us who do it for privacy reasons and to be able to mess around with homebrew. Did you know that the stock official firmware periodically reports all of your activities to Sony, including filenames, sizes, the names and addresses of the machine you opened them from, dates, times and so on? I just don't feel comfortable with that, they have no justification for spying people to such a degree.

Homebrew on modern vs. old consoles (2)

tepples (727027) | about a year and a half ago | (#41747645)

What's the point of homebrew on a modern console? I can see the point for retro consoles such as the Nintendo Entertainment System, where the limitations of ancient hardware [nesdev.com] are part of the challenge, much like constrained writing [wikipedia.org] . But instead of homebrew on modern consoles, people could just make software for Windows or Linux, connect the PC to the HDTV through VGA or HDMI, and be done with it.

If people actually bought HTPC games (1)

tepples (727027) | about a year and a half ago | (#41747607)

If I didn't own a beast little HTPC now (HP Microserver N40L) then I would however be happy that finally XBMC might come to the PS3

Would you be willing to buy games tuned for HTPC, with thorough USB gamepad support and possibly even same-screen multiplayer? If people actually bought HTPC games, there might not be as much need to crack consoles to run homebrew because people could just make software for HTPCs.

xkcd knew ... (0)

Anonymous Coward | about a year and a half ago | (#41746531)

http://xkcd.com/221/

PS3's random generator code.

About time! (1)

Anonymous Coward | about a year and a half ago | (#41746605)

As a PS3 owner who refused to upgrade past firmware version 3.15 out of principle, this news means I might finally someday be able to play my store bought copy of Gran Turismo 5 (the reason I bough the system in the first place).

In their mind it is thiers. (4, Insightful)

Kaenneth (82978) | about a year and a half ago | (#41747039)

They (initially) sold hardware at a loss, planning to make up the cost by selling games.

The homebrewers are not, as stated, interested in the games. Therefore, in Sony's view they are stealing the hardware, just as much as someone downloading Sony brand music is stealing it.

The only reason PS3s were able to make cheap clusters is because Sony subsidized the consumer hardware; otherwise it would make more sense to buy hardware designed for the purpose without the controller ports, blu-ray drives, etc. etc.

It's a result of Sony's business decision, and they were losing too much to the people who would never buy a single game or blu-ray movie, so they cut their losses by killing homebrew capabilities, protecting the price points for their profitable target market.

Light of day? (1)

Kernel Kurtz (182424) | about a year and a half ago | (#41747113)

"You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now"

So they would never have published it if it had not been leaked?

Seems unlikely, but if it's true then props to the leakers for "forcing" them to release it.

If the discoverers were not interested in making money, why would they not share it?

Re:Light of day? (0)

Anonymous Coward | about a year and a half ago | (#41747331)

Fear of lawsuits...

This just means another patch next week (0)

Anonymous Coward | about a year and a half ago | (#41747121)

They are going to patch it within a few days, and then everyone will be complaining about how they took away homebrewing on the PS3 again.

Re:This just means another patch next week (1)

Gaygirlie (1657131) | about a year and a half ago | (#41747527)

Of course Sony will patch this, but since the LV0 keys are built-in on EVERY PlayStation 3 and those keys cannot be flashed by any software means there is nothing Sony can do about it. Re-designing the whole protection scheme from scratch is going to take a lot longer than a week or two, and it's still not going to hole as the new firmware still has to be encrypted with the LV0 keys in order for older firmwares to be able to install it. More-or-less the only thing Sony can do is move everything to cloud, but that's going to piss some serious customer base off.

Re:This just means another patch next week (0)

Anonymous Coward | about a year and a half ago | (#41747587)

LV0 keys exist on every Playstation 3, BUT these LV0 keys (the ones found and leaked today) are the ones of pre-3.60 firmware factory PS3.
The ones who comes with 3.60 or newer have a new set of LV0 keys, these are still secured.

Re:This just means another patch next week (1)

Gaygirlie (1657131) | about a year and a half ago | (#41747653)

LV0 keys exist on every Playstation 3, BUT these LV0 keys (the ones found and leaked today) are the ones of pre-3.60 firmware factory PS3.
The ones who comes with 3.60 or newer have a new set of LV0 keys, these are still secured.

Considering the fact that there are 4.21 CFWs already in the wild I must disagree with you: http://psx-scene.com/forums/content/update-2-rogero-cex-4-21-cfw-lv0-keys-released-2659/ [psx-scene.com] . You're confusing yourself somewhere.

LV0 (5, Informative)

Anonymous Coward | about a year and a half ago | (#41747595)

LV0 [ps3devwiki.com]

erk=CA7A24EC38BDB 45B98CCD7D363EA2A F0C326E65081E0630 CB9AB2D215865878A

riv=F9205F46F6021697E6 70F13DFA726212

pub=A8FD6DB24532D094EFA08 CB41C9A72287D905C6B27B 42BE4AB925AAF4AFFF 34D41EEB54DD128700D

priv=001AD976FCDE 86F5B8FF3E63EF3A7 F94E861975BA3

ctype=33

Perhaps a ploy by Sony? (0)

Anonymous Coward | about a year and a half ago | (#41747649)

I can't help but think: Sony is coming out with an updated slim, slim PS3. Conveniently, these keys leak while sales are probably at a plateau. If rampant piracy has taught us anything, it's that it can draw a lot of attention.

If potential hacks come out NOW that spike the sales and keep the PS3 relevant for another 5-6 years, then I think that almost gives Sony more bragging rights. I believe the mod chips for the PS1 and PS2, as well as some hard drive hacks for the PS2 is what really kept the system relevant for the extended length of time it had. I have a PS3 and about 40 bluray games for it, but if some sweet things come out for modded PS3's, I'll buy another to play around.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...