Post: [UPDATED] PS3 'Private Key,' Enabling Unauthorized Code
Options
12-29-2010, 10:52 PM
#1
CLM
[b]They say sorry Mr. West is..[/b]
PS3 'Private Key,' Enabling Unauthorized Code
UPDATE: Some tools for ps3 files. Expect some fail, this is still WIP. Check it out here: You must login or register to view this content.
UPDATE:
UPDATE: Sha1 hashes for some keys
UPDATE: The scam videos are gone now but the fake Fail0verflow account is still there. Don't get fooled by imposter's.
UPDATE: Watch out for Fail0verflow impersonators. They will scam you.
UPDATE: What Sony has to do to patch this! (Thanks manster)
1) Respin the hardware. There's an incredible exploit in that the verification of bootloaders loaded off the NAND/NOR is verified after they've been loaded, and then they're allowed to continue to execute. This is why ALL EXISTING PS3s on the market are from now on hackable. Really. There's nothing that can be done to stop this.
2) Design new firmware(s) that contains the infamous "whitelist" of all previously (and erroneously) signed software, but with new keys and new signature verification algorithms. Deploy these firmwares/loaders ONLY on the respinned hardware (see above).
3) For older hardware (that is, everything already produced from the factory and on the market) release new firmware that contains the new signature verification algorithms, but NOT any of the new keys. Remember, what you deploy on the old hardware is fully transparent. Update the loaders as well, as talked about in the presentation, since that will force everyone who wants to have a still jailbroken console to install a modchip (see #1).
4) Dual-sign all new stuff. Old broken consoles will be able to run it, and the new secure model will verify with new keys. Previously signed software will only execute on the new systems if they pass the whitelist-test.
UPDATE: What Marcan had to install in order to dump/change the NOR chip. This is probably what your going to have to do.
UPDATE:
This should be released by January
Fail0verflow releases this statement about Geohot
UPDATE: Marcan @ 27C3 Lightning Talk
[ame]https://www.youtube.com/watch?v=lGI0EnNQ5GE[/ame]
Read the slide presentation during the conference here: You must login or register to view this content.
UPDATE: PS3 Demo NOW in #Saal3 at #27c3
You must login or register to view this content.
WATCH HERE: You must login or register to view this content.
(Note: Streaming from that room is a little overloaded atm. If you can't connect be patient)
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
WATCH HERE: You must login or register to view this content.
(Note: Streaming from that room is a little overloaded atm. If you can't connect be patient)
You must login or register to view this content.
You must login or register to view this content.
Fail0verflow, the hackers responsible for the Wii's Homebrew channel, gave a presentation during the Chaos Communication Conference 27C3 in which they are claiming they have figured out the 'private key' used by Sony to authorize code to run on retail PS3 systems. This could potentially give "full control of the PS3 system," without having to use a usb device. For those of you who don’t understand yet, this will make us able to sign our own files with Sony’s encryption will and allow us to create our own software/homebrew and load it without even needing to jailbreak the PS3, because it will look like a legit piece of software from Sony.
Btw: PSN ACCESS NOT YET CONFIRMED
The group will explain more when their website launches, and have planned a demo for tomorrow's conference. But what they have explained is how Sony didn't bother generating any random numbers to secure the PS3. Look at the picture below.
Read the tweet below on what this is supposed to do. As it is not meant to enable PS3 game piracy.
But don't expect to see the website launch tomorrow. Fail0verflow told Joystiq the folllowing via twitter.
UPDATE: Full presentation after the break, courtesy of PSGroove.
[ame]https://www.youtube.com/watch?v=HEFMAP0mTvY[/ame]
[ame]https://www.youtube.com/watch?v=qFuTCEtK6l8[/ame]
[ame]https://www.youtube.com/watch?v=84WI-jSgNMQ[/ame]
Fail0verflow just launched another statement on the PS3's security
To keep up to date with Fail0verflow's progress and work, check out their You must login or register to view this content. and You must login or register to view this content.
Note: Their website is currently down at the moment because they are working on a demo.
Source: You must login or register to view this content.
The following 64 users say thank you to CLM for this useful post:
-Smurf-, $oulja, Alpha, Analdogfag, angel_of_deth, balerdoni, benyon, BooshMayne, Carbon0x, MikeOxBig, Clutch Hunterr, CRACKbomber, CRaZyY, danielsarpa, davirus_, dela_tiges12, divybc, DR-Dizzy, egonadrian, Extrazior, helpmeoprah, I'm A Rep Whore, I3LaCkOuTz, ihatecompvir, ihaxgames, johndahon94-PS3, JP, jubz-2k10, juddylovespizza, kaliboi, Kill_tony485, kjoshi, Kombust, LAD_Dodgers, legitmod, Lick, Lucy Pinder, Matteram, MBO, Mr. DarkKV, Mr. Star, Mr.MoldyOrange, Mw21212, Night Wolf, NorskTnaka, NwO_OweN, ogbrandon, River J, CHAOZ, sauronith, Shieldsy, ShottinG STarzz, Sk8erFerSur, Skylines, snipedu7512, sofeball, tcwyw, Teh Niganator, the stuff, Vampytwistッ, w8t4it, Weehuntz, xCamoLegend, xMagiik
12-31-2010, 03:53 PM
#128
Deadpool
Cake is a lie
Originally posted by Mr.KANE
That will be the next step to deny us our hacking freedom. But using this we may be able to code our own firmware to allow linux again, enable online play, have a pirated store ect.. But this all takes time, if anyone here has hacked a wii they know what I mean, it was one small step at a time but each step took them further along thhe path.
Put it this way, you could have all that but you will NEVER be allowed onto PlayStation Network then.
12-31-2010, 03:59 PM
#130
Deadpool
Cake is a lie
Originally posted by Mr.KANE
Really? What about these exploits people made when they had a JB console, they were patched fast but proves its possible.
If they make a new private key, ALL consoles with a different private key (not updated) will not accept the new private key on the PSN servers. Therefore they will be booted from the server.
It would be like trying to connect and XBOX 360 to PSN.
The following user thanked Deadpool for this useful post:
12-31-2010, 04:05 PM
#131
Mr.Kane
Greatness
Originally posted by F
If they make a new private key, ALL consoles with a different private key (not updated) will not accept the new private key on the PSN servers. Therefore they will be booted from the server.
It would be like trying to connect and XBOX 360 to PSN.
It would be like trying to connect and XBOX 360 to PSN.
Thanks, I am not an expert in this stuff but I understand most of it, that was just the bit I didn't :p
12-31-2010, 04:35 PM
#132
Battler624
I’m too L33T
Originally posted by F
If they make a new private key, ALL consoles with a different private key (not updated) will not accept the new private key on the PSN servers. Therefore they will be booted from the server.
It would be like trying to connect and XBOX 360 to PSN.
It would be like trying to connect and XBOX 360 to PSN.
on thing to remove the private key is like the private key for encryption on COD BO its hard to change sense you need an update and if someone bypassed it servers will fail
Private = not to be known or your ****ed
12-31-2010, 05:29 PM
#134
BooshMayne
oɹq ʎɹoʇs ןןıɥɔ
Amazing find and probably will be fixed by the next firmware :y:
12-31-2010, 07:00 PM
#135
pad6347
Keeper
I have a feeling that this will take a while to patch and when they release the tut is when it is going to patched because they will know how he cracked the password and what not. But hopefully they will be stupid like usual and let a lot of people get this method done before they patch 
12-31-2010, 09:46 PM
#136
Evanrocks
Do a barrel roll!
they said that they were going release a update that u would put on your ps3 that would run linux or something along those lines right? couldnt someone just make one that just adds backup manager or whatever you would need to hack games? then you could be able to play online right?
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
