Post: [UPDATED] PS3 'Private Key,' Enabling Unauthorized Code
Options
12-29-2010, 10:52 PM
#1
CLM
[b]They say sorry Mr. West is..[/b]
PS3 'Private Key,' Enabling Unauthorized Code
UPDATE: Some tools for ps3 files. Expect some fail, this is still WIP. Check it out here: You must login or register to view this content.
UPDATE:
UPDATE: Sha1 hashes for some keys
UPDATE: The scam videos are gone now but the fake Fail0verflow account is still there. Don't get fooled by imposter's.
UPDATE: Watch out for Fail0verflow impersonators. They will scam you.
UPDATE: What Sony has to do to patch this! (Thanks manster)
1) Respin the hardware. There's an incredible exploit in that the verification of bootloaders loaded off the NAND/NOR is verified after they've been loaded, and then they're allowed to continue to execute. This is why ALL EXISTING PS3s on the market are from now on hackable. Really. There's nothing that can be done to stop this.
2) Design new firmware(s) that contains the infamous "whitelist" of all previously (and erroneously) signed software, but with new keys and new signature verification algorithms. Deploy these firmwares/loaders ONLY on the respinned hardware (see above).
3) For older hardware (that is, everything already produced from the factory and on the market) release new firmware that contains the new signature verification algorithms, but NOT any of the new keys. Remember, what you deploy on the old hardware is fully transparent. Update the loaders as well, as talked about in the presentation, since that will force everyone who wants to have a still jailbroken console to install a modchip (see #1).
4) Dual-sign all new stuff. Old broken consoles will be able to run it, and the new secure model will verify with new keys. Previously signed software will only execute on the new systems if they pass the whitelist-test.
UPDATE: What Marcan had to install in order to dump/change the NOR chip. This is probably what your going to have to do.
UPDATE:
This should be released by January
Fail0verflow releases this statement about Geohot
UPDATE: Marcan @ 27C3 Lightning Talk
[ame]https://www.youtube.com/watch?v=lGI0EnNQ5GE[/ame]
Read the slide presentation during the conference here: You must login or register to view this content.
UPDATE: PS3 Demo NOW in #Saal3 at #27c3
You must login or register to view this content.
WATCH HERE: You must login or register to view this content.
(Note: Streaming from that room is a little overloaded atm. If you can't connect be patient)
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.
WATCH HERE: You must login or register to view this content.
(Note: Streaming from that room is a little overloaded atm. If you can't connect be patient)
You must login or register to view this content.
You must login or register to view this content.
Fail0verflow, the hackers responsible for the Wii's Homebrew channel, gave a presentation during the Chaos Communication Conference 27C3 in which they are claiming they have figured out the 'private key' used by Sony to authorize code to run on retail PS3 systems. This could potentially give "full control of the PS3 system," without having to use a usb device. For those of you who don’t understand yet, this will make us able to sign our own files with Sony’s encryption will and allow us to create our own software/homebrew and load it without even needing to jailbreak the PS3, because it will look like a legit piece of software from Sony.
Btw: PSN ACCESS NOT YET CONFIRMED
The group will explain more when their website launches, and have planned a demo for tomorrow's conference. But what they have explained is how Sony didn't bother generating any random numbers to secure the PS3. Look at the picture below.
Read the tweet below on what this is supposed to do. As it is not meant to enable PS3 game piracy.
But don't expect to see the website launch tomorrow. Fail0verflow told Joystiq the folllowing via twitter.
UPDATE: Full presentation after the break, courtesy of PSGroove.
[ame]https://www.youtube.com/watch?v=HEFMAP0mTvY[/ame]
[ame]https://www.youtube.com/watch?v=qFuTCEtK6l8[/ame]
[ame]https://www.youtube.com/watch?v=84WI-jSgNMQ[/ame]
Fail0verflow just launched another statement on the PS3's security
To keep up to date with Fail0verflow's progress and work, check out their You must login or register to view this content. and You must login or register to view this content.
Note: Their website is currently down at the moment because they are working on a demo.
Source: You must login or register to view this content.
The following 64 users say thank you to CLM for this useful post:
-Smurf-, $oulja, Alpha, Analdogfag, angel_of_deth, balerdoni, benyon, BooshMayne, Carbon0x, MikeOxBig, Clutch Hunterr, CRACKbomber, CRaZyY, danielsarpa, davirus_, dela_tiges12, divybc, DR-Dizzy, egonadrian, Extrazior, helpmeoprah, I'm A Rep Whore, I3LaCkOuTz, ihatecompvir, ihaxgames, johndahon94-PS3, JP, jubz-2k10, juddylovespizza, kaliboi, Kill_tony485, kjoshi, Kombust, LAD_Dodgers, legitmod, Lick, Lucy Pinder, Matteram, MBO, Mr. DarkKV, Mr. Star, Mr.MoldyOrange, Mw21212, Night Wolf, NorskTnaka, NwO_OweN, ogbrandon, River J, CHAOZ, sauronith, Shieldsy, ShottinG STarzz, Sk8erFerSur, Skylines, snipedu7512, sofeball, tcwyw, Teh Niganator, the stuff, Vampytwistッ, w8t4it, Weehuntz, xCamoLegend, xMagiik
12-31-2010, 11:30 PM
#138
ProjectPartial
Simplicity.
I don't understand this completely...
So Sony needs to change the Private Key for everything which they have signed (PSN Store + other applications through the PS3 XMB)...
So Sony needs to change the Private Key for everything which they have signed (PSN Store + other applications through the PS3 XMB)...
01-01-2011, 02:19 AM
#140
juddylovespizza
I'VE GOT JUNGLE FEVER
Originally posted by seriousfear
I don't understand this completely...
So Sony needs to change the Private Key for everything which they have signed (PSN Store + other applications through the PS3 XMB)...
So Sony needs to change the Private Key for everything which they have signed (PSN Store + other applications through the PS3 XMB)...
Its not patchable its in the hardware.. they would have to change the hardware of the new ps3s
01-01-2011, 02:23 AM
#141
manster
League Champion
Originally posted by juddylovespizza
Its not patchable its in the hardware.. they would have to change the hardware of the new ps3s
yes!
i found some good info what sony will do/have to do in the next time
Originally posted by another user
new work package This is how Sony will likely respond, if they feel the effort is worth the result. It's quite an effort, and the result .. well.
1) Respin the hardware. There's an incredible exploit in that the verification of bootloaders loaded off the NAND/NOR is verified after they've been loaded, and then they're allowed to continue to execute. This is why ALL EXISTING PS3s on the market are from now on hackable. Really. There's nothing that can be done to stop this.
2) Design new firmware(s) that contains the infamous "whitelist" of all previously (and erroneously) signed software, but with new keys and new signature verification algorithms. Deploy these firmwares/loaders ONLY on the respinned hardware (see above).
3) For older hardware (that is, everything already produced from the factory and on the market) release new firmware that contains the new signature verification algorithms, but NOT any of the new keys. Remember, what you deploy on the old hardware is fully transparent. Update the loaders as well, as talked about in the presentation, since that will force everyone who wants to have a still jailbroken console to install a modchip (see #1).
4) Dual-sign all new stuff. Old broken consoles will be able to run it, and the new secure model will verify with new keys. Previously signed software will only execute on the new systems if they pass the whitelist-test.
... so, this would be quite an effort, and quite expensive. It should restore chain of trust on the new systems, and the new signing key shouldn't be leaked. I _think_ the whitelisting should succeed then as well.
Success? Well, that still leaves all produced PS3s to date completely broken, and also able to run all new software. Only the new systems will be "homebrew-free". Modchip-installers will be happy though, NOR/NAND replacements aren't for the faint hearted to install. And, all this with the assumption that Sony will find and close ALL existing holes in one try. Not likely.
(Comments on my logic from those who understood the presentation welcome)
As far is I understand the earliest patch is in lv2ldr (no access to lv1ldr plaintext = no key = no lv1 access yet). However, what they state is that IF Sony manages to update the loaders to remove the lv2ldr exploit (which is a proper buffer overflow) they can just use a modchip to run the old version of it and gain access right back (and that will always work since metldr, which verifies and loads lv2ldr, is not updateable).
That is, whatever you happen to do with your broken PS3 the chain of trust is gone and you can always root the current hardware. It will require a modchip in the worst case scenario though, and if you're careful and don't allow, by choice or by mistake, the loaders to get updated you're fine with a software/firmware hack only.
The following user thanked manster for this useful post:
01-01-2011, 02:55 AM
#144
manster
League Champion
Originally posted by ajbinky
so when this is released....we can run homebrew on our ps3's without a jailbreak?
please quote with reply...
please quote with reply...
yes, no jailbreak needed when this is 'released' or ready for us ps3 users (piracy, linux, homebrew games, emulator's... - without JAILBREAK)
the fail0verflow team is currently working on a linux version for all ps3's (slim, phat, every firmware).
we have to wait till someone use this method for Games etc.
....
The following user thanked manster for this useful post:
01-01-2011, 03:04 AM
#145
ajbinky
Derp
Originally posted by manster
yes, no jailbreak needed when this is 'released' or ready for us ps3 users (piracy, linux, homebrew games, emulator's... - without JAILBREAK)
the fail0verflow team is currently working on a linux version for all ps3's (slim, phat, every firmware).
we have to wait till someone use this method for Games etc. ....
the fail0verflow team is currently working on a linux version for all ps3's (slim, phat, every firmware).
we have to wait till someone use this method for Games etc.
....
awsome, thanks for the reply, so it will work on every firmware? and they have already done this on windows?
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
