Sony Powerless Against Latest PS3 Hack

At the 27th Chaos Communication Congress held in Berlin, Germany a small group of hackers named fail0verflow stunned the PS3 hacking community world with a massive revelation – they have eradicated a major security barrier in the console. This hack is different than the infamous PS3Jailbreak and is based on ineffective security coding within the PS3. fail0verflow explained during the conference that they have figured out how to calculate the keys needed to sign off on everything, essentially making those private keys public.

So what does this really mean?

With an exploit of this magnitude, people could sign (and therefore run) any program coded for the PS3 and the system will run it as if it were a PS3 game without issue regardless of firmware. This same method, in theory, can be used to sign PS3 ISOs (full copies of games) and play them on the console off burned Blu-ray discs. This basically paves the way for easier piracy for the PS3, and also will greatly encourage homebrew software authors.

The full 44-minute presentation is very long-winded, and goes over many aspects of console hacking in general (Wii, XBOX, etc), various holes found in the PS3 software architecture, and finally a full explanation of the upcoming exploit. The video clip above is from that presentation, and is a pivotal moment where the hackers show how easy it is to generate those private keys.

fail0verflow’s goal for releasing this exploit is to have Linux funning on all existing PS3 consoles, regardless of the firmware version. The group’s primary motivation for cracking the main security on the PS3 is based on Sony removing the ability for gamers to install an alternative operating system on the console several months ago. Sony infamously removed that feature, known as “Install Other OS,” in the PS3 Slim which originally inspired iPhone hacker Geohot to taunt Sony with a PS3 exploit.

fail0verflow will not release a custom firmware, but will offer proof-of-concept and tools that should bust the door wide open for custom-authored modifications, firmwares, homebrew apps, and other programs.

A fellow named SwordOfWar at the PSX-Scene forums has summarized the fail0verflow PS3 hack (and AbestOS.pup) quite well:

First, Linux is a valid reason for hacking the PS3 and nobody can prove if that is their true motive or not, you can only speculate.

AsbestOS has an advantage over the built-in OtherOS feature by Sony, because AsbestOS will most likely have more control over the PS3 hardware and have better performance than the limited OtherOS feature.

So really, AsbestOS could perform much better than Sony’s OtherOS ever did, because AsbestOS won’t cut you off from the RSX (Graphic Chip) and try to keep you in a sandbox for security reasons, which has the side-effect of reduced performance.

Next, for those of you who don’t understand yet, being able to sign our own files with Sony’s encryption will allow us to create our own software/homebrew and load it without even needing to jailbreak the PS3, because it will look like a legit piece of software from Sony.

Imagine being able to run all the Homebrew apps you run now, but being able to run them on an official v3.55+ firmware without even needing to hack the system. They just need to be updated with Sony’s keys so that the PS3 will accept them without needing to be hacked.

Basically we will have the ability to create our own custom updates that will work on a normal PS3 to update it directly from an official/normal firmware to a custom one without needing any modchips or dongles to do it, because the PS3 will accept the update that is signed using sony’s keys (which we now have).

Give it a few minutes for that to sink into your brain. You could probably program the PS3 to make you some toast bread using this new exploit.

So just sit back, enjoy the ride, and wait for the exploit work to be released and used to make magic stuff for us all to use.

Sounds exciting. What do you think this will mean for the future of the PlayStation 3?

Related Posts with Thumbnails
30
Dec 2010
POSTED IN

Hardware, Playstation, PS3

DISCUSSION 45 Comments
  • Pedrobear

    suck shit to the cunts

  • Pedrobear

    suck shit to the cunts

  • Greenbudmans

    And this all could have been avoided if they would have left linux or rather the ability to install another operating system on that blasted console… I miss my linux ps3. serves them right.

  • Phillyphries

    Who wants linux now, for all i know they can install windows on it :o

    • Anonymous

      yeah, windows runs in 256 MB very well…

      • Xs

        Hehehehe, well we wont have those limitations for too long now will we?

  • Pingback: fail0verflow hacker group discovers epic PS3 security bypass - SlashGear

  • Pingback: fail0verflow hacker group discovers epic PS3 security bypass « Mobile Technology Monster

  • Ryz

    I noticed during their presentation they call the PS3 security ‘epic fail’ even though it took them 4 YEARS to break it. Also, if this is true, i would like to thank these hackers. Thank you for making the PS3 go the same way as the PSP. Than you for ruining gaming again. You morons.

    • Anonymous

      They started working on this only after Sony removed the OtherOS feature. In fact, had you watched the video, they explain that the PS3 was left alone by the hacking community because OtherOS was included out of the box.

      • Xs

        1 year they said. 1 year to compromise 6 out of 9 security features. I’d call that an Epic Win.

        • V4

          Epic win by Sony? Get real. A small group of enthusiasts ruined, in their spare time, the shit of a corporation that invested tons of cash and spent years to come up with that console. That’s something Sony can be proud. Right.

          Hint: if your security software gets bypassed, it is fail. On this scale and because of such a dumb mistake, such a fail is fairly dubbed as epic.

          • http://www.facebook.com/people/Michael-Breezy/1039184734 Michael Breezy

            You are stupid my friend. You just CAN’T create something unhackeable. Even the computers in the pentagone can be hacked, even the high protected computers of USA can be hacked, just google WikiLeaks. So it’s not a fail at all, it was just unavoidable. There will always be no life hackers to hack everything and ruin the product for all others, even, ironically, for themselves.

    • beedogs

      “ruining gaming”? you seem slightly retarded.

      • http://www.facebook.com/people/Michael-Breezy/1039184734 Michael Breezy

        Why is he retarded? Actually, I feel te same way. Those fucking hackers ruined the game.

  • douchers

    Fucking retards. Seriously, go find something better to do. I can only hope that Sony does something to prevent this from happening but it doesn’t sound like they can do anything. I guess they could just quit all operations altogether..

    • Xs

      Better to do? They may have given me back my $300 gaming rig thats the equivalent of a $1500 gaming rig. Awesome! If only win worked better.. Hmmm, Windows it is then. Wasn’t able to do that before!

      • ru486

        LOL a Sony ps3 the same as a 1500 pc? Lmao surely you’re kidding

    • Dryqula

      Actually, fail0verflow were quite clear that there is NOTHING Sony can do about this. If you decide to anger your customers, you deserve whatever you get.

      • Anonymous

        yes there is something they can do, sue fail0verflow for everything hes got and press criminal charges

  • Pingback: PS3 hackeada y Sony por ahora no puede hacer nada [Vídeo] | GeeksRoom

  • Big Country

    IMHO. Hackers are the heroes of the digital age. Someday the companies will recognize these conventions as pools of talent and they’ll be sending their talent scouts to them. Hackers can then parley their talents into well paying jobs. Now, hackers and crackers are the reason there is so much security in the digital age and if nobody ever hacked or cracked there would be no need for security measures. But; then again, it is the hackers that keep the companies on their toes and somewhat honest. Three cheers for the hackers. P.S. I believe Sony removed the alternate OS option on the PS3 because it was rarely used and just taking up space. What Sony should have done was offer a Linux OS option that would have let current users retain the Linux option and new users would have the option to get a free disc to install Linux on new consoles. Of course Linux opt’ers would lose the ability to receive the latest updates. But, that would be only temporary; because, hackers would figure a way around that, too. Nyuk, nyuk, nyuk;~}>

    • http://www.WhatDidEricSay.com Eric Miltsch

      What if it’s all one big plot to keep them separated? (kinda like the “war on drugs” – they keep it illegal so we can fight it and not lose the economic impact…)

    • Anonymous

      they are also criminals

      • Martin Krauser

        Good luck enforcing the law.

  • http://pulse.yahoo.com/_YUVMTLYWCUAH3HUENYCFR77HYU Medek-Medekai

    Whats wrong with running Linux on your computer? Why do you need to run it on a PS3? Perhaps Im missing the point, but it seems, well…pointless. Linux is just an excuse anyway, as most will only use this exploit to play pirate games. Only means the next gen of PS console will have far more stringent internal security measures as a result.

    • Xs

      Why did i run linux on my ps3? So i could have a $1500 gaming rig for little under $300.

      If linux is an excuse, why haven’t we seen these hacks, in the last 4 years?

      • http://www.facebook.com/people/Michael-Breezy/1039184734 Michael Breezy

        Dude are you such a poor ? In the first place, consoles are not meant to be used as a computers, but for gaming purpose. If you want a computer, go get a freaking computer. By the way, if you want to jailbreak the ps3, you need a computer to do that. So if you already got a computer, why would you hack the ps3 for linux? As you see, it is pointless. It’s just an excuse for hackers, all they want is pirated games.

  • Xs

    Piracy SHOULD NOT BE AN ISSUE YET. They have not developed for it, and it would require quite a bit of work to actually dev for it.

    Although, there are many people out there more than capable of doing such, which will be evident in the 6 to 12.

  • Dime

    They should of just left the PS3 alone. To where you could use Linux, and play the older PS2 games on it. But instead… they had to piss people off. Now look. They could ruin it fully… if they lose to much money from this, the PS3 will go away.

  • Pingback: insurance: Deadly Spin: An Insurance Company Insider Speaks Out on How Corporate PR Is Killing Health Care and Deceiving Americans

  • http://pulse.yahoo.com/_ON6CS3UJOSXBQ7RM3LUWAERN2A d4rk_l1gh7

    Piracy now is gonna be unavoidable, but i don’t see much of a point about PS3 piracy. Usually, where piracy is Big, like China, Brazil, and Russia, technology there is expensive, to burn a pirate disk there, you will be paying 60 USD for the disc, so it’s gonna be useless (at least in these 3 countries).

    Now, I for one, would download a PS3Linux (if it ever ends up existing), where it could play PS3 games on Linux and let you do anything you want. But online is gonna get cut. (this is just my opinion, don’t know about yours).

  • Pingback: New PS3 hack claims to be the most powerful yet « Beubo

  • http://twitter.com/Moshalas Gareth Prentice

    I’m not suprised. Its just like banning harmless drugs like psilocybin – it only creates more trouble than its worth by the method of prohibition, because it pisses everyone off. Same with the removal of OtherOS. All the Linux fans got pissed off and the system got hacked eventually.

  • Pingback: PS3 Hack Bypasses Encryption Security; Exploit Available To The Public | Bikeattachments.com

  • Pingback: Gibizz News » Hackers Get to the Root of Sony’s PlayStation 3 (PC World)

  • Pingback: PS3 Hack Bypasses Encryption Security; Exploit Available To The Public

  • Pingback: Hackers Get to the Root of Sony’s PlayStation 3 | GameWorld Middle East

  • Pingback: PS3 Hack Bypasses Encryption Security; Exploit Available To The Public - G4tv.com

  • Pingback: Interest Rates, PlayStation 3: Hot Trends | The Investment Authority

  • http://twitter.com/vsiake Antosia

    Yaaay for hackers =))) Nothing gets hacked without a reason. No corporation is innocent. Money is an illusion. Karma is a bitch :)))

  • T.Evans

    Thought this was just for CoD WaW then… so apparently its every game now? Freaking quick-scoping 75 headshots in 30 seconds to a 75-spree game with a scoped springfield… bull crap.
    Here’s an idea. GIVE US A FREAKING REPORT OPTION. That way we can tell you who’s freaking hacking. Track their IP and then kick their PS3 off the entire network, not just their accounts.

  • Pingback: Sony Powerless Against Latest PS3 Hack | Reviews on the Hottest New Toys for 2011

  • h2o1114

    Heres my opinion on the issue,not that it matters. Ive actually played on a jail broken ps3, have to admit it was kinda novel. That feeling didnt last long though, didnt feel like i really acomplished anything beating other players with an unfair advantage. How players can find this entertaining is beyond me. Spose this marks the beginning of the end for Sony. Its pretty much a free for all online. Who will want to purchase a system or a game when ya go online to play against pardon the expression a bunch of hackers?

  • John

    @h20 and T. Evans, read up before spouting nonsense. Your precious CoD is not hacked by these guys. Their hack and your ‘hack’ are very different things