Playstation 3 busted wide open.

[Sparky]

It appears as if Sony’s PlayStation 3 has finally been hacked ”wide open this time”. Hackers have completely torn apart the very few remaining lines of security and defense against running unauthorized code.

http://tbreak.com/tech/2011/01/ps3-hacked-for-good-root-key-found/


This has massive implications for Sony and PS3 users alike. Now anyone can use the root key to make authorized code. It opens the door to Custom Firmware, homebrew and piracy with no system modifications needed at all. No USB dongles, no mod chips, no buffer overflow exploits etc. Unless Sony has a trick up their sleeve this appears to be unpatchable. If Sony changes the key, it renders every piece of software out there unplayable.

Yesterday the first custom firmware was released. All it added was a couple of extra options for installing future homebrew releases. I decided to take the plunge and see if this worked as advertised. It was as easy as putting the file on a USB stick and choosing "Update via Storage Media" in the system update menu. The PS3 saw it as official Sony firmware and installed it without a complaint. The extra package installer options were there under the game menu. Everything else was exactly the same. I could play games, log into PSN etc. Reverting back to the official firmware was exactly the same process.

Aside from piracy, the biggest problem I see now is online cheating. With the root key, people will be able to rip apart the game discs and alter the code. They will be able to burn the altered code onto recordable media and still have the PS3 recognize it as a valid PS3 game. Alter a few variables here and there, and you suddenly have permanent cheats both offline and online. People won't even have to know what they are doing. I'm sure there will be websites full of premade cheats and patches so that anyone can just check some option boxes, click a button and voila, burnt game disc with permanent online cheats.

I'm excited to see what the homebrew scene can come up with. I'm also excited to see a Linux distro, that is not locked out of the most powerful aspects of the PS3 hardware. It's not a good thing though that anyone with 2 functioning brain cells will be able to pirate PS3 games though.

 

[Lookingglassman]

All I want are cheat codes to "Dead ops Arcade" on Call of Duty Black Ops.

 

[judge alba]

I can see sony doing something that will block the hack and like you say stopping a lot of games and the like from working, though if it dose work it may be a good thing though I was just curious on what other uses this program/code can be used for.
Like installing some sort of account hacking software or virus installing thing (if that's even possible on a ps3)

 

[Switch]

Anything which returns power to the user for the product he's paid for is a good thing.

 

[Sparky]

I can see sony doing something that will block the hack and like you say stopping a lot of games and the like from working, though if it dose work it may be a good thing though I was just curious on what other uses this program/code can be used for.
Like installing some sort of account hacking software or virus installing thing (if that's even possible on a ps3)

It's not even what you would call a hack. The encryption key in the system is used to determine if the encrypted program code is authorized code. If it is not authorized by Sony, then the code will not run. Previous hacks used exploits like buffer overflows to trick the system into running un-authorized code. These hacks are patchable, and actually have been patched by Sony in the newer firmware updates.

Due to a major mistake in the development of the encryption scheme, the hackers were able to reverse engineer the master encryption key. With this key, anyone can now use it to encrypt and sign their own code as "Sony Authorized" code. The PS3 will run it without question.

The only way for Sony to completely block it, is for them to change the master encryption key via firmware update (Some of the hackers are saying that this is actually impossible, as the master key lies in an area that cannot be overwritten). The big drawback though is if they do change the key, then every single piece of software on the market will become useless. None of it will run on Consoles that have the new key.

As for what can be done with it....anything the homebrew programmers can come up with. media players, emulators, cheats, extra features etc. Piracy will also be easy to accomplish (as long as you can get a Blu-Ray's worth of data either burnt on a disc or on the PS3 Hard Drive)

I'm sure that someone will try and develop some kind of account hacking software or virus, but the homebrew community will be all over that. That kind of malicious program will probably come and go before you even knew it existed.

 

[Sparky]

Anything which returns power to the user for the product he's paid for is a good thing.

I agree. It's unfortunate that it opens up the PS3 to massive amounts of piracy though.

 

[Haggis and tatties]

This is a shame, i enjoy online gaming on the PSN and it was the last place were you could, apart from the odd glither or lag switcher, play hack and cheat free PS3 online games, now this hack will no doubt have the PSN go down the road of the jtagged 360s and the aim bot PC games.

And all because a small minority wanted to have their ego's stroked in public over hacking the PS3.

Shame that.

 

[Guitarded]

For online gaming, can't Sony do a server-side verification?

 

[Sparky]

For online gaming, can't Sony do a server-side verification?

I honestly don't know. With this exploit everything will be "Authorized" Sony code. I'm not sure how they could tell the difference.

 

[Haggis and tatties]

For online gaming, can't Sony do a server-side verification?

No doubt its going to go the same road as the 360 and xblive, hacked or modded games and consoles can be detected and banned once online, but the hackers can play away with their pirated and hacked games for anything from 3/6 months to a year or more before ban waves affect them, in which case they then go buy a arcade pack, hack it and start again.

I don't really think Sony can stop it now, and with this official key it means any hacked PS3 console or game can inject hacks and cheats into the game because they can sign it with the official key....its a real shame those ego filled twats decided to ruin it for everybody so those few free loaders can get their hands on free games.

I mean the PS3 really needed to be hacked as all it does out of the box is, free online gaming, allows you to store and play a plethora of media from its internal HDD which you can increase with a relatively cheap bigger third party HDD, gamer cards and trophies, in game voice and text chat with pic messaging, free video chat, basic web browsing, free catch up and on demand with a plethora of online media players, accepts a multitude of third party Blue Tooth headsets, and with such a massive catalog of older PS3 games its relatively cheap to game on the PS3.....so yeah they just needed to hack the PS3 and open it up.

 

[Switch]

its a real shame those ego filled twats decided to ruin it for everybody so those few free loaders can get their hands on free games.

I mean the PS3 really needed to be hacked as all it does out of the box is, free online gaming, allows you to store and play a plethora of media from its internal HDD which you can increase with a relatively cheap bigger third party HDD, gamer cards and trophies, in game voice and text chat with pic messaging, free video chat, basic web browsing, free catch up and on demand with a plethora of online media players, accepts a multitude of third party Blue Tooth headsets, and with such a massive catalog of older PS3 games its relatively cheap to game on the PS3.....so yeah they just needed to hack the PS3 and open it up.

 

[Haggis and tatties]

^^^Why thank you.

 

[Jadzia]

What Sony could do is worry about future games, rather than past games. One thing it could do is entangle some of the game code with the firmware code.

So if your firmware is overwritten, your game content will be different. (eg, some type of creature may be impossible to kill in an FPS, or a puzzle game has the wrong pieces in level 7 and can't be done). Then online multiplayer modes wouldn't work because your game is showing you something different to everyone else.

It would be a hassle for the user to keep patching the firmware between official versions (for new games) and hacked versions (for old games).

 

[Robert Maxwell]

For online gaming, can't Sony do a server-side verification?

No doubt its going to go the same road as the 360 and xblive, hacked or modded games and consoles can be detected and banned once online, but the hackers can play away with their pirated and hacked games for anything from 3/6 months to a year or more before ban waves affect them, in which case they then go buy a arcade pack, hack it and start again.

I don't really think Sony can stop it now, and with this official key it means any hacked PS3 console or game can inject hacks and cheats into the game because they can sign it with the official key....its a real shame those ego filled twats decided to ruin it for everybody so those few free loaders can get their hands on free games.

I mean the PS3 really needed to be hacked as all it does out of the box is, free online gaming, allows you to store and play a plethora of media from its internal HDD which you can increase with a relatively cheap bigger third party HDD, gamer cards and trophies, in game voice and text chat with pic messaging, free video chat, basic web browsing, free catch up and on demand with a plethora of online media players, accepts a multitude of third party Blue Tooth headsets, and with such a massive catalog of older PS3 games its relatively cheap to game on the PS3.....so yeah they just needed to hack the PS3 and open it up.

One of the big drivers for hacking the PS3 was to restore the "Other OS" functionality so Linux could be run it again. The PS3 originally shipped with the ability to load and run other operating systems, but Sony removed it with one of their firmware updates. While firmware updates are optional, online play mandates a relatively current firmware, so you are essentially forced to choose between playing online and being able to use another OS.

Many thought that was a bullshit choice and set about opening up the PS3 themselves. I don't blame them at all, either. You buy this hardware, it should be yours to do with as you please. Sony shouldn't get to tell you what you can and can't do with it.

 

[Servo]

Many thought that was a bullshit choice and set about opening up the PS3 themselves. I don't blame them at all, either. You buy this hardware, it should be yours to do with as you please. Sony shouldn't get to tell you what you can and can't do with it.

Maybe if a certain bunch of dickheads hadn't abused the privilige, Sony wouldn't have felt the need to remove the option for everyone. And no, the hardware shouldn't be yours to do with as you please, if what you please involves copyright infringement or other illegal activities.

I can live without a PS3 that runs Linux, as can everyone. You don't buy a toaster, and then complain that the company who made it wont let you roast a chicken with it.

 

[Switch]

I can live without a PS3 that runs Linux, as can everyone.

Fortunately nobody gives a shit what you think others can live without.

You don't buy a toaster, and then complain that the company who made it wont let you roast a chicken with it.

Pretty sure I can do whatever the fuck I like with my toaster, which is as it should be.

Sony are free to implement security architectures to serve their interests, and the consumer is free to fuck with them to serve theirs. This we call 'liberty'. If Sony can't take the heat, they can get out of the kitchen. Or, alternatively, run crying to the state for help. That usually works in this day and age.

 

[Servo]

I can live without a PS3 that runs Linux, as can everyone.

Fortunately nobody gives a shit what you think others can live without.

You don't buy a toaster, and then complain that the company who made it wont let you roast a chicken with it.

Pretty sure I can do whatever the fuck I like with my toaster, which is as it should be.

Sony are free to implement security architectures to serve their interests, and the consumer is free to fuck with them to serve theirs. This we call 'liberty'. If you can't take the heat, get out of the kitchen.

Get over yourself, kid. No-one's impressed that you know the word "fuck", or the fact that you find your own posts funny. Some of us are interested in discussing the issue at hand, rather than trying to show off our haxxxor cred, or how much we dislike "the man".

 

[Switch]

Some of us are interested in discussing the issue at hand

I've never heard of a blowjob - corporate or otherwise - being described in quite that manner, but whatever, I can roll with it.

 

[Servo]

Some of us are interested in discussing the issue at hand

I've never heard of a blowjob - corporate or otherwise - being described in quite that manner, but whatever, I can roll with it.

Is that all you have to contribute here, chuckles? I haven't actually seen you do anything but troll people.

 

[Chaos Descending]

I can live without a PS3 that runs Linux, as can everyone. You don't buy a toaster, and then complain that the company who made it wont let you roast a chicken with it.

Terrible analogy, since toasters don't come advertised as being able to roast a chicken. Sony advertised the PS3 as being able to run Linux, so yes, I do complain when I buy a product that advertises a certain feature as a key draw and then the manufacturer later cripples that feature by fiat.