With the release of the latest expansion for Blizzard’s Hearthstone we sit down with the development team to learn about its development.
Hearthstone Interview - Inside the Halls of Scholomance Academy
And by in-depth, we mean dissecting this game to the nines... is it the skateboarding messiah we've been waiting for?
We Roll wth Skater XL for an In-Depth Review !
With Sony and Guerrilla Games’ Horizon Zero Dawn hitting CPUs and GPUs, Kosta finally steps into the post-apocalyptic shoes of heroine Aloy to slay some robo-dinos.
Horizon Zero Dawn is the Best Game I Haven’t Played
The ASUS ROG Zephyrus G14 is one of the most talked about gaming laptops of the year for good reason - it packs the AMD Ryzen 9 4900HS mobile CPU in a tiny package.
ASUS ROG Zephyrus G14 Review
PlayStation 3 Code Signing Cracked
Post by trog @ 12:46pm 04/01/11 | 61 Comments
Sony's removal of the OtherOS from the PlayStation 3 a while back caused a lot of righteous anger amongst gamers, and highlighted an increasing problem in the new digital age of vendors removing functionality from a product you bought long after you'd paid for it.

Inevitably, this drew the ire of the hacking community, and after several months of hard work it seems that this move has been completely and utterly responsible for the demolishing of all the outstanding security measures on the PlayStation 3. At a recent conference in Berlin called the Chaos Communication Congress, a team called fail0verflow has announced that (amongst other exploits), they have uncovered the private signing keys used to sign PlayStation 3 content - turns out Sony didn't use a random number in the right place, which meant they could trivially calculate the private key values.

If you're interested in the gory details, as well as a good summary of the state of console security as it stands now, the fail0verflow presentation is available on YouTube in three parts (one, two, three). It's a pretty interesting talk and worth the watch (~45 minutes).

The practical upshot of their research apparently means that we should soon be seeing dongle-less jailbreaking for the PS3, which will return the ability to run custom code via an OtherOS-esque system.


playstation 3ps3security





Latest Comments
  Link  
greazy
Posted 12:48pm 04/1/11
And piracy. Awesome.
  Link  
Spook
Posted 12:52pm 04/1/11
still woudlnt buy a ps3
  Link  
Tollaz0r!
Posted 12:55pm 04/1/11
Ha, sucked in Sony. Although the PS3 did put a up a good fight security wise.
  Link  
greazy
Posted 01:04pm 04/1/11
I got the understanding that the only reason it has taken this long is because most crackers (like these guys) want Linux/homebrew running on everything. The PS3 had OtherOS on there for a while until sony changed their mind which prompted these guys to smash it to bits.
  Link  
MatchFixah
Posted 01:14pm 04/1/11
still woudlnt buy a ps3
I know right.

Still, piss off a community and get hacked. More power to the people i say.
  Link  
natslovR
Posted 01:56pm 04/1/11
Hey, anyone want to buy my programmable USB key, before they are worthless?? :-)

http://dilbert.com/strips/comic/2001-10-25

lol!
  Link  
Nathan
Posted 01:24pm 04/1/11
I look forward to an XBMC port
  Link  
`ViPER`
Posted 01:26pm 04/1/11
Yeah pretty stupid of sony to remove the other OS option.

The Wii didnt let you run any homebrew, so was hacked and people took the hacks and made iso loaders. Personally I only use homebrew to run wiimc, but if nintendo had just made it easier for people to write there own apps, then it probably wouldnt have been hacked.

Nintendo even had an app store setup, but just didnt allow access to it for anybody.
  Link  
Mantorok
Posted 01:30pm 04/1/11
A bonus from this is they have a PSP private key as well. So you'll be able to run homebrew on your PS3/PSP with official firmware.
  Link  
tspec
Posted 01:36pm 04/1/11
Don't really care about pirating games, I just want a way of having all my purchased games stored on the PS3 and be able to play them without ever requiring the disc. I've re-purchased games on steam I already own (when crazy cheap on sale) just so I don't have to go hunting for a disc when I want to play a game.
  Link  
Spook
Posted 01:57pm 04/1/11
wow, video was really interesting watching.

as mentioned above, these guys dont like being locked out of their own consoles so go to town on them to get the access they believe they should have (ie to be able to run their own code)

sony have pretty much done everything wrong to prevent piracy by upsetting groups like this.

also, lols at their random number generating code
  Link  
Opec
Posted 01:59pm 04/1/11
XBMC on a PS3 would be awesome. Pity it doesn't have Wirelss N built in because my house it not wired.... it'd make PS3 the ultimate media player.
  Link  
Raven
Posted 02:14pm 04/1/11
Yeah, generally it s**** me to tears hearing people go "oh, now we can run homebrew" when they really mean "now we can play pirated games" - but to be honest I can't think of the last time I pirated a game. I'd have to a lot further back to name a game I pirated and didn't then purchase. (Civ IV and C&C3 I went the pirate->purchase route)...

But I totally agree things like allowing you to run games direct from the HDD, the fact that companies try to stop you doing stuff like that for totally retarded reasons just makes people (like me) want to go defeat these systems security, even if just to be annoying and defiant to them.

Seriously, 'f*** you' to any company who thinks they can tell me how I can and can't use my device.
  Link  
SwissCM
Posted 02:36pm 04/1/11
The root key has been leaked now as well, which is unchangeable on current consoles. Because of this a whitelist that blocks out anything that isn't signed with a new key wouldn't work since the whitelist could just be edited at boot time using a program signed with the root key. This basically makes security on all existing PS3s useless and unpatchable. Oops.

Oh, Sony's AACS keys (used for Blu-Ray decryption) were leaked too, which is also unpatchable since you can't hide something like that on a system as compromised as the PS3. Any time they try updating the keys, someone could just rip them out again. Double oops.

Also, as mentioned before the PSP's keys were released too. Also can't be patched out. Triple oops.
  Link  
crazymorton
Posted 02:38pm 04/1/11
do you think it's possible with today's technology and knowledge, forget the economics or other factors, for someone to manufacture a complete open source version of each of the majors, 360/PS3/Wii, that has absolutely no restrictions on it that can still play commercial games?

how about a single device, 1 drive, with 3 readers, able to play all music and video formats, and network connectible to PC & Mac (easily) and you can put anything other OS you want on it!
  Link  
SwissCM
Posted 02:46pm 04/1/11
Of course, they even all use similar CPU architectures (PowerPC).
  Link  
teq
Posted 02:59pm 04/1/11
they'd get sued into oblivion before the device ever sold a single unit
  Link  
Midda
Posted 03:03pm 04/1/11
I've been following this story fairly closely since it was public in hopes of hearing about some clever folks porting over XBMC or something similar. There's such a huge amount of potential in the PS3 as an all in one media centre. Being able to play everything without the need for streaming and transcoding would be awesome.
  Link  
Dan
Posted 03:05pm 04/1/11
He did say to ignore the economics, but yeah of course it would be theoretically possible, Chinese manufacturers have been making those portable NES/SNES/Genesis players for a while now. They wouldn't be as likely to try it with a current gen console though.
  Link  
Midda
Posted 04:12pm 04/1/11
He did say to ignore the economics, but yeah of course it would be theoretically possible, Chinese manufacturers have been making those portable NES/SNES/Genesis players for a while now. They wouldn't be as likely to try it with a current gen console though.

I'm pretty sure that's because the patents have expired on those systems now though, or something to that effect.
  Link  
SwissCM
Posted 04:15pm 04/1/11
The chinese have been making NES clone systems since the early 90s.
  Link  
tspec
Posted 04:51pm 04/1/11
You can get a 2in1 NES/SNES clone on ThinkGeek for about $50.
  Link  
natslovR
Posted 09:58pm 04/1/11
The piracy has started, with the main three 3.50 games having decrypted eboot.bins released so they run on 3.41 consoles
  Link  
DK
Posted 01:49am 05/1/11
Didn't understand one word of that jargon until the crazy alien-wizard maths dude spoke. So Sony’s demise stems from the number 4...
  Link  
Raven
Posted 08:10am 05/1/11
Hm, so from the sounds of it while they can now release cracked games that will work with any firmware version, it sounds like they effectively need to re-sign the ripped games for each individual firmware version - ie, you need an ISO for 3.3, another one for 3.4, another for 3.5, etc...
ie, it works, but it's pretty inconvenient.
  Link  
natslovR
Posted 08:59am 05/1/11
It's not really inconvenient, in that they just release the full 3.5 iso, and then include an eboot.bin for 3.41 which is the main platform of jailbreakers.

PS3 piracy isn't done from burnt disks, it's all USB drives or copying the files locally to the PS3 over FTP, so replacing one file is no different to copying the crack out of the crack folder after installation on a PC.
  Link  
Dan
Posted 09:35am 05/1/11
I imagine they'll either just start releasing hacked custom firmware that allows unsigned code to run, or they'll create some kind of desktop app that you can just run on any of your ps3 apps/games to re-sign it for your particular console config. The whole supplying specific hacked eboot files is just a stop-gap proof of concept until the processes mature.

At the moment, you still need the jailbreak dongle to use any of those. But it's only a matter of time until you'll be able to soft-mod without any extra hardware or opening the case.
  Link  
Raven
Posted 09:48am 05/1/11
Now that the keys are out in the wild, it'll be about three days until someone creates a bootloader disc (signed, so it'll think it's proper, usable, bootable software) which will handle all mods needed, no hardware dongle required.
  Link  
trog
Posted 10:07am 05/1/11
Didn't understand one word of that jargon until the crazy alien-wizard maths dude spoke. So Sony’s demise stems from the number 4...
The random number generator code used in the presentation isn't Sony's ACTUAL code; it is from an XKCD comic: http://xkcd.com/221/
  Link  
Dan
Posted 10:17am 05/1/11
The worst thing is going to be rampant cheating on PSN. There's now no real barrier for super-griefing and as soon as the hacks are mature enough, it's going to be on for young and old.

The PS3's only cheat protection was the individual console's security:
<Mathieulh> well they can ban your consoles, but then you can change your console id as many times as you like...
XBL was always reasonably protected from this because your paid subscription is linked to your consoles identifier but since PSN is free of charge, cheaters could just register a new account, change their console ID and keep going.

Sony will no doubt work at adding better mod detection methods, but they're not going to be able to rollout updates as fast as hackers can subvert them.

Game developers would have to build punkbuster and VAC style protections into their own games if they wanted to even hope to protect them, and that's pretty unprecedented on consoles.

XBL just got a whole lot more appealing.
  Link  
Midda
Posted 10:26am 05/1/11
PS3 piracy isn't done from burnt disks, it's all USB drives or copying the files locally to the PS3 over FTP, so replacing one file is no different to copying the crack out of the crack folder after installation on a PC.

I think it's more likely that custom versions of the latest firmwares will be released, eliminating the need for people to remain on older firmware versions.
  Link  
Enska
Posted 11:11am 05/1/11
Game developers would have to build punkbuster and VAC style protections into their own games if they wanted to even hope to protect them, and that's pretty unprecedented on consoles.

XBL just got a whole lot more appealing.


^^ This is why the whole thing sucks. stupid Sony.
  Link  
teq
Posted 11:20am 05/1/11
The worst thing is going to be rampant cheating on PSN. There's now no real barrier for super-griefing and as soon as the hacks are mature enough, it's going to be on for young and old.


an excellent argument for public release server software if i ever heard one.
  Link  
konstie
Posted 12:43pm 05/1/11
an excellent argument for public release server software if i ever heard one.


good call
  Link  
gamer
Posted 02:10pm 05/1/11
sigh... i remember when this happened on xbox 360... it was so lame seeing people in halo running around at 500% speed...
  Link  
trog
Posted 02:21pm 05/1/11
an excellent argument for public release server software if i ever heard one.
That would be a good thing, but like all security systems, it should be done in layers. From what I've read PSN has one layer - the unique console id - so if that system is busted, which it sounds like it is, banning troublesome users will basically become impossible.

CD keys ftw!
  Link  
Sc00bs
Posted 02:23pm 05/1/11
Whats the big deal about cracking it?

blu ray burner + a blank blu ray + 40-60gb download of a pirated game...

its cheaper and easier to just buy the original :/
  Link  
ravn0s
Posted 02:36pm 05/1/11
you dont even need to burn the game onto a disc, it can just be on a usb drive

also only a few games have used up a whole bluray disc. i can only think of ff13 and mgs4 atm. most games are usually the 10gb mark.

last edited by ravn0s at 14:36:14 05/Jan/11
  Link  
trog
Posted 02:29pm 05/1/11
Whats the big deal about cracking it?

blu ray burner + a blank blu ray + 40-60gb download of a pirated game...

its cheaper and easier to just buy the original :/
the big deal, and their motivation, is that it means you can run any arbitrary code you want on your PS3. So you can use things like XBMC on it as a media centre, or whatever.
  Link  
Dan
Posted 02:39pm 05/1/11
Also, the vast majority of PS3 games are no bigger than the equivalent games on the Xbox 360 (in a few cases actually smaller) so most are under the 8GB mark. Also, as mentioned, hacks will also enable games to be read from HDD and never need to touch optical media.

What developers with upcoming PS3 games should be doing, is packaging their content up in huge archive files, inflating them so that they fill up the entire BD, then not letting the game run if a few checksum tests fail. 60GB games wouldn't stop piracy, but it would at least set the effort bar a whole lot higher.
  Link  
Whoop
Posted 03:09pm 05/1/11
XBL was always reasonably protected from this because your paid subscription is linked to your consoles identifier but since PSN is free of charge, cheaters could just register a new account, change their console ID and keep going.

I always scoffed at having to pay to use the XBL service but now I'm not so sure it's such a bad setup. I wonder if sony will introduce some kind of credit card thing, where you need a valid CC to use the PSN (even if it remains free, just for ID purposes).

What developers with upcoming PS3 games should be doing, is packaging their content up in huge archive files, inflating them so that they fill up the entire BD, then not letting the game run if a few checksum tests fail. 60GB games wouldn't stop piracy, but it would at least set the effort bar a whole lot higher.

Not to mention people without 1TB download quotas would only be able to grab 1 game a month.

Whats the big deal about cracking it?

blu ray burner + a blank blu ray + 40-60gb download of a pirated game...

its cheaper and easier to just buy the original :/

I used to think the same, it's not so bad for consoles but for PC games these days you've got to jump through so many hoops just to prove you didn't steal the game.

Pirated version: Put disc in, install, take disc out, play game

Paid version: Put disc in, install, enter CD key, log in to steam, pray the auth server hasn't fallen over, run game, log into auth server, get half way though game, lose connection to auth server, get booted out of the game.

I know which path I'd rather take, unfortunately I only play online stuff so it has to be legit.
  Link  
ravn0s
Posted 03:22pm 05/1/11
Paid version: Put disc in, install, enter CD key, log in to steam, pray the auth server hasn't fallen over, run game, log into auth server, get half way though game, lose connection to auth server, get booted out of the game.


speaking of ubisoft, theyve secretly removed the mandatory internet connection for their drm from ac2 and splintercell. you still need to authorise it on first time playing (like steam) though.
  Link  
Dan
Posted 03:22pm 05/1/11
What developers with upcoming PS3 games should be doing, is packaging their content up in huge archive files, inflating them so that they fill up the entire BD, then not letting the game run if a few checksum tests fail. 60GB games wouldn't stop piracy, but it would at least set the effort bar a whole lot higher.
Oh yeah, just remembered that the PS3 only reads Fat32 formatted USB drives, so all a PS3 game dev has to do is make at least one file larger than 4 GB and it will throw a good wrench into piracy attempts.

It probably won't take super-long for the smarties to work around, but if a developer can at least keep piracy at bay for the first few weeks of release when the big bucks are to be made. And it's a nice unobtrusive thing that can't hurt legitimate purchasers.
  Link  
natslovR
Posted 03:58pm 05/1/11
The 4gb fat32 limit has already been defeated by existing homemade loaders, they just split it in to multiple 4th files and patch something in the os to rejoin it as it copies it tO the ps3

40gb games aren't a problem since ps3 game rentals are common at many video stores. The real problem I think will come now that factories in China will be able to press pirated ps3 games that require nothing extra to run.

That's one of the key things that destroyed the dreamcast, $2/title hk-silvers.
  Link  
Midda
Posted 06:10pm 05/1/11
Oh yeah, just remembered that the PS3 only reads Fat32 formatted USB drives, so all a PS3 game dev has to do is make at least one file larger than 4 GB and it will throw a good wrench into piracy attempts.

This problem has been worked around since the very first pirated PS3 games.

The internal drive supports files bigger than 4GB anyway.
  Link  
parabol
Posted 06:20pm 05/1/11
For anyone else like me who enjoyed the technical content of those vids, there's a nice writeup of the flaws in the original xbox and how they exploited them:

http://www.xbox-linux.org/wiki/17_Mistakes_Microsoft_Made_in_the_Xbox_Security_System
  Link  
natslovR
Posted 07:22pm 05/1/11
First custom firmware has been released. As homebrew authors re-package their releases you'll be able to run then straight without having to jailbreak. The fw wasnt released just the tools to patch any firmware.
  Link  
Dan
Posted 07:55pm 05/1/11
The real problem I think will come now that factories in China will be able to press pirated ps3 games that require nothing extra to run.
Heh s***, that hadn't even crossed my mind. You're right though, that totally opens the floodgates to casual piracy.

I know of so many computer illiterate people that bring stacks of those pirate dvd films back from SE Asia - going to be the same deal for PS3 now.
  Link  
`ViPER`
Posted 09:02pm 05/1/11
I know of so many computer illiterate people that bring stacks of those pirate dvd films back from SE Asia - going to be the same deal for PS3 now.


and from my understanding, it will be totally undetectable for online play.
  Link  
teq
Posted 10:04pm 05/1/11
Incase you haven't watched the video, they've been unable to break the Blu Ray protection
Chinese disc presses are probably still standing by for the time when they do, but it hasn't happened as-yet

that said, you can still load the games via usb with the current method

  Link  
Enska
Posted 10:23pm 05/1/11
PS3 and 360 also read HFS+ for those that want to get around the whole fat32 issue.
I grabbed MacDrive and formatted my portable hdd in it and voila
It took me about 10 minutes of googling to find that solution. I imagine it will take leet hacking geeks much less.
  Link  
Crizane Tribal
Posted 12:06am 06/1/11
The real problem I think will come now that factories in China will be able to press pirated ps3 games that require nothing extra to run.

As already mentioned, they cannot create bootable discs yet. While it is really only a matter of time and desire; I doubt it will happen any time soon. Filling a large hard drive with game images is an easier/convenient option than having to burn dual-layer DVD's or Blu-Ray discs.
  Link  
Midda
Posted 10:49am 06/1/11
PS3 and 360 also read HFS+ for those that want to get around the whole fat32 issue.
I grabbed MacDrive and formatted my portable hdd in it and voila
It took me about 10 minutes of googling to find that solution. I imagine it will take leet hacking geeks much less.

That worked on your PS3? Last I checked, the PS3 didn't support HFS+, only FAT32.

A quick Google shows your post as the only mention of the PS3 supporting HFS+.
  Link  
skythra
Posted 11:38am 06/1/11
xbox can, but not ps3 if im not mistaken.. unless it was added in the last couple of months..
  Link  
Midda
Posted 12:37pm 06/1/11
Yeah, that was my understanding too. I'd be odd if they did recently add it in. I don't see why Sony would want to add in something to make pirating games even more accessible.
  Link  
Enska
Posted 12:47pm 06/1/11
My bad, I tried it on my ps3 this morning and no go ><
I had it plugged into my xbox and assumed since it worked there it would work on my ps3. gay.
  Link  
Midda
Posted 01:10pm 07/1/11
An article/interview with George Hotz and Fail0verflow by the BBC:

http://www.bbc.co.uk/news/technology-12116051
  Link  
Resonate
Posted 10:42pm 12/1/11
Looks like Sony have responded by suing those responsible including fail0verflow and geohot.
  Link  
Midda
Posted 10:50pm 12/1/11
It's not their fault that Sony made such stupid decisions with their security measures. I hope they get away clean.
  Link  
Dan
Posted 10:50pm 12/1/11
Clutching at straws with "intent to extort", using the evidence that he quipped about offering to work for them to help secure future consoles.

Really hope they don't reach a bulls*** settlement and set another nice pro-modding precedent.
Commenting has been locked for this item.
61 Comments
Show
Follow Us
Advertisement
Log In
User:  
Pass:  

News

NVIDIA Begins an 'Ultimate Countdown' For a Big End of Month Announcement

Features

Hearthstone Interview - Inside the Halls of Scholomance Academy

Reviews

Oculus Rift S