Forgot your password?
typodupeerror
Sony PlayStation (Games) Security Games

Playstation 3 Code Signing Cracked For Good 534

Posted by samzenpus
from the forever-is-a-long-time dept.
ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"
This discussion has been archived. No new comments can be posted.

Playstation 3 Code Signing Cracked For Good

Comments Filter:
  • Sigh (Score:4, Insightful)

    by Anonymous Coward on Wednesday December 29, 2010 @04:21PM (#34703434)

    "Following this, the team declared Sony's security to be EPIC FAIL!"

    Is it really necessary for everybody to talk like complete dicks nowadays?

  • Epic Fail? WTF? (Score:4, Insightful)

    by scum-e-bag (211846) on Wednesday December 29, 2010 @04:23PM (#34703450) Homepage Journal

    Epic Fail? WTF?

    How many years has it taken to crack the PS3?

    I'd say that Sony has done a remarkable job.

  • by VGPowerlord (621254) on Wednesday December 29, 2010 @04:24PM (#34703466)

    It's a bit late to invalidate private keys.

    My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

    While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.

    Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.

  • by Simmeh (1320813) on Wednesday December 29, 2010 @04:25PM (#34703476)
    Thousands of commentards said this couldn't happen. How can people on the Internet be wrong?!
  • Wow... (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Wednesday December 29, 2010 @04:31PM (#34703536) Journal
    How did Sony fuck that one up?

    It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

    With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.

    With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).

    What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?

    I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".

    How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?
  • by fuzzyfuzzyfungus (1223518) on Wednesday December 29, 2010 @04:36PM (#34703616) Journal
    I think that the "epic fail" part isn't the overall security of the PS3(which has generally been a pretty good sinister representative of the dystopian "trusted computing" future); but the fact that they somehow managed to build a code-signing verification mechanism that allowed their private key to be computed by an outside party.

    Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify that a private key was used to sign something with nothing more than the public key, from which the private key should be computable only in a time longer than the lifespan of the universe's remaining protons. That is the part that they apparently managed to fuck up. In terms of generally being a tough nut to crack, Sony did a pretty decent job. However, if TFA is true and not misleading, they failed to implement an absolutely foundational part of practical cryptography properly...
  • OtherOS (Score:5, Insightful)

    by Anonymous Coward on Wednesday December 29, 2010 @04:40PM (#34703672)

    From @fail0verflow:

    "we only started looking at the ps3 after otheros was killed."

    and

    "our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."

    If Sony would have left OtherOS alone, they wouldn't be in this predicament.

  • by igreaterthanu (1942456) * on Wednesday December 29, 2010 @04:42PM (#34703690)

    My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

    They already have a list of all genuine games signed by the now compromised keys. They could potentially release an update that used new keys but also accepted the old keys provided it had signed something on the already known genuine list of games.

  • by fuzzyfuzzyfungus (1223518) on Wednesday December 29, 2010 @04:44PM (#34703718) Journal
    Not that I want them to succeed; but they could always do something like: "Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."

    The number of existing PS3 games, DLCs, etc., while not small, is finite and pretty well characterized. It would be a pain in the ass; but not fundamentally difficult, to compute the hash of each one that is tainted by the compromised key and hardcode trust of it into the same patch that otherwise nukes that key and anything signed by it.

    Now, since the private keys presumably also control verification of patches, it is likely that some number of PS3s will permanently leave their control, with hacked patches applied that spoof acceptance of future patches, thus leaving them in control of their owners; but regaining control of all unsophisticated updaters and all PS3s leaving the factory from now on doesn't seem fundamentally impractical...
  • by Riceballsan (816702) on Wednesday December 29, 2010 @04:44PM (#34703726)
    It's pretty true there, before the other OS, there weren't even known attempts, beyond one lame idiot saying he thought he might someday be able to do it through the other OS, that caused sony to go crazy and remove the other OS feature. Before then sony had the best possible security possible for a console, give the modders an outlet, modders/homebrewers with high inteligence usually are not the same as the modders that want to sell to pirates, so you keep the smart ones busy, and the pirates won't have anyone to do their dirty work for them. You flip the finger at them and tell them they are a security risk and can no longer keep what you sold them... well expect the most determined wave of security breaks in history.
  • Re:Sigh (Score:5, Insightful)

    by MoonBuggy (611105) on Wednesday December 29, 2010 @04:45PM (#34703734) Journal

    I get the impression that the moderate openness of the PS3 at release was exactly what did preserve its uncracked status for so long. As soon as they locked out the 'Other OS' option, they pissed off the precise segment of the userbase who also have the skill to crack any subsequent security improvements.

  • Re:Sigh (Score:1, Insightful)

    by sp1nny (1350037) on Wednesday December 29, 2010 @05:07PM (#34703964)

    "Following this, the team declared Sony's security to be EPIC FAIL!"

    Is it really necessary for everybody to talk like complete dicks nowadays?

    It really does reflect on the mentality of the people doing this doesn't it? Reading through the summary, my impression of these people went from "hey, those are a bunch of smart guys" to "probably a bunch of socially misfit dickwads".

  • Re:Sigh (Score:5, Insightful)

    by Derekloffin (741455) on Wednesday December 29, 2010 @05:11PM (#34703984)
    Only if they completely ignored all knowledge of the PS3 discovered before 9 months ago, which I highly doubt. Granted, it probably wouldn't have taken them the 4 years to crack it if they had interest from the start, but to complete ignore the 3 intervening years, you have to assume they gained nothing from those 3 years at all on any front. It is a disingenuous claim.
  • by overlordofmu (1422163) <overlordofmu@gmail.com> on Wednesday December 29, 2010 @05:23PM (#34704094)
    Are you serious or trolling?
    Why is there no reason to buy PS3 titles? Do you only play Halo?

    What about PS3 exclusives? Shooter, Eden, Infamous, Little Big Planet, Luminez, Uncharted 1&2?
    Some of these are not just exclusives, they are games that raise the bar, shining examples of the medium taken to the next level.

    Again, are you serious or trolling? Honestly, I cannot tell.

    (Obligatory grammer nazi comment: You cannot capitalize the first word of your sentences but you capitalize the "PS" in "PS3"? Really?)
  • by Anonymous Coward on Wednesday December 29, 2010 @05:28PM (#34704154)

    uuuuuh, No.

    Done correctly with asymmetric key crypto, the private key is not on the PS3. The public key is on the PS3 and is used to verify the signatures (that were generated by the private key that is only in Sony's possession).

    This isn't DRM, this is Tivoization, which is known to be possible securely. (unless you can bypass the check entirely). They just fucked up it's implementation.

  • by Anonymous Coward on Wednesday December 29, 2010 @05:29PM (#34704176)

    Its the old DRM argument. You don't have to crack the crypto. You just need to extract the private key from the PS3, which you own. If you only had the signed software (the message), obtaining the key really would be hard.

    If it was signed with the private key then the PS3 should only contain a public key, it doesn't need the private key to verify, that's the point, it's the ONE feature of public-key cryptography that really sets it apart.

  • Re:precisely. (Score:5, Insightful)

    by spazdor (902907) on Wednesday December 29, 2010 @05:45PM (#34704394)

    Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken

    But Sony already possesses them - they had to sign them in the first place! Either that or they entrusted all those publishers with with their private signing key. Which would be a terrible idea.

  • by metalmaster (1005171) on Wednesday December 29, 2010 @05:46PM (#34704414)

    The PS3 was being attacked well before OtherOS removal. When linux was available the graphics on the machine were limited to virtualization. The race was on too crack the 7 locked down SPUs. Were people successful? Mostly no, but that doesnt mean attempts havent been made. If i remember correctly, Geohot's intention was to gain access to the cores. They just happened to find an exploit to give them keys to the kingdom

    Removing linux definitely brought the talent out of the woodwork, but it did not start a war

  • by Anonymous Coward on Wednesday December 29, 2010 @06:03PM (#34704666)
    Yur mom's face is a cookie.

    Why do you cower behind that pseudonym? Are you too afraid? I'm not afraid.

    Here's the fake address of my pillowfort I pretend is mine when I'm trolling:

    Mikey Kristopussy
    123 Schizoid
    Insanity, MI 00000

    Come visit me, I'm not afraid. I'll blow your brains out with all my guns and stuff. I'm a real tough guy, not an Internet tough guy.

    You are nothing.
    .
    .
    .
    .
    What? I told you not to come down here, mom! I'm in the middle of something important!

    Hey, did you get the Chef Boyardee I asked for? And can you drive me to the movies later, I want to spank it in the back of the theater while I watch Tangled.
  • Re:Sigh (Score:4, Insightful)

    by kurokame (1764228) on Wednesday December 29, 2010 @06:11PM (#34704754)

    Okay, I'll give you 12 months. The difference is negligible. The techniques used to root the PS3 are so fundamental and well-known that it was largely a matter of trying them out. There was nothing revolutionary here, it was just a matter of people with sufficient expertise and resources becoming motivated to spend the time to do the necessary work.

    The point remains: working with your users diminishes their motivation to work against you. Minimizing the artificial constraints placed on what users can do with the device they purchased means that huge swaths of people who might be motivated to reverse engineer your safeguards won't need to. The community relationship will be improved, new uses for the hardware that you didn't anticipate will be found.

    When you can improve sales and customer relations while simultaneously lengthening the lifetime of your product as a DRM device, well, it seems like it would be a relatively simple decision. The net effect is to attract and retain customers both at a consumer and industry level. Consumers get a more versatile device - and equally important, respect. Developers get stronger and longer-lasting DRM and a larger and more robust consumer base. Everybody wins.

  • Re:Sigh (Score:4, Insightful)

    by causality (777677) on Wednesday December 29, 2010 @06:37PM (#34705094)

    Everybody wins.

    And that's the problem. I'll describe the mentality with which you are dealing when you speak of corporations that want to control what can be done with a device post-sale: "it is not enough for me to win -- someone else must also lose." They are not interested in finding the balance of which you speak.

    The corporations own most of our legal system and media. I'm glad for these cracker groups. They're just about the only remaining check against them that seems to actually work.

  • by VortexCortex (1117377) <VortexCortex@Nos ... t-retrograde.com> on Wednesday December 29, 2010 @06:54PM (#34705254)

    Actually, I think the metric is fair.

    If every grain of sand on Earth were a super computer that could perform a public/private key signature check once every clock cycle (not possible, takes many cycles), and those super computers ran at 1000 times the speed of our current fastest supercomputers, it would take trillions of years to crack our current public key crypto systems (when implemented correctly -- something Sony failed to do).

    The universe is estimated to be about 13.75 billion years old. One trillion years is a truly Epic timescale. Given that there are many correctly implemented public key cryptographic libraries with source code available I find that Sony did, in fact, fail on an epic scale...

    These enormously large metrics are meant to drive home to laymen just how impractical it is to brute force correctly implemented public key cryptography with the hardware we have today.

    In short, "Epic Fail!" is an accurate exclamation. If you disagree, I suggest you go read up on the subject of public key cryptography a bit more before making baseless claims as to the "feeb"ness of others' well informed comments (failing this, you could just troll harder).

  • by fail0verflow (1967628) on Wednesday December 29, 2010 @07:13PM (#34705444) Homepage
    > Do they really have Sony's signing key?
    Yes, we have most of their signing private keys.

In every hierarchy the cream rises until it sours. -- Dr. Laurence J. Peter

Working...