Playstation 3 Code Signing Cracked For Good 534
ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"
Sigh (Score:4, Insightful)
"Following this, the team declared Sony's security to be EPIC FAIL!"
Is it really necessary for everybody to talk like complete dicks nowadays?
Epic Fail? WTF? (Score:4, Insightful)
Epic Fail? WTF?
How many years has it taken to crack the PS3?
I'd say that Sony has done a remarkable job.
Invalidate Private Keys (Score:5, Insightful)
It's a bit late to invalidate private keys.
My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.
While I wouldn't put it past Sony to try this, this would result in not only massive lawsuits, but also would be a massive PR blunder.
Having said that, there could in theory be some sort of additional key telling what date a disc was signed, but even if that were true, it would be trivial to work around.
But the commentards! (Score:2, Insightful)
Wow... (Score:5, Insightful)
It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.
With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.
With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).
What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".
How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?
Re:Epic Fail? WTF? (Score:5, Insightful)
Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify that a private key was used to sign something with nothing more than the public key, from which the private key should be computable only in a time longer than the lifespan of the universe's remaining protons. That is the part that they apparently managed to fuck up. In terms of generally being a tough nut to crack, Sony did a pretty decent job. However, if TFA is true and not misleading, they failed to implement an absolutely foundational part of practical cryptography properly...
OtherOS (Score:5, Insightful)
From @fail0verflow:
"we only started looking at the ps3 after otheros was killed."
and
"our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions."
If Sony would have left OtherOS alone, they wouldn't be in this predicament.
Re:Invalidate Private Keys (Score:5, Insightful)
My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.
They already have a list of all genuine games signed by the now compromised keys. They could potentially release an update that used new keys but also accepted the old keys provided it had signed something on the already known genuine list of games.
Re:Invalidate Private Keys (Score:5, Insightful)
The number of existing PS3 games, DLCs, etc., while not small, is finite and pretty well characterized. It would be a pain in the ass; but not fundamentally difficult, to compute the hash of each one that is tainted by the compromised key and hardcode trust of it into the same patch that otherwise nukes that key and anything signed by it.
Now, since the private keys presumably also control verification of patches, it is likely that some number of PS3s will permanently leave their control, with hacked patches applied that spoof acceptance of future patches, thus leaving them in control of their owners; but regaining control of all unsophisticated updaters and all PS3s leaving the factory from now on doesn't seem fundamentally impractical...
Re:Epic Fail? WTF? (Score:4, Insightful)
Comment removed (Score:5, Insightful)
Re:Sigh (Score:1, Insightful)
"Following this, the team declared Sony's security to be EPIC FAIL!"
Is it really necessary for everybody to talk like complete dicks nowadays?
It really does reflect on the mentality of the people doing this doesn't it? Reading through the summary, my impression of these people went from "hey, those are a bunch of smart guys" to "probably a bunch of socially misfit dickwads".
Re:Sigh (Score:5, Insightful)
Re:Epic Fail? WTF? (Score:4, Insightful)
Why is there no reason to buy PS3 titles? Do you only play Halo?
What about PS3 exclusives? Shooter, Eden, Infamous, Little Big Planet, Luminez, Uncharted 1&2?
Some of these are not just exclusives, they are games that raise the bar, shining examples of the medium taken to the next level.
Again, are you serious or trolling? Honestly, I cannot tell.
(Obligatory grammer nazi comment: You cannot capitalize the first word of your sentences but you capitalize the "PS" in "PS3"? Really?)
Re:Epic Fail? WTF? (Score:2, Insightful)
uuuuuh, No.
Done correctly with asymmetric key crypto, the private key is not on the PS3. The public key is on the PS3 and is used to verify the signatures (that were generated by the private key that is only in Sony's possession).
This isn't DRM, this is Tivoization, which is known to be possible securely. (unless you can bypass the check entirely). They just fucked up it's implementation.
Re:Epic Fail? WTF? (Score:2, Insightful)
Its the old DRM argument. You don't have to crack the crypto. You just need to extract the private key from the PS3, which you own. If you only had the signed software (the message), obtaining the key really would be hard.
If it was signed with the private key then the PS3 should only contain a public key, it doesn't need the private key to verify, that's the point, it's the ONE feature of public-key cryptography that really sets it apart.
Re:precisely. (Score:5, Insightful)
Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken
But Sony already possesses them - they had to sign them in the first place! Either that or they entrusted all those publishers with with their private signing key. Which would be a terrible idea.
A bit close-minded around here (Score:5, Insightful)
The PS3 was being attacked well before OtherOS removal. When linux was available the graphics on the machine were limited to virtualization. The race was on too crack the 7 locked down SPUs. Were people successful? Mostly no, but that doesnt mean attempts havent been made. If i remember correctly, Geohot's intention was to gain access to the cores. They just happened to find an exploit to give them keys to the kingdom
Removing linux definitely brought the talent out of the woodwork, but it did not start a war
Re:Epic Fail? WTF? (Score:0, Insightful)
Why do you cower behind that pseudonym? Are you too afraid? I'm not afraid.
Here's the fake address of my pillowfort I pretend is mine when I'm trolling:
Mikey Kristopussy
123 Schizoid
Insanity, MI 00000
Come visit me, I'm not afraid. I'll blow your brains out with all my guns and stuff. I'm a real tough guy, not an Internet tough guy.
You are nothing.
.
.
.
.
What? I told you not to come down here, mom! I'm in the middle of something important!
Hey, did you get the Chef Boyardee I asked for? And can you drive me to the movies later, I want to spank it in the back of the theater while I watch Tangled.
Re:Sigh (Score:4, Insightful)
Okay, I'll give you 12 months. The difference is negligible. The techniques used to root the PS3 are so fundamental and well-known that it was largely a matter of trying them out. There was nothing revolutionary here, it was just a matter of people with sufficient expertise and resources becoming motivated to spend the time to do the necessary work.
The point remains: working with your users diminishes their motivation to work against you. Minimizing the artificial constraints placed on what users can do with the device they purchased means that huge swaths of people who might be motivated to reverse engineer your safeguards won't need to. The community relationship will be improved, new uses for the hardware that you didn't anticipate will be found.
When you can improve sales and customer relations while simultaneously lengthening the lifetime of your product as a DRM device, well, it seems like it would be a relatively simple decision. The net effect is to attract and retain customers both at a consumer and industry level. Consumers get a more versatile device - and equally important, respect. Developers get stronger and longer-lasting DRM and a larger and more robust consumer base. Everybody wins.
Re:Sigh (Score:4, Insightful)
And that's the problem. I'll describe the mentality with which you are dealing when you speak of corporations that want to control what can be done with a device post-sale: "it is not enough for me to win -- someone else must also lose." They are not interested in finding the balance of which you speak.
The corporations own most of our legal system and media. I'm glad for these cracker groups. They're just about the only remaining check against them that seems to actually work.
Re:Epic Fail? WTF? (Score:5, Insightful)
Actually, I think the metric is fair.
If every grain of sand on Earth were a super computer that could perform a public/private key signature check once every clock cycle (not possible, takes many cycles), and those super computers ran at 1000 times the speed of our current fastest supercomputers, it would take trillions of years to crack our current public key crypto systems (when implemented correctly -- something Sony failed to do).
The universe is estimated to be about 13.75 billion years old. One trillion years is a truly Epic timescale. Given that there are many correctly implemented public key cryptographic libraries with source code available I find that Sony did, in fact, fail on an epic scale...
These enormously large metrics are meant to drive home to laymen just how impractical it is to brute force correctly implemented public key cryptography with the hardware we have today.
In short, "Epic Fail!" is an accurate exclamation. If you disagree, I suggest you go read up on the subject of public key cryptography a bit more before making baseless claims as to the "feeb"ness of others' well informed comments (failing this, you could just troll harder).
Re:How did they get the private key, if they did? (Score:5, Insightful)
Yes, we have most of their signing private keys.