PS3 Root Key Found 380
An anonymous reader writes "The PlayStation 3 'root key' used for code signing has been found by GeoHot. This enables running homebrew without the need for psjailbreak-style USB-devices, and also provides hope for those at firmware version 3.55 that currently cannot be downgraded. The key also cannot be changed without hardware modifications. Oops."
Re:Same private key? (Score:0, Insightful)
Publish or be damned. the fail0verflow demo wasn't reproducible by anyone else. The decided to sit on their info "while they clean it up".
Re:Same private key? (Score:5, Insightful)
Re:Peeking under the hood (Score:5, Insightful)
Neither. Sony botched their PKI implementation and the 'random number' they were using for their seed was anything but random. In fact it was the same every time! That made it trivial to solve for the key. Oops.
This went undetected for years until they ... removed Linux.
Dear Sony.... (Score:5, Insightful)
Still think revoking the "Other OS" function was a good idea?
Re:I wonder... (Score:5, Insightful)
Yeah, because GeoHot is wrong in what he is doing?
How should he have released the key to the rest of us? We all have a sacrosanct right to own our property, and I don't give two *$#% if somebody uses it for piracy. I applaud what he has done here, and in fact, it has finally made me consider actually purchasing a PS3.
If Sony does brick all the consoles, don't blame GeoHot. Blame Sony, because they are the ones that have acted in a morally repugnant fashion for years.
Re:I wonder... (Score:3, Insightful)
The local copy of the software on the hardware that I own is absolutely mine, and I have every right to do whatever I like to it.
Re:I wonder... (Score:4, Insightful)
Sure it is, the one copy on the device is mine to do whatever I want with.
Just like a book, I have no right to copy it but I can do whatever I like to that copy I own.
Re:I wonder... (Score:5, Insightful)
You appear to be laboring under the assumption that the absurd ways US copyright, licensing, and contract law has been twisted apply to the rest of the world.
They do not.
Re:No sympathy for Sony (Score:5, Insightful)
Sure, the word "steal" is overloaded. Sony's entertainment industry seems to have a great fascination with the concept of people "stealing", and in that case many disagree with that use of the word.
But what's your point? Are you arguing some point of US law?
Normal people (i.e., non-lawyers) understand that the very fabric of commerce is based on "yours", "mine", "not yours", "not mine", "buying", "selling", "vendor", and "customer", etc.
There's not a lot of subtlety in these terms, because normal people are able to conduct their commerce without concepts like "stealing", "swindling", "crooked dealing", "cheating", or "screwing over your customer" even coming into question 99.9% of the time.
"Bait-and-switch" doesn't fit, neither does "planned obsolescence". Actually, Sony is breaking new ground here. I don't think normal people ever needed to invent a term for a vendor selling something and then intentionally breaking it by remote control years later.
So maybe you think it's significant that Sony presented some EULA on the TV and made the user press the green button before they could play the game they just bought.
But normal people don't. They see it for exactly what it is.
Nothing particularly subtle or complicated about it at all.
Re:Dear Sony.... (Score:4, Insightful)
Re:I wonder... (Score:5, Insightful)
GeoHot did something Sony didn't like, and therefore Sony punished you.
Hopefully this teaches you something about buying Sony products.
Re:No sympathy for Sony (Score:5, Insightful)
The fact that you can separate the two actions--requiring updates to access the Internet and play new media (and indeed, also to continue using applications that have not been updated themselves such as the Netflix App) and "agreeing" to the upgrade--makes me seriously question your logic. It is a tactic a half step removed from "that's a nice car, it would be a shame if anything happened to it." In fact, it may be worse. At least if I pay the nice man in the trenchcoat his protection money he leaves my car alone. Sony promises to break your PS3. The only choice they give you is whether you want to lose features you've already paid for or lose the ability to play new games or utilize any features of your old games that happen to use the Internet, such as multiplayer or, as in my case, a baseball game that provides roster updates throughout the year.
It's called coercion, and it is grounds to nullify even the most strenuously negotiated contracts much less a click-through EULA that doesn't even specify how they're fucking you, just that they might. They are going to take something from you--your ability to play new games and fully utilize your old purchases--for absolutely no technical reason other than people who probably aren't you are using their machines in a way that Sony disapproves of (homebrew, cheap computing cluster, etc), unless you "agree" to let them take out features you've already paid for. It's nothing but a bargaining chip to force you to do as they tell you to do.
Frankly even that is too generous; bargaining chip implies there is negotiation and intelligent thought before determining which is the best course of action. Turning down these updates and effectively bricking your PS3 from that point in time forward is no more a choice than not paying the man in the trenchcoat. Do you really think it's any consolation to people who got rid of their old PS2s because they have this lovely new PS3 with backward compatibility that they weren't fucked in the ass until they "agreed" to it? Oh but don't worry dear consumer, we'll slowly start to release them as downloads for $9.99 a pop! Everybody wins!
The PS3 was the most locked-down piece of consumer hardware in the history of computing. Do you truly believe this update requirement was done as anything other than a way to force you to do what they want and patch any holes that might arise--the exact behavior we have seen from them? No, it's not about an unspoken agreement to produce content; if they stopped making PS3 games tomorrow I would be upset, but I wouldn't have been fucked. They are actively breaking my hardware, for all intents and purposes, unless I let them have their way. At the bottom of every game I buy--on the disc AND the packaging--is a little "PS3" logo. The idea that one disc might work and another might not in my PS3 based on whether I've let them screw me yet is ludicrous, and so is claiming that it is somehow a choice.
It goes well beyond shady. The fact that it hasn't been absolutely clobbered in civil suits yet is stunning. The idea that any court in the world would see it as anything less than illegal coercion boggles the mind.
And not that it should matter, but lest you think my outrage is personally motivated: I did buy my machine with the expectation of using OtherOS, but after a while I realized I simply wasn't going to go through the hassle and the update didn't affect me on a personal level. Likewise, I paid $600 at PS3 launch so my PS3 has hardware backward-compatibility and I am not personally affected by their removal of the software backward-compatibility in later updates. That doesn't make either of those decisions any less of an outrage.
Re:Don't dare give us Linux and try to take it awa (Score:5, Insightful)
No, it was their choice to do that. In no way did someone messing with the hypervisor cause the removal of the feature. To say that is like saying because my dinner was cold I had to beat my wife.
Re:No sympathy for Sony (Score:3, Insightful)
Correct on all points. I have a copy of Gran Turismo 5 Prologue which is now completely unplayable. I (stupidly) bought the game online and downloaded it. The game requires the user to sign on before playing, which is impossible with un-updated firmware.
Re:I wonder... (Score:4, Insightful)
The word "right" has both moral and legal connotations. You absolutely have the moral right. Whether you have the legal right is up for debate on a case-by-case basis.
Re:Same private key? (Score:5, Insightful)
We published our exploits at the talk by explaining exactly how they works, and how anyone could use them. We said we'd release tools through the following month, and we already released two Git repositories containing most of the tools (that's 4 days after the talk). We didn't release keys due to fear of legal repercussions, but we told people exactly how to calculate them, and they did.
Geohot first released a useless signed loader to prove that he had the keys. Then he released the keys. He hasn't released information on how he got the metldr plaintext and apparently doesn't have plans to do so.
Personally, I think explaining things first, then a few days later releasing tools, is better than just dumping keys on the world and keeping how you got them a secret.
Re:Not 100% correct -- key can be changed and patc (Score:4, Insightful)
Did you view the 27C3 talk about the PS3? The first keys ARE in hardware, fixed. It's the first keys used to check anything, and they are set in stone so no hacker can touch them, but also no update can touch them. Also changing them would break everything out there. You might be able to get around those with huge whitelists. But that's not practical in the end at all.
Re:Same private key? (Score:4, Insightful)
Next time, release everything of interest yourselves, first, and you won't have to worry about it. Lawsuits be damned---you guys being the actual hackers, maybe you have the wherewithal to take the Right To Tinker With Shit We Own all the way up to the Supreme Court so we can all have fun again.
I've got a few bucks I would throw your way if you needed it.
Nice job, though.