by http://www.bbc.co.uk/news/technology-12116051 wrote:The PlayStation 3's security has been broken by hackers, potentially allowing anyone to run any software - including pirated games - on the console.
A collective of hackers recently showed off a method that could force the system to reveal secret keys used to load software on to the machine.
"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.
"This is as bad as it gets - someone is getting into serious trouble at Sony right now."
The group, which has previously hacked Nintendo's Wii and says it is vehemently against games piracy, said that it had developed the hack so that it could install other operating systems and community-written software - known as homebrew - on the powerful machine.
Following the presentation, US hacker George Hotz, who has previously hacked parts of the console, used a similar technique to extract the master key. He has now published it on his blog.
This formerly secret number is used to "sign" all games and software that run on the system, to authenticate that it is genuine and approved by Sony.
However, once the key is known it can be used to sign any software - including unofficial software and games - on the PS3 and PSP.
In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.
"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.
"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."
"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.
"However, Sony wrote their own signing software, which used a constant number for each signature."
This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.
"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.
In case you're wondering where the vulnerability was, I'll quickly explain.
Every games console can play its official games, but if you try to play copied games, it just wont load them. Thats because the official discs come with a "signature". This "signature" is a huge long number that just cant be cracked. So its kinda like a password. You need this password to make the games console run the game officially.
Typically, hacks are found that bypass the need to put in this password, for example, on the wii you need the homebrew channel to install games, but you still cant load games from the official disc channel. On the XBOX, you have to modify the hardware and install a chip to bypass it.
With this key for the PS3 applied to your copied disc, you won't need to do any of that because, as far as the console is concerned, these discs come directly from Sony and are official PS3 games.
The only way for Sony to fix this now, is to release a new console! This key was generated back in their HQ and has been applied to all previous games. Changing it will stop all the old games from working, which they simply cant do! So looks like its cracked for good! Someone is definately getting in trouble in Sony now!
For a bit of a basic technical explanation, theres a video I found on Youtube. Basically, where the coders were meant to get a random number to create this key. I'm not sure if they were just taking the piss, or this was actual Sony code (I hope not), but they just used the number 4 instead of a random number, so it can easily be predicted, hence how they got the key. To be honest, looks like someone was gonna make it random but for the time being just used this, and forgot to go back and finish it!!
See video:
PS3 Public Key hacked
News
Site map
SitemapIndex
RSS Feed