Hacker Group Gives Video Tour of PS3 Security System

[Logan Westbrook]

Hacker Group Gives Video Tour of PS3 Security System

Group claims that the only reason the PS3 was "hack proof" was that until Sony removed the Other OS feature, no one was actually trying.

A hacker group calling itself "Fail0verflow" - the same people responsible for the Wii homebrew channel - has given a talk at the 27th Chaos Communcation Congress [http://events.ccc.de/congress/2010/wiki/Main_Page] in Berlin, Germany, giving a detailed look security measures that Sony implemented for the PS3, and how they were circumvented.

In their 45 minute presentation, the group made the case that the removal of the Other OS function had played a pretty big role in the PS3 getting hacked. Had Sony left it alone, the group said, all the hackers would have been quite happy to tinker with Linux, instead of poking around the PS3 looking for vulnerabilities. In a tweet [http://twitter.com/#!/fail0verflow/status/20283862579945472], the group reiterated that point, saying that Sony's security for the PS3 was so bad that it was inconceivable that it had taken four years to crack.

The rest of the presentation was devoted to explaining how the security worked, and how different exploits had bypassed it. The group explained how the PSJailbreak worked, but said that they wanted a hacking solution that didn't require the use of a USB stick. Thankfully, for them at least, a blunder by Sony - in which a supposedly random number that formed part of a security key is actually the same value each time - allowed the group to sign their own code, which the console would accept without question.

The group's crack does not allow the PS3 to run pirated games however, as the group's aim was just to allow the console to run Linux again. As part of a Q&A session at the end of the presentation, they said that it was likely possible to use some of the vulnerabilities to make piracy possible, but that it wasn't something they were interested in at all.

You can watch the whole presentation in the videos below. It's pretty technical stuff, but it's very interesting too. The group also plans to demonstrate its hack on its website [http://fail0verflow.com/] in the near future.




Source: Joystiq [http://www.joystiq.com/2010/12/29/hackers-claim-discovery-of-ps3-private-key-enabling-unauthori/] and PSGroove [http://psgroove.com/content.php?581-Sony-s-PS3-Security-is-Epic-Fail-Videos-Within]






Permalink

 

[The_root_of_all_evil]

See, hacking is a thing of beauty when used for the right reasons. Rather than the brute force DDOSs of this world.

 

[Keith K]

I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

 

[Harbinger_]

Firstly: You can't play newer games without the update if I recall correctly. Lastly: How long before Sony tries get their lawyers involved to pull the videos?

 

[Fasckira]

I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

This man has the point nailed. Ive always seen the whole "linux on " a bit pointless. At first its, "Oh, yeah, thats kinda neat..." and I applaud the engineers who took the time to discover how to do it but for the people who do it after that purely just because they can, well, thats pretty daft.

If you really want to play with Linux, put it on a PC - you can pick up an old desktop for a fraction of the cost of a PS3 and not risk ruining an expensive console!

 

[Ironic Pirate]

Firstly: You can't play newer games without the update if I recall correctly. Lastly: How long before Sony tries get their lawyers involved to pull the videos?

If I was Sony, I'd pull a Valve and hire the guys. Hackers are one group you don't want to, and can't really, fuck with.

 

[mr_pants66]

well i still think that it was a stupid move to remove the Linux function, t was nothing but a backwards step for everybody.

 

[Ilikemilkshake]

Firstly: You can't play newer games without the update if I recall correctly. Lastly: How long before Sony tries get their lawyers involved to pull the videos?

If I was Sony, I'd pull a Valve and hire the guys. Hackers are one group you don't want to, and can't really, fuck with.

great idea, if they got these guys on board they could probably make it more hack proof, and maybe even give these guys back linux at the same time, so everyones happy.

 

[Corpse XxX]

Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

 

[teh_gunslinger]

Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

And it's wrong to run custom code on a device because?

I think it's pretty cool that these guys have reimplemented a feature that Sony removed just to be dicks, as far as I'm concerned. One of the reasons I bought my PS3 was to run Linux as well. It was a selling point at that point in time. Then they removed it and made sure I'd never buy a Sony product again. It's simply not on to gimp a thing I bought and own just to be a dick.

 

[Delusibeta]

I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

This man has the point nailed. Ive always seen the whole "linux on " a bit pointless. At first its, "Oh, yeah, thats kinda neat..." and I applaud the engineers who took the time to discover how to do it but for the people who do it after that purely just because they can, well, thats pretty daft.

If you really want to play with Linux, put it on a PC - you can pick up an old desktop for a fraction of the cost of a PS3 and not risk ruining an expensive console!

And on that note... [http://www.escapistmagazine.com/videos/view/loadingreadyrun/1726-Installation-Anxiety-2010]

On topic: Honestly? The time it takes for consoles to be hacked is inversely proportional to the amount of hackers trying to get Linux installed in said console for programming and homebrew purposes. Which is why Sony allowing any Tom, Dick and Harry to install Linux from the start was such a good move, and why Sony removing said functionality was such a dumb one.

 

[Something Amyss]

It would be funny as hell if the one thing that kept the PS3 hack-proof was the bit they removed.

 

[Stabby Joe]

Why do I get the feeling most other sites reporting news wouldn't exactly post the videos haha?

 

[tkioz]

Very interesting, I wish companies would see that a lot of "hackers" aren't interested in piracy, personally I'd love to be able to run my own code on my 360, there are a lot of little things I'd love to be able to program in.

Example, the ability to browse and view the ABC.net.au iView feature from my 360, that's something I'd spend time coding myself.

But oh no, the big bad pirates are out to get them... so I've either got access to Xbox Live or I can hack my 360, Live is worth enough to me that I don't hack it, but it still sucks I've got to make that choice.

 

[Modus Operandi]

Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

If the creator of a product is given absolute control over how the product is used, and circumventing that control is made illegal, then the next thing you know putting tires made by, say, a Toyota daughter company on a Mercedes or replacing your car's speakers with different ones will land you in jail if the manufacturer finds out and feels like suing someone. Is that really how you want the world to work?

 

[killamanhunter]

If it isn't hurting anyone then why should Sony care either way, if people start using that information for SUPA 1337 HAX0RZ in games or take down PSN for a month or more then yes they should care but right now it's just to use Linux so there really isn't a real big problem.

 

[DigitalSushi]

I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

This man has the point nailed. Ive always seen the whole "linux on " a bit pointless. At first its, "Oh, yeah, thats kinda neat..." and I applaud the engineers who took the time to discover how to do it but for the people who do it after that purely just because they can, well, thats pretty daft.

If you really want to play with Linux, put it on a PC - you can pick up an old desktop for a fraction of the cost of a PS3 and not risk ruining an expensive console!

A old acquaintance of mine was asked this very question, apparently he and his cohorts believed the PS3 RISC based processor was a lot more effecient and powerful running Linux than a standard Desktop CISC based processors.

Its all about the power according to him, there was a lot more involved that he stated but I got confused with all the techno jargon and that little notepad in my brain went "RISC based good, CISC based bad, GOT IT!".

At the time the PS3 was the only RISC based errr thing on the shelf at less then 1000 euros.

 

[shadow skill]

Sony should have just left the Linux install option and released drivers so we could have proper GPU accelerated video. They were never going to win this battle. They had a good thing going since the PS3 was and is actually good without hacking it unlike their PSP, but then they went and scammed us all with a "security update" for an "exploit" that could not even be executed remotely. People jailbreak devices all the time and I have yet to see a device not sell because of it. If they don't sell it is because the product itself is not good to begin with.