PS3 security is "epic fail"

[AJCopland]

I know people think piracy but here at the university we had a lab of PS3s running Mathematica under Linux because it was cheaper than PC/Macs.  No kidding.

Now that's what I'm glad it's been posted for, I think Sony really were behaving like dicks when they removed the feature from existing machines. It was just a really mean spirited and stupid thing to do. I wish someone could have gotten together a lawsuit and forced the otherOS issue at the time.

Andy

[mongo]

The PS2 was hacked pretty early on, yet they still managed to sell over 1.5 billion games for it.

[Belial6]

And counting....

[A1260]

And counting....

And still counting....

http://games.gamepressure.com/games_encyclopedia.asp?PLATFORM=PS2
http://www.gamerevolution.com/release/view.php?system=ps2

[ciento]

Hacker Claims To Have The PS3's Front Door Keys...

http://kotaku.com/5723105/hacker-claims-to-have-the-ps3s-front-door-keys

it seems pirated games will be virtually undetectable in this case unlike the risk over-present in the xbox360. i predict a significant jump in sales of ps3s within the year.

Hope so, (sales, not piracy) everybody wins, sony can even claim their honour back saying their accountants urged them to weaken security just to trick hackers into
driving the next big thing: universal homebrew dominance. Then they'll
release the computer version PS3.9 In two more weeks...

[olsen]

I feel a bit ashamed talking about PS3 on an Amiga forum, to be honest.. but I do have 2 questions, which I hope someone can answer.
 
I never knew about the 2 different GPU's inside the PS3.. If that is true, then which of those 2 is regarded the best second-hand PS3 to buy? I do have a PS2 that Im keeping.

The original launch (2006/2007) model had two different sets of GPU and CPU inside, which provided for PS2 backwards compatibility through a second set of hardware. It also had a bunch of other features (SACD support, for example) which along with the PS2 compatibility were dropped when the PS3 was introduced in Europe. Subsequent hardware revisions were pretty much identical to the European console version, in terms of features supported.

I suppose the original launch model could be considered a collector's item by now. In other words, you'd need a very good reason to shell out money for one.

Also, its only a matter of time before this allows us to play pirated games.. do I need to worry about being blocked from the Playstation Network at all when doing this? Im not going to do any online gaming or downloading.. if possible I dont even plan to connect it to anything.

Given how much care software developers devote to releasing patches to the games they ship in poor shape (e.g. the recent "Fallout 3: New Vegas" is considered one of the most bug-ridden games in years, and the makers already released two incremental patches to make the game playable on the consoles and the PC platform), I'd say you have to be able to download bug fixes, etc. Not sure how this will fly with pirated games (presumably, the patches are only applied to legitimate goods), though.

Consider me skeptical. It will require plenty of effort to side-step Sony's inevitable countermeasures, and for what benefit? Most of the games offered today are of poor quality. Play a pirated version of these, or rather throw money at the few good things there are? How much time can you spend on playing games, anyway?

[AmigaNG]

The PS3's GPU doesn't have a high enough fill-rate to emulate the PS2's GPU(!), that has been commonly documented. Therefore any PS3 without PS2 hardware onboard will never run PS2 software. (I have a launch model 60Gb PS3, PAL, which has the GPU and not the Emotion Engine CPU, and even on that, the PS2 backward compatibility is unfortunately limited.)

I know I said I wouldn't post again, but just to correct this, that this is not true, Sony did release a limited edition Metal Gear Soild 80Gb PS3 without both ps2 gpu or cpu and it allowed you to run PS2 games, I believe it was so you could run Metal Gear Soild 2 and 3 but had a lot of trouble running many other games and was dropped, I believe Sony would have to custom make the way the emulator work for each PS2 game run. However I think this same software is used to power the recent HD PS2 re-releases version of games we've seen, like Metal of Honour and God of War 1 & 2 both have come out since.

oh and on ps3 media limitation, I know I could re-transcode my files but that takes time, plus I dont like having to leave on my big power sucking pc on just to stream data to my ps3, I prefer to just have all my files I need on my console, and wifi single have never been that strong in my house, plus ny 320gb hard drive in the ps3 has nearly over 250gb just on game installs and demos I've downloaded, so I think I will just use my Ps3 as a game machine and have a dedicated computer for my media and other hobby's, with no restitutions, no work around I need to implement etc.

[ejstans]

I know I said I wouldn't post again, but just to correct this, that this is not true, Sony did release a limited edition Metal Gear Soild 80Gb PS3 without both ps2 gpu or cpu and it allowed you to run PS2 games, I believe it was so you could run Metal Gear Soild 2 and 3 but had a lot of trouble running many other games and was dropped, I believe Sony would have to custom make the way the emulator work for each PS2 game run. However I think this same software is used to power the recent HD PS2 re-releases version of games we've seen, like Metal of Honour and God of War 1 & 2 both have come out since.

I don't think this is correct but feel free to prove me wrong. Sony did release an 80GB PS3 MGS4 bundle that had PS2 compatibility (product code PS398011) but this was the CECHE motherboard, the last revision to include the PS2 "Graphics Synthesizer" hardware. There were other MGS4 bundles based on later motherboard revisions lacking PS2 hardware but, far as I know, these do not include any PS2 compatibility.

[A1260]

oh and on ps3 media limitation, I know I could re-transcode my files but that takes time, plus I dont like having to leave on my big power sucking pc on just to stream data to my ps3, I prefer to just have all my files I need on my console, and wifi single have never been that strong in my house, plus ny 320gb hard drive in the ps3 has nearly over 250gb just on game installs and demos I've downloaded, so I think I will just use my Ps3 as a game machine and have a dedicated computer for my media and other hobby's, with no restitutions, no work around I need to implement etc.

now with the ps3 you can use as big hd you want. its not liker the xbox360... so you can take out the hd go buy a 2tb at your local conmputer shop and install it.. all you do is format it and updated it from from the xmb menu, then your ready to go... use tversity to ftp over the files from your pc to the ps3..

[A1260]

Given how much care software developers devote to releasing patches to the games they ship in poor shape (e.g. the recent "Fallout 3: New Vegas" is considered one of the most bug-ridden games in years, and the makers already released two incremental patches to make the game playable on the consoles and the PC platform), I'd say you have to be able to download bug fixes, etc. Not sure how this will fly with pirated games (presumably, the patches are only applied to legitimate goods), though.

Consider me skeptical. It will require plenty of effort to side-step Sony's inevitable countermeasures, and for what benefit? Most of the games offered today are of poor quality. Play a pirated version of these, or rather throw money at the few good things there are? How much time can you spend on playing games, anyway?

when you have the master key you can make the ps3 accept any media as original bought one even if it is homebrew or pirated dosent mater. sony cant do anything about it, they must make a new ps4 with better security to figth this one...

when it comes to bad programmed games, specially for the consoles where you must depend on a patch. if not the game makers make it available for download at your pc but only at xmb, you will propably not beable to play the game 5-10years later. this gives you a good reason not to buy it or just pirate it, console games should work out of the box, period. fallout 3 is a very good game and thank god, it is also out on the pc where these patches are far more available.

when it comes to the hacking/pirating i dont think sony or any game companies will suffer more than they do. there is enough of regular joes out there that aint to technical do to anything than just buy games. but for us few other it gives us a choice to do what we want and thats good. sony will now sell more consoles and game companies will have to make their games at higher quality than unfinished bugridden patch releases...

[ejstans]

when you have the master key you can make the ps3 accept any media as original bought one even if it is homebrew or pirated dosent mater. sony cant do anything about it, they must make a new ps4 with better security to figth this one...

I was peripherally involved the ps3 scene before, but I lost interest when the USB hack came out and I haven't really read up on the recent breakthrough, but I still think it's premature to say Sony can't do anything about it.

I remember when people were saying the same thing about the PSP after  PSAR dumper came out, but Sony managed to come up with many countermeasures. True, these were eventually also broken, but that took some hard work (and a bit of luck!)

Without really reading more than the headlines of the recent hack, here are my thoughts:

The security of the PS3 relies on the isolated SPU. The SPU is protected by a hardware cipher (probably AES) with an embedded root key. Far as I know, this root key is NOT what's been captured.

Various "loaders" can be executed on the isolated SPU. These loaders takes the place of the hardware crypto engine in the PSP, with the advantage that they can be easily updated. They contain the public half of asymmetric cipher keys, and when an application wants to run on the PS3, it is fed to the right loader which verifies the signature and decrypts the application and schedules it to run. Not a valid signature -> no go.

From the little I've read, I surmise that they managed to break the SPU isolation by finding a bug in one of the loaders (not such a trivial feat!) Once inside the isolated vault they could grab the public keys of the loader, which ought to not be so valuable had Sony not screwed up majorly by letting the private keys be easily derivable from the public keys!

But, while having the private keys of a loader allows one to sign one's own executable, it does not necessarily (actually, with proper security, it definitely ought not to!) allow one to run a patched/modified loader in SPU isolation! So, Sony ought to be able to release updated loaders minus the bug and with new keys, properly created, and a whitelist of old official software allowed to run. If so, the captured keys are only useful with the old firmware.

But who knows? There have been many assumptions (reasonable ones!) about how the PS3 security ought to work, only to be shown that Sony had opted for somethign worse...

I think we'll just have to wait and see if this hack has enough strength to best all of Sony's countermeasures, but one thing is for sure though: Sony is in total control of PSN at least, and I'll bet they go to lengths to lock out hacked consoles from it! Even if possible to masquarade a hacked console, it'll be an arms race at the very least...

[A1260]

Without really reading more than the headlines of the recent hack, here are my thoughts:

The security of the PS3 relies on the isolated SPU. The SPU is protected by a hardware cipher (probably AES) with an embedded root key. Far as I know, this root key is NOT what's been captured.

they got the rootkey.... if you bother to read you would have known that by now.....

[ejstans]

they got the rootkey.... if you bother to read you would have known that by now.....

Well, I did take the time now, and you're wrong. The root key is the one thing they didn't get (it's embedded in silicon after all, and each console has its own unique key) but they do claim to have broken the chain of trust anyway. Let's see how effective it is.

[olsen]

Well, I did take the time now, and you're wrong. The root key is the one thing they didn't get (it's embedded in silicon after all, and each console has its own unique key)

If I remember correctly, the 27C3 presentation made a point of describing the PS3 as not having key verification in hardware, like the XBOX 360 has (signature goes in, hardware answers if it matches the private key: you cannot read the private key from the hardware).

Instead the work is being done by a dedicated SPE, which because it is not a specialized key verification device, must be programmed to do the job. And it is vulnerable to attack, because the chain of trust protecting it has been broken.

[ejstans]

If I remember correctly, the 27C3 presentation made a point of describing the PS3 as not having key verification in hardware, like the XBOX 360 has (signature goes in, hardware answers if it matches the private key: you cannot read the private key from the hardware).

Instead the work is being done by a dedicated SPE, which because it is not a specialized key verification device, must be programmed to do the job. And it is vulnerable to attack, because the chain of trust protecting it has been broken.

Well, the PS3 does have hardware verification; it's what provides the basis of the chain of trust. The loaders (or at least one of them) are verified by the hardware as part of entering the isolated SPU (SPE) state. In the 27C3 slides (which I read but didn't watch the presentation) it is claimed that the bootldr is not updatable (residing in ROM?). Perhaps only the bootldr is verified by hardware, and it in turn is responsible for the rest of the loaders and they have broken that chain.

It's kind of stupid, because then this system basically offers no more protection than a hardware cipher as in the PSP (I am not familiar at all with the X360), whereas if all the loaders were updatable, it'd offer protection precisely against this sort of thing where the chain of trust is broken along the way (which is also fascilitated by writing a critical piece of software in such insecure language as C...)

But it's not really unbelievable, there are other strange design decisions too, like the PPU apparently being in control of address translation, even for the isolated SPU...

[A1260]

Well, I did take the time now, and you're wrong. The root key is the one thing they didn't get (it's embedded in silicon after all, and each console has its own unique key) but they do claim to have broken the chain of trust anyway. Let's see how effective it is.

i am wrong?... what about this then..

GeoHot has gone a step further and simply published the PS3's "root key".

read it here...
http://kotaku.com/5723105/hacker-claims-to-have-the-ps3s-front-door-keys