GeoHot's Twitter, 3 Minutes ago..
Not sure what he is talking about?
Basically he was able to read 32 bytes of memory that he was not supposed to, and it was useless - mind you, 32 bytes is not a lot.
For example, an IP address: 192.168.245.250 - 32 Bytes (not including the .'s!) - not too much data at all.
Keep this thread on topic guys... it's for posting geohot's twitter etc updates, not for comparing him or the devs here to others. Thanks!
From IRC today:
OMG I Idled like 5 days in IRC hoping to see something, and today I'm away and geohot came on IRC. I think that CJPC is getting the hang on the tool, shame that geohot can't experiment with it in RL like CJPC. Would be nice. Those 32Bits it's a great start seeing he started last month with hacking.
Nah, it wasn't in the public channel... that was just set up for people who whined about not having an IRC channel any more. As usual, nothing ever happens in it so it may end up being closed again as only a few people idle there.
On IRC geohot just messages CJPC by using /msg CJPC but he doesn't stick around to have a detailed conversation most of the time.
This definitely look promising.. Although I personally think the way to go is HDD decryption, and re-encryption.
Which you cannot do since the encryption keys are protected through a long "chain of trust" (as Geohot said) that ultimately leads to the Cell hardware.
That's Trusted Computing (check Wikipedia) and it seems that the PS3 is the first fully functional Trusted Computing device to be largely distributed to people in general, as it has all the requirements for this type of technology. It's very likely that the PS3 itself is a console developed in a way as to test the security of such new tech since we all know any console would be under heavy atack by hackers for obvious reasons.
To me (and I'm no expert) it looks like the only two means by which this type of security would be broken is:
1) Find a way to obtain the private and public endorsement keys somehow via hardware manipulation, since the private key would never be obtained through a virtual environment as it never leaves the chip. I have absolutely no idea if this is even possible at this moment, you know, to read hardware... but eventually, I think it could be done one day.
2) Breach the curtained memmory so the encryption keys might be read. This wouldn't get the private endorsement key but would get the means to communicate and authenticate to it and would open a hole in the chain of trust that could lead not only to the decryption of the HDD but also allow hackers to find ways to spoof remote attestation. This is, I think, the most likely way of doing it on the long run since it's inevitable that one day programmers will understand how curtained memmory works.
So, for now, I think we have to trust the devs work and wait for things to happen.
http://en.wikipedia.org/wiki/Public-key_cryptography) This mechanism ensures that private keys do not need to be present at all on PS3! Only public keys are enough to decrypt/check stuff (it would be quite helpful to be able to be able to decrypt binaries to be able for example to try to find some exploit). So no hardware manipulation will help you at all. And these are still protected by chain of trust...Oh man - I have posted this few times already and need to do it again: read something about Public-key cryptography (
Ok then, got it about the private/public keys. As I stated earlier, I'm no expert on this subject, so there's no need for flaming. If you know better, please care to explain. I'd appreciate it a lot.
But then again, as quoted from xorloser's blog by PS3News in this very thread:
So how you expect to decrypt anything when every time you try to do it you're taken to a deeper layer of encryption that will only stop at the Cell hardware?
If you cannot obtain any encryption key in the middle of the way and you don't have access to memmory, how else are you supposed to get the keys if not by trying to rip it off the hardware itself? And what do you mean by "no hardware manipulation will help you at all. And these are still protected by chain of trust"?