Sponsored Links

PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!
Sponsored Links

Home PS4 News - Latest PlayStation 4 and PS3 News

BBC Interviews Fail0verflow and GeoHot on Recent PS3 Hacks


Sponsored Links
217w ago - Today the BBC (linked above) has published an interview conducted with PlayStation 3 hackers fail0verflow and GeoHot on the recent PS3 hacks and summarizing the unveiling Sony's secret key.

Below is the interview, to quote: "The PlayStation 3's security has been broken by hackers, potentially allowing anyone to run any software - including pirated games - on the console

A collective of hackers recently showed off a method that could force the system to reveal secret keys used to load software on to the machine.

A US hacker, who gained notoriety for unlocking Apple's iPhone, has now used a similar method to extract the PS3's master key and publish it online. Sony declined to comment on the hack.

"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.

"This is as bad as it gets - someone is getting into serious trouble at Sony right now."

The group, which has previously hacked Nintendo's Wii and says it is vehemently against games piracy, said that it had developed the hack so that it could install other operating systems and community-written software - known as homebrew - on the powerful machine.

"The details we provided and information and techniques we disclosed would have been enough to install Linux," he said. "We have no interest in piracy."

Following the presentation, US hacker George Hotz, who has previously hacked parts of the console, used a similar technique to extract the master key. He has now published it on his blog.

"This is supposed to be the most secret of secret of secrets - it's the Crown jewels"

This formerly secret number is used to "sign" all games and software that run on the system, to authenticate that it is genuine and approved by Sony.

However, once the key is known it can be used to sign any software - including unofficial software and games.

"I hate that it enables piracy," said Mr Hotz. "The publication of the key is more academic than anything else."

The number also works for Sony's handheld console the PlayStation Portable, said Mr Hotz.

Developers have already started releasing tools to develop new software for the PS3 using the hacks.

'Valid target'

The PS3 - once regarded as the most secure of the game's consoles, and the only one not to have been permanently cracked - has in the last 12 months come under increasingly scrutiny from hackers.

PlayStation hack (George Hotz) Mr Hotz's original hack is widely believed to have led to Sony disabling features on the console. In January 2010, Mr Hotz claimed to have cracked the console.

Following his initial announcement, Sony released an update disabling a function, called OtherOS, that allowed gamers to install a version of Linux on their machines, thought to have been exploited by Mr Hotz.

Many saw it as a pre-emptive strike to guard against games piracy.

Mr Hotz never released the exploit and publicly said that he had stopped work on the console.

But Sony's removal of OtherOS prompted other hackers to begin to look at the system more closely.

"It became a valid target," pytey told BBC News. "That was the motivation for us to hack it."

He said the team had spent "months" trying to find their way into the system.

"It was not trivial to do this," he said.

In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.

"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.

"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."

"I'm scared of being hit with a lawsuit"

But the team found that Sony had made a "critical mistake" in how it implemented the security.

"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.

"However, Sony wrote their own signing software, which used a constant number for each signature."

This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.

"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.

The team decided to publish its method but not the keys.

After the team revealed their hack, Mr Hotz said that he was prompted to renew his work on the system.

"What fun is a race if no-one else is running," he said. "fail0verflow did great work - they took it up a level."

"It's my own hardware, I can run whatever I like on it"

Using a similar technique he was able to extract the entire master key for the system, which he subsequently publish online along with a demonstration of it in action.

However, he has not released the method he used to extract the key.

"There is no reason to," he said.

However, he said that he may release a piece of software that will allow people to easily sign their own pieces of software and homemade games - also known as homebrew - on to the console.

"I have a program running but am thinking of a good way to release it," he said.

Like fail0verflow, he said that he does not condone games piracy.

"I do not want it to be able to sign official Sony programs. I'd like it just to be able to sign homebrew."

fail0verflow said it "disagrees" with Mr Hotz's decision to release the key, saying that it expects them "to make piracy easier without accomplishing intrinsically useful".

Legal worry

Sony takes a dim view of people hacking its system.

Last year, a team released a USB dongle called PSjailbreak that contained software that allowed gamers to play homemade and pirated games on the PlayStation 3.

Sony updated its consoles to block the software and took legal action against distributors in many countries.

However, according to pytey, it may not be so easy to fix the problem this time.

"The only way to fix this is to issue new hardware," he said. "Sony will have to accept this."

He said that he thought his group was on safe legal ground with its work.

"I haven't stolen anything," he said. "It's my own hardware, I can run whatever I like on it.

Mr Hotz also defends his actions, although admits he is "scared of being hit with a lawsuit".

"I am confident I would win since what I released was just a number obtained by running software on the PS3 I purchased"."

BBC Interviews Fail0verflow and GeoHot on Recent PS3 Hacks

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!
Sponsored Links
Sponsored Links

Comments 33 Comments - Go to Forum Thread »

• Please Register at PS4News.com or Login to make comments on Site News articles.
 
#33 - aamir007 - 217w ago
aamir007's Avatar
KaKaRoToKS interview part 2: console-spot.com/2011/01/07/ps3-hacker-kakaroto-interview-part-2/
You have asked, and we have got you the answers! Read on for our 2nd part of our interview with famed PS3 Hacker, KaKaRoTo. We filtered through the questions and have asked any that we felt were necessary and not total n00bish!

ismail asks: Since you are the lead developer for aMSN, do you have any intentions on porting it to the PS3?

KaKaRoTo: No, I have no intention of porting it to the PS3, because aMSN is written in Tcl/Tk, and it would mean porting the Tcl/Tk interpreter to the PS3. I also don’t plan on doing any kind of homebrew development, it’s not challenging or motivating enough.

djp: So in other words, once you are running Linux on your PS3 you can use it with the TCL/TK interpreter

itsevilbert asks: do you think this would have ever happened in the first place if Sony enabled OtherOS on the slim to begin with?

KaKaRoTo: I honestly can’t speculate on what might have happened, but I do think that removing OtherOS was really something that pissed off the hackers and gave them the motivation to try and break the PS3′s security, but it’s also always possible that someone would have done this regardless.

JakeAnthraX asks: What is your entire goal in this project and how long do you plan on developing for this platform?

KaKaRoTo: I’ll just paste something that I tweeted today that explains my goals for doing this : My main and probably only reason for working on the PS3 was the curiosity, the challenge, the fun, and most importantly the knowledge I would gain from this experience. The satisfaction of achieving something you’ve spent hours debugging is incredible, and the knowledge you gain from it has no price.

KaKaRoTo: For how long I plan on developing… I don’t know, I don’t make any kind of plans, if something comes up that looks challenging and fun, I’ll do it, otherwise, I see no reason for me to waste my time on it.

Kacex asks: Well, my question regards homebrew… While at the moment we cannot run unsigned homebrew, when those apps are signed, PSN friends could see that I’m running these apps, therefore Sony could too, and that could potentially lead to ban… Is this correct? So basically homebrew developers would have to implement some kind of stealth way for someone to use it, could that feature be implemented on this kind of homebrew? And I don’t mean “Look I’m playing Lemmings”, something that doesn’t share the current game being played for those apps.

KaKaRoTo: obviously anything is possible when patching the right thing, so if somebody wants to do this, they probably could, but I’m not interested in doing that. I also think that Sony could find many other ways to detect a jailbroken system (like a new firmware update that actually hashes all the filesystem during boot and makes sure no file was modified in it). For now, the people who want to install custom/modified firmware, or to jailbreak their machines, should be smart enough to know that they are breaching the license agreement with Sony, and that it’s Sony’s rights to prevent them from accessing their service (PSN) if they wish to. If they want to take that risk, they have to accept the consequences. In my case, I never used my jailbroken PS3 to connect to PSN.

DiggingForFire asks: Can we expect an MFW with working PS2 emulation from you?

KaKaRoTo: PS2 emulation requires the Emotion Engine chip on the hardware, and I won’t try to make some sort of software-only emulation (that’s not my area of expertise at all). Although the psjailbreak didn’t allow people to use PS1/PS2 games even on old backward compatible machines, the MFW that I built does allow PS1/PS2 games to run when the machine supports it through hardware.

Brandon asked: You said before that you want to be responsible and not allow piracy with something that you do, yet it is known that you can use PL3, the payload you developed, with backup managers, even though it could have been made to not support it. Why is it that you were willing to allow it with the payload, but not with a firmware modification?

KaKaRoTo: Thanks a good question Brandon. The reason is simple, PL3 was an incremental modification on a payload that was already released by the psjailbreak team, which itself already allowed backups to run. I didn’t implement backup support into PL3, it was there, and I just kept it there. With this new MFW, not only is it new and there is no already available solution for backups (so I have no reason to actually spend time to add support for it) but also, allowing backups (or piracy) to run means modifying the LV2 kernel, and doing that can be dangerous because a single mistake could lead to an irreversible brick of the machine and I’m not willing to take that risk, not for my PS3 and not for the PS3 of those who would use my tool to create their own modified firmware.

hotzenplots asks: I have quite a lot of trouble with HDCP: despite all my equipment is rather new and supports even HDMI 1.4 I continue to have no picture on my TV half of the time. So my question is: is it possible to disable the HDCP protection of the Playstation now that the software is wide open? Or is that a hardware thing? And if it’s possible, are you interested in working on that?

KaKaRoTo: After googling a little, I found out that the Debug firmware has a Enable/Disable HDCP option. So it’s possible you could disable it by upgrading to a debug firmware from service mode. Or maybe wait for the Rebug PUP firmware and see if the option is available there.

Taro asks: Whats your favorite PS3 game?

KaKaRoTo: oh, I got quite a few! I usually have a favorite game until another game is released and blows my mind.. but I’d say my top favorites would be (in no particular order) : Uncharted 2, Assassin’s Creed 2, Assassin’s Creed: Brotherhood, Little Big Planet, Metal Gear Solid, Batman Arkham Asylum, inFAMOUS, Heavy Rain, Darksiders, Sam & Max: The Devil’s Playhouse and of course Braid

Rei Yano asks: Do you know how cool you are?
KaKaRoTo: euhh…. no comment…

#32 - condorstrike - 217w ago
condorstrike's Avatar
“Piracy” isn’t about loosing money, it’s only about justifying to the CEOs why something didn’t sell so well (real answer: the game sucked)

ain't that the truth?...

#31 - PS4 News - 217w ago
PS4 News's Avatar
I will merge this into one of the ongoing threads... not going to do a separate news post for it but thanks!

#30 - BwE - 217w ago
BwE's Avatar
bit annoying to read.. i give up.

#29 - mik30 - 217w ago
mik30's Avatar
Quote Originally Posted by stinky1978 View Post
F0F claims to have found out about their signing bug by decrypting the bits of info they had on the system.

I call BS on that... There is *nothing* of the signing procedure in the kernel that could be decrypted and that would lead to the fault! Without the knowledge of the bug no one could find the fault or calculate the private key. The possibillities to test would be
impossible by brute force.

Remember: The signing is done differently than the checking. Only the checking procedure is included in the PS3. Therefore the bug must have been leaked by an insider. That's for sure in my opinion.
Quote Originally Posted by stinky1978 View Post
Nothing to do with insider information.

I do not see *any* relistic possibility to find the bug without a hint to it. That also explains why Sony did not fix it already.
Quote Originally Posted by stinky1978 View Post
Sure there was leaks about the service jig, and the dev software has leaked a few times, but none of that has really done much here.

Nothing is really save. The Wikileaks incident showed that whistleblowers are everywhere no matter how important the secret is. M$ already had their own wihstleblower when the XBOX1 was actual. C4E and The Specialist had the original kernel source code at their hands from which they studied the xbox drive copy protection.
Quote Originally Posted by stinky1978 View Post
Geohot still used his otheros hack to get into the system before anything else. He peek and poked around and dumped bits of HV a few bits at a time.

That's a totally different beast. Geohot did not hack the console... He rather discovered that Sony's linux loader allowed unsave
memory mamangement calls that could be exploited randomly by interfering the address bus (that's not really a hack).
Quote Originally Posted by stinky1978 View Post
Twiizers did pretty much the same thing on the wii. And it had no leaks at all. Look where it is now. entirely off dumped and decrypted data.

I disagree with you. The Wii has had a serious flaw in the hash checking routine, which falsly used strcmp rather that
memcmp. In addition to that the wii's system although also based on PPC does not include a HV like the 360 or the PS3 presumably because of it's massively lower clock rate.
Quote Originally Posted by stinky1978 View Post
THE PS3 is in the same position now. I think the even bigger news is that keys for the PSP were inside the PS3 fw.

I would also call BS on that too. The keys were not in the FW. The flaw that plagues the private key creation on the PS3 is also in effect on the PSP. It's just that simple.
Quote Originally Posted by stinky1978 View Post
So we got a 2 for 1 deal.

Here I agree with you.
Quote Originally Posted by stinky1978 View Post
PSP is at the end of its life cycle though. so not much loss there. PS3 was supposed to have at least another 5 years before it was going to be looked at being replaced.

I think that sony will just correct the private key generation and fits al newly build consoles with a new public key. All old consoles get the new public key via FW update. The game's get updates via PSN.
Quote Originally Posted by stinky1978 View Post
Sony still has lots of options though.. we have not heard the last of them.

I agree on that again... The game is not over yet...

#28 - xUb3rn00dlEx - 217w ago
xUb3rn00dlEx's Avatar
Was I the only one bothered with how often the interviewer referred to piracy? As if that was the motivation or even the main purpose/ conquest of hacking the PS3... *sigh* the media will never change...

#27 - iUnknown - 217w ago
iUnknown's Avatar
I think what they were getting at is that the security issue (ie the master key being known) can't be mitigated without building something else (ie. new hardware) that doesn't rely on it. The easiest way to do this, naturally, is to start a new platform from day 1. That's all.

#26 - aamir007 - 217w ago
aamir007's Avatar
This interview is from: console-spot.com/2011/01/06/ps3-hacker-kakaroto-interviewed/

Well here it is folk’s, the interview you have all been asking for. Playstation 3 developer KaKaRoTo answering a lot of questions that the most of you are scratching your head about!

djp: Ok first question, when did you first begin developing?
KaKaRoTo: Well, I started development when I was maybe 5 or 6 years old, but didn’t do anything above the level of a “hello world” in quick-basic.. I really started coding when I was in high school. I had a TI-83 calculator and I started programming games for it (nibbles) then I went to university and learned real languages, then I joined the aMSN project and I got involved with real programming, and with the open source community.
KaKaRoTo: I did a lot of reverse engineering for aMSN, mainly the network protocol, but I also wrote an audio codec (libsiren) for the MSN audio calls by reversing the codec from assembly

djp: Very cool, us not so privledged of knowledge always look up to you guys and wonder how it began. How did you become involved in the PlayStation 3 scene ?
KaKaRoTo: I was a reader of ps4news.com and when they posted a ‘request for developers’ I sent my ‘resume’, they gave me a little program to reverse engineer, which I did, then I joined them, I really didn’t do anything for them apart from writing the little kernel module to dump the hypervisor when the geohot exploit first appeared
KaKaRoTo: I entered the ps3 scene really when I saw a usb descriptor dump posted in a forum, and since I did a lot of network and file reversing, I was curious on that data and the usb format, so I started reading on the usb specs, and ended up writing PSFreedom and that’s how I entered the ps3 scene

djp: So now that you have released your MFW (Modified Firmware) the only feature added is the ability to install .pkg files, do you see any other features being added ?
KaKaRoTo: I’m not sure on what features to add to MFW. I think what I released right now, is really all you need already. But I know that there are some other modifications to add even more options, like what the Rebug team has been doing so a possible future MFW would be to add all the same options and features as Rebug. But I’m not interested in working on that and it’s possible the Rebug team will release that themselves.

djp: Now that all the tools are out, and your MFW is available, why haven’t we seen any of the emulators or other homebrew applications signed yet and made available.. is the signing process still being worked on?
KaKaRoTo: Yes, the fail0verflow team is still working on making the signing and pkg-ing process work correctly. We have the keys for signing, but I think they have some issues still with the file format of the SELF files, so it’s not yet working. Once they figure that out and update their tools, then all the homebrew apps can be signed and we can start installing them

djp: And do you think that the npdrm will be disabled, or added the ability to use it into the signing process?
KaKaRoTo: There is no need to disable it, also disabling it would require modifying the kernel (which I don’t want to do) since we have all the keys now, we will just sign all the homebrew with npdrm, just like Sony would sign official games then we can install the homebrew with the MFW and everything works.. that’s why I said that I don’t believe there’s anything really needed from the MFW apart from what I already released

djp: And along the piracy lines, which we really don’t want to touch on that subject, but to be honest, its bound to happen.. as of right now the PSJailbreak device uses a lvl 2 patch, with the tools that are out now and upcoming future tools, do you see people self signing game rips or packaging them as .pkg?
KaKaRoTo: Piracy is unfortunately bound to happen, yes. I honestly, personally don’t care either way. I believe that everyone is responsible for their own actions, and if someone wants to pirate, it’s between him and his conscience (and his lawyers ). I don’t accept or condone piracy, I buy all my games, and I don’t like seeing people pirate games, BUT in the end, it’s their choice, it’s their problem, not mine. But just as they are responsible for their actions, I’m also responsible for mine, and I do not want to allow piracy by something that I do.
KaKaRoTo: About signing game rips, I don’t know, the games are already signed by sony, so there is nothing to sign as far as I know but the games read their files off the bluray, and you can’t fake the bluray player. What psjailbreak did was targeted to backups and piracy from the start, and it had hacks inside the kernel to allow backups to be played but with the MFW, the kernel is left untouched (because it’s risky to modify it) so it can’t work… unless someone finds a way to make them work, but I don’t think any of the ‘smart enough hackers’ will even try.

djp: Agreed, as most of the dev’s have been pretty voicy about avoiding the opening for it
djp: And one more question, because it has been asked over and over, with your modified firmware, it is obviously possible to be banned from PSN, but do you see tools to remove the ban, and or change your console ID or another similar work around?
KaKaRoTo: Yeah, I’ve seen a lot of similar questions on twitter, I think the risk is minimal, simply because the kernel is not modified, the firmware is still the same and it’s hard for sony to detect this. The *only* file modified is an xml file (that specifies what to show on the XMB) where I add a few lines to tell it to show the “Install pkg” option. Sony could release a firmware update with a special software that hashes that specific xml file to see whether or not it was modified but unless they are willing to take action specifically against that, I don’t see it happening

djp: It is Sony we are talking about..
KaKaRoTo: Yeah I know, they are a bit lazy though Just look at their failures with the PS3′s security
KaKaRoTo: About changing console IDs, I don’t know, I don’t have a lot of knowledge in that area, and I don’t really care either, so if there’s a solution, someone other than me might find it. They do have every right to ban the console from PSN (it’s their service, we don’t own it) but they can’t really brick the console on purpose (it’s our machine, we bought it, we own it) but as always, those who decided to jailbreak or install the MFW do it at their own risks we can’t predict the future, and we can’t know what Sony will do if they ever decide not to accept their defeat.

djp: well in my opinion, it has been said over and over it costs double to develop for the ps3, and if piracy ends up being rampant and easy, i see a long fight from Sony to keep their developers happy..
KaKaRoTo: Well, developers get paid when they sell on the PS3, and I don’t think this will affect their sales

djp: whether its blocking a emulator running, or a constant battle to fight the piracy, I bet we see a lot more frequent fw updates
KaKaRoTo: well, firmware updates are meaningless because there is nothing they can do now we have all their private keys if they change a key, we’ll get it in a matter of seconds (really) they can’t change their root key.. and if they change the application keys, then ALL the games released so far will stop working so they really have no way to escape their fate. Also, the xbox and the wii have piracy, and I don’t see their consoles dying because the ‘rampant piracy’ is making them lose all their sales. Everybody knows that, “Piracy” isn’t about loosing money, it’s only about justifying to the CEOs why something didn’t sell so well (real answer: the game sucked)
KaKaRoTo: I think that Wolfire (the Indie developers behind The Humble Indie Bindle) explained it pretty well in their blog: one pirated game does not equal one lost sale

djp: Well the problem with that is now everyone is comparing the ps3 to the Dreamcast, and we all know Dreamcast was pirated to death. But i agree most people who play on line, will still buy that game
KaKaRoTo: I’m not familiar with that unfortunately. My first (and only) console is the ps3 But I’d say that 90% or 95% of the people who pirate a game were NEVER going to buy it anyways they either wouldn’t have played it, or they download it and never even try it, rent it, or borrow it from a friend, or if they are generous, they would have bought it used. Most pirates are young teenagers in school with no money to buy games anyways.

djp: Yes, I tend to agree, the people who pirate end up with stacks of burned discs, that never get played they are just there to show off to their friends..
KaKaRoTo: when someone gets a salary and has money, they will buy games even if they can pirate them

djp: do you think we will ever see you working on any other systems maybe a 360
KaKaRoTo: I’m not sure about other systems, I don’t think so, although we don’t know what the future holds. I never expected to be involved with the PS3 scene, it really happened by pure luck. But I only own a ps3, I never even touched a wii or xbox controller, and I’m very anti-Microsoft, so I don’t think I’ll ever buy a 360 or a wii.

djp: Well we are glad to have you here
KaKaRoTo: Thanks I’m also glad, it was very entertaining and I learned a lot these past few months.

We will continue this interview tomorrow along with any questions you guys have for him. If you have a question, leave it as a comment and if it’s worth asking, then we will.

#25 - ormsondo - 217w ago
ormsondo's Avatar
New hardware is needed to fix the master key problem - If the problem would be in the software, 3.60 would already be out by now and have the "correct signing routine".

Also, you can just enable Rebug and go online on PSN there (Debug consoles can bypass mandatory FW updates). That they can't block since doing that would block many "innocent" kiosk consoles.

#24 - tifozi1 - 217w ago
tifozi1's Avatar
Haha clearly there are downsides to living under a rock.

 

Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS4 Downloads - PS4 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 4 News