Basically they talked about how the PS3 has totally failed in security, by botching the pki implementation it became possible to calculate the keys needed to sign everything, in short PUBLIC PRIVATE KEYS!

http://twitter.com/fail0verflow
http://www.joystiq.com/2010/12/29/hackers-...ling-unauthori/

It seems this could be pretty big - i.e. custom firmware which would open up a whole world of possibilities in line with the level of development on the original XBOX and beyond. Looking forward to where the homebrew scene goes with this!

yep! +1

This looks really good , cant wait for proper homebrew on ps3 without the need of usb sticks, id love to see x.264 videos running also

Actually the need for a custom FW will not be needed.
Hopefully this will make us able to sign our own code, just as sony does on any retail game.

If you haven`t seen fail0verflows presentation at 27C3 I would recommend it, gave me a laugh considering how the "gods" at sony r&d generates their random numbers

does that mean we can play back ups without even modding the console? and we wont get banned for modding our consoles?

Please do not post the PS3 "ROOT" key here. I do not quite yet know what the legality of this is.

If it is OK then the original posts will be displayed. Untill then, yes, we know Geohot leaked the key and a quick web seach will find what you need.

-Hamwbone

http://forums.xbox-scene.com/index.php?showtopic=726511&

Why come no one is discussing this here? I understand that for now were not allowed to post the keys. But why is there hardly any discussion going on? Is there another forum that is more active somewhere?

Good article here: http://www.bbc.co.uk/news/technology-12116051

i wish there was more discussion and sharing of info here too. all of the other forums i have tried browsing for info are full of forced click advertisements and popups. in other words, they suck!

anyway, it seems that geohot and fail0verflow team have completed their goals of hacking the console for linux so they may simply choose to clean up the code they have created so far and let others take over...

which makes me wonder if some new dongle will show up or some other kind of device that hackers are designing in the background. if there is money to be made, i fully expect some very well known xbox modchip device manufacturers to get involved too.

PSX-SCENE has quite a bit of discussion mixed in with some lame posts... I'm not sure how much developer discussion goes on there though, although I know there is SOME... however, the site gets bogged down by all the advertisements...

I've been around for the Xbox and the 360 modding/cracking but am new to the ps3. Is any of this going to lead to a way to get the dvd key (bd key)? Or even a way to lock a new drive to it? I took a few Ps3's in on trade to find out the had the wrong pcb on the Blueray drive.

I REALLY cant believe there isnt more scene talk about this, this is HUGE! If we sign our own code not only is the machine open for homebrew and backups but there is NO POSSIBLE WAY for the machine to distinguish hacked code from legitimate code it may be the first console mod ever that will render actual modding unecessary.

I for one am very excitted about this and am now ordering a ps3 slim to keep offline and to one side until the specifics of this have been revealed, could be something of the end for the mainstream ps3 though like the PSP devs wont want to work on a console where copies can be spread on the open market to people with unmodded consoles.

The word at the moment is that the only way sony could FIX this would be to recall all PS3's worldwide and revise the hardware.....yeah right. So its open season boys!

I wouldnt doubt if the lack of talk about this is because the hackers are in talks with mod chip makers so they can cash in. Cant blame them..

nah, for one the hacker geohot publicly at least will not aid piracy. But more importantly THE KEY IS OUT! I think the importance of this has been missed!

The key is what is used to make software read as legitimate, this has NEVER BEEN DONE! Basically means you could sign a hacked game rip and put it in a retail PS3 and play it with NO MODDING AT ALL

Knowing the key would mean there is no need for a modification (Chip) for the console itself as once the software is signed it will run as the console would not know it from retail software. Depends how this progresses and is implemented.
It is big news and I am trying to get PS3 Scene on here updated. I have a few of the Mods willing to run this section and update with news so hopefully this can be sorted as a good source.

Awesome! Thanks for the update Chancer!

Im happy to read that I was wrong. Too bad we dont get more discussion on how we can implement the key ourselves. For most of us used to modding the xbox360 and regular xbox the PS3 seems very foreign and different. If its really true that we wont need a mod-chip or ANY-thing to run hacked code or modded code then we need to figure out how to implement the key...

Sadly i think this is where the profiteers will come, any program used to sign ISO's or similar with one click would be absoloute GOLD. Think about it, you get the program start signing ISO's and selling them on. Consumers do not have the smarts to understand the difference between running a copy and a legit game, at least by and large, so the potential for profit selling to the general population is HUGE, for this reason i expect early software for signing iso's and such will be sold at a premium.

Sad really because whilst i dont condone piracy, i condone piracy for profit far less!

Got this on googlybums

3.55 CW available with backup play

So does this make use of these new keys that were discovered? And does one still need a jailbreak usb dongle?

Well there are people that will find ways to release stuff for free. There are tons of people that know how to program that will release stuff to do different things for the PS3. If some one wants to sell some kind of software or hardware that will allow homebrew on the PS3 they will have to do it quick because with in a short period of time some one else will release something for free that does the same thing. Look at the PS3Jailbreak while the people that released it were in court fighting for the right to sell it others came out with a cheaper version and also ways to use stuff you already own to jailbreak the PS3 for free.

Also people DO NOT post links to sites that host the custom firmware or keys.


@Unimatrix47: Yes they are using the keys that were released not to long ago and you will not need a usb dongle in the near future. The PS3 will look at the software that is signed with those keys as if it was released by sony so they can basically its possible to install software with no type of mod to the ps3 what so ever.

I saw the Fail0verFlow presentation and Sony did really Fail at the security system, but you Can Sign your own code now

Does anyone have any realistic insight as to when USB Jailbreaks will be obsolete?

Like if I order one today from China will there be a SIGNED Open Manager fully working without jailbreak before it arrives in my mail?

probably relaxxx. one thing you may not have heard yet is that sony has served geohot and the failoverflow team with a lawsuit. not sure if it will embolden coders or scare them, but it is likely that there are teams working right now to be sure they do not release something that borks ps3's... not everyone, but a few teams are probably there already.

on another note, i own a jailbreak dongle that i do not think i need anymore and that i could sell to you faster than a shop in china. hehe

Its not really a law suit its basically an order to try and stop him and some others from releasing anything else. I think Sony or MS should just give Geohot a job.

geohot posted the documents he received as pdf scans. there a couple of preliminary orders that sony submitted to the judge, but there is also a complaint filed and the document appears legitimate; even includes the dated u.s. district court stamp. several defendents are named and sony is the plaintiff.

here is what it says on the first page:
COMPLAINT FOR INJUNCTIVE RELIEF AND DAMAGES BASED ON VIOLATIONS OF DIGITAL MILLENNIUM COPYRIGHT ACT; VIOLATIONS OF THE COMPUTER FRAUD AND ABUSE ACT; CONTRIBUTORY COPYRIGHT INFRIN'GEMENT; VIOLATIONS OF THE CALIFORNIA COMPREHENSIVE COMPUTER DATA ACCESS AND FRAUD ACT; BREACH OF CONTRACT; TORTIOUS INTERFERENCE WITH CONTRACTUAL RELATIONS; COMMON LAW MISAPPROPRIATION; AND TRESPASS

Aren't they wasting alot of money on expensive lawyers for basically nothing? Pandora is out of the box. Does it really pay to burn the box?

the document I had seen was basically just a restraining order. Either way I think this will be a l another waste of money for Sony. Its really gonna look good on Sony when they say that a 21yr old broke their security

Sony are just making a token show of muscle, it will calm the shareholders of SCEA and SCEE aswell as the holdings of developers associated with SONY especially those that produce console exclusives.

The interesting part in my view is that they claim "irreversible and irrepairable damage" has been done by Hotz, means the PS3 truly is wide open now.

The only area in which they may have a case is that they hold a statement along the lines of "hey Sony, if you want your next console to be secure give me a call" [by geo hot] which could be spun as an attempt at extortion.

Pretty feeble case however that should be concluded on precedent citing the iPod/iPhone jailbreak ruling. This is nothing more than smoke and mirrors and protocol. It was inevitable and changes nothing, however sadly it does signal the end of the PS3 and possibly even the playstation brand, there will be some serious meetings at sony!

I don't know if it's that bleak for Sony. The wii has been wide opened and doing fine for years now has it not? I'm sure there are strategies and new updates they can apply to minimize piracy and protect future releases. I'm sure if Xbox 360 signing keys were releases they would just update the firmware and CPU fuses to accept new signing codes leaving exploitable consoles offline like JTAG's.

Yeah I agree that this might not be what kills Playstation but also this is worse on them them what is able to be done on the Wii. The best way for me to describe this is you look at all the consoles as safes with a combination lock. On the Wii people do not have the combination to the door of the safe but have found another door to put stuff like homebrew on the Wii, now an update could patch the door the people use now to run stuff on the Wii and it will be closed forever. Now for the PS3 people have the combination to the same door Sony uses to put stuff on the PS3, so if they release a an update that tried to change that combination to the door (the key people have) everything that has been release for the PS3 will be useless so an update could not fix this. If people had the keys for the 360 there would be nothing that MS could really do either to fix it because if they release an update people could just patch the update update the 360 with the patched update. People can basically do what ever they want to the PS3. So right not the 360 is actually the most secure console on the market the PS3 is the least.

Imagine buying a car, and in the years after, the car makers turn up on your doorstep and say someting like "Im sorry but we gotta disconnect the air con" Then a few moths or years go by and they turn up again "We gotta disconnect the radio" eventually You end up with a car thats only as good as another basic car thats half the price

Some guy comes along and shows you how to reconnect your air con and your radio

And the car companny tries to sue them for doing so

That is why $ony is heading for another epic fail

i like the analogy steveo1978... but imho, sony's responsibility should be included when describing what is happening here. the damage caused goes farther than thieves who broke into a safe and sony's own failure is not small!

to use this safe analogy, and to insert sony's security failure into it: the reason anyone was able to figure out the combo to the lock(private key) is due to a move as dumb as posting the safe combination at eye level AND on the wall closest to the combination lock.

team overflow and geohot were able figure out the combination to the safe door with simple arithmatic and by their own admission, it should have never been that easy.

if variables(like private keys) are used to encrypt data, those variables have to be protected and from what i have read and seen demonstrated, that is why the wii and 360 private keys are still safe. it is all because sony allowed the math problems needed to calculate these keys to remain in a place they must have assumed nobody would go through the effort of looking.

Hmmm... looks like Geohotz should get into contact with Bunnie - wasn't he going to testify in the case of the California console modder?

Thing is, with this key a chinese producer could run off games that would boot in regular unmodded consoles for half the price or far less.

For me that means the end of PS3 because if i was a dev i would not want to be involved, its another PSP

nevermind...
How is GEOHOT pronounced? Is it Gee-Hot? Gee-Eee-Ooo-Hote?

Basically I mean an update would contain a new key for new releases and modified authentication for old key software. Of course they have to maintain backwards compatibility for the old key but there are lots of additional ways to authenticate media than just the signed code itself. So basically their new 'safe' would look something like 2 doors, one old door with guards behind it and a new door with a better lock installed.

Quick hop back in time....

http://www.cs.cmu.edu/~dst/DeCSS/Gallery/

"This is the source code for the CSS descrambling algorithm that was posted anonymously to the LiViD mailing list in October 1999. The C code was supposedly written by someone who disassembled a software DVD player to uncover the descrambling algorithm. It was this posting that led Frank Stevenson to conduct his analysis of the CSS encryption scheme. The code was subsequently included in an unsealed (whoops!) legal filing by John Hoy, president of the DVD-CCA, in the California trade secret lawsuit against Andrew McLaughlin and 92 other defendants. Guess it's not a trade secret anymore. More about that here."

Guess what?!

No one would do the same thing again right!?

File the keys open for the public that is...


With the court docs filed as of 20110111 (LINK page 247) Sony themselves put the ROOT KEY in public domain.

That's gold... haha.

lol

Priceless.

And here we go http://ps3.ign.com/articles/114/1146457p1.html