Myce.com Latest Updates

Sony finally responds to Fail0verflow PS3 “root key” hack

Posted at 07 January 2011 00:00 CEST by wconeybeer

It has been a full week now since the news about hacking group FailOverflow’s discovery of the PS3 “root key”, which would allow homebrew developers to sign their own applications, began to filter out of the 27C3 (Chaos Communication Congress) Hacker Conference 2010. It seems that Sony executives either hadn’t been paying attention to the reports, or simply discounted them as another easily-corrected security hole, as they had not released any type of statement regarding the discovery until today.

After reading the statement that Sony provided to Edge Magazine, it appears that it is more likely the latter scenario.

“We are aware of this, and are currently looking into it,” a Sony representative told Edge. “We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details.”

But statements that have been made by the Fail0verflow team, and were reiterated to the BBC yesterday by group member pytey, indicate that there is no simple fix this time around, as there was with the USB key hacks such as PS Jailbreak.

“The complete console is compromised – there is no way back,” pytey told the reporter. “This is as bad as it gets – someone is getting into serious trouble at Sony right now. The only way to fix this is to issue new hardware.”

Pytey also explained how the Fail0verflow team was able to calculate the key, which he described as something that is “supposed to be the most secret of secret of secrets – it’s the Crown jewels,” and exactly where Sony went wrong:

“Sony uses a private key, usually stored in a vault at the company’s HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony,” he said. “Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal. The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way. However, Sony wrote their own signing software, which used a constant number for each signature.”

From there, it was just a matter of using “simple Algebra” to uncover the key.

It’s quite likely that Sony lawyers are very busy at the moment trying to figure out a way to put a stop to this, but pytey says he’s not worried. “I haven’t stolen anything,” he said. “It’s my own hardware, I can run whatever I like on it.” If the ruling in last month’s Xbox 360 mod chip trial in California is any indication, these guys should be on safe legal ground.

Click for more news

game consolespiracy

Click to share

There are 10 comments

Mr. Belvedere
MyCE Resident
Posted on: 07 Jan 11 12:03
    Quote:
    However, Sony wrote their own signing software, which used a constant number for each signature.” From there, it was just a matter of using “simple Algebra” to uncover the key.
    Ouch.

    Quote:
    It’s quite likely that Sony lawyers are very busy at the moment trying to figure out a way to put a stop to this, but pytey says he’s not worried. “I haven’t stolen anything,” he said. “It’s my own hardware, I can run whatever I like on it.”
    Depends on what kind of intellectual property he touched and if he was allowed to touch it in that way.
    slayerking
    CD Freaks Fartman
    Posted on: 07 Jan 11 12:56
      Quote:
      Originally Posted by Mr. Belvedere
      Ouch.
      Yeah although it wasn't intentional, It was a major F@#k up by one of the devs. It was supposed to be random, This was the code
      Code:
      int getRandomNumber()
      {
          return 4;
      }
      As you can see real brilliant and I suspect that coder is now looking for a new job haha.
      dearjohnsonful
      New Member
      Posted on: 07 Jan 11 14:27
        Quote:
        Originally Posted by slayerking
        Yeah although it wasn't intentional, It was a major F@#k up by one of the devs. It was supposed to be random, This was the code
        Code:
        int getRandomNumber()
        {
            return 4;
        }
        As you can see real brilliant and I suspect that coder is now looking for a new job haha.
        It's much more complicated than that. The slide you saw with that code was a comic from xkcd.com (see: http://xkcd.com/221/) that fail0verflow used. The random number is NOT 4, but much like 7a5646e46eed4567f34657a65433. This is just an example. A PS3 dev (hacker) had a comment on twitter about this, but I can't find it right now.
        RTV71
        MyCE Member
        Posted on: 07 Jan 11 22:03
          Scott Adams said it best:
          http://dilbert.com/strips/comic/2001-10-25/
          Mr. Belvedere
          MyCE Resident
          Posted on: 10 Jan 11 10:24
            Meh..
            trust2112
            MyCE Member
            Posted on: 13 Jan 11 01:00
              Does that mean AMD/ ATI, WD, OCZ, and every other peripherals manufacturer could sue me because I don't keep their hardware at specs? AMD plainly states that they are NOT responsible for overclocking issues. Even though they sell specific lines (Black Edition) just for that purpose. At what point do we keep taking it up the ass from corporate greed as well as government intervention to protect those greedy cock-suckers at Sony and other (MS) console makers? If I can't play it on my computer, then it is irrelevant to me. (Did you hear that, game manufacturers?) My computer is way beyond Sony's Piece of Shit3, and if their code ever gets released or reverse engineered, 3 words MAME emulation, bitches.
              Mr. Belvedere
              MyCE Resident
              Posted on: 13 Jan 11 10:05
                Quote:
                Originally Posted by trust2112
                Does that mean AMD/ ATI, WD, OCZ, and every other peripherals manufacturer could sue me because I don't keep their hardware at specs? AMD plainly states that they are NOT responsible for overclocking issues. Even though they sell specific lines (Black Edition) just for that purpose. At what point do we keep taking it up the ass from corporate greed as well as government intervention to protect those greedy cock-suckers at Sony and other (MS) console makers? If I can't play it on my computer, then it is irrelevant to me. (Did you hear that, game manufacturers?) My computer is way beyond Sony's Piece of Shit3, and if their code ever gets released or reverse engineered, 3 words MAME emulation, bitches.

                It all depends on what kind of license agreements you have actually agreed upon.

                If you bought a Sony Playstation 3, agree to a license agreement that forbids you to set fire on it and then set fire to it.. well... you are breaking the agreement. I'm not sure if breaking an agreement would actually be illegal though, but it can have penalties.

                If you have never agreed upon a license agreement that forbids you to set fire on it (you bought the PS3 and never turned it on), and then set fire to it.. i think you're pretty legal.


                If you bought a Sony Playstation3, agree not to modificate it via a license agreement and then start hacking away.. well.. are you not breaking the agreement? But would that be against the law? There is no company in the world that can make you agree to something that is against local and international law rules you as a person are obliged to follow or can enjoy.

                For instance: Sony could make me agree to set up a human slave trade business via an End User License Agreement, but it would be worthless, since it's against most laws.

                That is the sole reason why this licensing business is a very shady business. It is almost impossible for an end user to understand the End User License agreement they are agreeing upon and it is very difficult to prove it abides every local law.
                ftlion
                MyCE Junior Member
                Posted on: 19 Jan 11 07:16
                  Brilliant post ,Mr. Belvedere!

                  Some very good points that I (and I'll bet a lot of other folks too) hadn't even thought to consider about EULA's. I try to read all contractual things like those and the damn things that come with my bank accounts but after page 3 my brain really gets tired. I always feel like the things are written in the most convoluted way imaginable for the sole purpose of discouraging me from reading it carefully. Why does everyone have to have a legal degree now to use a piece of software?

                  But one of the statements brings up a question - supposing someone reverse-engineered a software program and actually removed the EULA from the install or documentation and then re-released it into the wild world of P2P via sharing or the like and it is then downloaded by someone else and installed and used or somehow violated the terms of the agreement that they never saw. Would that person be liable in such a case?
                  ftlion
                  MyCE Junior Member
                  Posted on: 19 Jan 11 07:18
                    ... and btw was this really an "error" or does anyone else think this exploit might have been left there purposely by someone on the original programming team?
                    Mr. Belvedere
                    MyCE Resident
                    Posted on: 20 Jan 11 11:20
                      Quote:
                      Originally Posted by ftlion
                      But one of the statements brings up a question - supposing someone reverse-engineered a software program and actually removed the EULA from the install or documentation and then re-released it into the wild world?
                      This has actually been done in real time with an Opera installation. The hacker showed that he could in real time change the text "I agree" to "No thanks, but continue installation anyway".

                      This may seem a fishy one for a judge, but i think actually it isn't. The sole purpose of this reverse-engineering is to bypass the agreement. This is not jailbreaking or hacking to open up possibilities that were hidden, but real intended abuse. Almost any judge will punish you for it.

                      Post your comment

                      You need to register before you can comment

                      Like us

                      Most popular headlines

                      Windows 9 Enterprise has no Metro interface, upgrade to Windows 9 free or $20

                      The Enterprise version of Windows 9 will come without the Metro interface, accor...

                      Gmail is down - Google confirms mail service disruption (updated)

                      Many users around the world complain about issues with Google's free email servi...

                      WZOR: PC manufacturers unhappy with Microsoft's Windows 9 plans

                      The Russian group or individual that leaks confidential Microsoft information to...

                      Microsoft releases fixed Windows 8.1 August Update - urges to delete old one

                      Microsoft has released the Windows 8.1 August Update again, the company withdrew...

                      Java.com and TMZ served malware due Java, Flash and Silverlight exploits

                      Dutch security researchers discovered that the Java website has been used to dis...

                      See all headlines
                      Follow Myce.com