PS3 3.56 firmware hacked just hours after release

Posted 29 January 2011 04:00 CET by wconeybeer

Assertions from the PS3 hacking community that the PS3 DRM was irreparably broken when the consoles “root key” was released to the public by George “GeoHot” Hotz were tested when Sony attempted a security patch with a mandatory new firmware release late Thursday.

Sony’s hopes were quickly dashed, however, as hackers quickly got to work on dismantling the new firmware and had the job done within just a few hours.

While the description of PS3 firmware 3.56 on Sony’s PlayStation blog was quite vague, Edge reported that the update “introduces a new encryption key which kills all existing homebrew functionality.” Console owners attempting to login to their PlayStation Network (PSN) accounts were prompted to complete the firmware upgrade, which is now required to access online play.

Within hours of noticing that the firmware had been released, well-known hacker Youness Alaoui, known in the community as “KaKaRoToKS”, did the job of unpacking the files and uncovering the version’s signing keys. Per an update on Alaoui’s Twitter account, the tools used to spoof the firmware for installing custom homebrew applications were once again functional.

This seemingly futile game between Sony and the hacking community gained momentum throughout the last half of 2010, after the corporation removed the “Other OS” functionality from all PS3 consoles in April.  By mid-August, a USB hack had been created to run homebrew applications on the console, but Sony fought back. Since then, several new firmware  “security patches” were released, only to be subsequently hacked.

By the end of 2010, hacking group Fail0verflow and Hotz had figured out and published the PS3’s “root key”, at the heart of the console’s DRM, along with all the tools necessary to once again install customer firmware on the systems. Sony responded with a lawsuit against Hotz and the Fail0verflow team, with several charges including violations of the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act.

Yesterday, Sony won a restraining order against Hotz, which requires him to turn over all of his computer equipment to authorities within 10 days.

Though this latest firmware update proved to be useless, Sony may have another trick up their sleeve to discourage unauthorized use of the PS3. Last week, reports surfaced indicating that the company was considering instituting a new serial security system for all Blu-ray Disc games to be used with the console. Sony has not yet commented regarding the validity of that claim.

Time will tell if Sony has any other brilliant ideas that will address and solve their security woes, but today the hackers have won another small victory against The Man.


Related content