fail0verflow and Geohot Interview with BBC

Published on 01-05-2011 08:01 PM

40 Comments

The BBC posted a well written news article today, regarding the recent developments on the PS3. The story not only covers the recent hacks but also gives a recap on the events that lead up to them. The article is a good read and features interviews from both fail0verflow and Geohot.

Attachment 597

iPhone hacker publishes secret Sony PlayStation 3 key
By Jonathan Fildes Technology reporter, BBC News

The PlayStation 3's security has been broken by hackers, potentially allowing anyone to run any software - including pirated games - on the console

A collective of hackers recently showed off a method that could force the system to reveal secret keys used to load software on to the machine.

A US hacker, who gained notoriety for unlocking Apple's iPhone, has now used a similar method to extract the PS3's master key and publish it online.

Sony declined to comment on the hack.

"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.

"This is as bad as it gets - someone is getting into serious trouble at Sony right now."

The group, which has previously hacked Nintendo's Wii and says it is vehemently against games piracy, said that it had developed the hack so that it could install other operating systems and community - written software - known as homebrew - on the powerful machine.

"The details we provided and information and techniques we disclosed would have been enough to install Linux," he said. "We have no interest in piracy."

Following the presentation, US hacker George Hotz, who has previously hacked parts of the console, used a similar technique to extract the master key. He has now published it on his blog.

This formerly secret number is used to "sign" all games and software that run on the system, to authenticate that it is genuine and approved by Sony.

However, once the key is known it can be used to sign any software - including unofficial software and games.

"I hate that it enables piracy," said Mr Hotz. "The publication of the key is more academic than anything else."

The number also works for Sony's handheld console the PlayStation Portable, said Mr Hotz.

Developers have already started releasing tools to develop new software for the PS3 using the hacks.

'Valid target'

The PS3 - once regarded as the most secure of the game's consoles, and the only one not to have been permanently cracked - has in the last 12 months come under increasingly scrutiny from hackers.

In January 2010, Mr Hotz claimed to have cracked the console.

Following his initial announcement, Sony released an update disabling a function, called OtherOS, that allowed gamers to install a version of Linux on their machines, thought to have been exploited by Mr Hotz.

Many saw it as a pre-emptive strike to guard against games piracy.

Mr Hotz never released the exploit and publicly said that he had stopped work on the console.

But Sony's removal of OtherOS prompted other hackers to begin to look at the system more closely.

"It became a valid target," pytey told BBC News. "That was the motivation for us to hack it."

He said the team had spent "months" trying to find their way into the system.

"It was not trivial to do this," he said.

In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.

"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.

"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."

But the team found that Sony had made a "critical mistake" in how it implemented the security.

"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.

"However, Sony wrote their own signing software, which used a constant number for each signature."

This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.

"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.

The team decided to publish its method but not the keys.

After the team revealed their hack, Mr Hotz said that he was prompted to renew his work on the system.

"What fun is a race if no-one else is running," he said. "fail0verflow did great work - they took it up a level."

Using a similar technique he was able to extract the entire master key for the system, which he subsequently publish online along with a demonstration of it in action.

However, he has not released the method he used to extract the key.

"There is no reason to," he said.

However, he said that he may release a piece of software that will allow people to easily sign their own pieces of software and homemade games - known as homebrew - on to the console.

"I have a program running but am thinking of a good way to release it," he said.

Like fail0verflow, he said that he does not condone games piracy.

"I do not want it to be able to sign official Sony programs. I'd like it just to be able to sign homebrew."

fail0verflow said it "disagrees" with Mr Hotz's decision to release the key, saying that it expects them "to make piracy easier without accomplishing intrinsically useful".

Legal worry

Sony takes a dim view of people hacking its system.

Last year, a team released a USB dongle called PSjailbreak that contained software that allowed gamers to play homemade and pirated games on the PlayStation 3.

Sony updated its consoles to block the software and took legal action against distributors in many countries.

However, according to pytey, it may not be so easy to fix the problem this time.

"The only way to fix this is to issue new hardware," he said. "Sony will have to accept this."

He said that he thought his group was on safe legal ground with its work.

"I haven't stolen anything," he said. "It's my own hardware, I can run whatever I like on it.

But Mr Hotz was more cautious.

"I'm scared of being hit with a lawsuit," he admitted.

Share
- Share this post on
- Digg
- Del.icio.us
- Technorati
- Twitter

Categories:

PS3 Dev

40 Comments

indecks-PSG - 01-05-2011, 08:29 PM
- Reply
"We don't condone piracy."

BULL. I bet they have 1tB hdd's in their PS3s right now.

blueclouduk-PSG - 01-05-2011, 08:38 PM
- Reply
The only problem with this article is that it immediately announces that hackers and cracked open a the PS3 and left it wide open to software piracy.

Whilst the article goes on to quote GeoHot and Pytey, it seems to me that the whole point of the article was to shout out that hackers are the bane of every decent, law abiding, ethical and moral corporation. Not all hackers are not criminals, there are some highly talented programmers out there that sometimes just fancy a challenge as well as tweeking the noses of corporations.

Personally I would like to see console manufacturers produce a piece of hardware that allows end users to protect the substantial investment by the public in game media. It's possible to do it without even making changes to existing hardware. The only reason I have a chipped Wii, a CFW PSP and a JB PS3 is so that the next time I damage a disc it doesn't cost me another £50 to buy a copy of something I alreadu own.

BlackCat666 - 01-05-2011, 08:43 PM
- Reply
Geohot is wise to be cautious, fail0verflow seems to be a little too relaxed about this, Sony isn't the kind of company to take this kind of action lightly.

I am not exactly sure what ground Sony could get them, but still wise to be cautious.

Also I agree that geohot was a little dumb for posting the key on his blog, and even worse the fact he tried to use it as a means to get a job with one of the big three (Sony, Microsoft and Nintendo).

Geohot is tactless...

fail0verflow seem to be the most mature on their approach.

As long as I get my OtherOS back I will be satisfied ^^

Blunts-LLA-PSG - 01-05-2011, 08:46 PM
- Reply
Interesting Interview. I hope they are right that this doesn't lead to piracy. But Sony had It Coming! I am fine with homebrew, I just don't want the devs to be hurt by this. But it will surely lead to piracy they submitted all their tools, just that they didn't use themselves but provided them to other to use and the main reason they aren't using it cause they wouldn't be allowed to release and if they were releasing them for piracy they would get into trouble they know that their work will bring piracy.:joystick1:s3up::joystick1:

nights.666 - 01-05-2011, 08:48 PM
- Reply
Originally Posted by indecks

"We don't condone piracy."

BULL. I bet they have 1tB hdd's in their PS3s right now.

You are wrong. 40 bucks a game? not a big deal. I personally have more than 40 PS3 titles...
For this people it´s just have fun messing arround, and advance step-by-step on PS3 security.
(progress and conquer.....like classical game)

ihaxgames-PSG - 01-05-2011, 09:01 PM
- Reply
Originally Posted by BlackCat666

Geohot is wise to be cautious, fail0verflow seems to be a little too relaxed about this, Sony isn't the kind of company to take this kind of action lightly.

I am not exactly sure what ground Sony could get them, but still wise to be cautious.

Also I agree that geohot was a little dumb for posting the key on his blog, and even worse the fact he tried to use it as a means to get a job with one of the big three (Sony, Microsoft and Nintendo).

Geohot is tactless...

fail0verflow seem to be the most mature on their approach.

As long as I get my OtherOS back I will be satisfied ^^

Honestly i think geohot was joking about the getting a job part, Sony would kill him before hiring him now, however he didn't break any U.S. laws, reverse engineering is protected by fair use under the DMCA, so sony can't do anything but sit back and hope for the best. HAPPY NEW YEAR SONY!!

cdkane-PSG - 01-05-2011, 09:05 PM
- Reply
Maybe if failOverflow used the old blackmail to Sony it might have worked as well. "Hey Sony, look what we have found, now bring back the OtherOS feature in the next firmware update and give us X amount of dollars to buy all of our research off us so you can destroy it".

Linux returns... no piracy

or a messy legal battle.

Releasing it to the gaming public is like saying, "here is $50,000 but DONT spend any of it on games".

Personally though I think they have all done some great work. Dont know if I will bother with CFW or anything like that as I already emulate games on my PC and dont mind paying for games but this whole movement has been very interesting. I guess for me if it becomes risk free, easy to do and offer some really cool features then its more likley.

BlackCat666 - 01-05-2011, 09:08 PM
- Reply
I don't think he was joking, he is basically pulling a dark_aleX on us xD

When he first made the announcement that he had "hacked" the ps3 those many many months ago, and what led to OtherOS being disabled in the first place (although I think Sony just used him as a scapegoat really). But back to what I was saying, I facepalmed myself when he said that the first time, and did an even bytes facepalm when he put this new bit up on his blog.

But hey... To each their own I guess. I still think he is a a tactless little widjum xD

iDoiStuff - 01-05-2011, 09:11 PM
- Reply
Sony would NOT kill him. Infact I bet Sony really wants him now so he can make the next PS4 un-hackable and super secure.

Geohot is Sonys best bet to a secure system.

nirving - 01-05-2011, 09:50 PM
- Reply
Originally Posted by iDoiStuff

Geohot is Sonys best bet to a secure system.

That I do not believe. All he has done is exploit something that at the time was public knowledge. Sony failed in their code review and let something slip through the net that they should not have done. If it was not for that fact we would not be where we are today, and to be honest if GeoHot worked for the big 3, his ego would not be able to be contained, and he would be end up being like Thomas Gabriel in Die Hard 4.
By the very fact that he keeps things secret and then burns other dev's because they don't bow down to him and ask his permission to release.
I wish everybody would get down of their horse about this guy. He is not the saviour and he should not be held in the same field as Dark_Alex and fail0verflow.

slamride - 01-05-2011, 11:31 PM
- Reply
ha ha ha what BS "i don't condone piracy" ha ha what do you call it then "educational purposes" ha ha ...your hacking plain and simple thats piracy when you use Sony's software or hardware to run any code not signed legally by sony...just admit it its piracy ..... i dont condone bank robbing bu i know the combination to the bank vault its 1234567890 i got it by watching the teller (man im so cool) but please dont use it for bad things(it educational)....ha ha ha

Dabora3003 - 01-06-2011, 01:03 AM
- Reply
I think you all are missing the point.
I believe Geo and Fail when they say they don't condone piracy.
Why?
Because hacking video game systems IS their version of video games. Why do they need to pirate?
They find hacking fun.
Besides, nobody "condones" piracy when there's a possibility of a lawsuit.
Just sayin'
<.< >.>

Dabora3003 - 01-06-2011, 01:11 AM
- Reply
Originally Posted by slamride

ha ha ha what BS "i don't condone piracy" ha ha what do you call it then "educational purposes" ha ha ...your hacking plain and simple thats piracy when you use Sony's software or hardware to run any code not signed legally by sony...just admit it its piracy ..... i dont condone bank robbing bu i know the combination to the bank vault its 1234567890 i got it by watching the teller (man im so cool) but please dont use it for bad things(it educational)....ha ha ha

What you're basically saying is that since they're using the PS3 for something other than what it was designed for, it's piracy?
So if I buy a pair of shoes from Nike, but I don't wear them and I, instead, use them to beat people who don't know what they're talking about upside the head, I'm pirating?
Geohot and Fail are not stealing anything. They aren't doing anything illegal (there is absolutely nothing illegal about hacking/jailbreaking this hardware, nor is it illegal to run code that Sony did not sign)
Care to inform me at which point they were pirating?

linuzo-PSG - 01-06-2011, 03:12 AM
- Reply
Originally Posted by Dabora3003

What you're basically saying is that since they're using the PS3 for something other than what it was designed for, it's piracy?
So if I buy a pair of shoes from Nike, but I don't wear them and I, instead, use them to beat people who don't know what they're talking about upside the head, I'm pirating?
Geohot and Fail are not stealing anything. They aren't doing anything illegal (there is absolutely nothing illegal about hacking/jailbreaking this hardware, nor is it illegal to run code that Sony did not sign)
Care to inform me at which point they were pirating?

Sony could still get them in court. It states in the EULA that you are paying for a licence to use the software on the machine and hardware. You do not actually own the rights to the hardware, it is their interlectual property and they are the ones that say what goes or does not go on their system.

As much as anyone else I enjoy having a challenge and developing things on hardware that wasn't intended. So I can get the most out of my hardware. Even though I agree with homebrew and such. Sony doesn't think that way, there in gaming business to make money not to have their shit hacked.

Thats also why I try to hack stuff because it gives a challenge and little bit of adrenaline when you unlock something that wasn't suppose to be.

On the other hand way to go guys, but I would be cautious on how you portray yourself when speaking publicly to a large organization worth millions like Sony.

Dynde87-PSG - 01-06-2011, 03:16 AM
- Reply
Originally Posted by nights.666

You are wrong. 40 bucks a game? not a big deal. I personally have more than 40 PS3 titles...
For this people it´s just have fun messing arround, and advance step-by-step on PS3 security.
(progress and conquer.....like classical game)

Oh how I wish I lived where you live. Games in Denmark are 100 bucks a game (sadly, not even exaggerating). And when you know, that the game itself probably doesn't cost more than 10 bucks (if that) a disc to make. It makes you feel like you're just getting butt-****ed.

I bought about 15 ps3 titles myself, and I've enjoyed most of them. But far from all of them are worth what they cost. And when you think about how Sony treats their customers (thinking of their support with all of the problems the PS3's been having, retracting a feature in an update!, limiting what we can do with a machine that we bought!), I won't cry over a single homebrew or pirated game. Especially when it got cracked on the basis of such a gigantic cryptographic error.

my $.2

GBX_LEE - 01-06-2011, 05:05 AM
- Reply
Originally Posted by indecks

"We don't condone piracy."

BULL. I bet they have 1tB hdd's in their PS3s right now.

Actually I gota 2 tb hdd .

ghostzero - 01-06-2011, 05:53 AM
- Reply
I think Sony had it coming.
THEY decided to REMOVE OtherOS from the Slim and also the FAT - without any real reason.
Actually, I still think this (that Sony removed OtherOS) was against the law (at least for the FAT) - at least in some countries - but I am no lawyer.

It can't be coincidence that this only happened after OtherOS was removed because I saw the video of the 27C3 and there were really terrible bugs in the security system.
Without OtherOS Sony would surely have been hacked way earlier.

And those keys should be quite hard to update. Best why might be two keys a new and the old one and a whitelist of some sort but ....
Not to mention I think that metldr is more or less not upgradeable.

The good part about this is that it allows the use of Homebrew (without too much effort on the end user's part) and also enables fan translations of games (e.g. some J-RPGs never made it to the US or Europe).

BUT, of course, the problem is that it will also enable piracy.

Personally, I am mostly interested in the fan-translations part. There are already some translation projects sind PS JailBreak but now I hope those will also be useable with newer firmware versions.

Aristoles - 01-06-2011, 05:55 AM
- Reply
Originally Posted by linuzo

Sony could still get them in court. It states in the EULA that you are paying for a licence to use the software on the machine and hardware. You do not actually own the rights to the hardware, it is their interlectual property and they are the ones that say what goes or does not go on their system.

As much as anyone else I enjoy having a challenge and developing things on hardware that wasn't intended. So I can get the most out of my hardware. Even though I agree with homebrew and such. Sony doesn't think that way, there in gaming business to make money not to have their shit hacked.

Thats also why I try to hack stuff because it gives a challenge and little bit of adrenaline when you unlock something that wasn't suppose to be.

On the other hand way to go guys, but I would be cautious on how you portray yourself when speaking publicly to a large organization worth millions like Sony.

EULA is not above the law. End of discussion.

BlackCat666 - 01-06-2011, 06:01 AM
- Reply
I mean correct me if I am wrong here..

But one thing is for certain.....

The next console won't be back compatible xD

And neither will be the next proper generation of PSP seeing as the key is the same for that of the PSP as the PS3.

ghostzero - 01-06-2011, 06:03 AM
- Reply
They could use two keys. One for back compatibility only and the real ones which are totally inaccessible through the back compatibility but
actually I think that would have been the case anyway - they removed PS2 support on the PS3 after all too.