First, on to some of fail0verflow's new and recent tool updates. One such new tool, is the PS3 NOR flasher/sniffer. This is the tool that was used to flash AsbestOS, onto the demo PS3, at the recent Chaos Congress Lightening Talk. The app allows users to flash files directly to their PS3's flash. It also allows you to sniff the data going to and from the flash as well. Please note, this tool requires hardware wired directly to the PS3's NOR flash.
Another addition, which was recently added to the team's github, was an SPU emulator. The tool makes reversing SPU code much easier. Which in turn, will aid in the further understanding of the PS3.
The team has updated a few of their existing tools as well. Some people, have been reporting issues with fail0verflow's makeself tool. Well, the pleas did not go unanswered, as the team has updated their SELF signing tool with several fixes. However, the tool is still not working 100% correctly yet, but progress is being made.
In addition to this, they also updated their sceverify app, giving it support for spp files.
Also as we mentioned, marcan, clarified his teams current progress and also, issued a response to GeoHot's Metldr work. The full statement can be read below.
Courtesy of Slashdot
We (fail0verflow) discovered and released two things:
- An exploit in the revocation list parsing, enabling us to dump a bunch of loaders, and thus their decryption keys
- A humongous screwup by Sony, enabling us to calculate their private signing keys for all of those loaders, and thus sign anything to be loaded by those loaders
We used these techniques to obtain encryption, public, and private keys for lv2ldr, isoldr, the spp verifier, the pkg verifier, and the revocation lists themselves. We could've obtained appldr, (the loader used to load games and apps), but chose not to, since we are not interested in app-level stuff and that just helps piracy. We didn't have lv1ldr, but due to the way lv1 works, we could gain control of it early in the boot process through isoldr, so effectively we also had lv1 control.
With these keys we could decrypt firmware and sign our own firmware. And since the revocation is useless and the lame "anti-downgrade" protection is also easily bypassed, this already enables hardware-based hacks and downgrades forever. Basically, homebrew/Linux on every currently manufactured PS3, through software means now, and through hardware means (flasher/modchip) forever, regardless of what Sony tries to do with future firmwares.
The root of all of the aforementioned loaders is metldr, which remained elusive. Then Geohot announced that he had broken into metldr (with an exploit, analogous to the way we exploited lv2ldr to get its keys) and was thus able to apply our techniques one level higher in the loader chain. He has released the metldr keyset (with the private key calculated using our attack), but not the exploit method that he used.
The metldr key does break the console's security even more (especially with respect to newer, future firmwares - and thus also piracy of newer games), and also makes some things require less workarounds. Geohot clearly did a good job finding an exploit in it, but considering a) he used our key recovery attack verbatim, and b) he found his exploit right after our talk, so he was clearly inspired by something we said when we explained ours, I think we deserve a little more credit than we're getting for this latest bit of news.
There's still bootldr and lv0, which are used at the earliest point during the PS3 boot process. These remain secure, but likely mean little for the PS3 security at this stage
From the geohot site:
props to fail0verflow for the asymmetric half
Geohot isn't taking credit for anyone's work here.
For the record, that wasn't there initially. We had to complain to him to get him to add that.