KaKaRoTo Speaks of ECDSA Algorithm - CFW Impossible

[tthousand]

That is what I am thinking. There are probably many doors that have yet to be opened.

[Mathematician]

As finishing my undergrad in nearly pure mathematics and working on my Ph.D. in applied statistics, I will say that nothing is purely random. Unfortunately I believe the hash algorithms are 1-1 so it's impossible to have two different files with the same hash value but then I'm not a computer expert.

However, do we really want CFW? I think with enough skill, 3.56+ libraries and features should be able to be implemented in 3.55 firmware if you have means to access 3.56+ firmware guts. If you can figure out how K is generated (trust me, it is not being randomly generated and I doubt it is using a time stamp either) you may be able to predict K and thus having higher probability of completing what you need.

[Darkman-PSG]

Games are encrypted with those keys to make it work idk y people cant seem to understand that. If you cant access the private keys there is NO way of making a game work how about this if True Blue can make Final Fantasy XIII-2 work then there is some hope in the scene but like it or not True Blue is all this scene has left.

[ridesideways]

ECDSA systems have been cracked before, and will be cracked again. You just need to understand that the cracking is not done on the EC mathematics (which is indeed *very* secure), instead the cracking is done on the "implementation". This is how the original PS3 keys were cracked, Sony forgot to generate a random number when signing a file (a flaw in Sony's ECDSA implementation), and then the whole ECDSA system for PS3 fell like a house of cards.

There are numerous other exploits/cracks that can bring an ECDSA system down:
1. The private keys get leaked from Sony
2. Hack the piece of code that verifies signatures so that non-authentic signatures are reported as authentic (I don't know enough about the PS3 architecture to say if this is feasible or not)
3. etc. etc.

There is no such thing as a completely secure system. The PS3 is a bunch of chips and code that runs on those chips. Code on any chip can be compromised. With enough research any system can be cracked. It's just a matter of how much resources will it take. It's probably that the PS3 contains another weak point (similar to the random-number fail) and it's just a matter of discovering it.

[uZer]

Like Cartman used to say: "Screw you guys - I'm going home" - I'll just buy xbox if no new games arrive in nearest future...

[Mathematician]

"Games are encrypted with those keys to make it work idk y people cant seem to understand that. If you cant access the private keys there is NO way of making a game work how about this if True Blue can make Final Fantasy XIII-2 work then there is some hope in the scene but like it or not True Blue is all this scene has left."

You are wrong, you only need the public keys =P

"it work idk y people cant seem to understand that." (you couldn't have said it better)

[Darkman-PSG]

@Ridesideways
http://www.youtube.com/watch?v=R2SS0gZ_kKI

Listen to what you are saying Sony made an error that they fixed meaning there is noway it can be cracked now.

[CS67700]

Lets face it, and now i think it's pretty sure to say it : this scene is dead.
What's coming next ? 10059 versions of multiman, 98623 versions of Showtime, 26895 more 3.55 with different themes and plugins (wouhou, cool) and nothing more.

[kada]

Just because ECDSA can't be cracked does not mean someone can't find a different exploit in the PS3 & take advantage of it.

I think same way. When PSP TA 088v3 boards came, CFW stopped. Then founded a way to hack PSP TA088v3 via tiff exploit. Maybe PS3 gives a big open that we can run unsigned apps and patches system calls. Who knows. I dont know about programming and is it possible but maybe plugins(like on PSP) will be adapted to 3.55 CFW. Ok PS3 has great security(over a year passed till 3.55 CFW) but every system has openings...

[CS67700]

I think same way. When PSP TA 088v3 boards came, CFW stopped. Then founded a way to hack PSP TA088v3 via tiff exploit. Maybe PS3 gives a big open that we can run unsigned apps and patches system calls. Who knows. I dont know about programming and is it possible but maybe plugins(like on PSP) will be adapted to 3.55 CFW. Ok PS3 has great security(over a year passed till 3.55 CFW) but every system has openings...

No one has interest in hacking this console, that's all.
The PS3 (despite the ECDSA fail from Sony) was hacked after 4 years (and not one year) because Geohot took his balls and revenged from Sony taking away the other OS function.

Since then, nada, niet, nothing. No one was talented/smart enough to find another way in, and i believe it's not gonna happen tomorrow.

PS: the TB thing is gonna end soon, this piece of crap isn't gonna make 4.00+ games work. It's just some tweaking.

[soulreaver]

The Key is Patience guys.....and have some Faith....!!there are so many playable games already in 3.55 CFW....so Enjoy Playing....and STOP the Crying like "Women"...!!!

[uZer]

The Key is Patience guys.....and have some Faith....!!there are so many playable games already in 3.55 CFW....so Enjoy Playing....and STOP the Crying like "Women"...!!!

Yeah - there are 2 options:
1. Be a gayf@g and believe in fairytales that "someday, somewhere a dev on white pony will deliver to us new hack"...
or
2. Be a man and face that fact that scene is dead and just move on...

This scene is sooooo pathetic... So many DRAMA queens and no devs at all...

[xdslx]

how come the old signed games works on new OFW ?

[yes159]

how come the old signed games works on new OFW ?

The new OFW have both the old and new decryption keys.

[defyboy]

Misleading title. While KaKaRoTo does state that it is impossible to obtain the private key (Not technically true, it is not 'impossible' but extremely improbable - about as close as you will get to an impossibility). He did not say anything about the impossibility of a new CFW.

It is entirely possible to create a new CFW even though we don't have the private key to sign the firmware. If we get the LV0 private and public key (or a proper lv0 dump), we have the public key to decrypt the entire firmware chain, allowing us to re-sign it with older keys (or patching all key checks out) - Not an easy task, but entirely possible.

[dualshock1992]

Good luck with waiting for that.

Smartass, you just had to say something, didn't you, eh ?

[cyto]

Just because ECDSA can't be cracked does not mean someone can't find a different exploit in the PS3 & take advantage of it.

Exactly! There is more than one way to hack the PS3, obviously since TB is using eboot/sprx files from higher firmwares now as it is. Kakaroto is just probably not the person for the job. Geohot said that it was very unlikely we would ever get the private keys when he began looking into the PS3 but that it did not matter because there are many other exploits that can be used. He said that they didn't have the private keys to iPhone/iPad either and look how they have all been hacked to run unsigned code.

Where there is a will, there is a way. I just don't see much else going on lately with this scene. There was the anonymous guy that was going to be dumping keys from a dual setup, but we haven't heard anything for months on that. Geohot is put on ice and Math has left the scene. Is there anyone else working on this that has the talent to succeed where so many others have failed?

[mathisgod]

I still remember when everyone and their mothers said that Sony couldn't fix the PS3 without a hardware revision because of the original key leaks? lol

Idiot sheeps.

Stop being a bunch of cheap bitches and update the ps3 if you really want to play newer games.

[ahou]

CFW Impossible ? Anything is possible, I'd edit that, as you run the risk of looking foolish.

That's not true.

ECDSA is impossible to crack within any reasonable amount of time (say, before the earth is gone). And there are other things which are in fact 100% impossible to crack, even given an infinite amount of time, such as, for example, a one time pad.

[Mathematician]

OTP:

"If the key is truly random, as large as or greater than the plaintext, never reused in whole or part, and kept secret, the ciphertext will be impossible"

However, nothing is truly random. OTP can be cracked.