How did Sony stop the exploit ?

**rottbert** · 05-19-2011,05:24 PM

Well, I´m not in for a new "when is the 3.61 CFW out" discussion, but i was just curious as to what the technical solution Sony did to cover up the mistakes they obviously made in the firmware.

Yes, I did see the FailOverflow demo when the exploit first was found, and the technical discussions on how it all was possible. And I also remember the hackers (Or at least forum trolls) saying, "We have now hacked the lowest possible level, Sony will never be able to repair this" (Or something like that..)

Well obviously the hackers were wrong, and Sony fixed it (since no games are playable after 3.60).

..So how did they do it ? (And should I be impressed?)

**ModchipCentral** · 05-19-2011,05:33 PM

They fixed it by suing all the hackers that released their exploits.

**randomusername** · 05-19-2011,05:37 PM

I think they just moved all the security (the loaders) to another area of the PS3. An area that was, and still is, secure as the keys for this loader were never released, unlike all the loaders after it.

There's a great picture somewhere illustrating this..

**andonevris** · 05-19-2011,05:38 PM

In a nutshell, the keys that were released could sign packages to run homebrew, backup managers etc.

There is a higher level key (lv0) which once we have will be game over for Sony, this key was never released.

It is technically possible to get this key but the people with the skills to do it won't.

What we need is a hacker with the skills and the willingness but so far this individual is nowhere to be seen.

That's about it

**afiser** · 05-19-2011,05:38 PM

Originally Posted by rottbert

Well, I´m not in for a new "when is the 3.61 CFW out" discussion, but i was just curious as to what the technical solution Sony did to cover up the mistakes they obviously made in the firmware.

Yes, I did see the FailOverflow demo when the exploit first was found, and the technical discussions on how it all was possible. And I also remember the hackers (Or at least forum trolls) saying, "We have now hacked the lowest possible level, Sony will never be able to repair this" (Or something like that..)

Well obviously the hackers were wrong, and Sony fixed it (since no games are playable after 3.60).

..So how did they do it ? (And should I be impressed?)

fail0verflow never said the ps3 was software hacked forever, however, ALL ps3's can be hacked via hardware no matter what, until sony makes a new revision. although it may be software hacked forever if we got access to bootldr, then we could decrypt firmwares again and start doing interesting stuff with newer firmwares, tho we will never get the private keys again. but no one has been able to get the bootldr level just yet

and its not an exploit, it is a sort of glitch, in that sony forgot to use a random number. an exploit would mean to exploit the system in someway, what fail0verflow did was just find a means to calculate the private keys.

to simply answer your question tho, they started using a legitimate random number when calculating their ECSDA algorithms, no you should not be impressed.

**randomusername** · 05-19-2011,05:41 PM

Here it is :

IIRC they moved everything to launch from lv0 - as explained above, we don't have those keys so we can't do anything as yet.

**Incognitus** · 05-20-2011,03:41 AM

that's a beautiful image, like looking directly at history being made

**Laocedric16** · 05-20-2011,07:25 AM

Then I Wonder why Devs say "IT'S IMPOSSIBLE FOR v3.60 CFW" ? why is that?

**afiser** · 05-20-2011,09:27 AM

Originally Posted by Laocedric16

Then I Wonder why Devs say "IT'S IMPOSSIBLE FOR v3.60 CFW" ? why is that?

we will never be able to sign firmwares again (since we can no longer calculate the private keys anymore from 3.56 onward).

however if someone gets to the bootldr lever we can still decrypt firmwares and such since the public keys are just in the files and the public keys are all you need to decrypt things.

**adrianc** · 05-20-2011,10:27 AM

Yeah the console was hacked up to metldr which is essentially the highest level of security the ps3 has while running normally. On boot however, the ps3 execution chain starts with the OTP which then loads bootldr from the nor into spu0, which then loads lv0 into the ppu, which then loads metldr into spu2.

Since the ldr's are now encased in lv0 from 3.60 onwards, one needs the bootldr key to decrypt it to get at them.

User Tag List

Thread: How did Sony stop the exploit ?

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!