A NICE YEAR READ OUT OF PS3 VS HACKERS A MUST READ TO BRING BACK TIME

[stussy]

The turbulent times of the PlayStation 3


Steve Donaghy
15 May 2011 - 12:19


Those dastardly hackers!

Over the years, Sony had improved the manufacturing process of the PS3 so much that the internal components of the PS3 began taking up less and less space. Eventually and after months of speculation, Sony launched the PS3 "slim" models. Smaller, cheaper versions of the PS3 that did everything the "fat" versions did. Well, almost everything. There was one, teeny tiny feature removed that most people wouldn't even notice - "OtherOS". OtherOS was the option that allowed users to legitimately install Linux onto their machine. It may have been somewhat restricted, but it was Linux none the less and that was good enough for anyone that wanted it. The official reason for Sony removing OtherOS was to save on development costs, which is probably somewhat true. It's also true that it would stop people from buying thousands of PS3s without intending to buy a single game for them, but hey it's a games console, it's meant to play games, right?

Well, having heard this news, one George "Geohot" Hotz took it upon himself to investigate. George made a name for himself in the iPhone hacking scene and his ego knows no bounds, doing the impossible by "hacking the unhackable" would certainly message said ego and clearly the man couldn't resist. In just over a month, George hacked the PS3 wide open! Or so he would like you to believe. Yes, George did hack the PS3, but it wasn't all that it was made out to be. The "hack" required you to solder a couple of wires onto your PS3, connected to an external device and then through some trial and error, would cause the PS3 to boot into OtherOS with some of the normal restrictions removed. Essentially, it allowed anyone to poke around inside the memory of the PS3 from within Linux. It did not, however, allow anyone to run pirated games. Nothing could be done from inside "GameOS", as everything running there has to be digitally signed and such, nor could anyone flash any kind of custom firmware for the same reasons. OtherOS itself isn't capable of directly running PS3 games.

In what must have been a panicked move from Sony, OtherOS was quickly removed from all PS3's as part of firmware 3.21, slim and fat alike, despite promises to the contrary. Future games would require the latest firmware update, as would PSN, so everything was neat and secure. Worst case scenario is that someone will figure out a way to pirate games that run on firmware 3.15 and below, but the future games would never work thanks to encryption. Sure, it really annoyed a lot of enthusiasts everywhere, but that's fine, the important thing was that the PS3 was secure once more and this little glitch was nipped in the bud. Another Epic Save from Sony? No, we all know what came next...



The Jailbreak.

This tiny, harmless looking device caused quite a storm when it appeared a few months after everyone forgot about George Hotz. It almost seemed too perfect, too staged - plug this little thing into your PS3 and suddenly, you can "backup" your games to the hard drive and, crucially, play them back from it. Except it wasn't a hoax, like the many that had graced the PS3 scene over the years. Sony's worst fears had finally come true - piracy on the PS3. It gets worse, too, the dongle worked on the very latest firmware at the time, 3.41, with no Linux or OtherOS required. Not only had Sony abandoned OtherOS, irking some very smart and dedicated hackers and garnering a lot more attention from them, it turns out that the move didn't stop a thing.

Despite what many people believe, the dongle wasn't actually a clone of an official service jig that Sony used. It used a genuine exploit in how the PS3 handled USB devices to turn on "debug mode". Aside from enabling sheer piracy, this allowed homebrew to be run on the PS3 as the digital signature checks are disabled, giving unprecedented access to the inner workings of the device.

Sony were quick to file lawsuits where they could to prevent the distribution of the jailbreak device, but it was far too late. Enough of the devices got into the hands of the kinds of people they annoyed by removing OtherOS which allowed them to reverse engineer it and port the code to other devices. Soon, the "PS Jailbreak" could be run from all kinds of devices, from mobile phones to calculators, as well as various clone devices.

Sony didn't hang around, though. While the lawsuits were in progress, a firmware update was pushed out which plugged the hole the PSJailbreak used. Later, a method would be released that allowed people to downgrade their consoles back to 3.41, but all Sony had to do was once again ensure that future games were encrypted for 3.42 and above, as well as lock out PSN to anyone that hadn't upgraded. A bit of a save there, but perhaps not quite the epic one they would have liked.

I wonder, then, if anyone at Sony, if some lone engineer somewhere had an idea as to what was going to come next. Did anyone see it coming? Did anyone warn of it, only to be shot down by bureaucratic corporate executives and red tape?



Public Private Keys.

It's December 29, 2010. The annual Chaos Communications Congress is in full swing and a little trio of hackers, none of which are George Hotz, are about to unleash hell for Sony - Public Private Keys. As it turns out, Sony made a massive error with their cryptography. It really is hard to emphasise just how massive this error is, the term "epic fail" seems justified. The error would allow people to mathematically work out the private keys Sony used throughout the PS3. This would mean that the whole digital signature element of the system fell apart. With this information, people wouldn't need a dongle to run homebrew, the PS3 would quite happily run it thinking it was legitimate software. Worse still, custom firmware was now a distinct possibility and it would install straight off of a USB stick as if it were an official PS3 update. Not only was it possible to pirate on the PS3, it was extremely easy and didn't cost a penny to do so. Things looked bad - the PS3 had been utterly compromised. Everything could be decrypted, so even if a firmware update was released, what was to stop hackers from decrypting that and modifying it to disable whatever new protections Sony added?

The software on the PS3 is made up of several systems. When you turn your PS3 on, it doesn't immediately start booting the XMB. In the background, various subsystems start up and initialise the next one. This is actually quite common, particularly on games consoles and is known as a "chain of trust". The idea is simple - you start off with a hard-coded piece of code. This can't be changed by anyone, not even yourself and all it does is verify that the next bit of code is legitimate. It's stored deep within the PS3, in a place you just can't get access to. That way, even if someone were to hook up a device to the PS3's internal flash memory and rewrite it with their own code, the PS3 will refuse to run it because that first loader ensures that it's all legitimate. It's a pretty solid idea - you can't change the very first link in the chain and it ensures the next link is authorised and so on, but it does require your private keys not being known.

The team that revealed Sony's gaff with their cryptography, collectively known as fail0verflow, knew this and specifically did not release the keys that would allow people to compromise this system. After all, they were only interested in restoring Linux back to the PS3 - all PS3's and the next day, showed a demo of Linux booting on a slim PS3. Geohot, on the other hand, used the knowledge from fail0verflow's presentation to find what was known as the "metldr" key. This is that one step on the PS3 that simply cannot be changed, that first link in the chain, which is why many believed the hack to be un-fixable without releasing a new PS3 model. There's quite a few different keys and definitely quite a bit more regarding custom firmwares, but this article is long enough as it is.

Sony's response by this point was predictable - lawsuits, lawsuits and more lawsuits. Somehow, Geohot became the face of this PS3 hack, but in reality it was several different people that did the leg work, he was just happy to have people swooning over him. The fail0verflow team went pretty quiet while Geohot garnered even more attention to himself. Still, the lawsuit against Geohot combined with the existing lawsuits against Sony for removing OtherOS did raise one interesting question - who owns your PS3? You bought it, so surely you do, right? But then, does that mean you can modify the software on it? The software that Sony owns? Is George Hotz an evil hacker or is Sony a big evil corporation that's picking on the little guy? That's a question with no real right answer, but it certainly riled a few feathers.

Sony needs another Epic Save.

2011 didn't begin well for Sony. Their previously unhackable console was suddenly becoming one of the most hacked consoles out there. Their private keys were out in the open, despite numerous gag orders and lawsuits, what could they possibly do? As it turns out, quite a bit.

In came another firmware update, 3.60, except this time the encryption was done correctly. What's more, somehow they figured out how to package it in such a way that it couldn't easily be decrypted. Even better, they managed to secure their chain of trust. Previously, the chain was a series of loaders, but Sony realised that there was one tiny area of the PS3 that hackers didn't quite have access to and that was all they needed. The new loaders were repacked inside this one secure area and the PS3 was secure once again. One of the hackers who originally became known for porting the PS Jailbreak dongle to Nokia phones, KakARoToKS, was impressed and he described the whole thing as an "epic save". There's probably enough information and knowledge out there to eventually decrypt this and create a 3.60 custom firmware, but as yet this hasn't happened. Once Sony booted custom firmware users off of PSN, everything was looking good. Similar to before, anyone that stuck to older firmwares could pirate games up to that point, but newer games would be encrypted for 3.60+ and thus be unplayable without upgrading.



But what about that other guy...

Geohot and the fail0verflow guys weren't the only people investigating the PS3. As the information became available, more developers started to come out of the woodwork. Some were interested in custom firmware to allow for the pirating of games, while others were more interested in the Linux side of things. One developer in particular was very interested in getting Linux back onto the PS3. His name was Aexander Egorenkov, but most people knew him as graf_chokolo. This man didn't seem to be seeking fame or fortune. In fact, he went unnoticed for quite some time as he originally started posting on a comments section of a different hacker's blog. Still, as he posted more and more information, people started to take notice. People like Sony.

Despite the fact that the PS3 was once again "secure", Sony didn't like the idea of someone doing yet more research into their system and, with the help of the German authorities, raided his home. Anyone else would have called it a day and taken their chances in the courtroom. That's what Geohot did, but not this guy. First, he released all of the information he had and then he continued working on the PS3 as if nothing had happened. It came as no surprise, then, that his home was raided a second time, only this time Sony threatened him with massive fines if he didn't cease everything immediately. While Sony tried to portray all this legal action as defence against evil, malicious hackers, some people were beginning to see Sony as the evil ones, not the other way around. Then something happened that nobody really expected.



...and what about all those guys over there?

Somehow all of this caught the attention of an unlikely crowd of people. If you can call them people, that is. Some people call them a "hacker group", some people call them terrorists, other people call them script kiddies. ANONOMIS

Things weren't looking too bad for Sony. They may have been slightly embarrassed at the whole store closure thing, but they can be safe in the knowledge that there was plenty of embarrassment to go around. In the meantime, Sony settled a few lawsuits and things were starting to get back to normal.

Then it got bad. Then it got worse. Then it got even worse.

On the 21st of April 2011, the PlayStation Network went down for the second time this year. Except this time, it wasn't a bunch of script kiddies doing the equivalent of repeatedly pressing F5 that took it down, it was Sony themselves. Something went wrong and Sony decided to take just a couple of days to figure it out before restoring the service, or so they said. That "day or two" turned into a weekend and not just any weekend, but the Easter weekend.

The PSN wasn't just taken down for emergency maintenance due to a blown fuse or a dying hard drive, it was taken down because it had been hacked by someone. Someone, who to this day we still don't know the name or whereabouts of.

It was international news - personal details of 77 million people had been stolen. At the time, Sony wasn't even sure if credit card details were part of that information or not. What started off as a bit of an inconvenience for PS3 owners now ballooned into a much more serious issue. People started asking questions and information slowly trickled out from Sony about what has actually happened. As of the time of writing, it's still very much an ongoing investigation, but many people seem to think that it all stems from the PS3's security being compromised. In the past there had been a few rumours that the PSN security wasn't all that great and now it would seem that this is the case. Some people are also asking why this happened and while any theory is a viable one, people have been quick to point out that the more Sony targets hackers with lawsuits, the more things seem to go wrong for them.



I HAD TO TAKE OUT SOME PARAGRAPHS BECEAUSE TO LONG EXELLENT READ
GOT IT OF KAKAROTO TWITTER NICE READ

LINK http://www.neowin.net/news/the-turbu...-playstation-3

[cybersau]

to... much... text... *brain explode*

Thats a big load of infos... Intressting to read.

[stussy]

a good history of the ps3 vs hackers if your new to these forums

[Hkas]

a good history of the ps3 vs hackers if your new to these forums

Nice one. But I think you should try and clean it up a bit so its easier to read kinda looks bulky and scary lol