Media and News sites are reporting that the PS3 LV0 leak/hack may be the 'One That Sony Can’t Stop'. Meanwhile, Scene devs explain it so you can understand the true significance of all this.
News sites around the world, including the BBC, Digital Foundry/Eurogamer and Kotaku already reported on this, and are calling it "The Final Hack": something that Sony can’t block anymore! From Eurogamer:
The reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.
But now, how about an explanation by Scene Developers themselves?
Marcan (Fail0verflow) and Wololo have shared more info and a great Q&A so you can understand the true significance of all this.
Presumably, 18 months later, some other group has finally figured this out and either used our exploit and the hardware assistance, or some other equivalent trick/exploit, to dump bootldr. Once the lv0 decryption key is known, the signing private key can be computed (thanks to Sony’s epic failure).
The effect of this is essentially the same that the metldr key release had: all existing and future firmwares can be decrypted, except Sony no longer has the lv0 trick up their sleeve. What this means is that there is no way for Sony to wrap future firmware to hide it from anyone, because old PS3s must be able to use all future firmware (assuming Sony doesn’t just decide to brick them all…), and those old PS3s now have no remaining seeds of security that aren’t known. This means that all future firmwares and all future games are decryptable, and this time around they really can’t do anything about it. By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s. From the homebrew side, it means that it should be possible to have hombrew/linux and current games at the same time. From the piracy side, it means that all future games can be pirated. Note that this doesn’t mean that these things will be easy (Sony can obfuscate things to annoy people as much as their want), but from the fundamental security standpoint, Sony doesn’t have any security leg to stand on now. It does not mean that current firmwares are exploitable. Firmware upgrades are still signed, so you need an exploit in your current firmware to downgrade. Also, newer PS3s presumably have fixed this (probably by using newer bootldr/metldrs as trust roots, and proper signing all along).”
[...]
Can this be used to sign binaries to run homebrew on OFW PS3s (ala the PSP key leak)? Are those private keys sufficient to sign homebrew software such that they will run in unmodified firmware?
No. The keys are used for two purposes: chain of trust and chain of secrecy. The compromise of the keys fully compromises the secrecy of the PS3 platform permanently, as you can just follow the links down the chain (off-line, on a PC) and decrypt any past, current, or future firmware version. Current consoles must be able to use any future firmware update, and we now have access to 100% of the common key material of current PS3s, so it follows that any future firmware decryptable by current PS3s is also decryptable by anyone on a PC.
[...]
Old PS3s are now in the same boat as an old Wii, and in fact we can draw a direct comparison of the boot process. On an old Wii, boot0 (the on-die ROM) securely loads boot1 from flash, which is securely checked against an eFuse hash, and boot1 loads boot2 but insecurely checks its signature. On an old PS3, the Cell boot ROM securely loads bootldr from flash, which is securely decrypted and checked using an eFuse key, and then bootldr loads lv0 but checks its signature against a hardcoded public key whose private counterpart is now known. In both cases, the system can be persistently compromised if you can write to flash, or if you already have code execution in system context (which lets you write to flash). However, in both cases, you need to use some kind of high-level exploit to break into the firmware initially, particularly if you have up-to-date firmware. It just happens that this is trivial on the Wii because there is no game patch system and Nintendo seems to have stopped caring, while this is significantly harder on the PS3 because the system software has more security layers and there is a game patch system.
Breaking it down into simple and easy to understand words
Since Marcan’s answers can be a bit difficult to digest, I’ve broken them up into the form of questions and answers with the special help of ViRGE on this. This will clear alot of it up for those less technical.
Q: What exactly has been recovered?
A: The keys used by bootldr to decrypt/verify lv0, and by reversing the process the private keys used by Sony to sign lv0. If we consult our handy 3.60+ chain of trust diagram, we can see that bootldr is at the very root of the chain of trust, with lv0 being the first module it loads.
Q: So what can we do with the lv0 signing key?
A: In short, we can use it to decrypt lv0, modify it to patch out any lv0 security checks, and resign it with a legitimate key that bootldr will accept. With the chain of trust broken and lv0 no longer enforcing the security of the modules that it controls, we can then start modifying lv1ldr, lv2ldr, appldr, isoldr, etc to patch out their security checks and add CFW functionality.
Q: Can Sony “fix” this like they did for the 3.55 exploit?
A: No. With 3.55 the keys metldr used to verify its dependent modules were recovered. So Sony simply stopped using the now-insecure metldr and started using bootldr (which was still secure) to load.. Sony doesn’t have any more secure modules like bootldr left so like I said in my original post they have no options and cant fix anything; without getting too technical, we now have the keys to every “common” hardware module that is able to decrypt Sony-signed modules. The only thing left are the modules that use per-console keys, which are useless for booting common firmware (which must be decryptable by every PS3)
Q: So bootldr is fixed in hardware?
A: Correct. Like metldr, bootldr cannot be software updated by Sony. It’s hard-coded in hardware. As a reminder, bootldr/metldr themselves can’t be exploited, but because of the keys we have recovered we can make them load anything we want, nullifying whatever security they provide.
Q: What about future firmwares?
A: Good news! We can decrypt those too. Sony can use various coding tricks to make the process more difficult (this is called obfuscation), but they can’t stop us by using keys. We will always be able to decrypt lv0, and as long as we can figure out how to navigate lv0 we can figure out how to decrypt and modify its dependent modules. For those of you that follow Sony hardware this is much like how the earlier PSPs were hacked. So we can always decrypt the firmware and will be able to create newer CFWs as long as we can get past any obfuscation by Sony
Q: So the PS3 is utterly and completely broken?
A: To an extant yes, debatable but unlike the 3.55 hack we have mostly everything needed. Sony will never be able to re-secure existing consoles.
Q: What about consoles running firmware newer than 3.55?
A: Because all “old” consoles use the same keys to verify modules like lv0, at a minimum we can decrypt, patch, and resign the firmware. The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn’t an insurmountable problem – hardware flashers will always work – but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW
Q: What about newer consoles?
A: So there’s the real problem. Remember how we said bootldr and metldr are fixed in hardware? Sony can create new hardware, and update those modules in the process. By using new hardware in conjunction with new firmware for that hardware, Sony could completely change the keys used to secure the system. Without getting too technical, all of this progress comes from the fact that Sony was sloppy and did a poor job of implementing their security on earlier consoles, which is what lead to the first keys being leaked. Sony could always issue new hardware with new keys and a fixed security system at which point we’d be completely locked out of that new hardware. It’s entirely possible they’ll do this (if they haven’t done so already), so much like the PSP we’re going to end up with a limited number of consoles that have hardware-based flaws that can be exploited. Of course we then found new ways of exploiting the PSP anyhow, and ultimately were able to exploit every PSP made in one way or another.
If you are on anything higher than 3.55 it doesn’t mean you are out, there are ways to downgrade if your model is one thats able, otherwise you are just not able to do anything right now until more dev work is done. So sit tight and hold on. Again stay tuned, more info and news will be definitely coming.
There you have it. Stay tuned for more scene news in relation to this massive leak/hack in the upcoming days!
* UPDATE:
Scene dev 'KaKaRoTo' has also shared more info regarding this leak in an interview via PlayStationLifeStyles.net:
On today’s Daily Reaction, we have a very special guest, Youness ‘KaKaRoTo’ Alaoui, developer of the first “Modified Firmware” for the PlayStation 3, to help us discuss the news that the PS3 has once again been hacked. Should the hackers have worked on finding the keys as it’s their device, or should they have expected the leak? And what does the hack really mean for Sony? Seb, Dan and Youness discuss.
Disclaimer: KaKaRoTo was not involved in the current hack or CFW.
Seb: I’d like to think that I’ve been pretty open minded about hacking in previous interviews I’ve held, but you have to wonder what ‘The Three Musketeers’ were thinking when they shared the keys with other people. You can’t trust anyone on the internet, and it was sadly naive to believe that one of the people they gave it to wouldn’t try to sell it. Now, they’re probably worrying whether Sony is looking for them, preparing to sue them.
I’m all for being able to do what you want with your own technology, you bought it, do what you want with it. But, just like when I buy a pen I shouldn’t pour the ink all over my face, individuals need to be responsible for what they do with the tech. Hack it, crack it, turn it into a toaster, whatever – but if letting people know what you did and how you did it could lead to piracy, then don’t release it, don’t share it.
Youness: There is no denying that there is a part of responsibility in what is being done by the hackers, but to be honest, you can’t really predict what will happen in the future, and you can’t be responsible for what others do. Don’t forget that this release of the lv0 keys doesn’t add such a huge advantage to the hacking community, but the keys were never meant to be released, because it was still somehow opening up potential piracy which is something the true hackers are absolutely against. The secret of the keys was well guarded, but somehow it got leaked (after many many months), and the reason for the release was to prevent some greedy company (dongle manufacturer) from profiting from the piracy it could have enabled. In the end, it happened, it’s unfortunate, but I wouldn’t sweat (or rejoice) too much over it. The release wasn’t about the fame or the “being first”, it was about countering an immoral act.
I can only guess there will be constant security updates making my ofw ps3 useless if they keep changing keys for gamesaves, playing blurays, and going on netflix. I dont play online so thats not an issue but installing a new fw every few weeks sounds like a pain in the ass lol.
Edit
I might be full of shit but i thought i just saw a post on the front page saying Team E3 has a 4.30 cfw coming out soon. I could have sworn I replied to that post too. Maybe I've had too much to drink tonight?
KaKaRoTo's hybrid debate was the most interesting out of the three articles. I liked how he pointed out that the entitled-kids and their desire for piracy turned away developers which in all honesty does explain the lack of homebrew. These entitled goofs did more harm to the PS3 scene then any Dongle has done. Well, that's the way I see it. I however have to disagree with his and the groups reasoning who published the keys. For one it seems strange that there is this pattern of leakers (I don't think they leaked anything at all - aka these incidents have been staged to avoid Sony's bulleye). Also, these three geek-a-teers claimed they released they key to prevent piracy, but if they simply let BlueDisk charge for their firmware (did they even ever plan to charge for it to begin with??? All I saw were free copies after sending them things you should not be sending anyone). So say if they did have a secure delivery system and it cost money then there would be less pirating then them simply giving the solution to the entire world. Well, that's just how I see it. KaKaRoTo for the most part was spot on and did a good job. Not that my opinion matters or anything ...
KaKaRoTo's hybrid debate was the most interesting out of the three articles. I liked how he pointed out that the entitled-kids and their desire for piracy turned away developers which in all honesty does explain the lack of homebrew. These entitled goofs did more harm to the PS3 scene then any Dongle has done. Well, that's the way I see it. I however have to disagree with his and the groups reasoning who published the keys. For one it seems strange that there is this pattern of leakers (I don't think they leaked anything at all - aka these incidents have been staged to avoid Sony's bulleye). Also, these three geek-a-teers claimed they released they key to prevent piracy, but if they simply let BlueDisk charge for their firmware (did they even ever plan to charge for it to begin with??? All I saw were free copies after sending them things you should not be sending anyone). So say if they did have a secure delivery system and it cost money then there would be less pirating then them simply giving the solution to the entire world. Well, that's just how I see it. KaKaRoTo for the most part was spot on and did a good job. Not that my opinion matters or anything ...
Thanks GaryOPA for this news, I had one "big" small question, with all the new leaks/exploits/hacks, is there any chance that some one could calculate the 3.6+ PUP private keys ??!!
I guess the answer is no, am I wrong ?
Thanks GaryOPA for this news, I had one "big" small question, with all the new leaks/exploits/hacks, is there any chance that some one could calculate the 3.6+ PUP private keys ??!!
I guess the answer is no, am I wrong ?
Some say yes some say no. I find these developments interesting, but the other 99% of people without CFW want to know what you're asking. CFW users are a small minority - I hope that can change.
KaKaRoTo's hybrid debate was the most interesting out of the three articles. I liked how he pointed out that the entitled-kids and their desire for piracy turned away developers which in all honesty does explain the lack of homebrew. These entitled goofs did more harm to the PS3 scene then any Dongle has done. Well, that's the way I see it. I however have to disagree with his and the groups reasoning who published the keys. For one it seems strange that there is this pattern of leakers (I don't think they leaked anything at all - aka these incidents have been staged to avoid Sony's bulleye). Also, these three geek-a-teers claimed they released they key to prevent piracy, but if they simply let BlueDisk charge for their firmware (did they even ever plan to charge for it to begin with??? All I saw were free copies after sending them things you should not be sending anyone). So say if they did have a secure delivery system and it cost money then there would be less pirating then them simply giving the solution to the entire world. Well, that's just how I see it. KaKaRoTo for the most part was spot on and did a good job. Not that my opinion matters or anything ...
Actually there was several cases where the developers themselves were pirating and then bragging about it. And they also scammed the scene which is far worse than piracy by any measure. All of the anti-piracy arguments have fallen flat on their faces. The real issue of developers turning away from this scene is more complicated. There were some that got turned away from all the drama. They saw that helping the scene only hurt them in the long run when the scene would crucify them. And yeah it was wrong for the scene to act that way, but for the most part it was a reaction to how the rest of the developers treated them. Most of the developers left because they couldn't scam the scene anymore for cash and fame anymore. Their schemes were revealed and they abandoned the scene to go laugh on irc about how they were the only ones that could pirate. Some future scene devs saw that they just couldn't get rich anymore and stood away with no work to show for it. Others that had work decided to sell it. Of course they were bound to be hated, that is understandable (though I disagree with the reasons). The real problem is when somebody wanted to help they would be shot down, their biggest critics being the elites. They would receive no help in their desire to further the scene and would just end up mocked by all with the elites throwing all the tomatoes. I wouldn't be surprised if a few of them didn't show up around now to take the credit for all of the progress. Like "I withheld all of this info and now I want credit for finding it first". One of the things I learned over the almost two years was that OtherOS was pretext. It was their excuse and the only way they could stay on their high horse since it was "For teh LINUX". I'm not saying people didn't get any use out of OtherOS and I'm not saying OtherOS wasn't desired by them, just that the only one that genuinely cared mainly for OtherOS was Graf. To the rest, it was a side effect, something they could take advantage of, but not their main concern. It's also why they were so concerned with DEX and it was eventually proven that the main thing DEX was good for was piracy, that it didn't provide anything new for homebrew.
As for the elites, forget them. They chose to leave when people stopped fueling their ego and wallets with nothing to show for it. There are more than enough devs still in this scene that deserve far more than just a commendation for their effort and patience so let's stop worrying about what could have been in regards to developers just trying to increase their e-penis and wallets with false promises.
KaKaRoTo's hybrid debate was the most interesting out of the three articles. I liked how he pointed out that the entitled-kids and their desire for piracy turned away developers which in all honesty does explain the lack of homebrew. These entitled goofs did more harm to the PS3 scene then any Dongle has done. Well, that's the way I see it. I however have to disagree with his and the groups reasoning who published the keys. For one it seems strange that there is this pattern of leakers (I don't think they leaked anything at all - aka these incidents have been staged to avoid Sony's bulleye). Also, these three geek-a-teers claimed they released they key to prevent piracy, but if they simply let BlueDisk charge for their firmware (did they even ever plan to charge for it to begin with??? All I saw were free copies after sending them things you should not be sending anyone). So say if they did have a secure delivery system and it cost money then there would be less pirating then them simply giving the solution to the entire world. Well, that's just how I see it. KaKaRoTo for the most part was spot on and did a good job. Not that my opinion matters or anything ...
Meh, the "entitiled goofs" take the lead from the devs at the top. It's a trickle down effect. The end-user holds no power whatsoever, it's the people with the knowledge and the power that dictate the reactions and attitudes in the "scene." The more people with the knowledge and the power, the better it is for the scene. I don't need to prove this as there are examples of it in every other scene except this one. All people want is the opportunity to be a part of it so that they can help and contribute in any way they can.
There are exceptions to this of course with people wanting nothing more than being leeches, but that is not the majority, that is the minority. When you look on this site, for example, the biggest whining and complaining comes from those with 1 or two posts. While everyone wants to shut them out, in doing so, you hurt everyone, ie punishing the majority for the sake of a few.
I, for one, am glad this leak occurred. Now, hopefully, the PS3 scene can finally build as a community, with everyone chipping in what they can be it testers, or helping others along or the more talented writing homebrew, etc for all of us to enjoy.
Another way to look at this--if everyone has the info, it makes it way more difficult for $ony to pinpoint people to go after. Even they can't sue the whole world. The reason why they were successful the last time is cause they found a scapegoat and set an example, however it makes it much more difficult when thousands are the cause vs a few.
PlayStation 3 - 'The Final Hack'?
Reply With Quote
Originally Posted by brakk3n
