It doesn't matter how good you are, there will always be flaws people can exploit.
I'll go ahead and borrow from Tyson here: Everyone has a plan until they get punched in the face
It would be awesome for Geohot to work for a company and try to make a system that couldn't be cracked like the PS3 (except actual security, if in fact the smug guys in the conference were right). Very surprised Apple didn't hire him actually.
It doesn't matter how good you are, there will always be flaws people can exploit.
I'll go ahead and borrow from Tyson here: Everyone has a plan until they get punched in the face
true
yeah hiring him would be pointless because someone else would come along and hack his $h!t so why bother?
Makes me wonder if they remembered to keep K randomized....would they have cracked the ps3 that fast?
Just think, had they kept linux and allowed it access to the video, or had some really nice homebrew functionality built-in, people would have probably never looked for these exploits.
Just think, had they kept linux and allowed it access to the video, or had some really nice homebrew functionality built-in, people would have probably never looked for these exploits.
What's kind of sad is that anyone knowledgable about crytology and the ECDSA algorithim used by Sony should've noticed immediately that their implementation wasn't working right. The parameters, R, n, K, and Da, geohot gives in the link above are what you need to your own signing. The "n" parameter is a constant based on the ecliptic curve used and doesn't need to be a secret. The "K" parameter is the now infamous random number that should've changed everytime something was signed. "Da" is the private key that's supposed to be kept secret but was easily discovered because "K" never changed.
"R" however, is part of the signature. It's not supposed to be a secret, it's used to verify the executable (or whatever) was actually signed by Sony, not any one else, and not modified in anyway. It's also not supposed to be a constant, each signature should have its own unique "R" value, but becase "K" never changes, neither does "R". Just by looking at the signatures their implentation generated, and seeing how half the signature is always the same, they could've seen that something was wrong. Ironically if they hadn't gone to the additional and unnecessary step of encrypting the signature in the executable it would've been blindingly obvious even to third-party developers who knew little about cryptology. This could've been caught and fixed before the PlayStation 3 was ever released to the public, if Sony had just been dumb and not also stupidly paranoid.
The prahase "Epic Fail" gets way over used, but this time...
(As for the rest of the constants, the "pub" parameter is probably Sony's now uninteresting ECDSA public key. "erk" and "riv" are the secret parameters of the AES encryption method used to encrypt executables.)
Lol exactly...I haven't taken any security classes yet
Da is the important part of the key, it should be incredibly difficult to figure out because K is supposed to be a random number and Da is part of the same function as K. Since Sony somehow failed to make K random, Da was easy to figure out. With this information, you can sign an executable which the PlayStation thinks was approved by Sony, including the firmware itself.
We'll pretend the key is X and the function is simply X = Da * K. X is a given and K should be random, making Da nearly impossible to figure out. Since it's not, solving it algebraically is a cake walk.
Sounds like a dumb mistake on Sony's part, but they make a lot of those so I am not surprised.
806E078FA1529790CE1AAE02BADD6FAAA6AF74178BAEB115B68AE33CCD812CE8E85170BDA4F95417
806E078FA1529790CE1AAE02BADD6FAAA6AF741771CD1F2DD1DB19252804DE93E50E71A69C9D1FFB
806E078FA1529790CE1AAE02BADD6FAAA6AF7417304D6DE39A90746F858A505F0871DFA96FE14D8D
806E078FA1529790CE1AAE02BADD6FAAA6AF7417A3B32962F39E6D08C4EFAB2EC3605C8257A070AALast week I was in a MW2 game where the guy had 25 kills almost immediately and the nuke "sound" blasting the entire game without actually detonating. He fired AC130 ammo with hand-held weapons. It was actually pretty cool. I loved glitching out of maps way back when anyone had the same tactical chance to do so. When a game has been out for a while, who cares when a few new variables are added to the game-as long as everyone has the same opportunity to use them.
So it's not hard to see some programmer thinking the second random number needs to picked only once, just like the first.
When Sony creates a newer hardware revision with a different metldr key, they would have to issue 2 different firmware updates: one of the current hardware, and one for the new hardware. This is because if they update the metldr keys, all of the ldrs down the chain will need to be re-encrypted with the new key, and signed with the new key. (In theory, they could also publish a single unified update which decides which one to install at runtime.)
So assuming we have current hardware, with the currently known and leaked metldr key, and Sony publishes an update, we can:
Decrypt the update, and all levels of the firmware from lv0 downwards (we have the decryption key)
We can update any revocation list they provide, we can update any whitelist they provide, we can remove any signature checks they add.
We can re-encrypt the update (its symmetric, and we have the keys), and we can resign the update (we have the private ECDSA keys)
We can install our newly "hacked" update...
Lets say Sony tries to be smart and adds some self CRC/Hash calculation code to their new firmware:
We can decrypt the firmware
We can update the CRC calculation code to always return the correct expected value
We can encrypt, sign and install our hacked new firmware.
Sony can't tell the difference between a hacked firmware and a real one.
Let's say our user is dumb, has a current hardware PS3 and updated it to Sony's new firmware with a whitelist for old apps and a revokelist for old firmware, and newer firmware updates are signed with new PKI keys:
We can flash the flashrom (using a hardware flasher) with our own firmware since we have the metldr keys.
Alternatively a "modchip" can be installed beside the flashrom to provide the firmware code.
The console has to accept it because metldr will decrypt it and verify the signature.
This is what khrak is referring to when he says that its broken in an unfixable way.
There is absolutely nothing Sony can do short of updating metldr, or having some secret backup metldr with different keys to fix the issue on current hardware. Even with a backup metldr, geohot (who due to egotistic reasons has not revealed how he got the metldr keys) can probably recover the new metldr keys using whatever exploit he used again.
Some random programmer? No, it's not hard to see them making a mistake... A (most likely) well paid security professional developing the security for a console Sony wants to last 10 years... It's pretty hard to imagine. I keep getting the feeling that this may have been done by someone on purpose, it is too big of a mistake.
So...where are the "tools" everyone was supposed to have like 2 weeks ago?
Is Sony behind this fiasco or IBM? Last I heard, IBM was the brains behind the PS3's security system. If so, Sony should lawyer up.
They're already out there if you know where to look, and someone has already written the first custom firmware which will launch unsigned homebrew only.
Interestingly, I just looked it up, it features no piracy options.
Since the kernel is left unmodified, this means that this custom firmware is really meant for future homebrew installation, and it will not allow piracy. I plan on keeping it that way.
Which is why I said homebrew only. All of the hacking groups are trying really hard right now to slow the onslaught of piracy.
Kakaroto (the creator of the firmware) said on his blog: