The Playstation 3's biggest nightmare?

If it's not the Nintendo Wii or Microsoft X-Box 360 that's the problem, then there's something chewing at Sony's shoes: Hackers. In 2011, the PS3s were exploited thanks to Fail0verflow. Their motive? Fail0verflow's explanation? Hackers want to run their own code on the hardware they buy and PS3 allowed them to do that from day one. Only when the Linux-stripped PS3 Slim appeared – which they say can run the OS just as well at the older model – and when OtherOS was removed from the "fat" console, were the hackers suitably motivated to expose the security shortcomings of the system. Now come on here, Fail0verflow. Video Game systems are something you don't crack open. They're something you cherish like the Playstation 1 and 2. None of that other stuff matters. And how dare you want to play Linux on the PS3. Heck, running Linux or even Windows is about stupid and they should be replaced with the Sony OS. So how did Fail0verflow get their gritty mitts on the code? Well However, the Fail0verflow team's work goes way beyond this traditional style of hacking. They have released the technique by which any kind of unauthorised code can be run on any PS3. Every PS3 executable file is encrypted, or signed, using private ciphers only available (in theory) to Sony itself. It has long been established that brute-forcing the keys would take hundreds of thousands of computers hundreds of thousands of years to complete. However, despite this mathematical reality, Fail0verflow are now in possession of all of the encryption keys Sony uses. They can create DLC-style packages that will run on any PlayStation 3, and yes, they can create their own custom firmware upgrades. Their stated aim is to produce their own firmware update that boots directly into Linux on any PS3, but the methodology allows for any kind of custom firmware to be produced – and we all know what that means. So how did Fail0verflow get the keys so quickly? Well, in creating the encrypted files, an important element of the mathematical formula is the use of a random number. The PS3 encryption scheme uses just a single random number that never varies between each signed file, while the proper way of carrying out the signing process is to use a different random number every time a file is signed. Armed with just two signatures, it is possible to mathematically reconstruct the encryption key thanks to this constant variable. In theory, it's as simple as that. In practice, some simple equation work is required. In other words, it takes rocket scientists to crack the PS3, and it seems Fail0verflow are rocket scientists. More than a year has passed since the worst came. Patch 3.6 blocks out the hacking completely, though something did manage to slip between the cracks. And this is for those who didn't update, this is where Sony is about to fall apart. But first, details on what 3.6 was suppose to do The firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware. That meant if you wanted access to the PSN, you needed Patch 3.6, which locks you out of custom firmware. Those with Patch 3.5.5 and below were out of luck. Until recently, unfortunately. Despite the effectiveness of firmware 3.60, PS3 has still had to contend with piracy issues, notably the JB2/TrueBlue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to PSN - until recently at least, where the "passphrase" security protocol protecting PSN was leaked, giving hacked consoles full access to the service. The release of the new custom firmware - and the LV0 decryption keys in particular - poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles. So just how did LV0 come to be released at all? The original hackers who first found the master key - calling themselves "The Three Tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released. Folks, this may be the biggest hack in the history of the Playstation legacy. What next, a hack that lets you revert to Patch 3.5.5? Stay tuned to see if Sony can get themselves out of this mess. Works Cited: Eurogamer Link 1 Link 2