Bad news for Sony

[proffesso]

Quote:

Originally Posted by SaMbO

*sigh*
fuck me.
*mutter mutter*
kids fukcing it all up for everyone (go Webber)

lol @ maths nerds:


perhaps not as bad as originally thought.

yeah bit of a saving grace there.

[SaMbO]

also seems you'll actually need to hack the console to get the ID.
randoms codes dont work either
ie no physical access = no ID code

[flain]

Quote:

You agree that you will not use any unauthorized hardware, including peripherals not sold or licensed by a Sony company such as, by way of example only, non-licensed game enhancement devices, controllers, adaptors and power supply devices (collectively, "Non-Licensed Peripherals") or software to access or use Sony Online Services or any content or service provided on or through Sony Online Services.

Am i reading that right? Does that mean that if you plug in a camera with photos or a usb drive with photos on it you are now breaking the terms and conditions unless sony goes out an approves your camera or usb drive?

edit: ok "sold or licensed by sony", so essentially if sony sells the camera its ok, but anyone else and you are breaking the T&Cs. Also that makes all custom built arcade sticks against T&C, and what about the madcatz SF3 sticks?

[Grant]

Quote:

Originally Posted by SaMbO

also seems you'll actually need to hack the console to get the ID.
randoms codes dont work either
ie no physical access = no ID code

Not quite, from what I read (link is now dead) you just need to be able to sniff network packets from the PS3 in question - either by having access to the LAN/upstream network, or knowing the wifi network's encryption key (if any) and driving past a PS3 using wireless. You could literally go wardriving for keys if people have them on unsecured networks.

PSN should be using SSL, hopefully they'll start soon.

[Grassy]

I think the only problem will be if they manage to come up with a working console ID generator, then shit will hit the fan.

[flain]

Quote:

Originally Posted by Grassy

I think the only problem will be if they manage to come up with a working console ID generator, then shit will hit the fan.

Hopefully its not as easy to crack as their ECDSA code. If someone is able to find the forumla by comparing legit keys they it would have to be pretty weak, so chances are it will be fine.

[Grant]

Quote:

Originally Posted by flain

Am i reading that right? Does that mean that if you plug in a camera with photos or a usb drive with photos on it you are now breaking the terms and conditions unless sony goes out an approves your camera or usb drive?

edit: ok "sold or licensed by sony", so essentially if sony sells the camera its ok, but anyone else and you are breaking the T&Cs. Also that makes all custom built arcade sticks against T&C, and what about the madcatz SF3 sticks?

Mass storage devices would have a hard time being counted as "peripherals", although Sony probably has a get-out-of-jail-free "we can ban whoever we like" card in the TOS somewhere.

Manufacturers like MadCatz would have a license from Sony to make peripherals, but there are plenty of unlicensed controllers out there. Thankfully it's fairly impossible to detect from Sony's side, though you could say that eg. a controller with a rapid fire button is cheating if you use it online, and Sony could run a script to detect excessively fast and accurate button presses.

[SLATYE]

Quote:

Originally Posted by flain

Am i reading that right? Does that mean that if you plug in a camera with photos or a usb drive with photos on it you are now breaking the terms and conditions unless sony goes out an approves your camera or usb drive?

edit: ok "sold or licensed by sony", so essentially if sony sells the camera its ok, but anyone else and you are breaking the T&Cs. Also that makes all custom built arcade sticks against T&C, and what about the madcatz SF3 sticks?

That clause is specific to the online services. Using a camera or USB drive with the PS3 just to view pictures is fine. Using it to somehow connect with PSN (is that even possible?) might get you banned.

Quote:

Originally Posted by SaMbO

let me see if i understand this correctly, as im not a programmer nor a hacker:

failOverflow used the jailbreak to get the key

the jailbreak was a copy of a stolen service tool

from that:

would f0f have been able to get the key without the jailbreak?
im guessing eventually...
but like i said im not a programmer nor a hacker, its out of my league.

The jailbreak uses a pretty convoluted method to access the PS3. It really looks more like a bug in the System Software than something Sony set up on purpose.

Also, when Sony was trying to get the PSJailbreak banned, their primary argument was that it would allow piracy - not that it was an illegal clone of their own hardware.

I'm sure that Sony does have a way of getting into debug mode, but it's very unlikely to be the same as the jailbreak. Of course, we won't know until someone leaks the genuine Sony module or deconstructs the System Software to find out what other things can get you into debug mode.

As far as I can tell, Fail0verflow's attack didn't actually require PSJailbreak at all. They could have just grabbed a few firmware updates (each with its own signature) and gotten the key from those. They didn't do it because (a) before the jailbreak, not many people were working on getting Linux back because it seemed pretty much impossible, and (b) because it's such a silly mistake that nobody would guess that Sony had done that.

It's sort of like robbing a bank just by walking through the front door, finding the vault open and the guards asleep, then walking out with a million dollars. Nobody ever tries to rob a bank like that because nobody expects the bank security to be that useless.

Quote:

Originally Posted by flain

Hopefully its not as easy to crack as their ECDSA code. If someone is able to find the forumla by comparing legit keys they it would have to be pretty weak, so chances are it will be fine.

Hopefully. Even if it did suffer from that problem Sony have probably fixed it a little bit in 3.56 (by encrypting the key properly before sending it).

If the vulnerability does exist in earlier firmwares, it'll probably get exposed before too long. Connect a whole lot of old 3.55 and lower PS3s to find out how to generate keys, then decompile the 3.56 firmware and figure out how it encrypts the key before transmission.

[Grant]

Quote:

Originally Posted by SLATYE

Hopefully. Even if it did suffer from that problem Sony have probably fixed it a little bit in 3.56 (by encrypting the key properly before sending it).

If the vulnerability does exist in earlier firmwares, it'll probably get exposed before too long. Connect a whole lot of old 3.55 and lower PS3s to find out how to generate keys, then decompile the 3.56 firmware and figure out how it encrypts the key before transmission.

The point flain was making was that it's hopefully difficult to figure out a list of likely valid ConsoleIDs algorithmically - if you're analysing known ConsoleIDs, that has nothing to do with the PS3s encrypting them before sending them, because a group working on the problem will have a bunch of IDs that are willingly donated (and can be gathered from any FW version using the leaked root key to jailbreak it).

Basically, if they figure out the ConsoleID is a simple md5 hash of the serial number, and that serial numbers are literally serial (ie. factory X starts at serial number 30000 and increments the number for each unit they produce), then it will be easy to generate thousands of probably-good ConsoleIDs to try (or to mass-ban if you're wearing a black hat).

[SLATYE]

Yes, I realised that, although my post didn't show it very well.

The thing is, if the console is broadcasting the raw console ID even with firmware 3.56, that makes it very easy for millions of people to provide their ID to the hackers. Once/if they figure out the algorithm, it's trivial to modify PS3s to send different numbers back to Sony.

If you can only get the console ID from people who have jailbroken their console, that's a far smaller group and therefore it'll be harder to get serial numbers. Even then, if you can figure out the algorithm then you still need someone to go through the code for 3.56 and figure out what it's doing to the number before sending it to Sony. Then the CFW has to be re-written to use that, and everyone has to update.

Hopefully the "console ID" is actually a serial number that IBM store in the Cell during production. Then it'll have absolutely no relationship to the PS3's own serial number, and IBM might have done a better job with security than Sony did. Of course, serial numbers aren't normally designed for maximum security, so IBM might have used a fairly simple algorithm to generate them.

Edit: actually, I wonder whether this will stimulate the market for broken PS3s. A PS3 that boots up but YLODs whenever you run a game could provide a perfectly good console ID to get a hacked console back onto PSN. Similarly, a PS3 with a dead Blu-ray drive isn't much use and may not be worth fixing, but you can still get the console ID.

[MonoJoker]

And so it begins, the great downgrade race:

http://forums.overclockers.com.au/sh...d.php?t=940933

[Philll]

Geohot's begun asking for money to fund his legal proceedings, gotta love some of the pirate logic:

Quote:

Hmmm you know I wish I didn't buy the ps3 my money would have went to Geohot instead of Sony for this but now I'm thinking why not copy all my ps3 games then sell my games to Sony fansuckers so that they technically support Geohot loool !!

[The Beast]

Quote:

Originally Posted by Philll

Geohot's begun asking for money to fund his legal proceedings, gotta love some of the pirate logic:

I just read the update at his site. This kid is in way too deep, kinda feel sorry for him in a way, except that his still thinks this is all a game. Sometimes kids have to learn lessons the hard way.

The lawyers are loving this, they get paid either way .

[SaMbO]

Its one of those things... whenever i hear someone say the word 'magic', i start to wonder...
why not just explain exactly what is going on???
its gotta a trick! some sort of subterfuge? something isn't right....

wifey was watching netball this evening and i was thinking about life, shit and this thread, not particularly in that order. Slayte had sort of answered my previous questions, but as is often the case, one answer, anyone with children will appreciate this fact of life leads to another question.

so i did some searching, and found a copy of fail0verflow's (f0f, cant be fucked typing that again) ccc presentation the wonders of google.

having watched most of the video, it's pretty obvious they did use 'the jailbreak' to gain entry and load AsbestOS, which was gave them the ability to 'hack' ps3 keys.

now, having thought about the convoluted way that the jailbreak works, i seriously doubt that it is a bug in the system. see, that was 'the magic', the f0f 1337 hacker even used those exact words.... the magic...
between payload 1 & part 4... magic happens! actually no.
a sophisticated program loads a second payload and then payload 3 does 'its magic' (seemed to have 15 instance parts) which then allowed a memory (buffer? sorry i;ve been drinking) overload/overrun? which seems to be the only answer to the 'chicken or the egg' question asked by the ps3 OS security system. this is OBVIOUSLY a massive fuckup by sony, to allow a multi prong attack on thier system to overflow the memory (the basics of the original Wii hack, f0f's first 'hack' ie "lol sony never saw us comings, we're l323t 4teh179sbuz")..
but hang on.. wouldnt sony have thought of that after the wii was hacked? i'll assume they did. geohot's original hack used the same exploit and it wasn't easy to replicate but sony reacted anyway, they knew the danger, they had (at the time) the only 'hack' proof console, geohot was playing with pandora's box and sony knew it.
why? again f0f answers the question in their presentation, as they stated: sony thought 'no one can see our code'. and they were correct until a tiny piece slipped through the cracks, the service centre jig stick was leaked/stolen/sold. its a fuck-up from the point of view of a hacker, but it makes sense from the other side of the coin. Sony's opinion would have been thus: we have the key, you cant see the key, we can access our OS, you cant (unless you steal our key). but even this eventuality was obviously though of (probably from their experience with the psp and pandora battery), sony's answer to the original jailbreak was a fast firmware update, revoking the jailbreak's (jig's) keys. the jailbreak crew then answered with the firmware downgraded (which f0f admit was leaked from sony... maybe on the original stolen jig?) which sony then answered with etc etc. DNS work-arounds, SSL hacking etc etc, sony see's it all and are banning consoles...

even the latest hack to unban a banned ps3... let do those numbers... what was it again? 26^xyz possible cominations? more than there are atoms in the entire universe... how many ps3s? 30 - 40 million... that is, in my humble opinion, a lot of no's and not many yes'


f0f used the jailbreak, then brute forced the key, even if it was '4'. the analogy:

Quote:

It's sort of like robbing a bank just by walking through the front door, finding the vault open and the guards asleep, then walking out with a million dollars. Nobody ever tries to rob a bank like that because nobody expects the bank security to be that useless.

isnt correct. it would more be like: someone gave me a key that would let me into the security centre where a copy of the key to the vault is kept. even that isnt right... im hopeless at analogies

I almost wonder is AsbestOS wasnt picked as prophetic name? something that seems good at first but eventually kills you?

let me speculate...

f0f knew the master key could be 'sniffed' with their discoveries but made them public anyway.
egohot (its an easy typo to make) just couldn't resist (im speculating again) another shot at the limelight and used f0f's work to discover and disclose THE KEY (maybe as reparation to the hacker/pirate community for, as a direct result of his activities, having OtherOS removed, maybe he was just being a 'rebel' or he just does not like sony, maybe its an ego thing)
ie geohot's hack was the main reason that sony removed OtherOS support from the phat, which f0f proclaimed (with trophy 4tehlulz!) 'pissed of the hackers'.

at this stage we need to work backwards do we?...
why was geohot hacking the ps3?
to try to restore OtherOS to 'the slim' ps3, a feature sony had removed. Sony even offered a reasonable explaination, i've bolded the important parts:

Quote:

In order to offer the OtherOS install, SCE would need to continue to maintain the OtherOS hypervisor drivers for any significant hardware changes – this costs SCE.

continue to maintain = support, this cost SCE = money. sony did not want to continue to support a limited number of users across all the ps3 models, they also at this time removed backwards ps2 compatibly. backward compatibly too, sony had concluded, wasnt a massively sought after feature (and they could sell any ps2>ps3 converted games on the psn, zomg monies!!!!!) with the ps3.
And as a ps1 & ps2 owner, with a large collection of games, they were right. the only ps2 game i have ever played on a ps3 is Tourist Trophy, PD's awesome bike 'simulator' based on gt4. (maybe someone could suggest a nugget of gaming nostalgia that i have missed out on because of this heinous crime by sony)

but i digress...

'the slim' was a 'cut price' model, probably still being sold by sony at a loss at the time (iirc it was only recently that the cost of a ps3 console came in under the price of purchase), which in turn probably means (and someone could possibly prove me wrong) the cell and the RSX were also being sold to sony at a loss (under the retail price?) from IBM & nvidia, who would probably not want their hardware to be utilised to its full ability on a 'game console' being sold for below cost price, and as such would support the removal of the linux OS. call me stupid, but i dont see anyone making any money if that happened, who is oging to buy the latest and greatest PC bits for $2000 and assemble it yourself when you can buy it off the shelf for $299, hence full access to the RSX (is that the name of the graphic chip in the ps3?) was never allowed under OtherOS (but some may claim otherwise)

sony also said:

Quote:

Please be assured that SCE is committed to continue the support for previously sold models that have the “Install Other OS” feature and that this feature will not be disabled in future firmware releases.

so, sony were willing to continue to support OtherOS BEFORE geohot hacked the slim, after the hack, sony said, 'we're taking our ball and our bat and going home', yes they pissed off 'the hackers' oh noes

iterestingly this is the adv on the same page i sourced these sony quotes:

Click to view full size!
were these things ever worth $150?

Quote:

Also, when Sony was trying to get the PSJailbreak banned, their primary argument was that it would allow piracy - not that it was an illegal clone of their own hardware.

f0f actually gave us the answer to this little mystery, the jailbreak was a clone (as were all the other clone of the clone... err), it was the 'magic' bit in between that acutally did all the work, allowing unsigned code. ie debug mode
(dam i've had too many beers, getting hard to type without speeling mistaks, and then ran out! grabbed a glass of bubbly bvut it wont last forever!!! not only that but i;ve got off track again, let me reign it back in for anyone who's still reading (and bear with me, if you still are, sometimes it takes multiple parentheses and commas, to get your point across, but you may lose track of how many you are using and if that happens, is worth doing this))))))

im not even sure if i got my point across, may as well jsut hit post and see what the end result is...
edit: i lost my glass of bubbly... oh... damn.. im going to play gt5. to bed, tis late...
edit2: found my glass = all good!
edit3: probaly should still go to bed. but gt5 is calling meeeeeee!
edit4: damn im gunna have to re-read this all again tomorrow.
edit: if my velocity starts to make you sweat....

[The Beast]

Quote:

Originally Posted by SaMbO

Wall of AWESOME!

Dude, I just woke up to have a piss and found your post....

....let me just say before the great unwashed masses get all butt hurt and regurgitate hearsay and conjecture in an attempt to cut you down....

....bravo sir, BRAVO!

You've pretty much summed it up in a brilliant wall of sweet sweet drunk speak. Now watch as some punk kid selectively quotes bits of your post and proceeds to denigrate this into a shit fight.

Don't make the same mistake I always seem to do and argue, apparently this is the official 'Sony is evil and hates all it's customers and Beast is a fanboi for disagreeing' thread. Donchaknow?

BTW: You're a funny f*#$er on the turps . Loved the edit .