PS3 "Hacked for good" Master-Keys Revealed 10-26-2012, 09:28 AM
#1
Article: http://nakedsecurity.sophos.com/2012/10/...-revealed/
Can't wait to softmod my PS3
LV0 keys:
ERK = CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9 AB2D215865878A
RIV = F9205F46F6021697E670F13DFA726212
PUBLIC = A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB 925AAF4AFFF34D41EEB54DD128700D
PRIVATE = 001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3
CURVE_TYPE = 0×33
Quote:Sony's PS3 has been hacked.
Perhaps "hacked" is the wrong word, because it can imply both criminality and lawful exploration. But we'll stick with "hacked" here, in the sense of "some reverse engineers have figured out how you can adapt, or jailbreak, your PS3 to make it interoperable with software of your own choice."
The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS, where hackers typically uncover a security vulnerability and exploit it, whereupon Apple patches the hole and suppresses the jailbreak.
But the latest PS3 break is being dubbed unpatchable and the final hack.
That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys.
The PS3 system software loads up as shown in the picture below:
The Level Zero (LV0) loader is the mother of all field-updatable firmware components in the PS3 bootstrap process. It orchestrates the loading, and the cryptographic verification, of all the modules underneath it. As long as the LV0 loader remains the way Sony wants it, you get to run only what Sony wants you to.
Pirated games won't load, which is good for rights holders. But Linux, for example, won't run either, which is bad for you. Why shouldn't you run lawfully-acquired software of your choice on your own computer? [*]
With the LV0 keys now published, you can - at least in theory - replace the LV0 loader and run whatever you like, because you can authorise your own custom firmware (CFW). The PS3's most-secret cat is out of the bag.
Incidentally, the publication of the LV0 keys was not without some controversy and finger-pointing amongst the reverse engineering and CFW community.
It seems as though a hacking and reversing posse known as the Three Musketeers worked out the LV0 keys some time ago. Since they were, in their own words, "done with PS3 now anyways," they just sat on the information.
But some turncoat leaked it, and it eventually reached a Chinese hacking group, BlueDiskCFW.
Well, well.
BlueDiskCFW didn't just use someone else's work to publish a custom firmware that was unashamedly aimed at violating others' intellectual property. They planned to charge for it! Knock me down with a feather! Dishonourable software pirates! Thieves and rascals!
The Three Musketeers took exception to that.
Let's hope, when the PS4 comes out, that Sony will give up on trying to lock out jailbreakers permanently, and instead provide a way for those who want to run alternative software to do so in official safety.
When King Cnut famously ordered the tide back and failed, he wasn't an arrogant absolute ruler trying to show off.
He knew he would fail, and thereby demonstrated that to hold back the tide was impossible - and, in any case, unnecessary - even for a king.
![[Image: ps3-boot-loading-500.png?w=640]](http://sophosnews.files.wordpress.com/2012/10/ps3-boot-loading-500.png?w=640)
![[Image: group-effort-500.png?w=640]](http://sophosnews.files.wordpress.com/2012/10/group-effort-500.png?w=640)
Can't wait to softmod my PS3
LV0 keys:
ERK = CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9 AB2D215865878A
RIV = F9205F46F6021697E670F13DFA726212
PUBLIC = A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB 925AAF4AFFF34D41EEB54DD128700D
PRIVATE = 001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3
CURVE_TYPE = 0×33
(This post was last modified: 10-26-2012, 09:35 AM by The Protagonist.)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: fSEZXPs.png]](https://i.imgur.com/fSEZXPs.png)
![[Image: V8OSA.gif]](http://i.imgur.com/V8OSA.gif)
![[Image: blanksig1.jpg]](http://www.bonethugsnharmony.co.uk/images/blanksig1.jpg)
