Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Essentially this will allow anyone to sign executables and run them on any retail PS3 without the need for hardware modifications to the console.


Are you sure? I think that the PS3 uses real public-key crypto to sign the OS all the way down from the initial boot. The best you could do with this is load an alternate signed OS image (possibly an earlier one that is exploitable).

I don't really know much about PS3 hacking, so this is all just a guess.


Uh, you have it backward. Since it's verified boot, you can't easily alter the signed OS image. This is better as it allows individuals to sign executables that will then execute natively in the regular OS.

This is how original Xbox and Xbox 360 softmods work. The regular OS boots and either an exploit occurs in the font package, music player, MechAssault or Splinter Cell (the latter two used for bootstrapping the former two) or in the 360 the xbox is "rebooted" virtually to avoid the verified boot into an alternative kernel that has signature checking removed.

Note, I know nothing about PS3 hacking either and am making assumptions based on the connotations of the word "master key", "signing" and other comments here along with my knowledge of xbox1/360 hacking.


I think you are mistaking what "master key" means here. They found the dongle HMAC secret, which means that anyone can create a new dongle for getting into service mode, which is apparently useful for downgrading to a different OS in some cases, but has no utility outside of that.

It's not the master key for cryptographically signing executables or OS images.


Well that's a downer.


I think I'm wrong! I think that they might have figured out the private keys. Watching this now to learn more:

http://www.youtube.com/watch?v=X6CA4fqAdsc

I'll post more info once I've seen what they say.

EDIT: WOW! Okay, looks like they screwed up big time. They used the same random number for all their signatures, which means that they effectively leaked their private key for various bootloaders in the system. The chain of trust is toast.


You're sending me on a roller coaster of emotions here mmastrac! That's pretty cool. I picked up a 360 modified it to play Reach and then sold it for over twice what I paid. I need something new to mess around with, this could be fun.


Incorrect. All this lets you do is sign your peripheral (dongle) allowing it to tell the PS3 to enter service mode.

The master keys for signing PS3 executables has not been leaked.


Not yet leaked, but apparently derived due to Sony's poor random number generator. See the presentation here: http://www.youtube.com/watch?v=X6CA4fqAdsc (part 1...money shot is in part 3)


This is correct, thanks to the Wii hackers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: