October 30th, 2012, 23:48 Posted By: wraggster
News of yet another PlayStation 3 hack is unlikely to be greeted with too much surprise, but the damage wrought by the release of the LV0 bootloader keys last week could have serious repercussions - not just in terms of PS3 piracy but also for the long-term security of the PlayStation Network.
Up until now, Sony has coped relatively well with the multiple breaches of its security that have occurred over the last couple of years. The original PSJailbreak was built around an exploit in the USB interface present up until firmware 3.41, and that hole was plugged by Sony within weeks. Hackers managed to run a small amount of games built for later system software revisions but through mandatory software upgrades, access to the PlayStation Network was off-limits for those who remained on the hacked firmware.
"The latest PlayStation 3 hack can only have a limited impact in terms of game piracy, but the door once again opening to PSN hacking is a genuine concern."
Then, disaster. Inherent weaknesses in Sony's encryption algorithms were unveiled by hacker group fail0verflow, swiftly followed by the publication of the metldr "master key" from the infamous Geohot. PlayStation 3 was blown wide open - seemingly irrevocably - from two fronts. Not only could all aspects of the system be decrypted with the master key and then reverse-engineered, but thanks to fail0verflow's signing tools, the code could be repackaged into a form that the PS3 was happy to process. The era of the "custom firmware" was upon us and there was a point where every console on the market could be compromised simply through running a CFW update from a memory stick.
System software 3.60 saw Sony fight back valiantly. New encryption protocols were put in place which effectively mothballed metldr, while the specific signing algorithms used for fail0verflow's tools were blacklisted. Encryption keys were changed so new software would not run on older firmware, and Sony even released a revised console with changes to the Cell architecture that addressed some of the exploits hackers were using to gain access to the PS3 hardware - even the metldr key was changed on this new hardware. Access to the PlayStation Network was completely locked out on hacked consoles.
There's little evidence that the hack which saw PSN's servers compromised in one of the biggest security fails in internet history had much to do with the breaches that preceded it. The hack was server-side and there Sony was running traditional hardware with open source software, which had vulnerabilities of its own. It's telling that even after PSN was restored to service, the underlying protocols by which PS3 "spoke" to the servers hadn't changed so much at all.
However, the hackers were not done with PS3. A new "jailbreak" based on another USB dongle appeared last year, dubbed "TrueBlue". This allowed newer games to run on older, compromised firmware 3.55 PlayStation 3s. It worked through the hackers decrypting newer games and then re-signing them with a variant of fail0verflow's tools. This time there was no exploit in Sony's USB code: instead the hackers released their own firmware which would not function without the dongle attached. In short, it was a crude way to monetise the fact that someone, somewhere had somehow managed to retrieve decryption codes from Sony's latest OS updates. At the same time, the unique "pass phrase" buried within the firmware that allows PS3s to connect with the PlayStation Network was also leaked - and then leaked again after Sony changed it.
For more information and downloads, click here!
There are 0 comments - Join In and Discuss Here