Fail0verflow Obtains PS3 Cryptography Key
Fail0verflow has discovered the PlayStation 3's private cryptography key.
Wednesday during the 27th annual Chaos Communication Conference, the team behind the Wii's Homebrew Channel-- fail0verflow-- revealed that they figured out the PlayStation 3's private cryptography key. This means hackers could have full access to the console without the need for a USB device or actual software/hardware hacking.
Typically the "magic password" is used by Sony to authorize the execution of code on the gaming console. Now Sony's key is revealed, hackers can develop hack-free apps and games-- literally signing their code--to execute on the PlayStation 3 as if they're licensed developers.
"It's not an exploit, it's an Epic Fail by Sony," the team said during a live demo. "The PS3 is fine. They screwed up in HQ. They gave us their private key basically. They leave their private key mathematically, so we don't have to exploit anything, we just sign things."
According to reports, Sony didn't bother to generate random numbers to secure the key's secrecy. With that said, the fail0verflow team plans to release tools next month that will take advantage of the security flaw. However the tools aren't intended to enable PlayStation 3 piracy. Instead, they'll re-enable the installation of Linux on every unit sold no matter the firmware-- even v3.55 and beyond.
"Yes, we'll release all our tools as soon as we cleaned them up in January or so," the group said via Twitter.
To see the live demo, check out the video pasted below: