Sign in with
Sign up | Sign in

Fail0verflow Obtains PS3 Cryptography Key

By - Source: Engadget | B 32 comments

Fail0verflow has discovered the PlayStation 3's private cryptography key.

Wednesday during the 27th annual Chaos Communication Conference, the team behind the Wii's Homebrew Channel-- fail0verflow-- revealed that they figured out the PlayStation 3's private cryptography key. This means hackers could have full access to the console without the need for a USB device or actual software/hardware hacking.

Typically the "magic password" is used by Sony to authorize the execution of code on the gaming console. Now Sony's key is revealed, hackers can develop hack-free apps and games-- literally signing their code--to execute on the PlayStation 3 as if they're licensed developers.

"It's not an exploit, it's an Epic Fail by Sony," the team said during a live demo. "The PS3 is fine. They screwed up in HQ. They gave us their private key basically. They leave their private key mathematically, so we don't have to exploit anything, we just sign things."

According to reports, Sony didn't bother to generate random numbers to secure the key's secrecy. With that said, the fail0verflow team plans to release tools next month that will take advantage of the security flaw. However the tools aren't intended to enable PlayStation 3 piracy. Instead, they'll re-enable the installation of Linux on every unit sold no matter the firmware-- even v3.55 and beyond.

"Yes, we'll release all our tools as soon as we cleaned them up in January or so," the group said via Twitter.

To see the live demo, check out the video pasted below:

PS3 Private Key Exposed

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 1 Hide
    nevertell , December 31, 2010 8:29 PM
    I watched the whole thing, it was hilarious actually.

    Probably due to the way they presented it, though.
  • 0 Hide
    Blessedman , December 31, 2010 8:34 PM
    Hmmm can they not be held liable?
  • 1 Hide
    hellwig , December 31, 2010 8:47 PM
    BlessedmanHmmm can they not be held liable?

    With the DMCA, simply possessing the private key can probably be considered tampering or illegal in some way. I wouldn't doubt Sony's lawyers are already working overtime getting the cease-and-desist and lawsuits ready. The same thing happened when someone cracked the DVD master key. The DVD association dried to stop the guy from posting it using all sorts of legal claims, of course, its everywhere now.
  • Display all 32 comments.
  • 4 Hide
    Travis Beane , December 31, 2010 9:27 PM
    I only play PC games now, and use my PS3 as a media centre. With Steam summer and winter sales, it's easier to just buy them.
    Custom firmware on the other hand, I like. Hopefully with full GPU access.

    March on men.
  • 4 Hide
    christop , December 31, 2010 9:42 PM
    will some one of Tom's delete this dude with the name dsdfsdfdsf . The Spam is getting old and I am going to have to fire up the LOIC on the linecheckout site.
  • 2 Hide
    jj463rd , December 31, 2010 9:48 PM
    christopwill some one of Tom's delete this dude with the name dsdfsdfdsf . The Spam is getting old and I am going to have to fire up the LOIC on the linecheckout site.

    Please do this the spammer websites.
  • 0 Hide
    vincenz0 , January 1, 2011 12:00 AM
    wow
  • 0 Hide
    LordConrad , January 1, 2011 1:25 AM
    Does this mean Linux without Sony's Hypervisor???
  • -1 Hide
    servarus , January 1, 2011 1:36 AM
    Sometimes I feel that this stuff is more like excuses to run pirated games. Maybe the developer didn't intend to use it that way, but many others are.
  • 0 Hide
    FloKid , January 1, 2011 1:46 AM
    should they not tell sony about this? lol next firmware
  • 1 Hide
    slipdisc , January 1, 2011 3:01 AM
    FloKidshould they not tell sony about this? lol next firmware

    Thats not going to work. That would revoke the license of every current and past PS3 title. Sony might be fuct this time.
  • -1 Hide
    Darkk , January 1, 2011 3:05 AM
    This is actually good news to give us the linux capability again. However, it won't be long for Sony to update the firmware with a new key that will disable the hacks. If you really want to run linux stuff you're better off doing it on a regular PC and avoid the hassle.
  • 0 Hide
    Darkk , January 1, 2011 3:07 AM
    DarkkThis is actually good news to give us the linux capability again. However, it won't be long for Sony to update the firmware with a new key that will disable the hacks. If you really want to run linux stuff you're better off doing it on a regular PC and avoid the hassle.


    Actually this isn't entirely true. If they used the same scheme as DVDs it means they use multiple encryption keys. So if one gets broken other keys will work.
  • 0 Hide
    Darkk , January 1, 2011 3:07 AM
    Dang it..I quoted the wrong comment. Ah well...where is my edit button!!
  • 1 Hide
    Anonymous , January 1, 2011 4:23 AM
    No random number generator, it is static, so it would be trivial to calculate the new keys exactly the same way as they calculated this key. Sony screwed up!
  • 2 Hide
    gsxr1181 , January 1, 2011 5:14 AM
    Hmm now I might have a reason to buy a PS3. Sweet!
  • 2 Hide
    chick0n , January 1, 2011 6:51 AM
    leak key again, its not just Sony, it happens all over the place.

    I guess humans can design the most secured lock, but they always just leave the keys under the front carpet with a sign next to it that saids "No spare key underneath"
  • 0 Hide
    surfer1337dude , January 1, 2011 8:14 AM
    Im curious to what the key actually is... Also I think it would be hard for sony to just change the key, since by changing it wouldn't all the games that are currently out no longer work? Unless the games/ps3 have multiple codes and you could remove just one and still have it work; but I'm not really sure if it works that way?

    This does seem like a plus for the fact that anyone could develop a game for the ps3, on the other hand some people will probably use it to try make some kind of virus... but only time will tell.
  • 0 Hide
    lukeeu , January 1, 2011 10:50 AM
    surfer1337dudeIm curious to what the key actually is... Also I think it would be hard for sony to just change the key, since by changing it wouldn't all the games that are currently out no longer work? Unless the games/ps3 have multiple codes and you could remove just one and still have it work; but I'm not really sure if it works that way?This does seem like a plus for the fact that anyone could develop a game for the ps3, on the other hand some people will probably use it to try make some kind of virus... but only time will tell.

    That's right. Changing the key would kill every game out there. However signing stuff with someone's private key is a criminal offense in most of the world so I wouldn't count on any commercial gain from this.
  • 1 Hide
    TeKEffect , January 1, 2011 3:54 PM
    Linux with a unlocked gpu. I was bitter when Sony took away Linux support so I guess they deserve this
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS