Hacker Group Gives Video Tour of PS3 Security System

 Pages 1 2 NEXT
 

Hacker Group Gives Video Tour of PS3 Security System

image

Group claims that the only reason the PS3 was "hack proof" was that until Sony removed the Other OS feature, no one was actually trying.

A hacker group calling itself "Fail0verflow" - the same people responsible for the Wii homebrew channel - has given a talk at the 27th Chaos Communcation Congress in Berlin, Germany, giving a detailed look security measures that Sony implemented for the PS3, and how they were circumvented.

In their 45 minute presentation, the group made the case that the removal of the Other OS function had played a pretty big role in the PS3 getting hacked. Had Sony left it alone, the group said, all the hackers would have been quite happy to tinker with Linux, instead of poking around the PS3 looking for vulnerabilities. In a tweet, the group reiterated that point, saying that Sony's security for the PS3 was so bad that it was inconceivable that it had taken four years to crack.

The rest of the presentation was devoted to explaining how the security worked, and how different exploits had bypassed it. The group explained how the PSJailbreak worked, but said that they wanted a hacking solution that didn't require the use of a USB stick. Thankfully, for them at least, a blunder by Sony - in which a supposedly random number that formed part of a security key is actually the same value each time - allowed the group to sign their own code, which the console would accept without question.

The group's crack does not allow the PS3 to run pirated games however, as the group's aim was just to allow the console to run Linux again. As part of a Q&A session at the end of the presentation, they said that it was likely possible to use some of the vulnerabilities to make piracy possible, but that it wasn't something they were interested in at all.

You can watch the whole presentation in the videos below. It's pretty technical stuff, but it's very interesting too. The group also plans to demonstrate its hack on its website in the near future.

Source: Joystiq and PSGroove

Permalink

See, hacking is a thing of beauty when used for the right reasons. Rather than the brute force DDOSs of this world.

Wow, you know this is proabaly one of the most intelectual conferences i have ever seen. God help us if these people get organised into some kind of group and turn their mind to war, it would be like the mad scientists of old!

I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

Firstly: You can't play newer games without the update if I recall correctly. Lastly: How long before Sony tries get their lawyers involved to pull the videos?

Keith K:
I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

This man has the point nailed. Ive always seen the whole "linux on [insert unintended linux system here]" a bit pointless. At first its, "Oh, yeah, thats kinda neat..." and I applaud the engineers who took the time to discover how to do it but for the people who do it after that purely just because they can, well, thats pretty daft.

If you really want to play with Linux, put it on a PC - you can pick up an old desktop for a fraction of the cost of a PS3 and not risk ruining an expensive console!

Harbinger_:
Firstly: You can't play newer games without the update if I recall correctly. Lastly: How long before Sony tries get their lawyers involved to pull the videos?

If I was Sony, I'd pull a Valve and hire the guys. Hackers are one group you don't want to, and can't really, fuck with.

well i still think that it was a stupid move to remove the Linux function, t was nothing but a backwards step for everybody.

Ironic Pirate:

Harbinger_:
Firstly: You can't play newer games without the update if I recall correctly. Lastly: How long before Sony tries get their lawyers involved to pull the videos?

If I was Sony, I'd pull a Valve and hire the guys. Hackers are one group you don't want to, and can't really, fuck with.

great idea, if they got these guys on board they could probably make it more hack proof, and maybe even give these guys back linux at the same time, so everyones happy.

Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

Corpse XxX:
Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

And it's wrong to run custom code on a device because?

I think it's pretty cool that these guys have reimplemented a feature that Sony removed just to be dicks, as far as I'm concerned. One of the reasons I bought my PS3 was to run Linux as well. It was a selling point at that point in time. Then they removed it and made sure I'd never buy a Sony product again. It's simply not on to gimp a thing I bought and own just to be a dick.

Fasckira:

Fasckira:
[quote="Keith K" post="7.253938.9461325"]I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

This man has the point nailed. Ive always seen the whole "linux on [insert unintended linux system here]" a bit pointless. At first its, "Oh, yeah, thats kinda neat..." and I applaud the engineers who took the time to discover how to do it but for the people who do it after that purely just because they can, well, thats pretty daft.

If you really want to play with Linux, put it on a PC - you can pick up an old desktop for a fraction of the cost of a PS3 and not risk ruining an expensive console!

And on that note...

On topic: Honestly? The time it takes for consoles to be hacked is inversely proportional to the amount of hackers trying to get Linux installed in said console for programming and homebrew purposes. Which is why Sony allowing any Tom, Dick and Harry to install Linux from the start was such a good move, and why Sony removing said functionality was such a dumb one.

It would be funny as hell if the one thing that kept the PS3 hack-proof was the bit they removed.

Why do I get the feeling most other sites reporting news wouldn't exactly post the videos haha?

The_root_of_all_evil:
See, hacking is a thing of beauty when used for the right reasons. Rather than the brute force DDOSs of this world.

Brute DDoS isn't hacking. More like script-kiddies at work. The term Hacker has been abused plenty of times for the wrong reasons. Sensationalism in the Media most likely.

This is a beautiful thing indeed, because people who paid the inital €600 with Other OS as an advertised USP are getting their full product back again. Go for it!

Very interesting, I wish companies would see that a lot of "hackers" aren't interested in piracy, personally I'd love to be able to run my own code on my 360, there are a lot of little things I'd love to be able to program in.

Example, the ability to browse and view the ABC.net.au iView feature from my 360, that's something I'd spend time coding myself.

But oh no, the big bad pirates are out to get them... so I've either got access to Xbox Live or I can hack my 360, Live is worth enough to me that I don't hack it, but it still sucks I've got to make that choice.

Corpse XxX:
Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

If the creator of a product is given absolute control over how the product is used, and circumventing that control is made illegal, then the next thing you know putting tires made by, say, a Toyota daughter company on a Mercedes or replacing your car's speakers with different ones will land you in jail if the manufacturer finds out and feels like suing someone. Is that really how you want the world to work?

If it isn't hurting anyone then why should Sony care either way, if people start using that information for SUPA 1337 HAX0RZ in games or take down PSN for a month or more then yes they should care but right now it's just to use Linux so there really isn't a real big problem.

Fasckira:

Keith K:
I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

This man has the point nailed. Ive always seen the whole "linux on [insert unintended linux system here]" a bit pointless. At first its, "Oh, yeah, thats kinda neat..." and I applaud the engineers who took the time to discover how to do it but for the people who do it after that purely just because they can, well, thats pretty daft.

If you really want to play with Linux, put it on a PC - you can pick up an old desktop for a fraction of the cost of a PS3 and not risk ruining an expensive console!

A old acquaintance of mine was asked this very question, apparently he and his cohorts believed the PS3 RISC based processor was a lot more effecient and powerful running Linux than a standard Desktop CISC based processors.

Its all about the power according to him, there was a lot more involved that he stated but I got confused with all the techno jargon and that little notepad in my brain went "RISC based good, CISC based bad, GOT IT!".

At the time the PS3 was the only RISC based errr thing on the shelf at less then 1000 euros.

Sony should have just left the Linux install option and released drivers so we could have proper GPU accelerated video. They were never going to win this battle. They had a good thing going since the PS3 was and is actually good without hacking it unlike their PSP, but then they went and scammed us all with a "security update" for an "exploit" that could not even be executed remotely. People jailbreak devices all the time and I have yet to see a device not sell because of it. If they don't sell it is because the product itself is not good to begin with.

teh_gunslinger:
And it's wrong to run custom code on a device because?

I think it's pretty cool that these guys have reimplemented a feature that Sony removed just to be dicks, as far as I'm concerned. One of the reasons I bought my PS3 was to run Linux as well. It was a selling point at that point in time. Then they removed it and made sure I'd never buy a Sony product again. It's simply not on to gimp a thing I bought and own just to be a dick.

I applaud there effort, but I have to agree with the guy you were responding to. However benign their intentions may be, their work will ultimately be used to pirate games on the PS3. It happens with every bit of hacking that's done. Once their work is complete they really don't care who gets their hands on it.

But, as long as there's security to be broken, there will always be people who want to try their skill at it. Hopefully, this doesn't result in some major move by Sony to refresh their security protocols on the PS3.

Modus Operandi:

Corpse XxX:
Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

If the creator of a product is given absolute control over how the product is used, and circumventing that control is made illegal, then the next thing you know putting tires made by, say, a Toyota daughter company on a Mercedes or replacing your car's speakers with different ones will land you in jail if the manufacturer finds out and feels like suing someone. Is that really how you want the world to work?

The difference between, say, a car and a machine that runs software is that just about everyone can download some programs from the internet on this machine, while not many people can create custom tires for their cars. There are manufacturers that can do that, but they can be controlled, while the distribution of software over the net cannot.

Some of the most brilliant hacker minds and they cant figure out how to adjust the volume of a video before uploading to youtube XD

4 years to break the PS3?

Sony still did well with the security I guess, at least it took people that long to hack the PS3, compared to the 3 years and 364 days less it too to hack the Pentagon.

tkioz:
Very interesting, I wish companies would see that a lot of "hackers" aren't interested in piracy, personally I'd love to be able to run my own code on my 360, there are a lot of little things I'd love to be able to program in.

Example, the ability to browse and view the ABC.net.au iView feature from my 360, that's something I'd spend time coding myself.

But oh no, the big bad pirates are out to get them... so I've either got access to Xbox Live or I can hack my 360, Live is worth enough to me that I don't hack it, but it still sucks I've got to make that choice.

I think you have confused yourself. A lot of "hackers" want free shit. A few of them want to run their own code.

I never got the point of hacking the PS3 for any reason other than playing pirated games. What exactly are they doing with homebrew that can't be done with a regular pc?

The only useful reason to hack them is to run pirated games...

So they're making it so you can't play some of the games just so that they can once again run Linux on the PS3, surely that's just a little bit pointless seeing as it's just better to run Linux off of a PC in the first place rather than a PS3?

FloodOne:

tkioz:
Very interesting, I wish companies would see that a lot of "hackers" aren't interested in piracy, personally I'd love to be able to run my own code on my 360, there are a lot of little things I'd love to be able to program in.

Example, the ability to browse and view the ABC.net.au iView feature from my 360, that's something I'd spend time coding myself.

But oh no, the big bad pirates are out to get them... so I've either got access to Xbox Live or I can hack my 360, Live is worth enough to me that I don't hack it, but it still sucks I've got to make that choice.

I think you have confused yourself. A lot of "hackers" want free shit. A few of them want to run their own code.

That's the problem with the term; my father is a "hacker" and he barely knows how to turn a computer on and get on facebook! He spends his weekends taking apart cars and rebuilding them. It use to be the term "cracker" was someone who was trying to break into something in order to as you say, get some free shit, a hacker was someone who took apart a device to see if they could either improve it or adapt it to another purpose.

I'm the second type, I love taking stuff apart, seeing how it works, and sometimes finding a better or different way to use it. I love writing my own code, even if there are already programs out there that do 90% of what I want, I find immense satisfaction in my own custom built applications that do exactly what I want and nothing more (that's key, I hate programs that do less what I need, and even more I hate programs that do more at the expense of system performance), I love tinkering with stuff.

The problem is it's getting to the point where buying something like an Xbox or iPhone or the like means you can only use it for what the manufactures want you to use it for, frankly if I've dropped cash on something I own it and I'll do what I damn well please with it so long as it breaks no laws.

Most pirates wouldn't know how to "hack" a it of a toast, let alone a complex device like a 360 or a PS3.

technoted:
So they're making it so you can't play some of the games just so that they can once again run Linux on the PS3, surely that's just a little bit pointless seeing as it's just better to run Linux off of a PC in the first place rather than a PS3?

Well the PS3 is a fairly powerful little bit of kit, and it's cheap for what you get hardware wise, and a lot smaller, then a comparable PC, personally I hate using Linux, so meh, but I can see the appeal.

Sabiancym:
I never got the point of hacking the PS3 for any reason other than playing pirated games. What exactly are they doing with homebrew that can't be done with a regular pc?

The only useful reason to hack them is to run pirated games...

Example, ABC.net.au runs a service called iView, it's got pretty much every show aired on that network for the last several weeks free to view, the problem is you need a computer to watch them. The 360 has the hardware to easily allow for the streaming of these programs, and hell I hate having extra devices cluttering up my living wrong, so if it wouldn't cost me the ability to access Xbox Live I might hack my 360 just so I could write a custom application just to let me watch those shows.

There are dozens and dozens of little applications I could think of writing for my 360, a far more that other people might want to write.

Just because you can't see a reason to do it, doesn't mean there isn't one.

tkioz:

technoted:
So they're making it so you can't play some of the games just so that they can once again run Linux on the PS3, surely that's just a little bit pointless seeing as it's just better to run Linux off of a PC in the first place rather than a PS3?

Well the PS3 is a fairly powerful little bit of kit, and it's cheap for what you get hardware wise, and a lot smaller, then a comparable PC, personally I hate using Linux, so meh, but I can see the appeal.

Sabiancym:
I never got the point of hacking the PS3 for any reason other than playing pirated games. What exactly are they doing with homebrew that can't be done with a regular pc?

The only useful reason to hack them is to run pirated games...

Example, ABC.net.au runs a service called iView, it's got pretty much every show aired on that network for the last several weeks free to view, the problem is you need a computer to watch them. The 360 has the hardware to easily allow for the streaming of these programs, and hell I hate having extra devices cluttering up my living wrong, so if it wouldn't cost me the ability to access Xbox Live I might hack my 360 just so I could write a custom application just to let me watch those shows.

There are dozens and dozens of little applications I could think of writing for my 360, a far more that other people might want to write.

Just because you can't see a reason to do it, doesn't mean there isn't one.

I didn't say there wasn't a point. I said it does nothing that a cheap laptop couldn't do. Which is ironic considering the people who would be able to apply this hack are most likely going to have a laptop.

The whole "We don't do this for piracy" claim is BS. They know what they're doing is going to lead to piracy. Just because they don't do it doesn't mean they're completely harmless.

If these groups advance far enough and make it easy enough where even the most ignorant user could apply it's cracks, it'll hurt the gaming market. I understand hacking and have done it before on phones and old hardware, but doing something that undermines the entire market will only hurt gamers in the end. Less revenue = less innovation.

As long as their not doing it to pirate the games I'm all for it.

Really interesting video there. I was amazed by the security flaws Sony has in their system that was supposed to be "hack-proof", and a bunch of them were circumvented by their poor coding.

Fasckira:

Keith K:
I guarantee such a hack will still ultimately get you banned from PSN, which begs the question: If you want Linux more than PSN access, first of all why do you have a PS3 and why did you update to begin with?

This man has the point nailed. Ive always seen the whole "linux on [insert unintended linux system here]" a bit pointless. At first its, "Oh, yeah, thats kinda neat..." and I applaud the engineers who took the time to discover how to do it but for the people who do it after that purely just because they can, well, thats pretty daft.

If you really want to play with Linux, put it on a PC - you can pick up an old desktop for a fraction of the cost of a PS3 and not risk ruining an expensive console!

Corpse XxX:
Why cant these people just use the console for what it was ment to be used for?

In the end, all hackers no matter what conspire to use their hacks serving their on purpose in a matter not intended by the ones who made the product in the first place.

So i say, sue their asses broke!

It's a pretty powerful parallel computer, with an interesting architecture, for a reasonable price. It could be used in many applications by scientists and researchers. I for one would like to test some things on a PS3 if possible. Unfortunately, with Sony officially removing the option to run custom software on it, it's hard to justify buying PS3s for a research project (and this is not "research" in quotes; if I want a PS3 to play games I'll buy it).

Sabiancym:

I didn't say there wasn't a point. I said it does nothing that a cheap laptop couldn't do. Which is ironic considering the people who would be able to apply this hack are most likely going to have a laptop.

Actually, there is a lot the PS3 (as a computer) can do that a cheap laptop can't. As I said, a lot of people have research interests on it. It's a parallel computer with an interesting architecture, at a good price.

Sabiancym:

The whole "We don't do this for piracy" claim is BS. They know what they're doing is going to lead to piracy. Just because they don't do it doesn't mean they're completely harmless.

If these groups advance far enough and make it easy enough where even the most ignorant user could apply it's cracks, it'll hurt the gaming market. I understand hacking and have done it before on phones and old hardware, but doing something that undermines the entire market will only hurt gamers in the end. Less revenue = less innovation.

There already is a jailbreak for the PS3. It's not BS, there are people interested in the hardware for other purposes.

Piflik:
The difference between, say, a car and a machine that runs software is that just about everyone can download some programs from the internet on this machine, while not many people can create custom tires for their cars. There are manufacturers that can do that, but they can be controlled, while the distribution of software over the net cannot.

What exactly do you mean by "can be controlled"? Mercedes has no power over other companies making tires for their cars. Any chop shop can install any cheap Chinese knock-off tires, radios, speakers, windshields or what have you, and nobody can do anything because there's nothing wrong or illegal about that.

But it's a technicality anyway. The central question is about the basic principle of owning something. How do you define whether you own something or not? The only difference between owning and borrowing is having power and control over the thing. If there is anything at all that you are not allowed to do to an object you paid for, any talk of ownership is a delusion, the metaphorical pink fluff on the handcuffs. You are only renting your "purchase". It might be an incredibly cheap rental (single payment for unlimited usage, including re-sell rights, as long as the object doesn't break is a great deal by any rental standard), but it's still rental.

If the manufacturer can sue you for doing something which you bought, it means he still owns it and you only paid to use it. If that is how you thing trading should work, then I disagree with you, but it's a consistent opinion which I respect. But if you keep differentiating between what appliances should be legally OK to take apart and what shouldn't, based on how difficult it seems to you, that's just subjective and borderline hypocritical, not to mention an extremely slippery slope.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here