Notorious iPhone Hacker Posts PS3 Master Key Online

 Pages 1 2 3 4 NEXT
 

Notorious iPhone Hacker Posts PS3 Master Key Online

image

Hacker dumps a security nightmare into Sony's lap, then uses the opportunity to try to find himself employment.

George "GeoHot" Hotz, who gained notoriety for his iPhone jailbreaks as well as his PS3 jailbreak from early last year, has posted what he claims to be the PS3's root key on his website. This key will give people the ability to sign their own homebrew software and have the PS3 think that it's genuine.

In a very short post, Hotz thanked the fail0verflow hacker team, who gave a presentation about the PS3's security system just last week, for their assistance with the asymmetric part of the key. As proof that the key was genuine, he offered a "Hello World" program, a common exercise when you're starting out writing code, and thanked the people behind the open-source PS3 hombrew SDK, PSLight, who had made it possible for him to release it.

It's believed, although not confirmed, that Sony will have trouble changing this key without rendering a lot of PS3 software inoperable. If this is true, then there may be nothing that Sony can do to prevent people running their own homebrew software, or playing pirated games. Hotz made it clear that he didn't condone piracy, however, and hoped that people would use the key responsibly. He also offered his services to Nintendo, Sony and Microsoft in making their next consoles secure, saying that it would be interesting to be on the other side of the fence.

Of course, the problem is that while Hotz might not condone piracy, there are plenty of others out there who have absolutely no problems with it at all. I don't know whether Hotz is genuinely hoping that people won't abuse the key, or whether he'd just trying to cover his own back, but either way, he's made it much easier for a lot of would-be pirates

Source: 1up

Permalink

Pirates Rejoice?

Or will this mean harder DRM for PS3?

Frankly, I'm amazed it took so long.
But I don't see this having that big an effect on PS3 game sales to be honest.

I mean; look at the Wii, It is just silly easy to run pirated/homebrew games and has been for a while. Yet sales are still high enough to keep nintendo rolling in the money.

I do approve of piracy when it comes to stuff like DRM so im somewhat happy. it will be very interesting to see what comes out of this .

I wouldn't hire someone who just potentially cost my company millions of dollars by enabling every Tom, Dick and Harriet the option to pirate games. Some of which cost 60+ dollars in retail.

Aaaaaand giving the unwashed pirates the keys to the castle is about the most idiotic thing someone can do.

This guy knows how to wipe his own arse, doesn't he?

If the effort of copying games gets easier than walking to store, finding the game in the shelves and draw my visa in the machine, then i might just consider it..

But until then, im gonna do what i have always done, pay up fair and square.
And as long as it is easier and faster to do it the legal way, most people will do it that way im guessing.

Well, it's about time for a new console generation anyway...
That'll teach them not to try to extend the life of their console with gimmicky motion controls...
They only gave people more time to hack it...

How does this help pirates? Won't this key just be useful for creating new apps (I.e. Homebrew) and calling them PS3 ones? Surely the pirated games would already have their key embedded?

Admittedly someone could make a PS2 emulator for the PS3 and the PS3 would properly recognise it now, but for PS3 games I don't get it.

(Note: DRM is not my speciality, these are genuine questions)

Corpse XxX:
If the effort of copying games gets easier than walking to store, finding the game in the shelves and draw my visa in the machine, then i might just consider it..

But until then, im gonna do what i have always done, pay up fair and square.
And as long as it is easier and faster to do it the legal way, most people will do it that way im guessing.

And that is why piracy is such a huge problem on PC, and why most PC DRM is completely counterproductive.

haha, brilliant.

95% this will be used for piracy.

Then again, Sony screwed legit consumers over by removing features from inital PS3. So without any kind of hesitation, go fucking hackers. Screw Sony over big time please.

ZephrC:

And that is why piracy is such a huge problem on PC, and why most PC DRM is completely counterproductive.

Action -> Reaction.

DRM is a reaction to the said Action [ Piracy ]. Pirates are killing the industry they 'love' so much.

Straying Bullet:

ZephrC:

And that is why piracy is such a huge problem on PC, and why most PC DRM is completely counterproductive.

Action -> Reaction.

DRM is a reaction to the said Action [ Piracy ]. Pirates are killing the industry they 'love' so much.

Why must it always be black and white good guys and bad guys? Pirates are thieves, no more, no less. They aren't the idiots sticking counterproductive DRM into games though. Publishers don't get a free pass to screw everyone, including themselves, over just because they're doing it in a moronic, ineffectual attempt to fight something that's genuinely bad.

If draconian DRM actually worked it would be a whole different story, but since it actually drives sales down the publishers are just as bad as the pirates here.

ZephrC:

Why must it always be black and white good guys and bad guys? Pirates are thieves, no more, no less. They aren't the idiots sticking counterproductive DRM into games though. Publishers don't get a free pass to screw everyone, including themselves, over just because they're doing it in a moronic, ineffectual attempt to fight something that's genuinely bad.

If draconian DRM actually worked it would be a whole different story, but since it actually drives sales down the publishers are just as bad as the pirates here.

I think you missed a simple point in what I said. I am not saying Publishers aren't bad or they are really losing out on cash.

But if you deny that Piracy exists and Publishers unfortunatly are giving us Draconic DRM as a response, who do you really blame?

Now, with Ps4, DRM will be even more strict. In order to play a game you'll have to call Sony on the phone first and set up a time and date.

Straying Bullet:

ZephrC:

Why must it always be black and white good guys and bad guys? Pirates are thieves, no more, no less. They aren't the idiots sticking counterproductive DRM into games though. Publishers don't get a free pass to screw everyone, including themselves, over just because they're doing it in a moronic, ineffectual attempt to fight something that's genuinely bad.

If draconian DRM actually worked it would be a whole different story, but since it actually drives sales down the publishers are just as bad as the pirates here.

I think you missed a simple point in what I said. I am not saying Publishers aren't bad or they are really losing out on cash.

But if you deny that Piracy exists and Publishers unfortunatly are giving us Draconic DRM as a response, who do you really blame?

I'm sorry! Did you miss the part were the very first thing I said was that piracy is a huge problem? And the part were I said pirates are thieves? And then the part were I said pirates are genuinely bad?

See, I thought you were replying to what I actually said instead of just assuming that because I said something critical of DRM I must love piracy, and then had your own little argument with some imaginary person. Silly me.

And who the hell ever said I denied that draconian DRM was a response? It's just an idiotic and indefensible response. It's not the pirates fault that publishers are stupid. Just because they're bad doesn't mean we get to blame them for everything wrong with the world. The publisher's stupid response is the publisher's fault.

I hope in the future Sony will adopt a pragmatic attitude. Supporting indie developers on their consoles and allowing a level of homebrew access to hardware would remove an enormous impetus to key cracking projects like this.

It wouldn't get rid of the problem, but the distraction of being able to develop games would be a more effect deterent than security based on secrecy - that sort of thing ultimately only works if every scrap of code has no security flaws. And just look at the list of PSP save game exploits used to install CFW. The secrecy and security model starts cracking open from day one until something like this happens.

Removing OtherOS may not have caused this to happen but it certainly did nothing to slow it down.

Logan Westbrook:
It's believed, although not confirmed, that Sony will have trouble changing this key without rendering a lot of PS3 software inoperable.

And if it were any other company we were talking about here, I would just sort of shake my head and laugh, and say "But that would never happen". But this is Sony... are we SURE we can put this past them?

ZephrC:

I'm sorry! Did you miss the part were the very first thing I said was that piracy is a huge problem? And the part were I said pirates are thieves? And then the part were I said pirates are genuinely bad?

See, I thought you were replying to what I actually said instead of just assuming that because I said something critical of DRM I must love piracy, and then had your own little argument with some imaginary person. Silly me.

And who the hell ever said I denied that draconian DRM was a response? It's just an idiotic and indefensible response. It's not the pirates fault that publishers are stupid. Just because they're bad doesn't mean we get to blame them for everything wrong with the world. The publisher's stupid response is the publisher's fault.

I like that perspective, I'd like to apply that to religion but i don't think that was the point of it.

Either way I don't think that the point of him hacking the key was actually for piracy to begin with, the fact is I think he was just showing off, hence he offered his services to the games industry as both a taunt and an honest offer.

As if to say "Ha ha your security sucks, want me to fix it?" It's essentially the same premise as breaking into a bank for the sheer fun of it then walking out empty-handed.

But of course this DOES create an opening for pirates, whom, while bad, are surely not the biggest threat the games industry has ever had.

And to think, none of this would be happening if Sony didn't remove the "Other OS" feature.

Hilarious.

Irridium:
And to think, none of this would be happening if Sony didn't remove the "Other OS" feature.

Hilarious.

Bingo. They really have no-one else to blame here.

People that things shouldn't be researched or made public because it might lead to harm are freaking idiots. I'm sorry if that's insulting, but it's one of my pet peeves.

"Oh let's not study the human genome because someone might use our research to make a bio-weapon"

"Oh let's not release the information about how to get the best out of your home hydroponics system because someone might use it to grow drugs"

"Oh let's not dare talk about security and cryptography in public because the TERRORISTS might use it!"

"Let's not modify our personal property so that we can do whatever the hell we please with it because someone might use to *gasp* play pirate games"

ZephrC:

Corpse XxX:
If the effort of copying games gets easier than walking to store, finding the game in the shelves and draw my visa in the machine, then i might just consider it..

But until then, im gonna do what i have always done, pay up fair and square.
And as long as it is easier and faster to do it the legal way, most people will do it that way im guessing.

And that is why piracy is such a huge problem on PC, and why most PC DRM is completely counterproductive.

Well piracy was easier then buying a game, it's not now, not with services like Steam on the PC; click buy, hit next on the paypal screen, hit install. Not stuffing around with keygens, cracks, different update software from the stupid devs, etc, just one button finished.

I don't pirate, I did once, when everyone did it (hands up those that played Doom and Quake back when they were new that actually paid for them?), but stopped when I started to get actual real money myself and realised "hey I'd be pissed off too if someone stole my hard work".

tkioz:
People that things shouldn't be researched or made public because it might lead to harm are freaking idiots. I'm sorry if that's insulting, but it's one of my pet peeves.

Oh the irony...

"Oh let's not dare talk about security and cryptography in public because the TERRORISTS might use it!"

A smart move, if you release your security information it can be used against you...

"Let's not modify our personal property so that we can do whatever the hell we please with it because someone might use to *gasp* play pirate games"

95% of the people that use this data will pirate games with it, that's a near assumed fact...it's something that ultimately costs the developers, the publishers and the end consumer more money...

Your "pet peeve" is moronic at best. There's a good reason a lot of data isn't made public, because the only people who will be very interested in it are those looking to abuse such research, or there're few other ways to use it in the first place...

Guy gets master key and puts it online for everyone to use. Now after a bit of time and effort people will still be able to use the 'other OS' option. Someone may put out a few sims so the PS3 can have what acts like proper backward compatibility. A fair amount of savvy people pirate games.
The world keeps spinning and Sony keeps making money hand over fist.
Will the PS3 be in a better state for all of this? I think so.

D_987:

tkioz:
People that things shouldn't be researched or made public because it might lead to harm are freaking idiots. I'm sorry if that's insulting, but it's one of my pet peeves.

Oh the irony...

"Oh let's not dare talk about security and cryptography in public because the TERRORISTS might use it!"

A smart move, if you release your security information it can be used against you...

"Let's not modify our personal property so that we can do whatever the hell we please with it because someone might use to *gasp* play pirate games"

95% of the people that use this data will pirate games with it, that's a near assumed fact...it's something that ultimately costs the developers, the publishers and the end consumer more money...

Your "pet peeve" is moronic at best. There's a good reason a lot of data isn't made public, because the only people who will be very interested in it are those looking to abuse such research, or there're few other ways to use it in the first place...

Ahh the corporate shill, trusting the government and our big company overmasters to decide we "need" to know, what we're allowed to know. If I wanted to learn how to make an atomic bomb I can go to university and study it, the information is there; If I wanted to make a genetic plague that would make Ebola look like chicken pox, I could learn how; so why shouldn't I be allowed to play around with a piece of hardware I purchased?

Most DRM is bullshit anyway, just like the "copy-protection" region coding on DVD players, which wasn't anything to do with piracy, rather it was there to inhibit free trade. What about PGP back in the 90s? The US government refused to allow it to be sold out of the states for a while there because it made snooping on people's information too hard, if they could have banned it for sale in the US, I'm sure they'd have done that in a heartbeat.

If I buy something, and I've got the damn thing sitting in front of me I can do whatever I want to it, and big corp and his butt-monkey big government can piss off and die.

The funniest part is that the hacker was only able to do this because Sony's "random number" function actually returns the same value every time you call it.

DataSnake:
The funniest part is that the hacker was only able to do this because Sony's "random number" function actually returns the same value every time you call it.

You can't be serious.

tkioz:
I don't pirate, I did once, when everyone did it (hands up those that played Doom and Quake back when they were new that actually paid for them?), but stopped when I started to get actual real money myself and realised "hey I'd be pissed off too if someone stole my hard work".

The first episodes were released as freeware. That was part of ID's marketing plan back then. For both Doom and Quake. Well... It's possible that the Quake Demo wasn't the full first episode, but still.

Starke:

tkioz:
I don't pirate, I did once, when everyone did it (hands up those that played Doom and Quake back when they were new that actually paid for them?), but stopped when I started to get actual real money myself and realised "hey I'd be pissed off too if someone stole my hard work".

The first episodes were released as freeware. That was part of ID's marketing plan back then. For both Doom and Quake. Well... It's possible that the Quake Demo wasn't the full first episode, but still.

Dude I've still copy cassette tapes and 5"1/4 floppies for my C64 laying around that I copied when I was 7 or 8, back when I didn't even know it was immoral, let along illegal.

SONY are not really idiots. They're gonna hire this guy. When someone makes a Masterkey that opens your entire system, and then says "I'm not for piracy, and I'd like to start making a more secure system" the first words out of your mouth are "Whatcha got in mind?"

If he can break your system, he can make it

Starke:

DataSnake:
The funniest part is that the hacker was only able to do this because Sony's "random number" function actually returns the same value every time you call it.

You can't be serious.

From my understanding, that's the fundamental flaw. As I said before, Sony has no-one to blame but themselves for this one.

tkioz:

Ahh the corporate shill, trusting the government and our big company overmasters to decide we "need" to know, what we're allowed to know.

I don't think I ever said that, nor even mentioned a government, but hey nice job on making yourself appear pretentious at best, and a lunatic conspiracy theorist at worse...Consideration we're talking about private companies here your comments just seem out of place, and I repeat, moronic.

If I wanted to learn how to make an atomic bomb I can go to university and study it, the information is there; If I wanted to make a genetic plague that would make Ebola look like chicken pox, I could learn how; so why shouldn't I be allowed to play around with a piece of hardware I purchased?

You're comparing learning about how to do something, to actually doing it? Makes sense...
As I said previously, there's really little else to do with this information other than pirate games [since the PS3 is just a weak computer at heart] yes there're legal uses, but if you beleive anyone is actually going to go through all that trouble to use them you're incredibly naive, this information will no doubt cost Sony and developers, and bring the private companies that produce these goods and rely on continuous income to survive no potencial gains, only losses.

Most DRM is bullshit anyway, just like the "copy-protection" region coding on DVD players, which wasn't anything to do with piracy, rather it was there to inhibit free trade. What about PGP back in the 90s? The US government refused to allow it to be sold out of the states for a while there because it made snooping on people's information too hard, if they could have banned it for sale in the US, I'm sure they'd have done that in a heartbeat.

I have to laugh, you're going off on a rant about the US government in the 90's? Not only does that have nothing to do with the point - at all - you're just naming theories you have with little to no evidence to back them up. Prove the reason PGP wasn't given permission to be sold outside the states was due to "it made snooping on people's information too hard". If you can't, then there's no rational argument here - whilst my point [that releasing security information is more likely to present yourself as a potential target and offer assistance to your enemies] is pretty much common knowledge, it's why the Army goes to such lengths to protect secretive information, for example. Same goes for this hack, and pirating games - need evidence? Look at the DS.

If I buy something, and I've got the damn thing sitting in front of me I can do whatever I want to it, and big corp and his butt-monkey big government can piss off and die.

No, you can't - act as pretentious as you want - you're wrong, by law, and by terms and conditions you cannot "do whatever I want" to something...like modifying an Xbox 360 and then getting banned from Xbox Live, sure you could modify it, but no doubt you'd be the first to complain when you inevitably get banned...

 Pages 1 2 3 4 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here