Sony Blocks Hacked PS3s From PSN

 Pages PREV 1 2
 

Good on Sony. Here's hoping they can keep the holes patched and patched rapidly when-ever the stubborn folks look to make a new exploit. Make it unappealing enough, make it enough work, and while you won't get rid of the hardcore sort, you'll get rid of the casuals, and that's plenty enough.

Andy Powell:

danpascooch:
What about the rootkit means they can't include it in the custom firmware? Or at least fake it?

Excellent question, and it's even more clever on Sony's part. The rootkit is not entirely included in the new firmware builds, only PART of the rootkit is. The other part of the rootkit is stored and active on the PSN right now. The PSN server-side of the rootkit communicates with the client-side of the rootkit. If it's modified, or faked, or just not giving the EXACT right answers the server-side is expecting, the console/PSN account is flagged. (possibly banned too, but that part isn't entirely clear. But recent news looks like they're banned from the PSN too)

Now, in the long term the hackers MAY be able to figure out how to fake a proper rootkit reply eventually. But in the short term, this is a really interesting and potent hacker countermeasure.

So the PSN is still just checking against something generated by/in the firmware?

All they need to do is get the rootkit right!

I know that's not nearly as easy as I'm making it sound, but COME ON this is HARDLY a permanent fix on any level like people are billing it as.

danpascooch:
So the PSN is still just checking against something generated by/in the firmware?

All they need to do is get the rootkit right!

I know that's not nearly as easy as I'm making it sound, but COME ON this is HARDLY a permanent fix on any level like people are billing it as.

Weeeellll.. Yes, and no... It's more like a Client/server connection. On the firmware is the client side (maybe 10% of the actual software involved), and on the server-side is the other 90%.. (these are completely made up numbers for the sake of an example). The server-side of things will be looking for VERY (and I mean VERY) specific replies from the client-side, and it will make these requests at very random intervals throughout PSN connectivity sessions. I won't stand on a soap box and say this is a fool-proof countermeasure, but from my understanding on a technical level, faking these replies is REALLY (and again, I mean REALLY) hard to fake. Also, the risk level is pretty high when hackers test their counter-countermeasure code, because the very first time their counter-countermeasure fails the firmware crosscheck that PS3 they were using will be blocked/banned from the PSN. (I'm assuming via its MAC address).

Circumventing this round of rootkit detection could possibly be a very expensive and time consuming endeavor for the hackers, considering each time they fail, they have to go get another PS3 to try again.

This is the right way for Sony to do it.

Suing everybody and a string of firmware updates is the wrong way.

This is nothing that the PC world hasn't been living with for a long time.

ImprovizoR:
Hackers will find a way. They always do.

Yes and no. Last I heard, World of Warcraft remains pretty secure from cheating, and connecting to PSN would involve a similar client-server relationship. The server can make demands of a client that becomes increasing difficult, inconvenient, and unwieldy for modified clients to get around.

But if not connected to PSN, then yes, returning to the glory days of unbroken PS3 is a fools errand and shouldn't be attempted.

I don't understand Sony's reaction to all of this.

Please correct me if I'm wrong, but perhaps the worst thing that can happen is piracy.

However, downloading a PS3 .iso file would take... well, quite a long time.

I think that waiting for it to finish would scare away a lot of potential 'hackers'.

Andy Powell:

danpascooch:
So the PSN is still just checking against something generated by/in the firmware?

All they need to do is get the rootkit right!

I know that's not nearly as easy as I'm making it sound, but COME ON this is HARDLY a permanent fix on any level like people are billing it as.

Weeeellll.. Yes, and no... It's more like a Client/server connection. On the firmware is the client side (maybe 10% of the actual software involved), and on the server-side is the other 90%.. (these are completely made up numbers for the sake of an example). The server-side of things will be looking for VERY (and I mean VERY) specific replies from the client-side, and it will make these requests at very random intervals throughout PSN connectivity sessions. I won't stand on a soap box and say this is a fool-proof countermeasure, but from my understanding on a technical level, faking these replies is REALLY (and again, I mean REALLY) hard to fake. Also, the risk level is pretty high when hackers test their counter-countermeasure code, because the very first time their counter-countermeasure fails the firmware crosscheck that PS3 they were using will be blocked/banned from the PSN. (I'm assuming via its MAC address).

Circumventing this round of rootkit detection could possibly be a very expensive and time consuming endeavor for the hackers, considering each time they fail, they have to go get another PS3 to try again.

First off, I don't think it will be as hard to fake as you think, they have firmware code to look at and copy

Secondly, they won't have to buy a new PS3 each time, the news story said they can buy a new PS3 or remove the custom firmware and download Sony's latest update. So they if the test fails they can remove the hack, and get Sony's legit firmware, then hack the custom firmware on it again for another test as much as they like.

None of this shit is easy, but now that people have a taste of a fully hacked PS3, they aren't going to stop, it's amazing what people like this can do anyway.

Plus, George Hotz went to the same college I'm currently attending, so he MUST SUCCEED! It's a matter of honor!

danpascooch:
...
None of this shit is easy, but now that people have a taste of a fully hacked PS3, they aren't going to stop, it's amazing what people like this can do anyway.
...

heheh.. Yeah I know this is nowhere near being a complete solution, I just think it's a very clever one. I think the completeness level of the ban would probably depend on the level of hardware data collected server-side at the time of a failed cross-check. I'll be honest and say openly that I have no idea what is actually going on in the whole process of the rootkit detection/checks, and I'm sure Sony wants to keep it that way. But I also think that it's entirely possible that not only a users PSN account is banned, but also the specific console hardware itself could also potentially be banned too. It would all have to be dependant on what data was collected at the time of the failed crosscheck though. Like serial numbers, MAC addresses, that sorta thing.

If that's the case, then the challenge of hacking that one specific console would get harder and harder with each attempt.. It's an interesting thing to think about.

Well really, this seems reasonable. They should have just done this in the first place instead of repeatedly crippling the console. Go ahead and use your hacked PS3s offline, just not on our network.

aashell13:
I'm with the hackers on this one. For a company like Sony to disable functionality that users have paid for looks a lot like fraud to me. I can see how having large numbers of hacked PS3's on PSN would be bad for PSN, but I say Sony has no one to blame but themselves.

except you still get that functionality if you didnt update. Its a null point. If you were using it AS A LINUX BOX then you have no NEED for the gaming features. Thats why many people STILL HAVE PS3 LINUX BOXES. Their cheap and disposable.

Now to be fair patching the functionality out is morally dubious, but all you had to do to keep that functionality was not update.

IamQ:
As one of the few who supports Sony in this, I say: Huzza!

While I agree, I think it's good news, I still think Sony needs to put Other OS back on the system.

But, it's nice to take some ammo away from certain fanboys of certain other consoles. Ever since this news cropped up I hear arguments every so often of how online on PSN is now broken due to hackers. I lol.

That's fine in my book. The CFW revived my second PS3 which has a broken blu-ray drive and actually let's it be useful in the household instead of going on to the dump.
I mean, let's be honest here, if you are really interested in homebrew stuff or coding for the PS3, then you are not really sad if you can't access the PSN from that console.
No, I don't consider "backup" games to be a valid reason to either install CFW or connect to the PSN with it.

1) I'm sure it will take all of a week or two before someone finds a way around this. Clearly, this is a good use of Sony's time and money and is totally worth further alienating a portion of their consumers.

2) It's awfully hard to make any reasonable argument against being able to jailbreak PS3s so far as I can tell. Maybe you can get away with it with other devices, though I tend to think it's a hard sell and companies need to shift focus away from preventing people finding other legitimate uses for a device and toward people using the device in a way that actually causes problems (punish people for pirating, not for giving themselves the ability to pirate that happens to also be the ability to do a fuckton of legitimate things). But Sony promised features and then just said "lol nevermind". A lot of people are literally just finishing the work Sony decided not to do.

Cursed Frogurt:
This is why I'll most likely never mod any of my devices. I prefer forgoing some benefits for the consistency of my devices working as they should.

And that way if a patch bricks the console, they can't blame it on stuff you put on it.

Sony is fighting a losing battle. I support the hackers. Why? Simple.....if I want to hack my PS3 then that is my choice and mine alone as long as I am not breaking my countries laws.

Go to it hackers. Fight for your freedom and drive Sony into the dirt where they belong.

P.S. I do own a PS3 and no I do not hack it.

Andy Powell:

danpascooch:
...
None of this shit is easy, but now that people have a taste of a fully hacked PS3, they aren't going to stop, it's amazing what people like this can do anyway.
...

heheh.. Yeah I know this is nowhere near being a complete solution, I just think it's a very clever one. I think the completeness level of the ban would probably depend on the level of hardware data collected server-side at the time of a failed cross-check. I'll be honest and say openly that I have no idea what is actually going on in the whole process of the rootkit detection/checks, and I'm sure Sony wants to keep it that way. But I also think that it's entirely possible that not only a users PSN account is banned, but also the specific console hardware itself could also potentially be banned too. It would all have to be dependant on what data was collected at the time of the failed crosscheck though. Like serial numbers, MAC addresses, that sorta thing.

If that's the case, then the challenge of hacking that one specific console would get harder and harder with each attempt.. It's an interesting thing to think about.

As far as I'm concerned, as long as they're checking something that can be edited with firmware, it's not going to stop it, no matter how elegant or complex the check is.

I give it a month tops.

Just think of the numbers.

How many people are actively trying to fuck the system compared to those trying to enforce it. It's only a matter of time.

I'm seriously against sony in this anyway. I never bought my PS3 to install linux on it. I've got a PC for doing.... Well anything that you'd require linux for. I bought my PS3 to use as a PS3. But to all of those who did buy it to change the OS. They've been royally screwed and I can't understand how the courts found in favour of them. Apple lost the jailbreak war. Sony should have lost this. They can't tell you not to hack your console. It's your freakin console.

They should only be able to act if they find illegal material on your PS3.

8-Bit Grin:
I don't understand Sony's reaction to all of this.

Please correct me if I'm wrong, but perhaps the worst thing that can happen is piracy.

However, downloading a PS3 .iso file would take... well, quite a long time.

I think that waiting for it to finish would scare away a lot of potential 'hackers'.

Haven't you heard? When 100 people buy your game and 100 people download your game you make less money then when 100 buy your game.

At least that's what all the anti pirates claim. And if you need an explanation on how the hell that works you are obviously a pirate because everybody that isn't terminally evil knows that, duh!

Aaaaand they broke it again.

Okay yes. THIS is what you do, Sony. This is actually helping. Keep those people from playing online and ruining the games for paying customers. Keep fighting them this way and maybe I'll start taking you seriously as a company again.
This is where you should stop though. Suing people that you screwed out of a previously advertised feature isn't the answer to anything. Either put Install Other OS back in (don't say you can't because of security, look how unsecure your platform is now) or just leave them alone as long as they don't go online and fuck up online games for people who are trying to play normally.

I wonder how long it will be until hackers get around this one, though.

Andy Powell:
It would all have to be dependant on what data was collected at the time of the failed crosscheck though. Like serial numbers, MAC addresses, that sorta thing.

If that's the case, then the challenge of hacking that one specific console would get harder and harder with each attempt.. It's an interesting thing to think about.

Anyone capable of generating an algorithm to bypass these security checks is also capable of spoofing (impersonating) a range of fake IDs (probably using a external device like a PC) and never using their legit ID (so no risk to their actual PS account).

Expensive? I thought PSN was free. Doesn't that mean no one is losing anything?

These kinds of measures are reasonably effective on XBL, since banning consoles causes people to lose access to a service for which they have paid, and incurs them additional expenses if they wish to regain access to these services.

oh well good thing i got two ps3's one for sega/nintendo and blue ray movies and another one for actual gaming

aashell13:
I'm with the hackers on this one. For a company like Sony to disable functionality that users have paid for looks a lot like fraud to me. I can see how having large numbers of hacked PS3's on PSN would be bad for PSN, but I say Sony has no one to blame but themselves.

You don't pay for PSN. It's free, the moment you entered PSN you agreed to their terms of service. And by doing so, you allowed them to target you and your hacked console.

Asuka Soryu:

aashell13:
I'm with the hackers on this one. For a company like Sony to disable functionality that users have paid for looks a lot like fraud to me. I can see how having large numbers of hacked PS3's on PSN would be bad for PSN, but I say Sony has no one to blame but themselves.

You don't pay for PSN. It's free, the moment you entered PSN you agreed to their terms of service. And by doing so, you allowed them to target you and your hacked console.

I'm guessing he meant Other OS.

I don't know. Is it clever? I don't care too much because I don't play any online multiplayer games on the PS3 (partly because of slow, unreliable connections, mostly due to the Internet Anonymous Douchebag theory) and I never bought the PS3 to run Linux in the first place. So, all this is really not that great big of a deal (aside from having to update the damn machine from time to time, but..).

I really don't know. I'd like to sit on one side and support Sony or the pirates, but neither side looks right. Sony, for taking away something that they promised, and pirates, for essentially taking something that cost $x to make and taking it for free.

There is one huge hole, for my part, in the hackers' logic. They kind of stopped trying to hack 360s where you have to pay membership and started finding ways to cheat online on PSN which is free.

Hackers can jump off a cliff for all I care. Even though Failoverfl0w and Geohot said that the hacks would be used only for installing new software, they cannot guarantee that the rest of the hackers will give in or not and use the keys to get free games. I couldn't care less for Linux. If I had the keys, you think I would try and install it?

And why should I pay for a title while these guys get games for free? Cause they have a vast knowledge on PCs and stuff? Ok, I still remember a lot of Physics for circuits and power. Does that mean I should get free electricity?

For real, fuck them. For trying to get off cheap, cheating online, messing with my game-time online and ruining the experience and forcing me to constantly update just because they CAN hack the PS3. I hope Sony gives them a hard time.

and this is y i dont mod.

Honestly, this isn't going to last. First of all, all it takes is creating an algorithm that generates the same responses as the new firmware when pinged by the PSN servers. They've got the part of the firmware that generates the response to the pings, all they need is to figure out what signals come in that generate what signals going out. Literally, all you'd have to do is have your PC 'imitate' the PSN and send signals to a PS3 with the real firmware, and have it record responses to everything sent, and have the program recording generate an algorithm that would create the proper responses to the proper input signals. It's like brute force cracking a password, it takes time, and patience, but with enough data and the code, a fix will be made.

As for testing it, make a couple fake PS3 accounts, try them out, and spoof your MAC address (for added protection, have your router run your connection through a proxy), and everything's nice and protected. Sony is fighting a losing battle. And you know what? I'm happy.

I haven't modded my PS3. But I hate the idea of LICENSING my PS3. I want to own the damn thing if I'm paying for it, not license it. And I hate the idea of someone else having control over what I can and can not do to stuff that I should OWN. Intellectual Property has gone too far and is absolutely ridiculous. It's controlling and ONLY benefits corporations who can afford the proper lawyers to keep people in line. A lot of people involved in this are doing it as much to fight the system, as to get extra functionality on their system, or even pirate.

Just because the hacks CAN be used to pirate, doesn't mean that's the MAIN reason for them. There are LOTS of reasons why people hack. Ninety percent of hackers do it for the challenge and status, and those are the good ones who actually get shit done. People have said it here, and it makes sense. It's more effort to actually spend the time working on hacking the system than it's worth to just avoid paying for a handful of games. Imagine how many man hours and how much time must've gone into hacking the PS3. Then think of how many games you could've played in those hours. How much overtime you could've gotten for working those hours, and putting that $$$ into games.

You won't stop the hackers, because they're after the challenge, rather than the 'free games' and the 'piracy'. They want to be able to open the system up so they can play with everything that they can involving it, fiddle with the system and the OS, and everything involving it. This leaves it open to the pirates to do their thing, yes.

The fight is lost, the end is neigh. Weep.

Logan Westbrook:
Sony Blocks Hacked PS3s From PSN

image

Having your cake and eating it - also known as hacking your PS3 and still going online - has suddenly gotten very expensive.

Hackers are a resourceful bunch, and despite Sony's best efforts to stop them, they've still found ways to connect to PSN, even with jailbroken consoles. But now it seems that those halcyon days are over, as Sony has patched the holes in its fence that were allowing hackers to get in.

This isn't the same thing as Microsoft's annual sweep for modded Xbox 360s, as Sony doesn't seem to be blacklisting consoles. Instead, it appears that Sony has fixed the exploits that were allowing owners of hacked and jailbroken PS3s to use PSN. There were apparently two main methods of getting online with a hacked console. The first method involved manually changing the domain name server settings on the PS3 and routing authentication requests through a web server with a hacked verification file. The second method was similar, but diverted the requests to a proxy server via a PC instead.

Sony seems to have been able to render both methods ineffective. PS3 hacking forums are suggesting that people with jailbroken consoles do one of three things: buy a second PS3 and use it for going online, get rid of the hacks and update to the latest firmware, or wait it out and hope that someone comes up with another way of getting online. None of them is an ideal solution, obviously, but that's the risk you take - or one of the risks, at least - when you jailbreak your PS3.

Source: Game Politics

Permalink

Hahahaha.

I did some more reading on the subject and apparently this isn't the first time it's happened with the technique these people use to access PSN. They've fixed it before, it's only a matter of time til they fix it again.

What was this supposed to accomplish again?

The jailbreaking, I mean.

 Pages PREV 1 2

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here