Sony faces setback as hackers release PlayStation 3 decryption keys

[Brandon]

Sony faced a setback in its campaign to control what software can run on its PlayStation 3 after hackers published one of the cryptographic keys that forms the core of the security scheme locking down the game console.

The so-called LV0 key, released by a crew calling itself "The Three Musketeers," grants access to the one of the most sensitive parts of the PS3. Its availability should make it easier for hackers and modders to work around restrictions Sony places on the console. The key can be used to decrypt future security updates Sony issues for the console and to incorporate those changes into custom firmware packages not authorized by the Japanese company. Sony has long discouraged the use of custom firmware by, among other things, blocking consoles that use them from connecting to the PlayStation Network.

The Three Musketeers said they discovered the LV0 key some time ago and only published it after a separate hacking group was using the code to build and sell its own custom firmware called BlueDiskCFW. Their post appears to be available here.

"You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day," the group wrote in a note accompanying the key, according to a post published on Tuesday to PlayStationLifeStyle.net. "Only the fear of our work being used by others to make money out of it has forced us to release this now."

Release of the key is only the latest attack on a security regimen that many PS3 users took as an affront to their self-proclaimed what they argued is their right to use the console as they saw fit. Early efforts to seize control from Sony included PSJailbreak, which was a USB stick that allowed games to be fully installed to, and played from, the system's included hard drive. In late 2010, a group calling itself fail0verflow described ways work through the PS3's various security levels, which include a chain of trust, a hypervisor, and signed executables. The group ultimately located the ECDSA signature, a private cryptographic key the console uses to authorize high-level operations.

[Read the rest of the story...]

 

[Monster]

What about the users that don't want to eff around with their ps3? Will they still be safe from seeing their credit card info plastered all over the interwebs?

 

[Carlos]

What about the users that don't want to eff around with their ps3? Will they still be safe from seeing their credit card info plastered all over the interwebs?

Depending on how you see this. On one hand, some hackers want to be able to use PS3 as a hacking platform, as in being able to play Emulation games on the system - that's what the hacking was all about in the first place, until ya know, GeoHotz cracked open the whole thing - leaving you, the gamer - vulnerable. On the other hand, these hackers want attention. Few years ago, we didn't have all this hacking crap going on, until that glorified back and forth war between hackers that led to GeoHotz being sued and settled out of court. Meanwhile Anonymous goes on a hacking rage against Sony using the PSN service. Now it seems like the console was hacked again, but to what end? The opportunity for 'attention' is long gone now. This latest hack is miniscule compared to what Anonymous did to PSN/PS3.

The person or group trying this has the wrong idea of how the latest hack goes. I think this will be squashed before the week's end. Since after all, the new PSN is out soon.

I just got an update to the firmware, which tells me it's somewhat solved.

 

[Monster]

I guess the problem was that the PS3 was initially open, allowing other operating systems (like Linux) to be installed. Perhaps, much later, Sony discovered that that might pose a security risk and disabled that option. That's when the phun began.

 

[too_cool_3]

Interesting... What happened to the days of using a gameshark and holding the cd-rom lid open while using a paper clip to tell the playstation to boot burnt discs.. I miss those days lol

 

[Cerberus]

I always applaud the hackers. Most people do not understand their overall purpose in the world. Without the hacker there is never really any huge technological advances in many products and or services. When big companies spend huge amounts of money on things they want to leave them alone and be happy it works. But, sometimes that is not good enough. So, enter the hacker forcing them to become better and give us better products. Not to mention the hacker is probably the last line of defense as far as true freedom in this world. Without the hacker we would all be screwed and forced to do whatever we are told without fear by those who are in charge. I know a lot of people give hackers bad names, but as a whole the hacker is one of the more important people in this world today. We live in a digital world.. We need someone on OUR side... HACK THE PLANET!!!!!!! :D