At the 27th Chaos Communication Congress held in Berlin, Germany a small group of hackers named fail0verflow stunned the PS3 hacking community world with a massive revelation – they have eradicated a major security barrier preventing people from really hacking the console. This hack is different than the infamous PS3Jailbreak, and is rather based on ineffective security coding within the PS3. fail0verflow explained during the conference that they have figured out how to calculate the keys needed to sign everything, essentially making those private keys public.
So what does this really mean?
With an exploit of this magnitude, people could sign (and therefore run) any program coded for the PS3 and the system will run it as if it were a PS3 game without issue regardless of firmware. This same method, in theory, can be used to sign PS3 ISOs (full copies of games) and play them on the console off burned Blu-ray discs. This basically paves the way for easier piracy for the PS3, and also will greatly encourage homebrew software authors.
The
is very long-winded, going over many aspects of console hacking in general, various holes found in the PS3 software architecture, and finally a full explanation of the upcoming exploit. The video above is a four minute highlight where fail0verflow shows off how a major flaw in the PS3 random number generator their primary motivation for cracking the main security on the PS3 was mostly inspired by Sony removing the ability for gamers to install an alternative operating system on the console. Sony infamously removed that feature, known as “Install Other OS,” due to known hacker Geohot taunting Sony with a PS3 exploit.
fail0verflow’s goal is to have Linux funning on all existing PS3 consoles, regardless of the firmware version. The group will not release a custom firmware, but will offer proof-of-concept and tools that should bust the door wide open for custom-authored modifications and programs.
First, Linux is a valid reason for hacking the PS3 and nobody can prove if that is their true motive or not, you can only speculate.
AsbestOS has an advantage over the built-in OtherOS feature by Sony, because AsbestOS will most likely have more control over the PS3 hardware and have better performance than the limited OtherOS feature.
So really, AsbestOS could perform much better than Sony’s OtherOS ever did, because AsbestOS won’t cut you off from the RSX (Graphic Chip) and try to keep you in a sandbox for security reasons, which has the side-effect of reduced performance.
Next, for those of you who don’t understand yet, being able to sign our own files with Sony’s encryption will allow us to create our own software/homebrew and load it without even needing to jailbreak the PS3, because it will look like a legit piece of software from Sony.
Imagine being able to run all the Homebrew apps you run now, but being able to run them on an official v3.55+ firmware without even needing to hack the system. They just need to be updated with Sony’s keys so that the PS3 will accept them without needing to be hacked.
Basically we will have the ability to create our own custom updates that will work on a normal PS3 to update it directly from an official/normal firmware to a custom one without needing any modchips or dongles to do it, because the PS3 will accept the update that is signed using sony’s keys (which we now have).
Give it a few minutes for that to sink into your brain. You could probably program the PS3 to make you some toast bread using this new exploit.
So just sit back, enjoy the ride, and wait for the exploit work to be released and used to make magic stuff for us all to use.
Sounds exciting. What do you think this will mean for the future of the PlayStation 3?
Question
Christopher
At the 27th Chaos Communication Congress held in Berlin, Germany a small group of hackers named fail0verflow stunned the PS3 hacking community world with a massive revelation – they have eradicated a major security barrier preventing people from really hacking the console. This hack is different than the infamous PS3Jailbreak, and is rather based on ineffective security coding within the PS3. fail0verflow explained during the conference that they have figured out how to calculate the keys needed to sign everything, essentially making those private keys public.
So what does this really mean?
With an exploit of this magnitude, people could sign (and therefore run) any program coded for the PS3 and the system will run it as if it were a PS3 game without issue regardless of firmware. This same method, in theory, can be used to sign PS3 ISOs (full copies of games) and play them on the console off burned Blu-ray discs. This basically paves the way for easier piracy for the PS3, and also will greatly encourage homebrew software authors.
The
is very long-winded, going over many aspects of console hacking in general, various holes found in the PS3 software architecture, and finally a full explanation of the upcoming exploit. The video above is a four minute highlight where fail0verflow shows off how a major flaw in the PS3 random number generator their primary motivation for cracking the main security on the PS3 was mostly inspired by Sony removing the ability for gamers to install an alternative operating system on the console. Sony infamously removed that feature, known as “Install Other OS,” due to known hacker Geohot taunting Sony with a PS3 exploit.fail0verflow’s goal is to have Linux funning on all existing PS3 consoles, regardless of the firmware version. The group will not release a custom firmware, but will offer proof-of-concept and tools that should bust the door wide open for custom-authored modifications and programs.
A fellow named SwordOfWar at the PSX-Scene forums has summarized the fail0verflow PS3 hack (and AbestOS.pup) quite well:
Sounds exciting. What do you think this will mean for the future of the PlayStation 3?
View the full article
Link to comment
Share on other sites
0 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.