first of all the news the PS3 has been completely cracked wide open this is good news for many people
For those that are still in the dark the lv0 keys were leaked by a group who have called themselves “the three musketeers“. The Bluedisk CFW team which is suspected to also be the same people behind the True Blue dongle were going to charge for this key or the use of the key. So seeing that their work may be profited by someone “the three musketeers” decided it was time to leak their work so that Bluedisk couldn’t rake in profits from someone else’s work. This is a pastie with the message from the “the three muskateers”.
So what does all this lv0 stuff mean? How does it benefit the scene, its developers and users. Well two well know ps3 developers took the time to explain the significance of this breakthrough that was leaked. One of the first developers who gave an explanation was Marcan (Fail0verflow), followed by Wololo on his website wololo.net where he broke down Marcan’s words into simple Q&A for all to understand the true significance in all this.
Marcan from Team Fail0verflow:
Source: Slashdot.org forums
Wololo on his website wololo.net
A: The keys used by bootldr to decrypt/verify lv0, and by reversing the process the private keys used by Sony to sign lv0. If we consult our handy 3.60+ chain of trust diagram, we can see that bootldr is at the very root of the chain of trust, with lv0 being the first module it loads.
Q: So what can we do with the lv0 signing key?
A: In short, we can use it to decrypt lv0, modify it to patch out any lv0 security checks, and resign it with a legitimate key that bootldr will accept. With the chain of trust broken and lv0 no longer enforcing the security of the modules that it controls, we can then start modifying lv1ldr, lv2ldr, appldr, isoldr, etc to patch out their security checks and add CFW functionality.
Q: Can Sony “fix” this like they did for the 3.55 exploit?
A: No. With 3.55 the keys metldr used to verify its dependent modules were recovered. So Sony simply stopped using the now-insecure metldr and started using bootldr (which was still secure) to load.. Sony doesn’t have any more secure modules like bootldr left so like I said in my original post they have no options and cant fix anything; without getting too technical, we now have the keys to every “common” hardware module that is able to decrypt Sony-signed modules. The only thing left are the modules that use per-console keys, which are useless for booting common firmware (which must be decryptable by every PS3)
Q: So bootldr is fixed in hardware?
A: Correct. Like metldr, bootldr cannot be software updated by Sony. It’s hard-coded in hardware. As a reminder, bootldr/metldr themselves can’t be exploited, but because of the keys we have recovered we can make them load anything we want, nullifying whatever security they provide.
Q: What about future firmwares?
A: Good news! We can decrypt those too. Sony can use various coding tricks to make the process more difficult (this is called obfuscation), but they can’t stop us by using keys. We will always be able to decrypt lv0, and as long as we can figure out how to navigate lv0 we can figure out how to decrypt and modify its dependent modules. For those of you that follow Sony hardware this is much like how the earlier PSPs were hacked. So we can always decrypt the firmware and will be able to create newer CFWs as long as we can get past any obfuscation by Sony
Q: So the PS3 is utterly and completely broken?
A: To an extant yes, debatable but unlike the 3.55 hack we have mostly everything needed. Sony will never be able to re-secure existing consoles.
Q: What about consoles running firmware newer than 3.55?
A: Because all “old” consoles use the same keys to verify modules like lv0, at a minimum we can decrypt, patch, and resign the firmware. The problem is that we need a way to convince the PS3 to flash our modified firmware. With 3.55 and below that was easy enough to do because of the keys recovered, but 3.56 and later change that so that flashing is more complex than just using the recovered keys. This isn’t an insurmountable problem – hardware flashers will always work – but for easy software flashing we need to find new exploits in the PS3 software stack to convince OFW consoles to flash CFW
Q: What about newer consoles?
A: So there’s the real problem. Remember how we said bootldr and metldr are fixed in hardware? Sony can create new hardware, and update those modules in the process. By using new hardware in conjunction with new firmware for that hardware, Sony could completely change the keys used to secure the system. Without getting too technical, all of this progress comes from the fact that Sony was sloppy and did a poor job of implementing their security on earlier consoles, which is what lead to the first keys being leaked. Sony could always issue new hardware with new keys and a fixed security system at which point we’d be completely locked out of that new hardware. It’s entirely possible they’ll do this (if they haven’t done so already), so much like the PSP we’re going to end up with a limited number of consoles that have hardware-based flaws that can be exploited. Of course we then found new ways of exploiting the PSP anyhow, and ultimately were able to exploit every PSP made in one way or another.
If you are on anything higher than 3.55 it doesn’t mean you are out, there are ways to downgrade if your model is one thats able, otherwise you are just not able to do anything right now until more dev work is done. So sit tight and hold on. Again stay tuned, more info and news will be definitely coming.
KaKaRoTo Interview via PlayStationLifeStyles.net
Seb:I’d like to think that I’ve been pretty open minded about hacking in previous interviews I’ve held, but you have to wonder what ‘The Three Musketeers’ were thinking when they shared the keys with other people. You can’t trust anyone on the internet, and it was sadly naive to believe that one of the people they gave it to wouldn’t try to sell it. Now, they’re probably worrying whether Sony is looking for them, preparing to sue them.I’m all for being able to do what you want with your own technology, you bought it, do what you want with it. But, just like when I buy a pen I shouldn’t pour the ink all over my face, individuals need to be responsible for what they do with the tech. Hack it, crack it, turn it into a toaster, whatever – but if letting people know what you did and how you did it could lead to piracy, then don’t release it, don’t share it.Youness:There is no denying that there is a part of responsibility in what is being done by the hackers, but to be honest, you can’t really predict what will happen in the future, and you can’t be responsible for what others do. Don’t forget that this release of the lv0 keys doesn’t add such a huge advantage to the hacking community, but the keys were never meant to be released, because it was still somehow opening up potential piracy which is something the true hackers are absolutely against. The secret of the keys was well guarded, but somehow it got leaked (after many many months), and the reason for the release was to prevent some greedy company (dongle manufacturer) from profiting from the piracy it could have enabled. In the end, it happened, it’s unfortunate, but I wouldn’t sweat (or rejoice) too much over it. The release wasn’t about the fame or the “being first”, it was about countering an immoral act.Dan:Even though there is much debate about what rights consumers have regarding what they are able to do with the products they purchase, the ability to do something does not always give a free pass to the action. As such with the release of the keys, the ability to break into a device you own is, in my opinion, very much your right, but the knowledge and ramifications of the information become that person’s liability. As it would be for someone who owns a car and decides to modify it, if it became unsafe to be around, the responsibility would fall on its owner.With all that said, the problems that fell on Sony in the wake of the eventual hacks are something that will be remembered forever. The cost to Sony, and their consumers, is not something that will likely ever be measured. So is there a point where the ability to do something does not outweigh the potential ramifications?Youness:Well, of course, the ability to do something does not give you a free pass to do it. However doesn’t that go both ways? The ability to remove Linux from the PS3 does not give Sony the right to do it, and in the end, when you look at the facts, that’s what initiated the whole thing. There is always a need for a moral compass. Sometimes it’s about whether or not the benefits outweigh the negatives, but sometimes there are some undeniable rights that cannot be tossed out the window. As an example, you can’t remove freedom of expression of the press if you think it might cause a civil war… Yes, the benefits (freedom of expression) do not outweigh the negatives (potential death of a population), but it doesn’t mean you can suddenly silence everyone and use that as an excuse. The car example that Dan gave is a good one, and sure, you can mod your car all you want, as long as you don’t take it on the road from the moment it doesn’t pass regulations.What I am mostly angry about is when I see people playing the “devil’s advocate” thinking about the loss to Sony, loss from piracy, and loss from emulators and homebrew. I do want to see them complaining about all those things, as long as I see them also complain about the loss to the consumer. Loss of Linux support (which comes with loss of your data), loss of the right to class action sue, loss of hundreds of games legally bought online because “your account was banned”, loss of your game collection when your PS3 goes for repair and suddenly gets replaced by an inferior model that doesn’t have backward compatibility, loss of money after being forced to buy the same game multiple times. Why isn’t anyone complaining about those issues just as hard as they complain about piracy and homebrew. Both, in my eyes should be defended equally, don’t you agree?Seb:Look, I’m all against Sony having removed Linux, and if we did DR back then we could have had you on and joined in on your complaints. But what’s done is done, it’s bad, but two wrongs do not make a right. Just because Sony was a dick, doesn’t mean we should all be dicks back. Previous PS3 hacks allowed people who had a PS3 that had Linux to revert back to older FW, they had the opportunity. This hack serves little purpose than to open the floodgates to more piracy.Again, loss of an account or paying double for a game sucks, but it’s very rare. You talk about weighing up the positives and negatives, but that’s an example of where a small amount of people will benefit from having their accounts back, but a huge amount of developers and publishers will suffer, and then, ultimately, gamers who end up getting less games.I do complain about those issues, and perhaps I should more, but taking matters into your own hand, no matter the collateral, isn’t the right way. In the end, nobody wins.Youness: Well, some are trying to get back at Sony for what they did, and usually they don’t get very far because when hate or corruption or whatever is your drive, then you simply won’t succeed. But I agree with you, two wrongs don’t make a right. Sometimes though I wonder, when you get 10 wrongs and you still don’t do anything about it, how likely will there be a 11th wrong? I know you don’t like it when that bad stuff happens and that’s why I like PSLS, you do defend both sides. But I’d like to correct one misconception you seem to have.. no, this new hack won’t open any floodgates. It serves absolutely no purpose for anyone who wasn’t already on a custom firmware, so it won’t add any new users into the ‘piracy world’. As for your comment about “no matter the collateral”, don’t worry, I can reassure you that that’s not the case! This release is just one of many things that could be released, it happened to be leaked, but there are other hacks, information, exploits that could lead to piracy that simply get buried because of this collateral. Even these lv0 keys, as I said will have a very minimal impact (if any) on the piracy, but they were not released for the simple case of “maybe, just maybe, it could help piracy, even though I can’t think of any way for it to”, so the hackers behind it prefered to stay on the safe side rather than be sorry later. Don’t always assume that the hackers are always trying to hack everything for their own selfish reasons. Being a true hacker means you have skills, and skill comes with experience, and with experience comes the moral compass that we spoke about. As far as I know, all the piracy enabling hacks were dirty little hacks made by young and irresponsible teenagers who were looking for their 15 minutes of fame. It is unfortunate though that they used the legitimate work of others as a stepping stone.How long has it been since there was any significant development in the PS3 hacking scene? Almost 2 years now! It’s not because it became impossible, it’s simply because we have access to homebrew and Linux, so there is no need to hack it further (or release new hacks). It’s not a fight about “who will win”, it’s a simple matter of “are we happy about it”. Another huge reason why the hacking scene has dried up is because of the piracy, not all hacking scenes are like this (think of the iPhone or Android hacking), but the PS3 (and generally Sony followers) scene is one of the worst in terms of self-entitled kids and piracy, and most of the hackers felt that it does not deserve their attention anymore. Tired of the drama and the whining and the piracy, most of us have decided to retire.Dan: While none of this is to simply place the blame on anyone, or any single group. It is more the discussion about how to stand up for the things you believe, “irregardless” of what other might think. Although, as an online community that connects the world together in a way that generations could not have imagined. We must at some point realize. much like the ancient proverb from Uncle Ben goes: “With great power, comes great responsibility.” So regardless of what side of this gray line you fall, the simple fact that at the end of the day – the consumer will always be hit the hardest. So when a corporation, or developer wrongs its user base, what lengths we go to defend our rights should always keep in mind the just how far your reach can really go in this modern era.Where do you stand on the matter, should you be allowed to do what you want with your PS3, or should you be more ‘socially responsible’? Let us know in the comments below, follow Seb, Dan and Youness on Twitter, call us evil hackers on our email (firstname.lastname@example.org), and feel free to watch ‘KaKaRoTo’’s speech on the benefits of open source tech this Friday at Encuentro Linux in Chile.Thanks to Youness Alaoui for taking part in this Daily Reaction special.
now preorders and random game order links