PS3 Gehackt !

[crysmopompas]

I have used a Cfw 3.55 phat PS3 to watch my blurays on in the bedroom.

However, recently, I think I must have watched a bluray on it that blacklisted cfw 3.55 or something, because now every time I try and watch a bluray, even old ones that worked previously, I get a message telling me that my authentication keys are out of date and I need to perform a system update.

http://neogaf.com/forum/showpost.php?p=41849857&postcount=199

Es ist soweit. Alte BD Keys werden deaktiviert. Gilt vermutlich nicht nur für CFW.
Wer eine alte Firmware mit OtherOS behalten hat ist damit nicht nur vom PSN und neuen Spielen ausgesperrt sondern kann auch keine Video BDs mehr anschauen.

 

[Guerrero]

Also können leute ohne Internet die ihre Konsole nicht updaten können bald nur noch alte SPiele spielen, mehr nicht?

 

[crysmopompas]

Ich verstehe deine Frage nicht ganz.
Spiele erfordern jeweils ein bestimmte Firmware, die auch auf der Disk drauf ist. Das war schon immer so.

 

[Biohazard]

Er meint wohl, dass Leute ohne Internetanschluss nicht spielen können, da sie keine neue FW runter laden können.

Da die FW aber auch auf den Disk's ist, ist das ganze ja kein Problem.

 

[Guerrero]

Ah ok, wusste nicht dass die FW auch auf den Disks drauf ist

 

[mojo]

Es wird echt immer lächerlicher was die sich da erlauben...

 

[PS3Man]

Das ist doch schon ewig bekannt das bestimmte Geräte bzw. FW geblacklistet werden können. Das wußte ich schon als Blu-Ray so langsam in die Gänge kam 2007. Genau diese Funktion hat man ja aus Kopierschutzgründen eingebaut.

 

[m0uSe]

Dann werden halt die neuen Keys irgendwann in die Firmware gespooft. Wo ein Wille ist, ist ein Web. Die 3.6er Keys gehen ja mittlerweile auch

 

[crysmopompas]

Wie bereits gemeldet wurden die LV0 Keys veröffentlicht:

Spoiler

.----==[22-10-2012]=======================================================----.
[_ As this was a group effort, we wouldn't normally have lost a word about it |
|ever, but as we're done with PS3 now anyways, we think it doesn't matter     |
|anymore [http://pastie.org/4462324]. Congratulations to the guy that leaked  |
|stuff, you, sir, are a 1337 haxx0r, jk, you're an asshole.                  _]
|                                                                             |
|                               Try this bytes...                             |
| - [erk=CA7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E0630CB9AB2D215865878A]    |
| - [riv=F9205F46F6021697E670F13DFA726212]                                    |
| - [pub=A8FD6DB24532D094EFA08CB41C9A72287D905C6B27B42BE4AB925AAF4AFFF34D     |
|        41EEB54DD128700D]                                                    |
| - [priv=001AD976FCDE86F5B8FF3E63EF3A7F94E861975BA3]                         |
| - [ctype=33]                                                                |
|                              ...and be amazed.                              |
|                                                                             |
[_ People should know that crooked personalities are widespread in this so    |
|called 'scene'. Some people try to achive something for fun together and make|
|the wrong decision to trust others and share their results with them, but ofc|
|there got to be the attention seeking fame wh*** that has to leak stuff to   |
|feel a little bit better about him-/herself.                                _]
|                                                                             |
[_ Now the catch is that it works like this in every 'scene', just that in    |
|others it usually doesn't come to light.                                   _]
|                                                                             |
[_ The only sad thing is, that the others who worked on this won't get the    |
|attention they deserve because they probably want to remain anonymous (also  |
|they don't care about E-fame <3).                                           _]
|                                                                             |
[_ PS: This is neither about drama nor E-fame nor 'OMG WE HAZ BEEN FIRST', we |
|just thought you should know that we're disappointed in certain people. You  |
|can be sure that if it wouldn't have been for this leak, this key would never|
|have seen the light of day, only the fear of our work being used by others to|
|make money out of it has forced us to release this now.                     _]
'----===========================================[- The Three Musketeers]==----'

Ein Artikel dazu. Ich habe keinen Überblick wie die mehrstufigen Loader genau zueinander stehen und Sony hat nach v3.55 da auch viel umgebaut. Ob sich jetzt etwas für 3000+ Konsolen geändert hat ist mir nicht klar.

What does this mean?

With the release of the LV0 keys mean, eventually, having all the keys available. The LV0 is not patchable, which is to say there is nothing at all Sony can do to fix this. The final bullet in the chamber as hit Sony hard. What actions they will take are not known, but if things continue in the scene I can garuntee they will be pushing the date of the PS4 closer as new hardware is really all they can do. Sony already moved all the loaders. The only other option would be to put the loaders in bootldr, but that isn’t possible since bootldr is locked to being console specific and is impossible to update. Behind LV0 is just bootldr, which is encrypted with specific console keys. This leak will in time lead to a 4.25 CFW which can be installed on mostly any PS3 even on Slims and the recent new slim models. Keep in mind that fail0verflow released metldr private keys like I said above. Well, surprise, metldr is loaded by lv0ldr, even on 3.60+. The leak contains a private key, it’s the string after PRIV=. The greatest part is that the key isn’t tied up to a specific firmware. The problem with 3k model Playstation3 consoles is that they have a new LV0 version named lv0.2, which means new keys for the loader. What this means is that consoles which are able to downgrade to 3.55 can install 4.25 CFW even if they’re on 4.25 OFW. The bad news incorporated with this is that 3K and higher consoles’ LV0 keys are static, they are not console specific. Sony can change LV0 with a new firmware update. But, bootldr is per console and is the way of decryption for LV0. If we have bootldr then the console is wide open and a CFW could be made to work on any console. Bootldr cannot be changed or denied unless there is a hardware change. Even if we had bootldr then anyone with a downgradable console could have a CFW firmware. Whoever has bootldr and wanted to leak it would bring the greatest massacre and ban-hammer of all time by any company ever, I can garuntee whoever releases it will have no where to run or hide so it would of course need to be anonymous to highest level with no traces to be found. Bootldr is something that’s way more protected and valuable than metldr.

Closing Statement

This is the beginning of a very long and heavily scheduled future of the PS3 hacking scene. The release of the LV0 key means that any system update released by Sony going forward can be decrypted fully with no effort. Sony has no cards in this game. As of today LV0 is now decrypted for ever until the end of time. There is alot of reverse engineering to get the decrypted loaders from it since Sony had changed a lot of security algorithms to protect these loaders inside LV0 however, rest assure every PS3 developer is hot on the news of everything going on. No one will be able to find 4.XX LV1, LV2_kernel, AppLDR keys inside the decrypted LV0 so there would need to be an investigation regarding how Sony store these keys right now. Already hard at work Multiman and Rogero have released new CFW along with other developers working hard. Rogeros new CEX 4.21 CFW FFA was pulled however due to bricking issues, so be alert to that. With this we may in some vary valuable information, in a way, that’ll help get some much needed help in also hacking the Vita but that’s not something to be confirmed. Although in given time more information and understanding on this will come, so stay tuned.

http://wololo.net/2012/10/24/ps3-blown-open-scene-chaos-lv0-keys-leaked-and-working/

 

[mojo]

ja man, schmeißt die PS3 völlig auf den Buckel, dann gibts schneller die PS4

 

[PS3Man]

Also ist eine CFW bald auf jeder PS3 installierbar, verstehe ich das richtig?

 

[crysmopompas]

Also ist eine CFW bald auf jeder PS3 installierbar, verstehe ich das richtig?

Ist mir auch nicht klar, ob sich durch die neuen Keys etwas geändert hat.
Afaik läßt sich (schon bisher) auf allen alten PS3 eine CFW installieren, aber wenn man Firmware >3.55 am laufen hat braucht man dazu einen Hardwareflasher.

 

[crysmopompas]

Gute Erklärungen von Marcan (fail0verflow):

Spoiler

by marcansoft (727665) <hector @marcan soft. c o m> on Tuesday October 23, @09:04PM (#41747075) Homepage

The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it). This second-stage bootloader verifies lv0. Sony signed lv0 using the same broken process that they used for everything else, which leaks their private key. This means that the lv0 private key was doomed from the start, ever since we demonstrated the screwup at the Chaos Communication Congress two years ago.

However, because lv0 is also encrypted, including its signature block, we need that decryption key (which is part of bootldr) before we can decrypt the signature and apply the algorithm to derive the private key. We did this for several later-stage loaders by using an exploit to dump them, and Geohot did it for metldr (the "second root" in the PS3's bizarre boot process) using a different exploit (we replicated this, although our exploit might be different). At the time, this was enough to break the security of all released firmware to date, since everything that mattered was rooted in metldr (which is bootldr's brother and is also decrypted by the per-console key). However, Sony took a last ditch effort after that hack and wrapped everything after metldr into lv0, effectively using the only security they had left (bootldr and lv0) to attempt to re-secure their platform.

Bootldr suffers from the same exploit as metldr, so it was also doomed. However, because bootldr is designed to run from a cold boot, it cannot be loaded into a "sandboxed" SPU like metldr can from the comfort of OS-mode code execution (which we had via the USB lv2 exploit), so the exploit is harder to pull off because you don't have control over the rest of the software. For the exploit that we knew about, it would've required hardware assistance to repeatedly reboot the PS3 and some kind of flash emulator to set up the exploit with varying parameters each boot, and it probably would've taken several hours or days of automated attempts to hit the right combination (basically the exploit would work by executing random garbage as code, and hoping that it jumps to somewhere within a segment that we control - the probabilities are high enough that it would work out within a reasonable timeframe). We never bothered to do this after the whole lawsuit episode.

Presumably, 18 months later, some other group has finally figured this out and either used our exploit and the hardware assistance, or some other equivalent trick/exploit, to dump bootldr. Once the lv0 decryption key is known, the signing private key can be computed (thanks to Sony's epic failure).

The effect of this is essentially the same that the metldr key release had: all existing and future firmwares can be decrypted, except Sony no longer has the lv0 trick up their sleeve. What this means is that there is no way for Sony to wrap future firmware to hide it from anyone, because old PS3s must be able to use all future firmware (assuming Sony doesn't just decide to brick them all...), and those old PS3s now have no remaining seeds of security that aren't known. This means that all future firmwares and all future games are decryptable, and this time around they really can't do anything about it. By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s. From the homebrew side, it means that it should be possible to have hombrew/linux and current games at the same time. From the piracy side, it means that all future games can be pirated. Note that this doesn't mean that these things will be easy (Sony can obfuscate things to annoy people as much as their want), but from the fundamental security standpoint, Sony doesn't have any security leg to stand on now.

It does not mean that current firmwares are exploitable. Firmware upgrades are still signed, so you need an exploit in your current firmware to downgrade. Also, newer PS3s presumably have fixed this (probably by using newer bootldr/metldrs as trust roots, and proper signing all along).

The keys are used for two purposes: chain of trust and chain of secrecy. The compromise of the keys fully compromises the secrecy of the PS3 platform permanently, as you can just follow the links down the chain (off-line, on a PC) and decrypt any past, current, or future firmware version. Current consoles must be able to use any future firmware update, and we now have access to 100% of the common key material of current PS3s, so it follows that any future firmware decryptable by current PS3s is also decryptable by anyone on a PC.

However, the chain of trust can be re-established at any point along the line that can be updated. The chain of trust is safely rooted in hardware that is near impossible to modify (i.e. the CPU's ROM and eFuse key). The next link down the chain has been compromised (bootldr), and this link cannot be updated as it is specific to each console, so the chain of trust now has a permanent weak second link. However, the third link, lv0, can be updated as it is located in flash memory and signed using public key crypto. This allows Sony to secure the entire chain from there onwards. Unless you find a vulnerability in these updated links, you will not be able to attack them directly (applications, e.g. homebrew software, are verified much further down the chain). The only guaranteed way to break the chain is to attack the weak link directly, which means using a flash writer to overwrite lv0. Once you do so, the entire chain collapses (well, you still need to do some work to modify every subsequent link to turn off security, but that is easy). If you have old firmware, you have at least some other weak links that, when compromised, allow you direct access to break the bootldr link (replacing lv0), but if you run up to date firmware you're out of luck unless you can find a weakness or you use hardware.

Old PS3s are now in the same boat as an old Wii, and in fact we can draw a direct comparison of the boot process. On an old Wii, boot0 (the on-die ROM) securely loads boot1 from flash, which is securely checked against an eFuse hash, and boot1 loads boot2 but insecurely checks its signature. On an old PS3, the Cell boot ROM securely loads bootldr from flash, which is securely decrypted and checked using an eFuse key, and then bootldr loads lv0 but checks its signature against a hardcoded public key whose private counterpart is now known. In both cases, the system can be persistently compromised if you can write to flash, or if you already have code execution in system context (which lets you write to flash). However, in both cases, you need to use some kind of high-level exploit to break into the firmware initially, particularly if you have up-to-date firmware. It just happens that this is trivial on the Wii because there is no game patch system and Nintendo seems to have stopped caring, while this is significantly harder on the PS3 because the system software has more security layers and there is a game patch system.

The name is presumably wrong - they would be the bootldr keys, as the keyset is considered to "belong" to the entity that uses those keys to check and decrypt the next thing down the chain - just like the metldr keys are the keys metldr uses to decrypt and verify other *ldrs, the bootldr keys are the keys bootldr uses to decrypt and verify lv0.

Anyway, you're confusing secrecy with trust. These keys let you decrypt any future firmware; as you say, if they were to "fix" that, that would mean new updates would not work on older machines. However, decrypting firmware doesn't imply that you can run homebrew or anything else. It just means you can see the firmware, not actually exploit it if you're running it.

The only trust that is broken by this keyset (assuming they are the bootldr keys) is the trust in lv0, the first upgradable component in the boot process (and both it and bootldr are definitely software, not hardware, but bootldr is not upgradable/replaceable so this cannot be fixed). This means that you can use them to sign lv0. Period. Nothing more, nothing less. The only things that these keys let you modify is lv0. In order to modify anything else, you have to modify everything between it and lv0 first. This means that these keys are only useful if you have write access to lv0, which means a hardware flasher, or an already exploited console, or a system exploit that lets you do so.

Oh, one more thing. I'm assuming that these keys actually should be called the bootldr keys (as in the keys that bootldr uses to verify lv0), and that the name "lv0" is just a misnomer (because lv0 is, itself, signed using these keys).

If this keyset is just what Sony introduced in lv0 after the original hack, and they are used to sign everything *under* lv0 and that is loaded *by* lv0, then this whole thing is not newsworthy and none of what I said applies. It just means that all firmwares *to date* can be decrypted. Sony will replace this keyset and update lv0 and everything will be back at step 1 again. lv0 is updatable, unlike bootldr, and is most definitely not a fixed root of trust (unlike metldr, which was, until the architecture hack/change wrapped everything in lv0). If this is the case, color me unimpressed.

by marcansoft on Wednesday October 24, @01:04AM (#41748707) Attached to: PS3 Encryption Keys Leaked

Nevermind, I just checked. They are indeed the bootldr keys (I was able to decrypt an lv0 with them). Consider this confirmation that the story is not fake.

http://slashdot.org/comments.pl?sid=3205473&cid=41748707 via http://www.ps3hax.net/showthread.php?p=457761#post457761

In Kürze:

The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it). This second-stage bootloader verifies lv0.

I just checked. They are indeed the bootldr keys (I was able to decrypt an lv0 with them). Consider this confirmation that the story is not fake.

Bekannt sind jetzt öffentlicher und privater Schlüssel des unveränderbaren "bootldr". Damit kann man selbst beliebige Firmware signieren und neue Firmware entschlüsseln.
(Gilt nur für die alte PS3 Hardware)

 

[tweebears]

Jap, genau. Soweit ich das verstanden habe, können alle Konsolen die jemals die 3.55 hatten, auf die 4.25 CFW. Konsolen die schon mit einer höheren Version >=3.60 ausgeliefert wurden, können keine 4.25 CFW installieren.

 

[crysmopompas]

Mit einem Hardwareflasher müßte man auf jeder alten PS3 (bis incl. ersten Slims) eine beliebige Firmware installieren können.
Softmod geht sowieso nicht mehr sobald man eine der neueren offiz.Firmwares drauf hat da Sony die Lücken in den Wartungszugängen entfernt hat.

 

[tweebears]

Ja gut, mit dem Hardwareflasher hast du natürlich recht

 

[crysmopompas]

Bans going out for ps3 cfw users who've gone on PSN
Console AND account even.

http://www.neogaf.com/forum/showpost.php?p=44291733&postcount=1049

Das hatte Sony damals angedroht, aber nie gemacht. Wenig später kam man mit CFW sowieso nicht mehr ins PSN, und die Frage stellte sich nicht mehr. Mittlerweile geht's bekanntlich wieder.
Accountban ist natürlich hart, aber das Risiko sollte jeder kennen.

---------- Beitrag um 22:14 Uhr hinzugefügt ---------- Vorheriger Beitrag um 22:10 Uhr ----------

Important Notice: Access to the PlayStation®Network and Access to Sony Entertainment Network Services

Dear valued PlayStation®3 customers,

Unauthorized software for the PlayStation®3 system was recently released by hackers. Use of such software violates the terms of the "System Software License Agreement for the PlayStation®3 System" and the "Terms of Services and User Agreement" for the PlayStation®Network/Sony Entertainment Network and its Community Code of Conduct provisions.

Violation of the System Software License Agreement for the PlayStation®3 system invalidates the consumer's right to access that system. Consumers running unauthorized or pirated software may have their access to the PlayStation®Network and access to Sony Entertainment Network services through PlayStation®3 system terminated permanently.

To avoid permanent termination, consumers must immediately cease using and delete all unauthorized or pirated software from their PlayStation®3 systems.

In order to help provide a safe, fair, online environment, consumers who we believe violate "Terms of Services and User Agreement" for the PlayStation®Network/Sony Entertainment Network or the applicable laws or regulations of their country or region risk having access to the PlayStation®Network and access to Sony Entertainment Network services terminated permanently.

http://us.playstation.com/news/consumeralerts/

Klingt wie die alte Warnung, konkrete Erfahrungen habe ich noch nicht gefunden.