racketboy.com

noiseredux wrote:isn't this something that Sony can just stop with another update though?

So what can Sony do? It can easily move on to new keys that do indeed use the random number element correctly, and these keys cannot be easily reversed. However, it cannot revoke the keys already used without invalidating every game and every piece of DLC released to date – and while those compromised keys remain valid, so does everything else signed by the hackers. Just about the only option available is to create a mammoth "white list" of executable code encompassing every single game and DLC patch released in the last four years and then blacklist anything else using the current keys.

However, the scale of this task is monumental – and ultimately pointless – as the Fail0verflow team have already demonstrated that revocation lists in the PS3 can be patched and that there is complete access to the system throughout its now-broken "chain of trust". New loaders using the new keys can simply be patched to accept the revoked older keys too. Making matters worse for Sony is the fact that the "master keys" for the PS3's initial bootloader – which can never be revoked and only changed with revised hardware – were uploaded onto the internet last night by iPhone hacker George Hotz (aka Geohot), using an exploit unknown even to the Fail0verflow team. This is system access at the very root of the system, a "master key" to the whole architecture.

noiseredux wrote:isn't this something that Sony can just stop with another update though?

Niode wrote:

noiseredux wrote:isn't this something that Sony can just stop with another update though?

No because if they change the key it means that EVERY piece of previously released official code will cease to work. It means that EVERY game would need to be decrypted, resigned and encrypted again. Something not possible with read only media. The only way they can get around it is by creating the mother of all whitelists and a constantly updating blacklist. Which is completely pointless as the hackers will just remove the blacklist part of the firmware and you've got full access to the system again. It's not possible to fix.

noiseredux wrote:

Niode wrote:

noiseredux wrote:isn't this something that Sony can just stop with another update though?

No because if they change the key it means that EVERY piece of previously released official code will cease to work. It means that EVERY game would need to be decrypted, resigned and encrypted again. Something not possible with read only media. The only way they can get around it is by creating the mother of all whitelists and a constantly updating blacklist. Which is completely pointless as the hackers will just remove the blacklist part of the firmware and you've got full access to the system again. It's not possible to fix.

interesting. Could they pull a PSP and require some sort of new firmware that would F this up if you want to play any PS3 games released from today forward? (Do you know what I'm saying?)

Niode wrote:No, because if they change the encryption method in any way it breaks previous released software completely. While I can imagine Sony pulling a dick-move like that, I don't think they will. (I hope!) All you need to do is resign the eboot to use the old loader and it will work in previous firmwares. Because modules can be patched and modified, should they include some sort of modified VSH it's trivial to decrypt, modify and use it on a previous firmware. The security is absolutely wide open. Nothing Sony can do moving forward will stop the current exploit from being used short of a complete hardware overhaul and re-issuing every owner with a complete set of new software. Something Sony will never ever do.