• PlayStation 3 Hackers Uncover System Master Key, Open Up the Console

    The PlayStation 3 hacking debate continues, even after Sony tried to patch up the vulnerabilities of the system through firmware updates, as the team that hacked the Nintendo Wii many years ago, fail0verflow, has just revealed that it has obtained the PS3's "private cryptography key."

    For those of us less technically-inclined, it is basically the master skeleton key for the whole system, and allows complete control over the Japanese console.

    This key will enable hackers to run their own code and applications on the PS3 as well as install any Linux-based operating system, the actual goal of the team.

    Sadly, as you can imagine, the discovery of the master key also leaves the door wide open for people to run pirated games on the console and use it for other nefarious purposes.

    Speaking at the 27th annual Chaos Communication Conference, the hacking team details the whole process of finding the key, and says that the fault belongs entirely to Sony's programmers, who achieved an "epic fail" by not putting a random key generator inside the console, in order to prevent the vulnerability.

    The whole PlayStation 3 hacking scandal began quite a long time ago, when a reputed hacker bragged about being able to exploit the old PlayStation 3's Other OS feature, which allowed owners to install Linux on the machine.

    Sony acted fast, and the feature was deleted through a firmware update and through the release of the PlayStation 3 Slim.

    That didn't stop hackers, as the first PlayStation 3 Jailbreak appeared late this summer, with hackers using a special USB dongle to force the console into service mode and run pirates games and homebrew applications.

    Sony countered with two firmware updates 3.42 and 3.50, which patched the vulnerabilities.

    This was beaten once more by hackers, who managed to force the console to downgrade its firmware to the older 3.41 version, which allowed jailbreaking.

    Last we heard, Sony's 3.55 firmware eliminated that other vulnerability, and hackers were pretty much defeated.

    Now, thanks to this new effort, it seems that the PlayStation 3 has been thoroughly defeated, unless Sony comes up with a way to patch this incremental oversight.

    If you really want to know the specifics of the discovery and what its implications are, check out the complete 44-minute presentation below, and expect proof-of-concept videos to appear in the near future.

    Source: Softpedia
    Comments 5 Comments
    1. iLOVENZB's Avatar
      iLOVENZB -
      Only on the JPN console? So it's pretty much useless for NTSC/PAL consoles?
    1. colt45joe's Avatar
      colt45joe -
      no, for ALL consoles. fat, slim, and all regions. the ps3 is now completely open pretty much. hackers can do whatever they want on it.

      most of the hackers working on the ps3 now are the same ones that worked on the wii... so, we should be seeing a lot of similar stuff that a hacked wii can do, and much more!
    1. Jungleboy's Avatar
      Jungleboy -
      Interesting development
    1. Appzalien's Avatar
      Appzalien -
      Ever since the Sony music CD root kit scandal, I have refused to buy anything from them. My mothers Sony DVD player refuses to play even many store bought disks because they are way too aggressive with their DRM. So, hack away, but don't expect me to buy one. I won't give Sony a dime anymore, their on my shoot list along with Nero for taking a great application and driving it into the ground.
    1. SonsOfLiberty's Avatar
      SonsOfLiberty -
      Following up to the amazing recent release of the PS3 root key by geohot earlier today on our forums, it did not take long for our valued PSX-SCENE members to start working on the v3.50 appldr keys!

      Within hours, thanks to our talented PSX-SCENE developer netkas the lock was quickly picked for v3.50 apps:

      Originally Posted by netkas
      thx to geohot metldr keys i was able to find 3.5 - appldr key

      decrypted vsh.self and pne of 3.50 keys game with it, its real!


      erk: 94 5b 99 c0 e6 9c af 05 58 c5 88 b9 5f f4 1b 23
      26 60 ec b0 17 74 1f 32 18 c1 2f 9d fd ee de 55

      riv: 1d 5e fb e7 c5 d3 4a d6 0f 9f bc 46 a5 97 7f ce
      p.s. sry, hexdump messed byte order to little endian int16, fixed now
      And of course quickly followed up by grabbing the v3.41 keys:

      Originally Posted by n4ru
      Got it working now, yea.
      Wondering if app-key-341 and app-iv-341 are floating around somewhere.

      Originally Posted by netkas
      erk: 83 8f 58 60 cf 97 cd ad 75 b3 99 ca 44 f4 c2 14
      cd f9 51 ac 79 52 98 d7 1d f3 c3 b7 e9 3a ae da

      riv: 7f db b2 e9 24 d1 82 bb 0d 69 84 4a dc 4e ca 5b
      What does this all mean to the end-user, well the goal is now you might be able to very soon play those impossible games like Gran Turismo 5 and Need 4 Speed: Hot Pursuit on your v3.41 Jailbroken consoles, because now thanks to the hard-thankless-work of our valued PSX-SCENE members you be able to decrypt those games EBOOT.bin that were complied by Sony using their SDK v3.50. As you can see, they changed the keys between v3.41 to v3.50 to stop us PS3 Jailbreakers from play the latest and hottest games.

      Stay tuned to PSX-SCENE like always to bring you the latest and best in the mad-hatter PS3 scene!


      Best part IMO (sure the keys leaking are great but......)
      We basically learned that the PS3 security is now “epic fail”, and the 360 is currently a more secure system compared to the PS3.


      Means GT5, N4S playable soon...just in time for Drakes Uncharted III....but bad thing here is, if Sony make s huge hardware update of some kind, there games will not play on the old "systems" so who know what here going to do.