Alleged hack cracks PS3 master key

Posted by Lydia Leavitt

At this week's Chaos Communication Conference, a group of hackers known as fail0verflow appeared to crack the PS3's randomized key cryptography and access the system's master code.

The team demoed the alleged security flaw by creating a hack and installing Linux on the system.

It should be noted that Linux was originally advertised as a selling point for the PS3, until the option was unceremoniously removed via a firmware update. 



Unsurprisingly, when the newer PS3 Slim was introduced, Linux wasn't included because Sony claimed the OS made the system more "vulnerable" to key cryptography hacks.

Interestingly enough, what team fail0verflow presented on Tuesday illustrated the system's poor use of public key cryptography and how it was in fact easy to hack even if Linux wasn't present.

So, to hack the system and install Linux, the team first bypassed basic PS3 security measures like the chain of trust, a hypervisor, and signed executables. 



After that, the team zoned in on the PS3's ECDSA signature, a private cryptographic key required for high levels operations.

Then, fai0verflow worked backwards and managed to identify a parameter that should have been randomized for each key generation - but wasn't. For some reason, the PS3 used the same number for that variable over and over again, allowing the team to generate acceptable keys.

Sony could face a major problem if the above-mentioned process is duplicated by others, as it would allow hackers to easily gain full access to the master code.

And once the system is cracked, it means that end-users could run any program coded for the PS3 regardless of firmware version.

In addition, the same method could theoretically be employed to sign copies of PS3 games and play them on the console via burned Blu-ray discs. 


(Via Ars Technica)