back to article Sony sues PlayStation 3 'hackers'

Sony has set the lawyers on hackers who figured out a way to run unsigned code on PlayStation 3 consoles without the use of a dongle. The hack, made possible by the discovery of the private key Sony used to sign its software, was demonstrated by a group called fail0verflow at the Chaos Communication Congress in Berlin late …

COMMENTS

This topic is closed for new posts.
  1. Mike Brown

    nope

    "Sony may attempt to reestablish control of the situation by updating PS3 console software over the net. "

    if they do that, all the currant games wont work. wrong key, you see....

    with regards to the lawyers, this is a dangerous tactic by sony, if they lose they open the door for every hacker. look at jail broken iphones.

    1. Anonymous Coward
      FAIL

      Bedrooms coders

      Don't you just love them. Their only knowledge of cryptography and PS3 hardware is what they read on some internet forum.

      Sony have already said they can block this. It's also been acknowledged that Sony can also detect it (so expect permenent console bans to kick on pretty soon), and it's also illegal under DCMA.

      I think the onlt jailbreaking that idiot George Hotz will be doing soon, is with a spoon trying to scrape away the mortar from between the bricks in his cell..

      I hope it was worth it....

      1. Darryl

        Detect it, or "detect it"?

        "Sony have already said they can block this. It's also been acknowledged that Sony can also detect it"

        Can they actually detect it, or is this just more FUD like the cable TV companies used in the '80's to (attempt to) scare people away from plugging in more than one TV?

      2. Anonymous Coward
        FAIL

        Wrong

        It's a *CIVIL* lawsuit. CIVIL == no jailtime.

    2. DrXym Silver badge

      There are things they could do

      The most obvious ways Sony could rein things in a bit would be:

      * Add a challenge / response during PSN sign on. e.g. asks firmware to checksum some arbitrary range of bytes in its fw or memory to proceed. Wrong answer gets flagged.

      * Embed silent audits into fw updates and into games. There could be multiple audits so it's not a simple case of patching a few lines of assembly. E.g. an audit might be done in obscure corners of the XMB, e.g. change wallpaper and an audit fires off. Audit would search for popular homebrew / pirate apps such as iso loaders. Results of audits get sent up to PSN or Sony via any active network connection.

      * Start padding out game data with garbage, duplicate data, etc so games fill a 25Gb, 50Gb or 66Gb disc. (Sony has a format in the works for 66Gb)

      * Banning anyone stupid enough to fail an audit or run cracks and sign into PSN.

      * Move more content online so PSN becomes more necessary

      At the end of the day none of these things are foolproof. The intent is to detect piracy and slow down / discourage it. Even that is worthwhile if it puts days or weeks between games being cracked, if ever.

      On the flip side they could also foster goodwill by:

      * Recognize things have gone way beyond the OtherOS removal so reinstate it. Split the pirates and homebrewers into 2 camps

      * Step up firmware updates again with new functions. Keep crackers on the backfoot by providing reasons for users to stay legit.

      1. Ammaross Danan
        Boffin

        A few notes of counter

        "Start padding out game data with garbage, duplicate data, etc so games fill a 25Gb, 50Gb or 66Gb disc. (Sony has a format in the works for 66Gb)"

        Garbage data is easily compressible (unless it's highly random, non-repeating strings of bits) or is simple enough to create a "PS3 ISO compressor" that simply reverses whatever method they use to detect and skip over the garbage data and remove it, then on-the-fly dump the "non-garbage-padded" ISO to a bzip or the like compressed file. On the receiver's end, they would feed the compressed file back into the ISO compressor tool to reinflate it and add the garbage back in. All in all, unless it's real data, it can be compressed (usually). The compressor might even strip the encryption on the files (if needed) to make the actual data more compressible and reapply the encryption on the "inflate" side, since the key is known.

        As for things like "Add a challenge / response during PSN sign on. e.g. asks firmware to checksum some arbitrary range of bytes in its fw or memory to proceed. Wrong answer gets flagged." it would be simple enough to have your new "rogue" code respond with an authentic checksum response or the like. Basically, if the response is generated console-side, it can be duplicated. As well as "audits" being defeated.

        But you recognize this by stating: "At the end of the day none of these things are foolproof." but fail to mention that it is fairly trivial to the point of worthless to attempt to incorporate the measures.

        1. DrXym Silver badge

          @Ammaross

          Garbage data could be encrypted random bytes which by definition are not compressible at all. Even legit data could be encrypted on disc so it too is essentially random and uncompressable. Every game could do this, hiding their keys and so forth making it a chore to figure out which files are needed and which aren't. The purpose is not to necessarily produce a crack proof scheme for the game but to put delays between the time a game is released and the pirate copy appears. Of course pirates might release the entire 66Gb dump to P2P but I bet very few people would be bothered to download it.

          As for PSN challenge response, the whole point of making an arbitrary challenge is so the cfw *can't* guess. One time it might ask to checksum a particular file, another time to send register state, another time a randomized range of bytes in memory. Sony would have the advantage of knowing which challenges would fail on the bogus firmware and craft their challenges accordingly. The purpose is that unless the custom firmware perfectly answers the challenge each time the user is going get flagged and probably banned.

          And no the measures are not worthless or trivial. They're exactly the sort of things that Sony will have to do to put any measure of protection back into their system. Microsoft already does similar things in XBL which is why we see occasional waves of bannings. They are a deterrent.

          The intent is not to make the system cracker proof but to deter and put a huge burden on crackers so that every firmware release, every game release takes an inordinate amount of time to break. Time means more legitimate sales of the software which at the end of the day is what Sony (and its publishers) are concerned about losing.

          1. Thomas 4

            @DrXym (first post)

            I'm pretty sure a lot of games are already padded with garbage anyway - Dante's Inferno on the PS3 springs to mind.

      2. Anonymous Coward
        Thumb Down

        Re There are things they could do

        Covertly collecting data on other peoples computers is illegal and will land Sony and co. in deep shit if they start scanning. The resulting lawsuit from the masses would send Sony to an early grave.

    3. Annihilator Silver badge
      Boffin

      They could block it...

      Have been thinking about this with my tongue out for a minute or so and I've come up with a solution Sony could use.

      Essentially, the problem is that if they change the encryption keys, all previous games will likely now fail to run (you have to block any code that has been signed by the old key - except the legit stuff, which you've no real way of identifying).

      However - most games auto-update (or alert you to new versions) with patches. If Sony can get all their publishers to push out a new patch, job done. The problem is getting all the publishers to support a patch for their back-catalogue - no mean feat, especially as some will have been orphaned by now. Alternatively, you could have a whitelist of approved games that have the old encryption key - which assumes Sony know their back catalogue inside out (presumably they do).

      Or lastly, they could just reimplement the "Other OS" option, the removal of which seems to have caused this hacking crusade in the first place. Especially as I doubt they have a leg to stand on by suing these people.

      1. Daniel B.
        Boffin

        OtherOS

        "Or lastly, they could just reimplement the "Other OS" option, the removal of which seems to have caused this hacking crusade in the first place. Especially as I doubt they have a leg to stand on by suing these people."

        Yes. I'm pretty sure that fail0ver and other real hackers will simply stand down if they re-enable OtherOS ... which is the reason they started hacking at the PS3 in the first place!

        @Bedroom Coders: You fail at crypto even more than Sony. The math involved in cracking the PS3 is not trivial, breaking asymmetric keys isn't trivial, and getting yourself into the CCC isn't something that "skreept keedz" would be able to do. GeoHot did basically take the fail0verflow tools and do some cheap jailbreaking, but it wouldn't have been possible without fail0ver's research. In fact I don't have a good opinion of him, as he actually enabled piracy in the PS3, which the fail0ver crew *didn't* do because they didn't want to enable pirates, only restore OtherOS functionality.

        1. Annihilator Silver badge
          Unhappy

          re: OtherOS

          "Yes. I'm pretty sure that fail0ver and other real hackers will simply stand down if they re-enable OtherOS ... which is the reason they started hacking at the PS3 in the first place!"

          On the other hand though, they may carry on - at this point the die has been cast and Sony have shown they will happily drop the axe and force an ultimatum of PSN or OtherOS. Who's to say how long it would stay if they did reverse their decision?

          Sadly, not that they'll change their mind and restore it anyway..

    4. Craig Chambers
      Joke

      Currant games?

      Also the raisin and sultana based games for PS3 won't work.

    5. Anonymous Coward
      Joke

      And the raisin for that?

      Dont worry. I already got me coat...

  2. Jolyon Ralph
    Stop

    How?

    >As well filing the lawsuit, Sony may attempt to reestablish control of the situation by

    >updating PS3 console software over the net.

    How will that work? even assuming they could change the root keys, wouldn't that turn your existing PS3 discs into expensive coasters?

    From what I can see this is pretty much game over for PS3 security.

    1. Anonymous Coward
      Boffin

      Wouldn't that turn your existing PS3 discs into expensive coasters?

      Yes it would.

      Updating is not possible as the key is hardcoded into a chip. I'm just surprised that no-one had milled the chip down and microscoped it sooner.

    2. Charles 9 Silver badge

      Not necessarily.

      They'd simply have to lock out ALL forms of firmware upgrade that cannot be authenticated (meaning update-by-USB would be killed). That means updates would come either through game discs (and the PS3 contains HARDWARE lockouts to prevent BD-Rs being used--only official PRESSED discs would work) or through PSN (which will have separate authentication channels--without Sony's SSL certificate, you can't MiTM an SSL-based online update).

      1. Daniel B.
        Boffin

        The Update Method

        The "PSN Update" isn't done by SSL. In fact, it is a crappy txt file that says which is the latest FW version, and gives the link to download the latest FW. Any skilled IT person could simply set up his own "PSN Update" server and point it to a custom FW file. It just won't be possible to stop these things.

        If anything else fails, the hardware flashing mechanism will work. The ROM keys were compromised.

        1. Charles 9 Silver badge

          So just update it.

          Just include the update that FORCES using SSL for future updates. Once that one update goes in (via network or game discs), the update gets locked down. The update can also look for and scrub clean backdoors and frontends.

  3. Argh!
    IT Angle

    And yet again...

    ... is the crushing pointlessness of DRM highlighted for all to see.

    "Piracy BAD", yes maybe but you don't stop it by annoying your paying customers rather than the people you're trying to stop. Any more than you stop a charging elephant with a sheet of cling film.

    1. Raggs

      It has the opposite effect if anything

      Bad DRM can drive people to getting illegal versions (I think Spore was a fantastic example, friend of mine bought the real thing, struggled so much with the security that he just put the dvd on the shelf and cracked it).

      Most games these days have the security broken before release anyway, those lucky few that don't are usually done within a few days of release, it stops nothing, but makes honest people wonder why they are getting punished.

    2. DrXym Silver badge

      Which paying customers are annoyed?

      DRM has kept the PS3 piracy free for 4 years so it's clearly not pointless. Compare and contrast it to piracy on the Wii & DS for example. Where Sony screwed up by accounts was by using a weak random number generator which made the private key predictable from the public key. With the private key crackers & pirates are now able to sign arbitrary code so it passes security checks. If the key had not been weak this would have been considerably more difficult to do.

      As for annoyed paying customers, I doubt the removal of OtherOS affected many people at all. Certainly legit customers shouldn't be annoyed by Sony going after crackers.

      1. Daniel B.
        FAIL

        As a paying customer...

        "As for annoyed paying customers, I doubt the removal of OtherOS affected many people at all. Certainly legit customers shouldn't be annoyed by Sony going after crackers."

        yet the OtherOS removal pissed off the kind of people that were skilled enough to crack the PS3. It's as stupid as that dude who wanted to burn Korans in the US. You're asking for it.

        As for me? I was one of those "rare" dudes who buys PS3 games *and* uses the PS3 Linux for research purposes. If you don't know the difference between CellBE and craptel x86, you're too dumb to even argue the 'buy a PC' FUD. We were hit by OtherOS removal precisely because we *do* play games, but we can't because updating will kill Linux support.

        Really. Is someone playing games *and* running Linux too much of a stretch??

        1. DrXym Silver badge

          @Daniel B

          I've used Other OS and YDL and the Cell SDK. That doesn't mean I can't recognize that the number of people who likewise were miniscule and diminishing and it's removal hardly affected anyone at all. Of the people who did use Other OS, I expect a large number would have ended up in research labs where they wouldn't be updating their firmware anyway.

          So while regrettable, let's not pretend many people were aggrieved by removing OtherOS. It certainly doesn't account either why anyone would get riled by crackers whose intention is plainly, absolutely not to reinstate OtherOS but to produce custom firmware whose primary purpose will be piracy. It only takes a glance at other compromised systems, such as the Wii, DS, and PSP to recognize what utter bullshit it is when people cite "homebrew".

      2. Anonymous Coward
        Coat

        the wii

        i read thet it was nintendo (well an employee) who let the cat out of the bag....

        It is my understanding that somebody sent a wii back to nintendo for service and when it was returned a "service disc" was left in the wii... It just happened that this wii belonged to someone who had a clue.... if it was returned to 99.999% of all other nintendo wii owners then it ether would have gone on a shelf / in bin or sent back to nintendo...

        its from this disk that all the unsigned software that has spawned on the wii had evolved...

        also the wii is totally pownd now by the hackers..

  4. Anonymous Coward
    Happy

    A bit pointless

    While I can see why Sony feels the need to sue (in order to put off future disclosures and leaks), it seems rather pointless to get an injunction to stop the code being published. It's "out there". There's no going back, regardless of what any court says.

    As for all the comments that have been previously posted along the lines of "a new key in the PS3 would stop all existing games from working", well, I'm sure it's not beyond the whit of Sony to put TWO keys in there and use the second key for all new stuff? Or put in a more flexible key system to future-proof it againt any future leaks. Just a wild, shot-in-the-dark guess.

    1. david 63

      Yeah but

      If the original key is still there the hack still works...

      It seems that is true of any solution that doesn't trash existing stuff...

    2. m3kw
      FAIL

      That won't work either.

      No, they can't add keys through firmware updates. The ROOT keys are NOT inside the system!

  5. Ralph B
    Unhappy

    The Good, the Bad ...

    While I suppose it'll be nice to be able to run Linux on a PS3, it won't be so nice playing online games against cheat-code-equipped players.

    Game over in fact.

    Shame, because it was quite fun for a while.

    1. Heff
      Paris Hilton

      IDK about that

      people havent thrown away their xboxes despite the endemic cheating on that platform.

      paris, because she.. speared through a wall. or something.

      1. Ralph B

        Yes but ...

        > people havent thrown away their xboxes despite the endemic

        > cheating on that platform.

        I never said they would throw away their consoles. But I did suggest they'd have less fun playing online against cheat-equipped players.

        That was my point.

  6. Anonymous Coward
    Happy

    Sony, eh?

    doncha just luv 'em?

    The same company who put spyware in their CDs to stop people copying them,

    want to punish people who, for free and for fun,

    want to multiply the potential of hardware they paid for and now own

    I might get a PS3 so I can do this

    1. DrXym Silver badge

      Wrong

      Actually they want to stop people from ripping and pirating games which are then signed so they validate and run through the PS3's security checks. I seriously doubt Sony gives a flying fig about "homebrew".

      1. Jamie Jones Silver badge

        Re: Wrong

        Well, if that is the case it's those who rip and pirate games they should be going after not these guys.

        If what they've done is really against the law, then you have a really bad law over there

        1. DrXym Silver badge

          @Jamie

          That is what they're doing. The two camps are indistinguishable. It is absolutely clear from other cracked systems (e.g. the DS & PSP) that homebrew is just a convenient excuse for pirates and that the cracks are overwhelmingly used to enable piracy.

          It's clear from the number of thumbs down people are flagging me with that they can't comprehend this simple fact. Sony give a crap about the issue because they'll lose hundreds of millions to piracy, not so some guy can write an MKV player.

          1. Jamie Jones Silver badge

            @DrXym

            If what you are saying is true, then fair enough, and you don't deserve the downvotes.

            I can see how pirates would have a vested interest in cracking the systems, but then why publish it?

            I think these people are simply the bedroom geeks who want an open system for experimenting and linux etc.

          2. finnbarr
            FAIL

            @DrXym

            "It's clear from the number of thumbs down people are flagging me with that they can't comprehend this simple fact."

            Or maybe they don't think that just because you say something is a fact, it must be so.

            Evidence or GTFO.

  7. Richard Gadsden 1

    Wouldn't that turn your existing PS3 discs into expensive coasters?

    Yes, but I suppose Sony could offer to replace original discs, presumably physically validating the discs. Wouldn't be that expensive.

    1. Anonymous Coward
      FAIL

      No

      They can update the firmware.

      What almost everyone is missing here, is you still need to use the original jailbreak to kick all this off, and even then, there are restrictions in the bits they havn't uncovered. I'm guessing there are backup mechanisms in place, and frankly I believe Sony not only have more money, more credibility but more skill than 12yr spotty bedroom coders.

      1. Anon the mouse

        @AC 15:32

        Wrong, this new method needs a file on a USB stick in a certain directory, run update from stick one hacked PS3.

      2. David Neil

        Breath in, breath out, now calm down

        Let's step through this nice and slowly ok.

        The root key is held on a non flashable hardware chip in the console. To revoke the key means replacing the hardware.

        If they push the firmware onto some other chip in the console, they need to sign the code with the key, thats the key that has been compromised btw.

        You then go and do your own thing, and guess what, the console accepts your input as legitimate as it's signed with the key that Sony cannot revoke, cause it's burnt into the ROM.

        As for the seething about 12 year old spotty coders, I assume you haven't actually spent any time validating the credentials of the guys who performed the analysis?

      3. Anonymous Coward
        Anonymous Coward

        re: no

        "but more skill than 12yr spotty bedroom coders."

        Well, obviously they haven't, or we wouldn't be reading this story.

      4. EXAFLOPS'R'US
        WTF?

        Er no...

        You don't need any jailbreak hardware to do this.

        Copy the current modified firmware to a USB stick and install it. Voila.

        The dongle hasn't been required since the firmware is now signed with Sony's key.

        1. Charles 9 Silver badge

          That can be addressed.

          Once a new official firmware is released, they can push it onto PS3s by network updates and new game discs. They'll do the following things:

          1. Disable firmwares by USB (killing the dongles).

          2. Change the network update mechanism to go through secure connections (thus disbling the MiTM attack).

          3. Find some way to make the update one-way so that not even Service Mode (the preferred method for downgrading firmwares) can reverse the process.

          Once all that's done, there'll be no way to get unofficial applications onto the PS3, not even signed ones, since the default software doesn't allow for that unless it goes through official channels (which can be hardened because they don't use the compromised key).

      5. Anonymous Coward
        Stop

        "12 year old spotty coders"?

        I think you'll find they are a little more intelligent that your average teenage FaceSlap user. They more not be the very best of the best, but I bet they easily code most IT professionals under the table in a challenge. Hacking firmware on locked down consoles is not kids-play, lots of things can go wrong like instantly bricking a £200 bit of hardware, think Indiana Jones in that ball-down-the-ramp scene.

        I don't play games other than Boogle and Scrabble on my iPhone, but I do have a great deal of respect for these people who spend so much time not just to get the kudos from their peers but to help others get more use from the hardware they have purchased.

        Is a little bit of respect for technically competent people, too much to ask?

    2. Argh!
      Thumb Up

      An excellent idea....

      "Yes, but I suppose Sony could offer to replace original discs, presumably physically validating the discs. Wouldn't be that expensive."

      Extremely I'd imagine and hope, making it a fantastic idea. Once they've gone through the cycle a dozen or so times over say 3 or 4 years as each successive iteration gets broken in it's turn they might get the point that DRM doesn't work and that it has exactly the opposite effect that they intend.

      .

    3. Daniel Barnes

      For that to work

      Sony would have to replace every disc sold so far and those sitting on shop shelves/in the distribution channel. How long would that take? How pissed off would people get if everyone had to send their entire game collection to sony and wait a couple of months to get new copies back.

      I'm not sure how many games have been sold to date but the postage would have to be paid (there and back), storage for all of them, new media, printing, remaking the games, 100's of peoples wages, storage for the new games, loss of sales, no doubt a class action suit in america, some sort of compensation for everyone and probably 100 other things i haven't even thought about.

      It would cost them a fortune

  8. Anonymous Coward
    FAIL

    Sony are the SCO of electronics.

    Sony are the SCO of electronics.

    I hope the hackers counter sue for £millions in damages

  9. Citizen Kaned

    from 2 sides.....

    sony make money from software/game sales so i can see why they didnt want the console hacked easily like the wii and xbox. the fact it is still only almost possible after 4 years is a success for sony. after all i think they will release details for ps4 very soon.

    @"... is the crushing pointlessness of DRM highlighted for all to see.

    "Piracy BAD", yes maybe but you don't stop it by annoying your paying customers rather than the people you're trying to stop. Any more than you stop a charging elephant with a sheet of cling film."

    - but the ps3 doesnt SEEM to have this BS. you can play all games offline. you can play almost all of them on any system (apart from the EA ones that require you to use a serial), meaning you can resell them (unlucky pc guys) and lend them to mates. the fact that the ps3 has been so well locked down has meant much fairer online gaming (no bots etc on ps3 online games - something that ruined pc online games years ago for me)

    i would imagine that sony has made more money from game sales than wii and xbox due to their ease of copying games.

    i can see how about 0.0001% of people who own a ps3 might be interested in linux on it but we all know the vast majority of hacking is purely to run copyritten games, meaning loss of income for sony. in the end we will all end up paying for that. look how many games do not make it to PC now as developers know their games will rarely be copied if playing on ps3 for example.

    1. The Indomitable Gall

      Nonsense.

      "i can see how about 0.0001% of people who own a ps3 might be interested in linux on it but we all know the vast majority of hacking is purely to run copyritten games, meaning loss of income for sony. in the end we will all end up paying for that."

      A) 0.0001% or otherwise is irrelevant. They're Sony's customers.

      B) The vast majority of hacking may be to run pirated games. I don't believe it is, but that's irrelevant. The most important hacking always comes from homebrew and/or Linux fans. They break the system to do what they want -- the warez junkies come in as a second phase, picking up what the homebrewers did and extending it. It's always a minor step, just as GeoHot took fail0verflow's hack and modified it to do more than originally intended.

      Many people saw the original OtherOS option as a very shrewd move by Sony -- they gave the homebrewers and the Linux crowd an "easy in", which meant they had no reason to break open the OS or firmware.

      And it worked pretty well -- without the assistance of the homebrew crowd, the dedicated pirates were on their own and didn't get very far.

      With OtherOS still in place, the fail0verflow guys would never have gone to the effort of breaking the encryption.

      1. Daniel Palmer
        Flame

        excuses..

        >>A) 0.0001% or otherwise is irrelevant.

        >>They're Sony's customers.

        0.0001% of 40 million units is nothing.. if they wanted to run Linux they should have bought a PC. Aside from maybe 4 people in "ethical PS3 hacking scene" there are very few people who could code to take advantage of the Cell.

        >>B) The vast majority of hacking

        >>may be to run pirated games.

        The only reason the PS3 has been hacked now is because of the PSJailbreak. The PSJailbreak is a device that is marketed as enabling piracy. The information used to pull off the PS3Jailbreak is going to be a mix of things discovered from what GeoHot did and maybe some leaked stuff. OtherOS was crippled from the start (probably to stop game publishers using it as a route to unlicensed games) and if these "ethical hackers" could have broken the crypto without the holy grail in piracy developments (The PSJailbreak) they would have done it ages ago.. they didn't.

        >>The most important hacking always

        >>comes from homebrew and/or Linux fans.

        So that's why the most important hack for the PS3, the one that opened all the doors, was .....drum roll ... wait for it .... A PIRACY DEVICE!

        >> the warez junkies

        The warez scene used to break security systems long before it was cool be be an ethical hacker and make statements like "its a fail overflow, ignore the fact it took 4 years..."

        >>originally intended.

        Except that the PSJailbreak used an exploit that no one else seemed to have noticed before it was released?

        >>Many people saw the original OtherOS

        Yes, the whole 3 people that used it seriously got very upset.

        >> no reason to break open the OS or firmware.

        OtherOS was crippled from the start...

        >>With OtherOS still in place, the fail0verflow guys would

        >>never have gone to the effort of breaking the encryption.

        Geohot did his initial stuff when the phat PS3 still had OtherOS.. he wanted to get access to the RSX GPU which isn't allowed in OtherOS (crippled from the start). And the ethical hackers may go on and on about "if we could run homebrew we wouldn't hack" but everyone knows that's crap. You could run homebrew in OtherOS, people were still trying to get around the GameOS security,... The Xbox360 has a development kit available... it still gets various hacks.

        If they said "we hacked because we like hacking stuff" fair enough, but making it out as some crusade for freedom is really retarded. There is plenty of open hardware out there, don't buy proprietary locked down hardware if what you actually want is a bog standard PC.

  10. Daniel B.

    Sheesh

    Because GeoHot just had to put the Piracy into the Linux-enabling hack, Sony can flog the "Piracy!" Flag on this one. Why the hell did he do that? Just enable Linux dammit!

    I do hope that the defense pulls up that they did it because of OtherOS's loss... it might probably help the other class-action suit out there.

    1. Anonymous Coward
      Stop

      That's just not true

      Geohot SPECIFICALLY did not patch the lvl2 kernel, so that backup managers could not work. This was to enabled homebrew inside GameOS. Someone else later patched (Ev1lNAT from memory) lvl2 and that enabled piracy.

  11. Anonymous Coward
    Anonymous Coward

    It's my console

    and I'll do what I want to...

  12. Anonymous Coward
    FAIL

    annnnnd queue the...

    PS4, sorry your PS3 disks wont work in it, but its a new model - honest >.> so you will have to buy it to replace the PS3

    (PS now stands for Playing Sucks, my xbox 360 is nosily mocking from under my TV.)

  13. Anonymous Coward
    Anonymous Coward

    cheats wont get a free run online

    They can still do checks against online consoles in much the same way xbox360 or punkbuster do and ban their accounts. Bluray disks and writers arn't exactly cheap either so I can't imagine everyone is going to rush out and make copies in their homes. What this really causes a problem with are larger scale pirates and conterfeiters. Sony like other media producers have really shot themselves in the foot by their approach putting them at odds with their own customers.

  14. Jonathan White
    Coffee/keyboard

    Firmware update..

    As far as I'm aware, as it currently stands the only way to get 'jailbroken' firmware onto a PS3 is to use the existing mechanism that allows you to update the firmware via file on a USB stick. An 'official' firmware update that blocked the USB updating mechanism would block the ability to jailbreak.

    As PSN blocks access to users who aren't on the latest firmware version you'd have a choice - upgrade & lose your ability to jailbreak or not upgrade and lose your ability to play games online & access the PS3's online services.

    I guess then we'll find out how many people ARE actually interested in this hack 'so they can run homebrew'.

    As to the legal stuff - I don't think Sony will get anything from it but I don't think they could afford not to do it. Either way it probably won't get resolved any time quickly.

    Jon

    1. Daniel B.
      Happy

      Not homebrew, Linux

      I don't give a flying fudge about homebrew. I do care about Linux on the PS3 though. Give me that and I'm happy.

    2. m3kw
      FAIL

      That won't work either

      This usb blocking can be by passed by creating a "front end" on top of the firmware. This front end gets loaded first at boot time and asks users if they want to update, if not, it boots the firmware that is loaded. But if you loaded the new firmware without the "front end" you could be screwed.

  15. Graham Jordan

    The sad thing is

    They did this to themselves.

    It was pretty clear Geohot was bullshitting first time around which in turn got the OtherOS removed. Had Sony have simply boosted security without removing the OtherOS the PS would remain unchallanged.

    What would have been even better is post the 3.4 Jailbreak hack sony re-introduced OtherOS in 3.55. Again hackers would have stopped messing about just as quickly as they'd started it.

    Hey ho. I plan on getting a second PS3 as mine is horrifcally noisy. My original will be used as a dodgy box with proper MKV support (it'll happen with homebrew) and an emulator.

    No pirates were harmed in the making of this post.

  16. Graham Jordan

    @ AC No#

    No you don't.

    Check out psgroove. You'll see Geohot and failoverflow have their hack running on 3.55 firmware. Why would it need to be jailbroken if they have the master key?

  17. Sir Runcible Spoon
    Flame

    Sir

    How do you copyright an encryption key?

    Perhaps Sony could publish it in the public domain so we can all check that the one's we use don't infringe their copyright.

  18. Octoberon
    Troll

    Beware!

    Of the dyslexic trolls.

    George is 21, not 12.

  19. Timothy Creswick

    I suppose it's understandable

    I don't agree with the steps that Sony are taking - it's likely to reflect poorly on them whilst ultimately only acting as a temporary fix.

    That said, I imagine that Sony are under significant pressure from the developers who target their platform. Ultimately the profitability (and survival) of their console is dependent on having games publishers who will develop for their platform. If someone else's platform appears to be less prone to illegal copying, the games publishers might go elsewhere.

    So maybe the whole industry is being a bit greedy at this point (just like the music industry has been for years), which is driving what might seem like very backwards behaviour, but ultimately I suppose it's the just economics of the situation, and a whole chain of companies acting in their best interests due to external pressures.

    Shame really.

  20. Octoberon
    Big Brother

    It's not logical

    It appears Sony believe they can sue people who cracked a console because what they've done may be used by others for immoral/illegal purposes. Good job Einstein's dead then, or Japan might be suing him for his work that helped develop the nuclear bomb.

    Also, if the fix is easy for Sony to implement, as some are suggesting, why are they going all out to to suppress any code or keys the hackers may release? Equally, why are't they using marketing as a heavy propoganda weapon to dissuade PSN users from running pirated software with the threat of expulsion from the online service? It doesn't quite add up.

    The only thing that we can safely say at this point, is that a lot of bullshit is being spread around by the opinionated few. But that's why we read El Reg, isn't it? :)

  21. Anonymous Coward
    Linux

    Re: jailbreak & updates

    The original jailbreak for PS3 only let you run unsigned code on the console. While there were programs that could poke around the flash that hosts the console's firmware, you couldn't change that flash, because that would invalidate the signature, and the bootloader would refuse to boot the firmware the next time you'd turn on the console.

    The hackers who named themselves fail0verflow started with just porting Linux to the jailbroken PS3 and looking for a way to boot it without having to do the jailbreak every time (since that requires you to unplug the console, then plug it in again, turn it on and press Eject). In doing so, they found out that Sony did an amazingly stupid mistake in their cryptography, while allowed them to derive the private keys used to cryptographically sign the packages. And geohot then used an exploit to get the bootloader code, and from there the key that's used to sign the firmware (this key is stored in ROM and cannot be changed on current consoles). Since he published that key, this means that now anybody can create a firmware update that a non-jailbroken console running any current firmware (that is up to 3.55) will accept as valid, and update itself to it. There is nothing Sony can do about this. They may somehow strengthen the security in a future firmware upgrade, however if somebody finds a security hole in one of such future firmwares, any currently existing console can be jailbroken again (Sony can and probably will update the bootloader in future consoles so that unofficial firmwares won't work with them, but this will have no effect on consoles that are already out there).

  22. manky
    FAIL

    SONY 0 - HACKERS 1

    No chance this will stick.

  23. Someone Else Silver badge
    Alert

    Really?!?

    "Sloppy cryptography by Sony meant anyone might be able to bypass copyright controls and sign their own code so that it ran on the console."

    And what other kind does Sony exhibit (ref. the Sony rootkit)?

  24. Anonymous Coward
    Anonymous Coward

    Sign me, play me, sue me.

    Reading through the complaint Sony submitted chucks up several nuggets, in fact the whole thing reads like a hastily chucked together mess. Highly entertaining, I'd suggest you go read the whole thing yourself.

    "47. Through his January 2, 2011 posting, Hotz enabled software pirates to create and sell unauthorized copies of the SUBJECT WORKS, falsely authenticate those copies and play the infringing copies. Indeed, software pirates using these Keys could write code that will allow them to falsely authenticate almost any unauthorized software and run that software on the PS3 System. Consequently, unless Defendants are immediately enjoined, users will be able to copy, create, sell and play unauthorized or pirated games without limit."

    Sounds a bit like a confirmation the horse hasn't just bolted out of the gate, rather legged it to Aintree, galloped around the racecourse a few times, taken the trophy and prize money, then retired to an easy life in the Costa Del Sol.

  25. Subban

    Has it damaged sales ?

    Xbox and Wii have been cracked for how long exactly, yet they seem to enjoy very healthy sales figures. I'm pretty sure a bunch of people buy a console because it HAS been cracked so that they can supplement the games they can afford to buy, with some extra ones they can't.

    Of people with hacked consoles, I can't think of a single one that doesn't buy any games at all.. But several did get one because it WAS cracked.

    1. Anonymous Coward
      Boffin

      Developers Developers Developers Developers

      Yes, hardware sales increase, but the sale of GAMES is what they're worried about. Developers might just decide to stop making games if they lose too much money to pirates, and without games where would the console market be?

    2. Bronek Kozicki
      Coat

      FW: Has it damaged sales ?

      well it has the potential of damaging sales of GAMES. That's the actual source of income for Sony as they have a slice from every PS3 game sold. Hardware alone isn't (very) profitable.

  26. Anonymous Coward
    Anonymous Coward

    Who is the real fraud

    What kind of assurance did Sony give to game publishers with regards to security?

    Is there a way in which their poor (obscurity) implementation of security could constitute fraud on their part?

  27. Steven Hunter
    Unhappy

    File size != anti-piracy measure

    "As far as piracy goes, Sony could ask game developers not to compress data on the blu-rays, which could deter pirates who don't want to download 50GB files every time they want to grab a game."

    Blu-Ray Burners are less than US$80 now and DL BD-R discs can be found for less than US$10 (in bulk).

    I remember when CDs were new and people said music couldn't be pirated because the file sizes were so big. Then again with DVDs... So how's that working out for everyone?

  28. Mike T
    Pint

    Where do I donate to his defence fund?

    Seriously, I takes me hat of to the guy. And don't get all hoity-toity "ethics" with me, we /are/ talking about the same Sony that once owned your CD drives through a rootkit.

  29. Anonymous Coward
    Anonymous Coward

    Ways to stop this madness

    1. Throw out NetFront and replace it with a WebKit or Gecko based browser, and throw out FlashLite and replace it with a full-featured version of Flash (or Gnash). NetFront is incredibly failtastic. I can cause the console to hang just by visiting the Acid3 website (this was a few versions ago tho. Don't know if they fixed that). Furthermore, many flash-only sites fail to load on the PS3 (yes, you can argue that it's the same for the Wii, Jesus Phone and Fondle Slab, but then those aren't 1080p display devices. And in the case of the Jesus Phone and Fondle Slab, at least the Acid3 site doesn't freeze up the phone). Heck, Sony has promised that it would ditch NetFront in the past, and yet it still hasn't.

    2. Provide a legal homebrew development SDK to the public like Microsoft does with the XBox 360.

    3. Reinstate software BC for PS2 games.

    In any case tho, the cat's already out of the bag, and it can be argued that Sony had only brought this upon themselves by removing PS2 BC, then OtherOS. And oh, selling Japanese games in a market where no one understands Japanese.

  30. Confuciousmobil
    Jobs Halo

    Geohot not a member of FailOverflow

    George might not be a member of FailOverflow but he worked with them (or most of them) before he was kicked out of the original iPhone Dev Team for doing just what he did with the PS3, doing his own thing and releasing early without thought of the consequences.

    It never ceased to amaze me just how few people have the skill to actually do hacking at this level.

    They are very, very clever people and I hope that this case fails, but I hope more that none of these guys actually gets a job with a console/phone maker - then we would have fail proof security!

  31. James Henstridge

    This will probably play out like the DVD CSS algorithm

    At the end of the day the PS3 security system will probably be an open secret. It will be easy for anyone to find the information if they look for it, but no one can make use of it in legitimate ways. So if anything, it will prevent game publishers from signing their own game releases and continue to pay Sony to do so.

  32. Anonymous Coward
    Anonymous Coward

    DCMA

    As this is a US law.......

    1. David Neil

      re. DCMA

      It may be US law, but the original presentation was given in Berlin

    2. Steven Knox
      Headmaster

      DCMA?

      What's the Defense Contract Management Agency got to do with this?

  33. BongoJoe
    Flame

    Typical Sony

    This is the company who once threated to sue me for taking an American purchased laptop overseas...

  34. JaitcH
    Pint

    The defence can be the killer ...

    If the Defendants were to disclose the crack in their defence documents, sending a copy to Sony's lawyers by the slowest means possible, then file an affidavit of service with the document attached, tipping off reporters, Sony wouldn't have time to have the Defence sealed.

    Game over.

  35. Captain Thyratron

    Don't these guys have something better to do, like sell consoles?

    Sony seems pretty opposed to the idea of actually letting paying customers own the hardware they buy. Do they suppose they can treat physical goods like DRM-infested software and act like customers who paid hundreds of dollars have not bought the right to do as they please with the physically extant chunk of transistors and PCBs they shelled out for? Too bad Sony aren't the only ones.

    However, Sony's pretty naïve if they think that suing their own paying customers--who are paying quite a lot, to boot!--is going to earn them such respect and obedience that people will stop circumventing the shoddy copy-protection measures they've introduced at the expense of even legitimate users. Worked great for Apple and Microsoft and IBM and DEC and...

    They're a bunch of obnoxious beancounters who wish they could sell something and still own it themselves. Sorry, dickheads. That's now how selling things works. I'm sure they could be greedier, but they'd really have to work at it.

  36. Antinomic
    Grenade

    Disgusted

    I bought my fat PS3 over a year ago, back when it was still $399 here in Canada. Its price was about 25% more than an Xbox, but I chose it because I didn't want Microsoft (a sort of "stick it to the man" attitude). I had no idea it could run Linux too, but when I discovered that I was thrilled, and decided I'd give it a try at some point (been a Linux user for many years now). When the new update required me to give up the "Other OS" option, I declined it, and have stayed with the previous firmware version ever since.

    Needless to say, since then I haven't been able to log on to PSN, have lost access to whatever money I had in that account, and (most importantly) I haven't been able to play any demos. But I felt their attitude as oppressive, unjustified, and until now I think it was a small price to pay for freedom.

    I'm sure Sony couldn't care less if they found out about my little rebellious act, but when the Xbox 720 and the PS4 will come out, even though Microsoft is no angel either, I'll think twice about which console to choose.

    Or, I might just stick to my good old MAME emulator.

  37. Pahhh
    WTF?

    How to get downvoted in this thread

    How to effectively rack up lots of down votes in this thread:

    1) Mention the fact that piracy is bad.

    2) Locking down a platform to stop piracy is good.

    3) Locking down a platform to stop cheat is good.

    4) Having a locked down system that enables easy exchange/trade of games you own is good

    5) Pointing out that Linux on PS3 was useless anyway for homebrew as you didnt have access to Sony's grahic libaries

    6) Pointing out that loosing Linux was worth it if it maintains points 1-4 for the MAJORITY of people

    Seems the downvoters are either XBOX owners who really will downvote anything that endorses anything that Sony does or PS3 owners who are so stupidely idealist that they dont appreciates that regardless what Sony's motive is, Sony's policy actually protects the majority of PS3 owner's interest (points 1-4).

    I didnt like it when Sony decided to remove the Linux option. I'm a software developer and I loved the idea. But in truth I didnt put it to any use. Other than maybe turning the PS3 into a decent web browser it didnt have much application for domestic use (I have no interest in wiring up 100 PS3 together to number crunch).

    What many people that keep bleeting about their civil liberties and their "freedom" dont appreciate, is that when you provide people suitable "freedom" it gets abused. When that happens we ALL loose out. If you use Law / Policing as an analogy, you will appreciate that removing both will actually mean you loose a lot more rights then you gain. You will loose the right to be safe for one that tends trump most other perceived freedoms. Same goes with the console lockdown, either grow up and get back on your XBOX, dont care which you going to downvote me anyway.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022