PlayStation 3 code signing cracked (The Register)

[Posted December 30, 2010 by jake]

The Register is reporting that a group called "fail0verflow" has demonstrated that it has Sony's private key for signing PlayStation 3 code. "The hackers uncovered the hack in order to run Linux [on] PS3 consoles, irrespective on the version of firmware the games console was running. By knowing the private key used by Sony the hackers are able to sign code so that a console can boot directly into Linux. Previous approaches to running the open source OS on a games console were firmware specific and involved messing around with USB sticks. [...] The same code signing technique might also be used to run pirated or counterfeit games on a console. That isn't the intention of the hackers even though it might turn out to be the main practical effect of the hack."

PlayStation 3 code signing cracked (The Register)

Posted Dec 30, 2010 20:45 UTC (Thu) by jengelh (guest, #33263) [Link] (1 responses)

Conspiracy time: I wonder if some clever worker put in a static 'm' on purpose ahead of time, under the suspicion that it would only be a matter of time until management decided to throw out OtherOS.

PlayStation 3 code signing cracked (The Register)

Posted Dec 30, 2010 23:55 UTC (Thu) by mgedmin (subscriber, #34497) [Link]

For those who haven't watched the whole 45-minute presentation:

The elliptic curve crypto used for digital signatures on the PS3 has two secret values: k - the private key, and m - a random number used once. If you have two signatures that were computed using the same m value, you can trivially recover the secret key k. Which is exactly what happened here.

PlayStation 3 code signing cracked (The Register)

Posted Jan 3, 2011 11:57 UTC (Mon) by rilder (guest, #59804) [Link] (2 responses)

Well atleast this should force people into using really random sources for RNG seed. On the other hand, I don't think Sony wanted to secure their PS3 against hacking to that extent.

PlayStation 3 code signing cracked (The Register)

Posted Jan 3, 2011 15:40 UTC (Mon) by dgm (subscriber, #49227) [Link] (1 responses)

They apparently made considerable effort, and I was under the impression that the PS3 was quite secure up until very recently.

secure until recently

Posted Jan 7, 2011 15:08 UTC (Fri) by alex (subscriber, #1355) [Link]

Well according to the presenters it had a lot of fatal flaws in it's crypto but no one was looking until Sony took away OtherOS. From their point of view that removal that started the whole jail-breaking effort off.