LWN: Comments on "PlayStation 3 hack - how it happened and what it means (The Guardian)"

a technical talk is available as video from 27C3 conference

giggls — Thu, 13 Jan 2011 15:50:21 +0000

A recording of the relevant 27C3 talk is available on the following URL:

http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4087-e...

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Thu, 13 Jan 2011 08:39:48 +0000

>i agree with that after installing the OS and having the OS generate its keys, but what if the OS was never installed on real hardware but only in a virtual machine, never having any contact with a real TPM

OS would immediately notice this - your emulated TPM won't have a valid certificate. Forwarding requests to a real TPM, still won't help you, because OS will detect that. Of course, if encryption keys ever touch the guest OS, you can cacth them - no need to emulate TPM.

But that's not the point here. PS3 essentially has a TPM device with pre-loaded keys which are essential for its operation.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Da_Blitz — Thu, 13 Jan 2011 08:26:46 +0000

i agree with that after installing the OS and having the OS generate its keys, but what if the OS was never installed on real hardware but only in a virtual machine, never having any contact with a real TPM

from a piracy point of view TPMs are great, all the keys in the one location. just set up an environment that has never been on real hardware, pull the keys and decode data.

once the DRM industry catches on it becomes an arms race between the priates and the DRM company to detect the latest VM implementations signatures but then again when has it ever not been an arms race when it comes to piracy.

TPMs ask you to trust the TPM implementation, what happens when you cant trust it

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Thu, 13 Jan 2011 07:57:23 +0000

Uhm. Nope.

1) You won't extract the root key from the device, no matter what you do.
2) QEMU emulation gives you exactly nothing, because measurements of the host systems will fail.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Da_Blitz — Thu, 13 Jan 2011 06:58:13 +0000

I consider TPMs broken at the moment, emulation of a TPM device via the trousers tpm stack and mixing this with QEMU or Xen (the later of which has TPM emulation/visualization) should allow for easy extraction of keys

the other nice thing is since the TPM handles the actual decryption (to prevent revealing the keys) the program feeds you a nice encrypted stream and expects the unencrypted stream back. letting the program that feeds your app deal with all the extra "packaging" that may be added to the encrypted stream for obfuscation while you shuffle these packets to disk to do with what you want

PlayStation 3 hack - how it happened and what it means (The Guardian)

azouhr — Tue, 11 Jan 2011 12:57:23 +0000

Did I understand so little of that video, or is "The Guardian" simply wrong with some quite important facts?

The subtitle states that the doors to piracy would have been opened, which is an epic fail of "The Guardian" because it is wrong. People did not even try to gain the keys that would be necessary to do piracy.

The only thing they did is enabling the owner/user of a PS3 to run their own software on the PS3 without limitation. Thus it is just a regain of what Sony originally promised to their customers - and even without the need to do any modifications to the box. I don't know if this is right in the letters of law, but it is definitly ok in terms of morale.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Tue, 11 Jan 2011 12:51:50 +0000

>>"The MiFare chip was first introduced in 1994. At the time, the security level was very high," he said in an interview. "The 48-bit key lengths for encryption was state of the art."

Yeah, that's a real modern CPU. You can also cite 6502 project as an example ( http://www.visual6502.org/ ) - just look, they've managed to reverse the whole 3510 transistors.

Now they only need to scale it to 2,300,000,000 transistors and they'll be ready to reverse-engineer SandyBridge-era CPUs!

PlayStation 3 hack - how it happened and what it means (The Guardian)

azouhr — Tue, 11 Jan 2011 12:45:50 +0000

> Not really. Integrated circuits are not "reverse-engineerable" now,
> especially when you need an electron microscope just to see individual
> elements. Even if you have a gate list for an IP-core (analog of a
> binary-only module) reverse-engineering is close to impossible for
> anything non-trivial.

Just have a look at
http://www.computerworld.com/s/article/9068644/RFID_hack_...

PlayStation 3 hack - how it happened and what it means (The Guardian)

khim — Mon, 10 Jan 2011 16:23:35 +0000

It's funny how intelligent people forget to check the facts. Somehow lots of guys when talk about consoles say that XBox360 "sells like hot cakes" and PlayStation3 "is complete failure". If they live in US, that is. And this is true, to the extend. But if you ask people from Japan... PlayStation3 will be "quite a success" and XBox360 "total failure". But if you compare worldwide sales? 41.6 million for PlayStation3 vs 44.6 million for XBox360. Note: thus is despite the fact that XBox360 was available year earlier then PlayStation3! The question about #2 console of seventh generation is still in the air...

In reality DRM in XBox360 is quite extensive and, probably, expensive: latest Linux-compatible models were produced 1.5 years ago. Even Wii includes pretty serious DRM-protection - and I suspect Nintendo spends sizable sums trying to lock down the console (as people behind PS3 crack noted: 3 years, 9 software updates, 8 include no new features - only fixes to DRM... still easily crackable after all these years). But the fact remains: Wii is most easily crackable console (was cracked two weeks after release and was not closed for more then two weeks since) and it has tons of homebrew... yet it's #1 console if this generation.

I think drag is quite correct: it does not matter if DRM works or not. As long as you can not legally sell games for Wii/XBox360/PS3 it "works as intended" - it exist not to protect games from pirates but to protect Microsoft, Nintendo, and SONY from sales of unauthorized games.

PlayStation 3 hack - how it happened and what it means (The Guardian)

nhippi — Mon, 10 Jan 2011 09:18:35 +0000

Please enlighten us on why do you think xbox360 DRM was less complex or cheaper to implement for Microsoft than ps3 drm for sony?

PlayStation 3 hack - how it happened and what it means (The Guardian)

jamesh — Mon, 10 Jan 2011 00:54:44 +0000

I don't think he was suggesting that the DVD-RW drive would prevent you from making a copy. Instead he was saying that the system implementing the DRM check could check the media type and refuse to run the software from writeable media.

PlayStation 3 hack - how it happened and what it means (The Guardian)

AndreE — Sun, 09 Jan 2011 22:31:38 +0000

To consider the DRM scheme successfull, you have to know how much it cost to implement, and how long it protected the system.

With regards to 1:
The PS3 I believe was hugely expensive to develop, and is sold at a loss, with Sony making profits on games and licenses. We can't be sure how much the DRM scheme contributed to the cost, but considering it's complexity in design and implementation, it's certainly non-trivial. Compare this to the Xbox360, which was "cracked" quite early but still sells like hot cakes and is making Microsoft a fair amount of money. It certainly seems that Sony's DRM scheme wasn't worth the cost if you look at the competition

With regards to 2:
We don't know how long the PS3 product cycle will be so you cannot say it has protected it for a "long part" of it's product cycle. Rumours surrounding the PS4 suggest it is 2-4 years away, meaning that there is enough time for piracy to still be relevant.

A platform that relies so much on games and developement licenses as its profit driver really can't consider an expensive DRM scheme that was cracked for 50% of it's lifetime a "win"

Well, we are going in circles, so the I think it's time to stop

khim — Sun, 09 Jan 2011 17:19:06 +0000

We're talking about TPM built into the state-of-the art CPUs, remember.

No, we are talking about DRM, remember. And you wrote these words, remember:

And that reason is "price".

State-of-the art is expensive. If you employ state-of-the-art technology you'll either go bankrupt or lose the market. By the time DRM reaches the consumer it must be implemented using years-old-technology - or it'll not work.

So reverse engineering something like Intel CPU will probably cost you at least 20-30 millions of green paper bills.

Sure, but you don't need to reverse-engineer the whole CPU. You only need to find the place where top-secret key is kept. It's still expensive, but not THAT expensive. It's the same as with software design: to fully reverse-engineer PowerDVD you'll need years but to find where the beast keeps it's keys you need days.

PlayStation 3 hack - how it happened and what it means (The Guardian)

foom — Sun, 09 Jan 2011 16:07:36 +0000

Maybe that just goes to show that the best way to keep linux off your console is to make it so that being able to pirate software for it doesn't also imply being able to run linux? :)

This is hardly a success story....

Cyberax — Sun, 09 Jan 2011 15:29:04 +0000

> Sorry, but no. PlayStation 2 was leader of it's generation. Combined sales of other sixth generation consoles (Dreamcast, Gamecube, XBox) are less then half of PlayStation2 sales! Yet PlayStation3 was and is #3 this time. And it's not longer immune to hacking: just like with PlayStation2 most programs are emulators and backup loaders, but there are other programs too. The most hacked console this generation is Wii - and it's the most popular, again.

And the cheapest. And most innovative (until Kinect had been released).

>Funny that. How come it was not important before? Nintendo 64 was cheaper then PlayStation - yet it lost, Nintendo GameCube was cheaper then PlayStation 2 - yet it lost again. But this time around price of PlayStation 3 is suddenly the deciding factor?

Yes.

>This is PR bullshit. Yes, this is what foundries are preaching, but it does not work this way. When you move from one fab to another or, even worse, from one foundry to another you often need to change the masks to fix problems found in test run.

We're talking about TPM built into the state-of-the art CPUs, remember.

>What a load of bull! When was the last time you've participated in chip development? It's either millions of dollars or months of time. But not simultaneously. You don't need full run to test your masks. Typical price of run for single wafer is measured in thousand dollars, not millions, but yes, it takes months. You may expedite it and get the result in two weeks - but in this case price may be closer to million of dollars.

And how are you going to MAKE this wafer? Photomasks can easily cost millions for the current generation processes ( http://www.rdmag.com/Featured-Articles/2004/06/Building-a... ). Most of the cost here is equipment - it can literally cost tens of millions, and one photomask can easily take more than 24 hours to be etched and you typically need 20-30 of them. So do the math.

And yes, photomask validation is a routine step. But it is done on specialized tools, costing tens of millions of dollars. And these tools still can't do the reverse scanning, they basically compare your reference design with the manufactured photomask.

So reverse engineering something like Intel CPU will probably cost you at least 20-30 millions of green paper bills. And that's a conservative estimate - at that rate it's really easier to hire a mercenary army and invade Intel factory.

/me goes back to writing workarounds for a buggy ASIC because there's no money for yet another round of fabrication. Grumble grumble.

PlayStation 3 hack - how it happened and what it means (The Guardian)

AlexHudson — Sun, 09 Jan 2011 15:26:42 +0000

Microsoft effectively killed it off on Xbox360 in August 2009 - no hacks can get around that as yet, and even before that it required hardware mods in addition.

I don't know how the 360's system ranks against Playstation 3's in the wider context of preventing pirated software, but it certainly seems more effective at preventing Linux and/or homebrew software.

This is hardly a success story....

khim — Sun, 09 Jan 2011 14:04:37 +0000

Yet when faced with a choice to abandon the shiny next version of their device or live with DRM, most users chose DRM. PS2 was the most hacked console ever, but users happily switched to PS3 which (for now) is immune to hacking.

Sorry, but no. PlayStation 2 was leader of it's generation. Combined sales of other sixth generation consoles (Dreamcast, Gamecube, XBox) are less then half of PlayStation2 sales! Yet PlayStation3 was and is #3 this time. And it's not longer immune to hacking: just like with PlayStation2 most programs are emulators and backup loaders, but there are other programs too. The most hacked console this generation is Wii - and it's the most popular, again.

>Does not work this way. There are more then enough people who'll just drop iPhone if they can not jailbreak it.
Not enough.

Not enough to do what? Bankrupt Apple? Probably not. Guarantee that iCrap will have more open alternative? Of course there are enough such people.

>PS3 is last console in the race for a reason.
And that reason is "price".

Funny that. How come it was not important before? Nintendo 64 was cheaper then PlayStation - yet it lost, Nintendo GameCube was cheaper then PlayStation 2 - yet it lost again. But this time around price of PlayStation 3 is suddenly the deciding factor?

Nope, please, learn a bit about how chips are developed.

Good advice - you should follow it.

Debugging fab machinery and development of chip circuit are completely separate processes.

This is PR bullshit. Yes, this is what foundries are preaching, but it does not work this way. When you move from one fab to another or, even worse, from one foundry to another you often need to change the masks to fix problems found in test run.

Of course, you'll use simple designs to debug manufacturing processes. But by the time you tape out the real CPU design your machinery must already be flawless because each run of fabrication can easily cost you millions of dollars and months of time.

What a load of bull! When was the last time you've participated in chip development? It's either millions of dollars or months of time. But not simultaneously. You don't need full run to test your masks. Typical price of run for single wafer is measured in thousand dollars, not millions, but yes, it takes months. You may expedite it and get the result in two weeks - but in this case price may be closer to million of dollars.

Then you can take your wafer, make chips, test them and do another run. Sometimes problems are obvious, but sometimes they are not obvious and you need to actually look on the chip to find our what went wrong. And yes, you can not see everything with optic nowadays so take a look step may be expensive too. I'm yet so see ASIC which worked without glitches on first try. Even if you tested it extensively on emulators and with FPGA - you still usually need two or three runs before you'll get production quality.

Note: quite often few masks from the set are changed (to save the costs) when ASIC is debugged - do you really think it'll be possible to do blindly without knowing what goes on in the actual chip?

No, there are no means to do it. Sorry.

Funny but this is exactly what we did when TSMC screwed up five years ago. I admit that I've only ever worked with emulator and was not the one who found out TSMC incorrectly injected ARM core in our chip and this was the reason the whole thing refused to start, but I know how it's done from experience.

Again, no. Have you ever looked at a netlist for a moderately complex circuit? It's even worse than assembly language listing.

Have you looked on assembly code of a moderately complex game? Yet people crack them in days, rarely it takes more then few weeks. For hardware you need expensive machinery, not $500 general purpose computer so it takes longer, but it's still possible. This is the question of cost, not ability.

You are correct if you say that to pull a key from hardware easily may require millions of dollars - but to say that's just not possible... sorry, the technology does not work this way.

Fundamental reason for DRM failure is ages old truth: You may fool all the people some of the time, you can even fool some of the people all of the time, but you cannot fool all of the people all the time.

TPM used to secure HDD works because to crack each HDD you'll need man-years of work and millions of dollars - and usually it's just not worth it. DRM works for some time because each time new version of DRM is introduced crackers need to investigate it - and it does not happen overnight. But to make bullet-proof DRM you must fool all of the people all the time - and this is just impossible.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Sun, 09 Jan 2011 09:47:47 +0000

>where could TPM have these 'sealed' keys? they can't be in the hardware (especially if that can't be modified after manufacture)

In the changeable part of internal memory. It's not like TPMs are _completely_ immutable.

>if they are in the software they are accessable, if by no other means than by letting it get decoded and then reading the ram directly.

They are not in software.

PlayStation 3 hack - how it happened and what it means (The Guardian)

dlang — Sun, 09 Jan 2011 06:27:38 +0000

where could TPM have these 'sealed' keys? they can't be in the hardware (especially if that can't be modified after manufacture)

if they are in the software they are accessable, if by no other means than by letting it get decoded and then reading the ram directly.

PlayStation 3 hack - how it happened and what it means (The Guardian)

drag — Sun, 09 Jan 2011 02:24:46 +0000

> 1) HD-DVD/BluRay security was designed in early 2000-s without much forethought. Next security systems will be way tougher.

They put a huge amount of effort into it and did what they could to try to future proof it. What you said would be true for DVD-css, but not for AACS or BD+.

> 2) It still requires quite a bit of work to extract keys.

It only needs to be done once.

> 3) And what are you going to do if your media player refuses to play hacked media?

Laugh at it because the company that made it committed commercial suicide. Who is going to buy a device is that not able to play home made videos, cdroms, or their mp3 collection?

Like I said before:
A) DRM is untenable without government protection.
and
B) It's not about stopping piracy and never was. It is about one group of corporations using government laws to control the activities of other corporations and protect their trusts and cartels from competition. The whole talk about stopping copyright piracy is extremely misleading.

http://www.nzherald.co.nz/technology/news/article.cfm?c_i...
> The chip Tarnovsky hacked is a flagship model from Infineon Technologies AG, the top maker of TPM chips. And Tarnovsky says the technique would work on the entire family of Infineon chips based on the same design. That includes non-TPM chips used in satellite TV equipment, Microsoft's Xbox 360 game console and smart phones.

> The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment." It added that the group has "never claimed that a physical attack - given enough time, specialised equipment, know-how and money - was impossible. No form of security can ever be held to that standard."

"No form of security can ever be held to that standard".... From the horse's mouth. But that is exactly the standard that needs to be implemented to make strong DRM possible.

Even if it does end up requiring a tunneling electron microscope, then that is what will end up being used. From a commercial standpoint dropping 25-40 grand on one for the purposes of reverse engineering is not a significant expense. It's not like these things are rare :)

Although I expect that plenty of other techniques will get used to pirate media before it gets to that point..... Like purchasing a laptop with TPM and 1080p display and pull the video signals off of the LVDS connection from the graphics card.

Get rid of the government law and the whole DRM scam will blow away like a house of cards in a hurricane. As long as you have governmental controls then even weak DRM will be perfectly effective for what it is designed to do. There is nothing that anybody can do about it as long as your dealing with the conspiracy between government and industry cartels. At least not in the foreseeable future.

The upside is that DRM provides zero benefit except for these government-protected industrial cartels and trusts. It will continue to be a irritating bullshit thing we have to deal with and work around, but it's not going to kill off 'free software' or anything like that.

PlayStation 3 hack - how it happened and what it means (The Guardian)

foom — Sun, 09 Jan 2011 01:16:16 +0000

Yes, but the TPM could have "sealed" the keys the video is encrypted by, thus making you unable to decrypt your videos without the TPM enabled (and having verified your Tivo as running only "good" software).

This is hardly a success story....

Cyberax — Sun, 09 Jan 2011 00:48:55 +0000

>The DRM on iCrap work the same way it did with DVD, Dreamcast, or, indeed PS3: there are locked systems and people are buying the content for it, but it only makes lives of honest but shortsighted people miserable yet huge number of people is just using "jailbroken" systems (earlier they were called "cracked" systems) and don't have such problems.

Yet when faced with a choice to abandon the shiny next version of their device or live with DRM, most users chose DRM. PS2 was the most hacked console ever, but users happily switched to PS3 which (for now) is immune to hacking.

>Does not work this way. There are more then enough people who'll just drop iPhone if they can not jailbreak it.
Not enough.

>PS3 is last console in the race for a reason.
And that reason is "price".

>Why do you think it's impossible now? Sure, optical microscope is not enough but there are new instruments available. Think about it: if the chip can be produced it can be scrutinized for if there are no way to control the end result there are no way to make the whole machinery work!

Nope, please, learn a bit about how chips are developed. Debugging fab machinery and development of chip circuit are completely separate processes.

Of course, you'll use simple designs to debug manufacturing processes. But by the time you tape out the real CPU design your machinery must already be flawless because each run of fabrication can easily cost you millions of dollars and months of time.

>The very fact that chip exist and works means there are means to disassemble it!
No, there are no means to do it. Sorry.

>In fact you need significantly more capable tools to control the manufacturing process in comparison to what you need to pull the key from the hardware. The tools required are quite expensive nowadays but the capability remains.

Again, no. Have you ever looked at a netlist for a moderately complex circuit? It's even worse than assembly language listing.

PlayStation 3 hack - how it happened and what it means (The Guardian)

dlang — Sun, 09 Jan 2011 00:40:52 +0000

that's a different definition of TPM than I am familar with.

TPM as i understand it concentrates of making sure that the system is running only 'good' software, by having the hardware validate the bootloader, the bootloader validate the kernel, etc. This chains the trust of the hardware up to the software.

using a piece of hardware to do the decryption of content does not seem to fall into this category.

having a piece of hardware that is locked down that does the decryption with the intent of preventing the user from accessing the content otherwise seems to fall in the definition of DRM.

TPM can be used to lock down a device that then implements DRM, but they are separate types of tools.

forgive me for being a bit pedantic here, but I believe that it is important to keep the definitions straight.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Sun, 09 Jan 2011 00:30:14 +0000

Yep. That's "working around" TPM, it's certainly doable.

However, imagine now that you need TPM to decrypt the video stream and TPM module is built into the CPU. What are you going to do?

PlayStation 3 hack - how it happened and what it means (The Guardian)

dlang — Sat, 08 Jan 2011 23:05:52 +0000

the ipad is actually a pretty general purpose computer.

a kindle is a specialized device (although it's being opened up and turning into a more general purpose device with the SDK)

I see the trend a bit differently.

each nich starts off with very specialized devices, but over time they gain more and more capabilities, trending towards a general purpose device.

phones are a good example of this, they were very dedicated devices, now people are happy that they can connect them to a TV for display and a bluetooth keyboard/mouse for input, and connect removable storage (flashcards), at that point what is the phone other than a small general purpose computer?

PlayStation 3 hack - how it happened and what it means (The Guardian)

dlang — Sat, 08 Jan 2011 22:53:48 +0000

on my tivo, what actually happens is the bios gets re-written to disable the TPM features.

That's why DRM for movies will never work, but DRM for games might

dlang — Sat, 08 Jan 2011 22:38:38 +0000

just because the purpose of DRM is to make money it doesn't mean that every approach that guarantees that you make money is DRM.

games with server-side logic (that are unplayable without connecting to the central server) have been around as long as there have been computer games (in the some of the earliest cases, you needed a terminal connection to the mainframe), that doesn't make this DRM, and it can be done without using any of the tools of DRM (encryption, legal exclusion, etc)

Any game that wants to prevent cheating reliably must keep data and logic on the server side, all attempts to give information to the client, and then have the client not show it to the user are doomed to failure (for all the reasons others have listed)

teminology is important, just like it's a very bad idea to redefine 'rape' to mean "I changed my mind afterwords" or "I was drunk and my judgement was impaired, I never would have done that if I was sober" because it dilutes the meaning of the term, DRM should only be used where it really applies, and not confuse people by using it for other things.

This is hardly a success story....

khim — Sat, 08 Jan 2011 22:18:25 +0000

It turned out that DRM just has to be shiny and people will buy it. That's what Apple did with their AppStore. It doesn't look like it's DRM, but in fact it is. They have ability to yank any application off your phone, so in future expect no third-party media player on iPhone which allows you to bypass DRM.

The DRM on iCrap work the same way it did with DVD, Dreamcast, or, indeed PS3: there are locked systems and people are buying the content for it, but it only makes lives of honest but shortsighted people miserable yet huge number of people is just using "jailbroken" systems (earlier they were called "cracked" systems) and don't have such problems.

Finally removing ability to root your phone will just be an incremental step once good DRM implementation will be tested on next-gen consoles.

Does not work this way. There are more then enough people who'll just drop iPhone if they can not jailbreak it. PS3 is last console in the race for a reason. Sure, if all other phone makers decide that they want to lock down their phones too it'll be the end of story, but I fail to see locked down iFones in near future.

But that was way back in the past, when a simple optical microscope was enough. It's just not possible now, regardless of your motivation and finances.

Why do you think it's impossible now? Sure, optical microscope is not enough but there are new instruments available. Think about it: if the chip can be produced it can be scrutinized for if there are no way to control the end result there are no way to make the whole machinery work! The very fact that chip exist and works means there are means to disassemble it! In fact you need significantly more capable tools to control the manufacturing process in comparison to what you need to pull the key from the hardware. The tools required are quite expensive nowadays but the capability remains.

It's literally easier to invade Intel factory and steal designs.

It depends. You don't know what is developed where so you'll need a lot of work to find our who and where exactly keeps the information you need. Of course if you can find a collaborator it may be much easier and simpler...

That's why DRM for movies will never work, but DRM for games might

khim — Sat, 08 Jan 2011 21:44:04 +0000

DRM tries to prevent people from copying the game

Yup - and the perfect solution it to move part of the game to cloud where it can not be easily altered/copied. Think Final Fantasy XI: you can easily copy client and/or install single copy on 10 different systems, but since significant part of logic is on-server you can not play it without paying subscription fee. And DRM for games is supposed to be about money, right?

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Sat, 08 Jan 2011 21:32:39 +0000

Yeah, once your secret keys are on a general-purpose computer - you can say 'bye-bye' to them.

The problem is, we're moving away from general purpose computers towards specialized devices for consuming (sic!) media. Like iPads.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Sat, 08 Jan 2011 20:27:57 +0000

That's not TPM (aka Trusted Platform Module).

TPMs are hardware modules that can do signature validation and decryption. http://en.wikipedia.org/wiki/Trusted_Platform_Module

Working _around_ TPM is not a "TPM hack".

PlayStation 3 hack - how it happened and what it means (The Guardian)

dlang — Sat, 08 Jan 2011 20:24:20 +0000

no they don't

look at the tivo, it implemented TPM (signed bootloader, signed firmware, signed kernel, signed userspace) I've had mine hacked for over 10 years.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Sat, 08 Jan 2011 20:17:10 +0000

Why? So far TPMs have a perfect score.

Please tell the story...

Cyberax — Sat, 08 Jan 2011 20:15:00 +0000

>Do tell. It should be interested story because as I'm seeing it DRM was employed by mobile for years and never worked without government enfocement.

It turned out that DRM just has to be shiny and people will buy it. That's what Apple did with their AppStore. It doesn't look like it's DRM, but in fact it is. They have ability to yank any application off your phone, so in future expect no third-party media player on iPhone which allows you to bypass DRM.

Ooops. Future is actually already here: http://apple.slashdot.org/story/11/01/07/2341227/Apple-Pu... And people STILL buy iCrap (ok, their hardware is nice, I admit it).

Finally removing ability to root your phone will just be an incremental step once good DRM implementation will be tested on next-gen consoles.

>P.S. And as "you need an electron microscope just to see individual elements"... Again: chip duplication technology was widely available and used in USSR - it just become economically unviable when USSR fell.
That's what my father actually did :) They reverse-engineered a French cardiostimulator chip to make a clone, ended up licensing it openly in the end when USSR fell.

But that was way back in the past, when a simple optical microscope was enough. It's just not possible now, regardless of your motivation and finances. It's literally easier to invade Intel factory and steal designs.

PlayStation 3 hack - how it happened and what it means (The Guardian)

dlang — Sat, 08 Jan 2011 20:09:30 +0000

eventually there will be a case where the master certificate needs to be replaced.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Sat, 08 Jan 2011 20:05:39 +0000

>unless they hard-wire a different certificate into each and every chip (which would mean that every chip was really unique), the certificate is stored somewhere. Wherever it's stored can be read and written to.

TPMs are designed to be written exactly one time (during manufacture). After that the certificate part is read-only. That's quite easy to do electronically, so I don't think TPM designers are lame enough to leave a hole like this.

>it has to be modifiable or if there is a problem on the signing side the vendor has no ability to update the system to accept a new signing key.

TPMs can't be updated. If there's a problem that requires for the master certificate to be replaced, you're screwed.

PlayStation 3 hack - how it happened and what it means (The Guardian)

jmorris42 — Sat, 08 Jan 2011 20:05:30 +0000

> Look at Blueray.

BlueRay made one mistake, they trusted Microsoft. When they started Vista was supposed to be built around a TPM and Blueray would only be made available on hardware with one. Then the industry politics shifted and Vista shipped without TPM and Sony was left with three bad choices, no BD on Windows, require some sort of insane hardware spec that would keep the Precious away from the main CPU by doing all the work in the drive and passing it out some sort of link directly to the video card or do what they did and use a software player. Once they released a Windows app that could play a BD they die was cast, game over.

PlayStation 3 hack - how it happened and what it means (The Guardian)

Cyberax — Sat, 08 Jan 2011 19:59:38 +0000

>HD-DVD and Blu-Ray use essentially TPM. The keys are embedded directly in the hardware. Dozens of keys have been extracted because no matter what you do the key has to be used and in that use the key can be snagged.

1) HD-DVD/BluRay security was designed in early 2000-s without much forethought. Next security systems will be way tougher.
2) It still requires quite a bit of work to extract keys.
3) And what are you going to do if your media player refuses to play hacked media?

PlayStation 3 hack - how it happened and what it means (The Guardian)

dlang — Sat, 08 Jan 2011 19:58:04 +0000

unless they hard-wire a different certificate into each and every chip (which would mean that every chip was really unique), the certificate is stored somewhere. Wherever it's stored can be read and written to.

it has to be modifiable or if there is a problem on the signing side the vendor has no ability to update the system to accept a new signing key.

That's why DRM for movies will never work, but DRM for games might

dlang — Sat, 08 Jan 2011 19:51:30 +0000

that's not a DRM issue, that's a game design issue.

DRM tries to prevent people from copying the game, secondarily they may try to prevent modification of the game using many of the same tools, but that is really a different problem and task than what is normally called DRM