Linked by Thom Holwerda on Fri 7th Jan 2011 23:50 UTC
Games Sony has responded to the recent cracking of the Playstation3, and the company claism that they can fix the issue - which ought to be impossible considering the scope of the hack. "We are aware of this, and are currently looking into it," Sony said, "We will fix the issues through network updates, but because this is a security issue, we are not able to provide you with any more details."
Thread beginning with comment 456433
To read all comments associated with this story, please click here.
Multiple root keys?
by umccullough on Sat 8th Jan 2011 00:44 UTC
umccullough
Member since:
2006-01-26

Knowing next to nothing about PS3 security - the only thing I can think of is that their binaries are all signed with multiple keys, and that only one of their root keys has been compromised thus far, allowing them to blacklist the use of that key in future firmware updates.

Is that conceivable? If true, it seems like that would already be known to the hackers who have been exploring the PS3 - unless the current firmware and software hides the fact that other keys already exist and only Sony knows this.

Reply Score: 2

RE: Multiple root keys?
by somebody on Sat 8th Jan 2011 01:09 in reply to "Multiple root keys?"
somebody Member since:
2005-07-07

if they whitelist all applications with old key, they could add new RSA in firmware. but as I got it from presentation only one RSA key was used to sign and that one is hard burned into PS3.

you must also not forget game on bluray can't change its encryption. and people payed for those games, so they would probably like to be able to play them. but if they plan to update RSA with new game versions trough update... i'm selling off all of my ps3 collection with ps3. hdd is way too small to fit updates for all the games i have. thanks, but not thanks.

Edited 2011-01-08 01:10 UTC

Reply Parent Score: 2

RE[2]: Multiple root keys?
by Verunks on Sat 8th Jan 2011 01:23 in reply to "RE: Multiple root keys?"
Verunks Member since:
2007-04-02

they could blacklist the old key but have a checksum of all old games executable, so if the old key is used they just need to check if the hash is in the whitelist

Reply Parent Score: 1

RE: Multiple root keys?
by galvanash on Sat 8th Jan 2011 01:22 in reply to "Multiple root keys?"
galvanash Member since:
2006-01-25

Highly doubt it. There ARE multiple signing keys used for different things, and not all of them have been figured out yet - but the mechanism for figuring them out has been proven and it is simply a matter of time to collect them all. I imagine a highly competitive hacker's version of Pokemon is taking place as we speak... They should name the signing keys for different consoles after Pokemon characters, that would be fun ;)

I vote they call the PS3 game signing key Alakazam:

"Std Alakazam #1 weakness: low defensive stats yield little longevity. Std Alakazam #2 weakness:no way to heal status ailments with Recover and Leftovers, moderate longevity and low special defense."

Since the original xbox signing key was never cracked, just worked around through exploits it should be Mewtwo:

Mewtwo weadness: Mewtwo is weak against any bug type move, any dark type move and any ghost type move.

If you ever played Pokemon this will make perfect sense, if not move along - there is nothing to see here ;)

Edited 2011-01-08 01:26 UTC

Reply Parent Score: 4

RE[2]: Multiple root keys?
by ruinevil on Sun 9th Jan 2011 05:23 in reply to "RE: Multiple root keys?"
ruinevil Member since:
2009-01-08

Why do you want to name a Sony PS3 security breach after a Nintendo property?

Reply Parent Score: 1