Last week at the 27th annual Chaos Communication Congress (CCC), a group calling themselves “fail0verflow” displayed the single-most important PlayStation 3 hack to date. A few months from now, when everybody who wants one has a modified PS3, you’ll be able to point your finger back to fail0verflow’s CCC presentation and say, “that is where is all began.”
Just like the original Xbox, the PlayStation 3’s defenses didn’t fall to pirates, but to Linux experts. The quickest way to have your security precautions ripped out of your device, run up the flagpole and laughed at is to prevent people from running Linux on it. In fact, the general consensus has been all along that since the PlayStation 3 allowed users to install Linux on an unmodified console, Linux hackers have had no incentive to tinker with the console’s security measures. As a result, the PS3 has remain “unbroken” for over four years, the longest of any modern console. However in the late spring of 2009, Sony removed the OtherOS feature from PlayStation 3’s through a mandatory (if you want to play online and/or new games) BIOS upgrade. While this made a lot of PlayStation 3 owners mad, it apparently made fail0verflow really mad.
The reason your PS3 (or any game console) won’t play a copied disc is because games must be digitally signed. As with any encryption, this digital handshake requires a private key and a public key. A PlayStation 3, using its private key, examines public keys and, based on its findings, determines whether or not to execute the code. This is why games you buy off the shelf will run on your PS3, but a copy of that same game will not.
(Old mod chips for the original PlayStation used to trick consoles by returning the right answer, regardless of what the question was. The PS1 was looking for region codes instead of digitally encrypted signatures, but the concept was the same. When a backup copy was inserted into the original PlayStation, the console would ask, “should I play this game?” The console checked for the region code and, when it could not be found, would reply with “no.” That response was sent back through the modchip, who slyly changed it to “yes!”)
While digging through the PlayStation 3, fail0verflow didn’t just find a private key — they found the private key. The master root encryption key. Using this key, hackers can generate working public keys. With valid public keys, hackers can boot anything they want on the PS3. There are two important things to note here. One, is that this key is included in the PlayStation 3’s hardware. It does not appear that a BIOS upgrade can change the master key. And two, changing the key could cause all PlayStation 3 games to stop working — so that’s not very likely. fail0verflow went looking for this key in the name of Linux. Other folks may not be so kind.
You know how there’s that one guy that takes things to another level? In the hacking world, that guy is GeoHot. GeoHot perfected the iPhone jailbreak; if your iPhone is jailbroken, you owe it to GeoHot. The PlayStation 3 has been a thorn in GeoHot’s side for quite some time now. He’s picked at it, poked at it, and even released a couple of hacks that were eventually closed up by Sony. fail0verflow announced that within the next month, they plan on releasing some tools that will allow the homebrew and hacking communities to start looking at the PS3. GeoHot said to hell with that, and posted the master key on his website.
Right now, this kid’s house is probably surrounded by lawyers. Or assassins. Or both.
Now, I don’t know what to do with that number, and chances are you don’t either, but you can get your booty there are people that do, people that have been waiting four long years for those numbers. The PS3’s homebrew and hacking scenes are about to light up. I can’t wait to see what happens next.