PS3 cracked wide open

Lots of exciting things happened in the PS3 scene the past few days. The aftermath is that the entire PS3 encryption scheme has been irrevocably cracked and broken, with no possibility of a firmware fix, due to a rookie cryptography mistake made by Sony who is now crying in a corner.

Let’s take a look at the itinerary of events.

The Story

First, a little background.

Sony excluded Other OS (Linux) support from its new PS3 Slim models for unknown reasons. This annoyed some people but did not cause too much stir because hackers who wanted Linux still had their old PS3s.

In his attempt to restore Other OS functionality to the PS3 Slim, George Hotz, a famed iPhone hacker who has a slight ego issue, discovered an exploit in the PS3’s Other OS system that may lead to enabling of piracy. Sony made some legal noise and took the drastic measure of removing Linux support from all PS3 consoles through the 3.21 firmware update. This is illegal in Europe and probably other countries with decent consumer protection laws, but no substantial legal challenges have succeeded thus far. This move also pissed off a lot of hackers who previously ignored the PS3 due to its existing Linux support. George Hotz disappeared like a little girl without releasing his claimed exploit because he was afraid of law suits.

Months later when the uproar had died down, the PS3 was suddenly cracked using a USB exploit by a (presumed-to-be) Chinese hacker group who released the hack commercially as the PSJailbreak. Out of the blue, PS3 homebrew and piracy communities sprung to life. The technique was refined and made open source by various individual and community efforts such as PSGroove and PSFreedom and ported to numerous devices.

However, Sony released the 3.50 and 3.55 firmware to block the exploit. The community remained on 3.41 and no real breakthrough was made after that, with the small exception of a “downgrader” released by the same mysterious PSJailbreak team, which was also subsequently cloned by other jailbreak manufacturers and open sourced. While the downgrader allowed 3.50 and 3.55 firmwares to revert to 3.41 using USB protocols copied from Sony’s official maintenance tools, it does nothing to allow 3.41 firmwares to run new games such as Gran Turismo 5 which are signed by a new encryption key present only in 3.50 and newer firmwares.

The Breakthrough

On 29th Dec 2010, a collaboration of hackers called fail0verflow unveiled a groundbreaking discovery at the 27th Chaos Communication Congress (27C3) hacking conference held in Berlin. By observing files and runtimes in the PS3 using processes made possible by the PSJailbreak exploit, the team discovered that Sony had made numerous mistakes in the design of the PS3’s much-hyped security architecture. You can watch their presentation on YouTube and download their slides here.

Towards the end of their presentation, they revealed the most fatal flaw in the system: Sony had failed to correctly implement the cryptography scheme they used to sign their ELF executables (PS3’s equivalent of an EXE). The encryption scheme required the generation of a new random number each time a signature is created, but Sony’s implementation uses the same “random” number every time. This made it a constant instead of an unknown variable, reducing the number of unknowns from two (private key and random number) to one and making it mathematically possible to derive the encryption keys via algebra, which is what fail0verfow did. They published their method but not the actual keys they obtained through it.

The Keys

Almost immediately after fail0verflow’s disclosure, George Hotz made a sudden grand entrance back into the scene and released the PS3’s metldr keys he discovered by using an undisclosed exploit to dump the “metldr”, which fail0verflow did not achieve, and then applying fail0verflow’s method to recover the private encryption key. I am not completely clear on this part, but I gather that the metldr is some kind of bootloader the PS3 uses to call up the higher-level functions like the Game OS.

The metldr key is a very low level encryption key embedded in the PS3 hardware that can then be used to decrypt higher level keys found in the Game OS firmware that are used to sign actual games. Immediately following this announcement, community members of the PS3 scene used the metldr key to decrypt and post every single encryption keys used in every PS3 firmware version.

The Aftermath

With these keys, it is now possible for anyone to sign any PS3 ELF executable as if he were Sony and there is no reason for any PS3, modded or otherwise, to reject the signed files.

The immediate effect is of course homebrew. Anyone can now create applications for the PS3 and run them without using PSJailbreak.

The next obvious outcome is of course piracy. Since all PS3 games can now be decrypted, it is trivial to decrypt new games such as Gran Turismo 5 using the 3.55 key and re-encrypt them with the 3.41 key so that they can be played on an exploited PS3 running older firmware. Indeed, fixed EBOOT.BIN for the frequently-requested Gran Turismo 5 was one of the first scene releases following the breakthrough.

Going forward, it is likely that the current piracy methods will be greatly streamlined and such manual patching processes will no longer be necessary. This is because the keys allow hackers to decrypt all official Sony firmware updates and use them as the basis for creating custom firmwares similar to those prevalent in the PSP piracy scene. Since these custom updates will be signed with Sony’s official keys, even non-modded PS3s will accept them without complaints. The first custom firmware for the PS3 came out just days later and allows users to install homebrew without using the PSJailbreak exploit.

In the next few months, there will likely be non-stop releases and refinements of PS3 custom firmwares, amazing homebrews (an XMBC port maybe?) and streamlined piracy tools.

An amusing side effect of all these is that PSP’s private encryption keys are also completely exposed and they have been used to implement the HEN exploit on the newest 3000-series and PSP Go hardware running 6.31/6.35 firmware. The keys were presumably being used by the PS3 to play PSP Minis games. Apparently, Sony was very confident of the PS3’s protection scheme.

The Conclusion

For Sony, there is no way to put the genie back into the bottle. The metldr key cannot be revoked through a firmware update and changing it will require new hardware. But a new hardware revision is utterly meaningless, since current PS3 consoles (with their metldr key exposed) must presumably be able to run all future PS3 games and firmwares. As a result, future game- and OS-level encryption keys will forever remain vulnerable to reverse engineering, unless Sony takes the extremely drastic action of breaking games compatibility with current PS3s.

The conventional wisdom has always been that console-hacking is motivated mainly by piracy. This idea is being challenged by the case study of the PS3, a console which remained secured for years despite what we now know is a utterly broken security architecture. The piracy motivation has always been there, but the pirates apparently did not possess the technical expertise needed to make the breakthrough.

The explanation proposed by fail0verflow, which they say apply to themselves, is that highly motivated and technically competent hackers were initially not interested in cracking the PS3 protection scheme because it ran Linux out of the box. Efforts to crack it by capable individuals only began after Sony excluded Other OS from the PS3 Slim and subsequently removed it from all existing PS3s through a firmware update.

Looking at the flurry of activities in recent months, less than a year after Other OS was removed, there appears to be some truth in that explanation.

Sony has completely lost the battle. The war will continue with the PS4.

Follow DarkMirage on Twitter