By using this site, you agree to our Privacy Policy and our Terms of Use. Close
o_O.Q on 14 December 2011
Edit Thread
fordy said:
o_O.Q said:

"Because I would take the words of a cryptography expert over the words of a company"

the expert himself says that the hack was fixed

"I would be very surprised if this fix isn't hacked fairly quickly"

regardless of whether he thinks it will be hacked quickly or not ( the fix was done months ago so obviously not quickly ) the fact remains that he acknowledges that it was fixed...

which goes against what you've said

"Dude, the exploit is still there"

The sarcophaegus fix that they're mentioning secures new games that wish t use it. The fact of the matter is:

1. In order for those games to remain payable on old hardware, the old key must be present on disc.

2. In order to ensure all software on the shelf using the old key is still playabale, the system must still accept the old METLDR key with full access priviliges. Not doing so would destroy backward compatibility with such titles.

All that Sony has done is create the illusion that they have fixed an unfixable problem, and I don't blame them. If they outright admitted that there was nothing they could do, investor confidence in the system would plummet. Oh and look at that, they managed to get in someone who appears to be nonconfident with his statement ("at first glance...").

Sorry, I always see Sony more as a propoaganda machine than being the people who rewrite centuries of cryptography techniques to say they fixed a problem that all credible cryptography experts agree is unfixable. Do you really think that Sony came from having one of the most insecure, online gaming networks in April to suddenly make something so groundbreaking that it would rewrite cryptography forever......only to put it in their gaming system? Think logically, please.

well to be honest i don't understand the hardware and i'm not going to try to pretend to but as you yourself said the person you quoted is an expert in these matters and once more here is what they said :

"I would be very surprised if this fix isn't hacked fairly quickly"

and beyond that there's also the fact that it was generally accepted in the hacking community that this fixed worked for consoles that had up to date firmware...

if the fix wasn't effective they would have called denied the reports of the fix but they didn't... 

"I always see Sony more as a propoaganda machine than being the people who rewrite centuries of cryptography techniques to say they fixed a problem that all credible cryptography experts agree is unfixable."

and here lies the other point you aren't seeing, it wasn't to my knowledge announced by sony that the hack was fixed... guess who announced it?...

ah i'll tell you... the hackers

so far you can't provide any statements from experts, hackers etc to confirm what you're saying ( all you're doing is forming conclusions from your own knowledge on the issue and your understanding of the console ) and unless you're an expert on the ps3s design i'm more inclined to go with what the people who actually are, are saying


"ony appeared to agree, describing the damage caused by the hack as "irreparable" - a major argument in a lawsuit they filed against Hotz. Last week, Sony was granted permission by a court in California to access the visitor logs for Hotz's website, suggesting that its legal battle will not stop with Hotz himself.

But according to Alaoui, the new firmware, version 3.6 released earlier this week, appears to have patched the damage. "For now, it looks to me (at first glance) that the PS3 has been resecured, but it doesn't mean it can't be broken again from scratch," he said in a tweet.

 It is not entirely clear how Sony fixed the hack. PS3's security is based on layers of encryption, with one layer unlocking access to the next. Hotz's hack was so devastating because he was able to access the metldr root key which undermines this chain of trust by unlocking all layers. Sony's solution appears to side step this by simply not using metldr at all, opting instead for an entirely new security system. This too could eventually be hacked but it would involve starting from scratch, says Alaoui."

 

"Along with cloud saving for PSN Plus users, Sony has added some security goodies to 3.60. The first one being bypassing metldr for good. Metldr keys are now useless. Sony is now storing all the loaders necessary to run games and everything else inside of lv0. Lv0 now loads lv1ldr,lv2ldr, etc. Since lv0 has always been decrypted by the bootloader inside of the PS3 (not metldr), we cannot decrypt lv0. In order words, all keys are now useless. No more decrypting newer games or loaders. "

 

"As for those glaring security holes? Noted PS3 hacker Youness Alaoui (aka KaKaRoToKS) posits, "For now, it looks to me (at first glance) that the PS3 has been re-secured, but it doesn't mean it can't be broken again from scratch." DigitalFoundry explains that while Geohot's reveal of the "mtldr" key irrevocably broke the PS3's "chain of trust," Sony's solution effortlessly sidesteps this seemingly insurmountable breach: "According to Alaoui's quick analysis, Sony simply doesn't use mtldr any more, opting for a new security system that could possibly require a completely new exploit to be uncovered.""