By using this site, you agree to our Privacy Policy and our Terms of Use. Close
o_O.Q on 14 December 2011
Edit Thread
fordy said:
o_O.Q said:

well to be honest i don't understand the hardware and i'm not going to try to pretend to but as you yourself said the person you quoted is an expert in these matters and once more here is what they said :

"I would be very surprised if this fix isn't hacked fairly quickly"

and beyond that there's also the fact that it was generally accepted in the hacking community that this fixed worked for consoles that had up to date firmware...

if the fix wasn't effective they would have called denied the reports of the fix but they didn't... 

"I always see Sony more as a propoaganda machine than being the people who rewrite centuries of cryptography techniques to say they fixed a problem that all credible cryptography experts agree is unfixable."

and here lies the other point you aren't seeing, it wasn't to my knowledge announced by sony that the hack was fixed... guess who announced it?...

ah i'll tell you... the hackers

so far you can't provide any statements from experts, hackers etc to confirm what you're saying ( all you're doing is forming conclusions from your own knowledge on the issue and your understanding of the console ) and unless you're an expert on the ps3s design i'm more inclined to go with what the people who actually are, are saying


"ony appeared to agree, describing the damage caused by the hack as "irreparable" - a major argument in a lawsuit they filed against Hotz. Last week, Sony was granted permission by a court in California to access the visitor logs for Hotz's website, suggesting that its legal battle will not stop with Hotz himself.

But according to Alaoui, the new firmware, version 3.6 released earlier this week, appears to have patched the damage. "For now, it looks to me (at first glance) that the PS3 has been resecured, but it doesn't mean it can't be broken again from scratch," he said in a tweet.

 It is not entirely clear how Sony fixed the hack. PS3's security is based on layers of encryption, with one layer unlocking access to the next. Hotz's hack was so devastating because he was able to access the metldr root key which undermines this chain of trust by unlocking all layers. Sony's solution appears to side step this by simply not using metldr at all, opting instead for an entirely new security system. This too could eventually be hacked but it would involve starting from scratch, says Alaoui."

 

"Along with cloud saving for PSN Plus users, Sony has added some security goodies to 3.60. The first one being bypassing metldr for good. Metldr keys are now useless. Sony is now storing all the loaders necessary to run games and everything else inside of lv0. Lv0 now loads lv1ldr,lv2ldr, etc. Since lv0 has always been decrypted by the bootloader inside of the PS3 (not metldr), we cannot decrypt lv0. In order words, all keys are now useless. No more decrypting newer games or loaders. "

 

"As for those glaring security holes? Noted PS3 hacker Youness Alaoui (aka KaKaRoToKS) posits, "For now, it looks to me (at first glance) that the PS3 has been re-secured, but it doesn't mean it can't be broken again from scratch." DigitalFoundry explains that while Geohot's reveal of the "mtldr" key irrevocably broke the PS3's "chain of trust," Sony's solution effortlessly sidesteps this seemingly insurmountable breach: "According to Alaoui's quick analysis, Sony simply doesn't use mtldr any more, opting for a new security system that could possibly require a completely new exploit to be uncovered.""

 

Oh it was all written on the internet, so it must be true, right? Let's use a little logic here to explain WHY this "fix" is nothing more than another small step:

1. We cannot assume that all PS3s are updating from the internet. As like both companies, any game that requires updated firmware is transported on disc. Now, the key can be stored in two places. The first is in protected memory, where only the OS can access. The second is a type of segregated memory only accessible by hardware (not on the main bus, therefore non-accessible memory).

In case 1 (protected memory), Sony may look to rewrite the key  (or the process) in order to allow new software to run on old consoles. This is done by a rudimentary write process that is either NOT encrypted, or encrypted by a previous key (the one that is already broken), you cannot use a key's encryption to write itself, surely you can agree with that.

In case 2 (non-accessible memory), only the hardware has access to the key, and as such it's not able to be changed. Therefore, all current hardware is indeed permanently cracked. However, new hardware isn't, but ust at least acknowledge the old hardware's key in order to maintain a backward compatibility with old games with FULL hardware privileges (you cannot box the old game into a virtual machine. Not only do you run the risk of having the VM in memory that the game uses, you're also placing a load on the system that otherwise wouldn't have been there).

There's a rule to encrypted communication, and that is that someone who controls the hardware and doesn't want security doesn't have to have it. This is why client-side security will always ultimately fail.

I am more than willing to guess that Sony did not make major hardware architectural changes to the system between old and new hardware, so I'm willing to bet that the location of the new key is around the same (if not THE same) memory location. What Sony has done is cover a broken window with a sheet of paper, hoping that will tide over until the storm moves on (ie next generation comes).

"Oh it was all written on the internet, so it must be true, right?"

isn't the internet how you learned of the keys, sony's security issues etc in the first place? if that is the case... whats your point?

the part where you mentioned the software updates is correct... there are ps3s out there that people leave unupdated so that they can use the exploit, so yes those are unprotected but beyond that the exploit has been fixed

as for the rest of your post as i said before i don't fully understand the ps3s architecture so i'm not going to get into a debate on that...

but as i said before unless you're an expert on the ps3s architecture i don't really see how you can expect me to take you seriously... what makes you more reliable than the hackers and experts who have said the issue was fixed?