By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony - So what will Sony do to fix the exploit?

snakenobi on 04 January 2011
twesterm said:

I've read this a few times and I have no idea what you're getting at.

Sony cannot revoke the old key without recalling every game sold.  Period.  No amount of firmware upgrades will change that.

I have no idea what you mean by "lock on whoever is using psn or buying new games."  Do you mean instating a new key?  Again, won't work because the old key will still work for anything, it has to remain valid or else everything before the new key would be invalid. 

If the old key is still valid, then no new keys matter because all it takes then is to make a launcher with the old key that launches anything.

About the only way to fix it is revoke the old and even then it still won't work because then they can just downgrade the firmware and fool the PS3 into thinking it's using the current firmware.  This can already be done.

Even by trying to monitor PSN users it's still pretty hopeless as long as they aren't actually cheating.  Again, everything will be a completely legit signed app with no hardware or software changes.  What do you think they're going to be looking for?

i know

but they don't have to anything for the current games,change the method of verifying for the newer games

simple saying:new way of decryption

 

they can launch a new firmware with new decryptive method that somehow supports the older method

 

by psn users or new game buyers i meant

 

the ps3 which has never been updated remains playable with older games

 

but people who install new firmware(for psn) or through new games will have to go through a different decryption method for atleast the new games

 

its like how new firmware games don't work on older firmware cause of compatiblity issues not just security issues.

 

i know it will take alot of work and changes with the SDK but it can be done.



Around the Network
snakenobi on 04 January 2011
haxxiy said:

I'm not sure of it. Even in the case you are right, there would still be the issue of a firmware contaning all the white/blackmailed lists that could be easily edited, rendering useless the entire process.

Besides, if there was no fix for both the PSP / Wii homebrew scenes, I doubt Sony would go all the way to stop it - there is sort of a myth around Sony and the PS3 security IMO that they would go any lengths to make the PS3 a fortress of sorts. Yes, they had a lot of fw updates who fixed security issues and whatever, but most of them were second thoughts to, say, giving the XMB and PSN to what Microsoft and NIntendo already offered.

Anyways, what should worry Sony the most (and the others too, for that matter) is the AACS keys leaking. Every PS3 released so far is a potential and unfixable blu ray ripper. Simply taking BD support like they did with linux would be suicidal, since it would obviously be deemed illegal and lawsuits would follow.

The best things Sony could do IMO are:

1 - completely revamp the BIOS and usie different encryption on future consoles. Since those will mostly be sold at 3rd world countries, it would be very effective against piracy. However, due to full access to previous PS3 master codes and so it wouldn't be long until someone came with a modchip or neo Jailbreak. Anyways, it wouldn't be different from most consoles on this aspect.

2 - give the PS3 everything the homebrew scene are looking to offer - different browsers, Linux, 3rd party support etc. It would keep the big hackers uninterested on it and diminish the appeal of methods which could be used to games / blu ray piracy. 

3 - release PSP-2 and PS4 earlier than planned if the worst come to be true. Honestly, we stand very close to it so far... Sony's bad luck has been of karmic proportions the last few days.

lets not talk about PSP2 and PS4 as that won't help P3 in any case and SONY spet way too much money on PS3 to let it go before they make some significant profit.

although all hackers say they hack it for linux of homebrew,most just want to gain fame

i don't think somebody like GEOHOT will ever just let go



haxxiy on 04 January 2011
snakenobi said:
haxxiy said:

I'm not sure of it. Even in the case you are right, there would still be the issue of a firmware contaning all the white/blackmailed lists that could be easily edited, rendering useless the entire process.

Besides, if there was no fix for both the PSP / Wii homebrew scenes, I doubt Sony would go all the way to stop it - there is sort of a myth around Sony and the PS3 security IMO that they would go any lengths to make the PS3 a fortress of sorts. Yes, they had a lot of fw updates who fixed security issues and whatever, but most of them were second thoughts to, say, giving the XMB and PSN to what Microsoft and NIntendo already offered.

Anyways, what should worry Sony the most (and the others too, for that matter) is the AACS keys leaking. Every PS3 released so far is a potential and unfixable blu ray ripper. Simply taking BD support like they did with linux would be suicidal, since it would obviously be deemed illegal and lawsuits would follow.

The best things Sony could do IMO are:

1 - completely revamp the BIOS and usie different encryption on future consoles. Since those will mostly be sold at 3rd world countries, it would be very effective against piracy. However, due to full access to previous PS3 master codes and so it wouldn't be long until someone came with a modchip or neo Jailbreak. Anyways, it wouldn't be different from most consoles on this aspect.

2 - give the PS3 everything the homebrew scene are looking to offer - different browsers, Linux, 3rd party support etc. It would keep the big hackers uninterested on it and diminish the appeal of methods which could be used to games / blu ray piracy. 

3 - release PSP-2 and PS4 earlier than planned if the worst come to be true. Honestly, we stand very close to it so far... Sony's bad luck has been of karmic proportions the last few days.

lets not talk about PSP2 and PS4 as that won't help P3 in any case and SONY spet way too much money on PS3 to let it go before they make some significant profit.

although all hackers say they hack it for linux of homebrew,most just want to gain fame

i don't think somebody like GEOHOT will ever just let go


Indeed it would be too early, unless PS3 sees PSP levels of software sales and hacking. Thinking of it, it's almost impossible even with the very easy exploits we're seeing...

you can bet however there's a lot of people out there that very well could imagine it to indeed happen (whether for their joy or downright desperation). The posts of some regarding PS3 being hacked, their denial an anger and speculation... one could believe they are reacting to the loss of a dear friend or something.



 

 

 

 

 

Blood_Tears on 04 January 2011

I guess PS3 Go is on the way now to combat software piracy lol 



snakenobi on 04 January 2011
Blood_Tears said:

I guess PS3 Go is on the way now to combat software piracy lol 


even that won't help as PSP go has been hacked too...................hehe



Around the Network
Blood_Tears on 04 January 2011
snakenobi said:
Blood_Tears said:

I guess PS3 Go is on the way now to combat software piracy lol 


even that won't help as PSP go has been hacked too...................hehe


God damn them Hackers!   There relentless.



twesterm on 04 January 2011
snakenobi said:
twesterm said:

I've read this a few times and I have no idea what you're getting at.

Sony cannot revoke the old key without recalling every game sold.  Period.  No amount of firmware upgrades will change that.

I have no idea what you mean by "lock on whoever is using psn or buying new games."  Do you mean instating a new key?  Again, won't work because the old key will still work for anything, it has to remain valid or else everything before the new key would be invalid. 

If the old key is still valid, then no new keys matter because all it takes then is to make a launcher with the old key that launches anything.

About the only way to fix it is revoke the old and even then it still won't work because then they can just downgrade the firmware and fool the PS3 into thinking it's using the current firmware.  This can already be done.

Even by trying to monitor PSN users it's still pretty hopeless as long as they aren't actually cheating.  Again, everything will be a completely legit signed app with no hardware or software changes.  What do you think they're going to be looking for?

i know

but they don't have to anything for the current games,change the method of verifying for the newer games

simple saying:new way of decryption

 

I think you're missing what I'm saying-- as long as the old key works for anything, it will always work for whatever homebrew they make. 

It doesn't matter if they suddenly started using a new key, the old key will always work.  The only way to get rid of that old key is to completely revoke for everything.



 

snakenobi on 04 January 2011
twesterm said:
snakenobi said:
twesterm said:

I've read this a few times and I have no idea what you're getting at.

Sony cannot revoke the old key without recalling every game sold.  Period.  No amount of firmware upgrades will change that.

I have no idea what you mean by "lock on whoever is using psn or buying new games."  Do you mean instating a new key?  Again, won't work because the old key will still work for anything, it has to remain valid or else everything before the new key would be invalid. 

If the old key is still valid, then no new keys matter because all it takes then is to make a launcher with the old key that launches anything.

About the only way to fix it is revoke the old and even then it still won't work because then they can just downgrade the firmware and fool the PS3 into thinking it's using the current firmware.  This can already be done.

Even by trying to monitor PSN users it's still pretty hopeless as long as they aren't actually cheating.  Again, everything will be a completely legit signed app with no hardware or software changes.  What do you think they're going to be looking for?

i know

but they don't have to anything for the current games,change the method of verifying for the newer games

simple saying:new way of decryption

 

I think you're missing what I'm saying-- as long as the old key works for anything, it will always work for whatever homebrew they make. 

It doesn't matter if they suddenly started using a new key, the old key will always work.  The only way to get rid of that old key is to completely revoke for everything.

i know but the old key once changed will not

the old key can be locked on the newer stuff

 

the old stuff will still work

 

the new stuff's decrytion would e diffferent

 

the hackers could still hack it but it will take some time



twesterm on 04 January 2011
snakenobi said:
twesterm said:
 

I think you're missing what I'm saying-- as long as the old key works for anything, it will always work for whatever homebrew they make. 

It doesn't matter if they suddenly started using a new key, the old key will always work.  The only way to get rid of that old key is to completely revoke for everything.

i know but the old key once changed will not

the old key can be locked on the newer stuff

 

the old stuff will still work

 

the new stuff's decrytion would e diffferent

 

the hackers could still hack it but it will take some time


You're either messing with me or you're just completely incapable of grasping the concept.  Either way I'm saying it one more time and I'm done with you--

If the old key works for anything they always have a way in.  No matter how many new keys they make, it will affect them in now way at all.  The old key would still work and would continue to work unless they revoked it and made everything before that obselete.

The key has to do with convincing the PS3 that your app is legitimate, that's it.  Once the PS3 thinks what you're running is legitimate, it's done.  This isn't a per game thing they can change on a whim or even through a lot of work, it's just something they can't change.  Changing means screwing everyone who bought a game before 2011 and they just can't do that.

So one more time hopefully as clear as possible:

  • If the old key works for anything, it works for everything.  There's no locking out the old key because every official app needs to work. 
  • You can't have multiple keys, it just doesn't work.  That's like saying there's more than one solution for x - 4 = 8.  There's only one solution for x there.  You can change the equation to 4x = 8 but then the previous value of x is completely wrong in every way possible.
  • Even if your idea did work, all they need to do is tell the PS3 you're playing Metal Gear Solid 4 when you're actually playing Super Awesome PS3 Game Launcher that just launched Killzone 3.  The PS3 won't care because you have a valid digital signature for a game before the new key was introduced.


 

SpartenOmega117 on 04 January 2011

You know I have been thinking about how this will affect software sales. I honestly think this will not affect software sales that much. PSP ans PS3 are different because the PSP got cfw very early in its lifecycle. PS3 just now got it may not be that significant. Also sony is a multi billion dollar corporation. They will find a way to fix this, homefully.