PS3 firmware 3.56 hacked in less than a day

Just yesterday Sony released a firmware update for their PS3 console which was reported to have banned Call of Duty: Black Ops hackers from the Playstation Network. Today, the encryption has been broken and signing keys have been published by one hacker after noticing the update was available.

Console hacker Yourness Alaoui, more commonly known to the hacking scene as KaKaRoToKs, posted to his Twitter that he decrypted Sony's most recent update. Publishing 3.56's signing keys on github opens the door for new custom firmware to be developed which will mimic the update and allow all of those with hacked PS3s back on the Playstation Network.

The firmware was released with the message "adds a security patch," but really was an effort to rid hackers from online services. KaKaRoToKS was one of the first behind 3.55 custom firmwares, and now probably is working on new versions for 3.56.

Sony tried to eradicate hackers from their console earlier this month by suing hacker GeoHot and coders part of the team "fail0verflow" by successfully getting a temporary restraining order against them. KaKaRoToKs and others are picking up where the previous left off, and at a fast rate showing Sony that no matter who they ban, there will always be one more out there to continue the work.

Sony's lawsuit only seems to have inspired a new generation of hackers instead of putting the matter to rest, and with firmware 3.56 being hacked so quickly, perhaps should also look into improving their own safety measures.

Report a problem with article
Previous Story

Rumor: Amazon rolling out Netflix-like service for Prime members

Next Story

Microsoft warns of Windows vulnerability that impacts all supported editions

59 Comments

Commenting is disabled on this article.

Kreuger said,
KaKaRoToKs? Was that a typo? Theres no Ks on the end. And when do the MW2 bans begin?

KaKaRoToKS is his twitter account, guessing someone took KaKaRoTo before he could.

Actually I wonder why is it a news on Neowin.
I thought the encryption keys those stuffs is already broken?
Does it means that every patch Neowin has to post a news on it?

tanjiajun_34 said,
Actually I wonder why is it a news on Neowin.
I thought the encryption keys those stuffs is already broken?
Does it means that every patch Neowin has to post a news on it?

3.52 = New keys = News

virtorio said,

3.52 = New keys = News

Sorry I don't really know much about it.
Since the previous version got hacked so wouldn't it be easy for them to find it again?

tanjiajun_34 said,

Sorry I don't really know much about it.
Since the previous version got hacked so wouldn't it be easy for them to find it again?

All packages for PS3 have been signed with a key, the keys for version 3.55 and lower are known. With 3.56 Sony have fixed the issue that fail0verflow discovered to find these keys so it means that 3.56 onward the keys will be unavailable.

AchromiciA said,

All packages for PS3 have been signed with a key, the keys for version 3.55 and lower are known. With 3.56 Sony have fixed the issue that fail0verflow discovered to find these keys so it means that 3.56 onward the keys will be unavailable.

The method to find the key changed too?

tanjiajun_34 said,

The method to find the key changed too?

No, with the generation of keys there is an infinitely random value that must be used to generate these keys to keep them from being reverse engineered. However Sony didn't generate a random value which means that people could reverse engineer them to find the key. So the method used to find the keys is impossible now unless you want to get a super computer and spend 1000 years brute forcing to find them.

AchromiciA said,

No, with the generation of keys there is an infinitely random value that must be used to generate these keys to keep them from being reverse engineered. However Sony didn't generate a random value which means that people could reverse engineer them to find the key. So the method used to find the keys is impossible now unless you want to get a super computer and spend 1000 years brute forcing to find them.

Then I don't understand why people kept saying like "Sony is forever screwed" when the keys got hacked. They sound like Sony can never patch it?

tanjiajun_34 said,

Then I don't understand why people kept saying like "Sony is forever screwed" when the keys got hacked. They sound like Sony can never patch it?

The idea was that the signing algorithm was buried below lvl 2 which is the GameOS and they thought patches couldn't go that low (I think). Though they fixed it.

AchromiciA said,

The idea was that the signing algorithm was buried below lvl 2 which is the GameOS and they thought patches couldn't go that low (I think). Though they fixed it.
they can update/change the entire firmware
this new update looked like it replaced pretty much the entire firmware, considering the time it took to download and install ~.~

AchromiciA said,

No, with the generation of keys there is an infinitely random value that must be used to generate these keys to keep them from being reverse engineered. However Sony didn't generate a random value which means that people could reverse engineer them to find the key. So the method used to find the keys is impossible now unless you want to get a super computer and spend 1000 years brute forcing to find them.

If that is true then it's great news for Sony and everyone else really. All those that are condoning it saying they want XBMC/Homebrew etc, you know the limitations of the machine when you bought it. If you want XBMC, go buy a Revo or a Media Centre PC. Don't complain that Sony are stopping you from installing it, when it's not meant to be installed in the first place.

Breach said,
True as this article might be, it's super biased.

It's not biased. The author is just unprofessional and didn't care to do any research at all. And obviously has no clue about what he's writing.

"Neowin.net - Where unprofessional journalism looks better"

Not this time.

Breach said,
True as this article might be, it's super biased.

I dunno is it just me. I feel that Neowin articles always seems to be in favor of Microsoft.
Does anyone feels it?
Well, this is just IMO.

tanjiajun_34 said,

I dunno is it just me. I feel that Neowin articles always seems to be in favor of Microsoft.
Does anyone feels it?
Well, this is just IMO.

You're not crazy. It is neo"WIN". If you were around when it started, you'd know it was a Windows Site. It used to have the windows logo everywhere.

Thanks KaKaRoToKs for making MW2 unplayable and full of hacks and many more games will follow...

For this im selling 80% of my games and my PS3 will probably just collect dust.

Doesnt matter how many security firmware updates they do it will just be hacked the next day. Time to wait for a PS4...

jrolson said,
Thanks KaKaRoToKs for making MW2 unplayable and full of hacks and many more games will follow...

For this im selling 80% of my games and my PS3 will probably just collect dust.

Doesnt matter how many security firmware updates they do it will just be hacked the next day. Time to wait for a PS4...

More like thanks to Sony for removing features it sold the PS3 as including, IE OtherOS.
Sony shot themself in the foot, and the signed code/key hack was only due to people trying to get a feature back on their PS3 that they originally paid for.

If Sony had not Removed OtherOS feature, and more importantly Sony failed to use a random number for a very very important random crypt code, instead they used the number '4'.

Fail. Sony. Epic fail. You're out of touch with the public and you're just pushing people away.

Take note of how Microsoft is handling the hacks and homebrew community on the Xbox and Phone. XNA and inviting crackers to join them to help making community coding easier and better.

sagum said,

More like thanks to Sony for removing features it sold the PS3 as including, IE OtherOS.
Sony shot themself in the foot, and the signed code/key hack was only due to people trying to get a feature back on their PS3 that they originally paid for.

If Sony had not Removed OtherOS feature, and more importantly Sony failed to use a random number for a very very important random crypt code, instead they used the number '4'.

Fail. Sony. Epic fail. You're out of touch with the public and you're just pushing people away.

Take note of how Microsoft is handling the hacks and homebrew community on the Xbox and Phone. XNA and inviting crackers to join them to help making community coding easier and better.


Then before OtherOS it removed, why is people hacking it?
They are just doing their work to protect the OS, I don't see anything wrong.
Its like your house key got stolen and because of that, you change your doors. Is there anything wrong?

tanjiajun_34 said,

Then before OtherOS it removed, why is people hacking it?
They are just doing their work to protect the OS, I don't see anything wrong.
Its like your house key got stolen and because of that, you change your doors. Is there anything wrong?

Before OtherOS was removed, it wasn't hacked. After it was removed, it was hacked.
That's the main reason ps3 hacking started.

Think of it this way. A car company selling a car with GPS as one of the main features. So people decide to buy it because the GPS is one of the reasons they bought it over other cars. Couple months later, the car company decides, for no reason at all, to make a recall to remove/disable the GPS systems. Does that sound fair?

The XBOX 360, when it was updated to the slim, it recieved a lot of new features and hardware upgrades.

What did sony do. When they updated the PS3 to slim, they took a lot of features out and a few hardware downgrades.

duhk said,

Before OtherOS was removed, it wasn't hacked. After it was removed, it was hacked.
That's the main reason ps3 hacking started.

Think of it this way. A car company selling a car with GPS as one of the main features. So people decide to buy it because the GPS is one of the reasons they bought it over other cars. Couple months later, the car company decides, for no reason at all, to make a recall to remove/disable the GPS systems. Does that sound fair?

The XBOX 360, when it was updated to the slim, it recieved a lot of new features and hardware upgrades.

What did sony do. When they updated the PS3 to slim, they took a lot of features out and a few hardware downgrades.


Before OtherOS, I thought GeoHotz is trying to hack it. That is why Sony remove it to prevent that from happening?
Well for Sony removing otherOS, is indeed a bad move but the same cannot be said for PS3 Slim because the user should know what is removed already.

tanjiajun_34 said,

Well for Sony removing otherOS, is indeed a bad move but the same cannot be said for PS3 Slim because the user should know what is removed already.

The slim should have the same features as the previous generation device + more. It goes for all hardware system updates/upgrades. iPhone, Nintendo DS, XBOX 360 for example. Every new generation of the those devices had the same features as the previous generation + new features and newer hardware that's faster and more efficient .

The PS3 Slim is a newer generation of the PS3. The very first generation had 4 usb ports, multiple flash card readers, played old playstation games, and had otherOS. The PS3 Slim has none of that.

Your argument would be true if it were a completely different game system, but it's not okay when it's the same one. I had a Metal Gear Solid PS3 pack which had all the first gen features. It was stolen. I bought a new 80GB FATTY!! But then found out it wasn't the same system i had before. It was disappointing. Only 2 usb ports, no backwards compatibility, and no memory card readers.

What's new in the PS3 Slim? Not much really.

duhk said,

The slim should have the same features as the previous generation device + more. It goes for all hardware system updates/upgrades. iPhone, Nintendo DS, XBOX 360 for example. Every new generation of the those devices had the same features as the previous generation + new features and newer hardware that's faster and more efficient .

The PS3 Slim is a newer generation of the PS3. The very first generation had 4 usb ports, multiple flash card readers, played old playstation games, and had otherOS. The PS3 Slim has none of that.

Your argument would be true if it were a completely different game system, but it's not okay when it's the same one. I had a Metal Gear Solid PS3 pack which had all the first gen features. It was stolen. I bought a new 80GB FATTY!! But then found out it wasn't the same system i had before. It was disappointing. Only 2 usb ports, no backwards compatibility, and no memory card readers.

What's new in the PS3 Slim? Not much really.


The point is you are saying as if Sony is tricking your money. But it isn't. The user should check if it have the functions such as OtherOS before buying.

tanjiajun_34 said,

The point is you are saying as if Sony is tricking your money. But it isn't. The user should check if it have the functions such as OtherOS before buying.

OtherOS on the fatboy has been removed too.
I know many, many people with a PS3, noone EVER installed another OS onto it, its not such a popular function. and if you wanted to keep it. Shouldnt've updatedto new firmware?

besides that, PS3 hacks where going ever since its release, removing OtherOS might've sped up finding the ultimate hack, but it isnt the cause for the PS3 getting hacked, its the excuse.

Do these hackers know that they aren't so much as fighting the man as they think as they are just making PSN unplayable for the rest of us?

I'm all for open-source and homebrew, but when you have idiots like these who just ruin the experience that the rest of us pay for, it really makes me mad.

I am all for 3rd party add-ons (Home-brew) but the moment people start to cheat using,
Software on the Console then thats when people should get baned,
Add cool apps... NP.. Ruin our Gaming Expereaces . BANED!

I think what angers people about this is the fact that we want to be able to play in MP games without dealing with cheaters/hackers. You want to hack your PS3/360 for personal use, fine, but once you get onto PSN/Live it's a different matter. You are ruining the experience.

mystwalker80 said,
I think what angers people about this is the fact that we want to be able to play in MP games without dealing with cheaters/hackers. You want to hack your PS3/360 for personal use, fine, but once you get onto PSN/Live it's a different matter. You are ruining the experience.
Because everyone who cracks their PS3 is Obviously cheating on the games right ?

Ryoken said,
Because everyone who cracks their PS3 is Obviously cheating on the games right ?

All it takes is one to use the exploit to ruin it for everyone. Have you ever played a hacked game of Call of Duty? It makes the game completely worthless.

Chrono951 said,
All it takes is one to use the exploit to ruin it for everyone. Have you ever played a hacked game of Call of Duty? It makes the game completely worthless.
They should be monitoring the actions of each player looking for things that aren't right, and ban that way.. not if it's hacked or something..

Hacking a device (and consoles as long as you keep it offline): Fair enough, whatever pleases you.
Hacking a game: STOP HACKING OR I WILL COME TO YOUR HOUSE AND SHOVE YOUR CONTROLLER SO FAR UP YOUR *** YOU CAN PLAY COD WITH YOUR INTESTINES!!!!111!!!!1
T8

TangoEight said,
Hacking a device (and consoles as long as you keep it offline): Fair enough, whatever pleases you.
Hacking a game: STOP HACKING OR I WILL COME TO YOUR HOUSE AND SHOVE YOUR CONTROLLER SO FAR UP YOUR *** YOU CAN PLAY COD WITH YOUR INTESTINES!!!!111!!!!1
T8

Agreed. for offline use fine. but cheating on multiplayer games against other people i think most of us are completely against that.

p.s. i don't own a PS3 anyways. i got a 360. but if i did have a PS3 and was playing games online i would not be happy seeing cheater on it.

TangoEight said,
Hacking a device (and consoles as long as you keep it offline): Fair enough, whatever pleases you.
Hacking a game: STOP HACKING OR I WILL COME TO YOUR HOUSE AND SHOVE YOUR CONTROLLER SO FAR UP YOUR *** YOU CAN PLAY COD WITH YOUR INTESTINES!!!!111!!!!1
T8

+100!!!

Its not really piracy. Piracy is all those people on BTsites. This is kind of like kinect hacking. Who knows what new software will be written to take advantage of the PS3.

No, these people are hacking the PS3 so they can cheat (wallhacks, glowhacks, aimbots, etc.) in online games, ruining them for everyone.

If they were just hacking their systems to run their own code for their own reasons (like jailbreaking an iphone), no one except Sony would care.

PotatoJ said,
Source?

I can say from personal experience that it happens. I've never done it but I've been the victim of people "obviously" hacking for advantages. People do all kinds of nifty stuff just to get ahead in Call of Duty or Battlefield because they've got nothing better to do with their lives. You can find videos on youtube on how to make lag switches and everything. Hacking it for personal use I don't have an issue with, but I'm all for Sony banning hacked consoles from online play.

PotatoJ said,
Source?

Yep its well known within the gaming community that the main reason to bypass PB, and other security measures is so they can run their aimbots and wallhacks....if only they put as much efort into getting better at the game they wouldn't need to download their skills....

I actually feel sorry for them......their that crap at games this is the only way they can win!

I hope Sony release a new firmware everyday and block em...better yet track their IP's and publish them online id love to go around and sort these fags out i know many legitimate gamers who would be up for a bit of payback.

PotatoJ said,
Source?

Real life is the damn source. Are you really in disbelief that people are hacking consoles to cheat? Consider: there weren't any cheaters before the jailbreak and now all of a sudden there are.

For homebrew is bull****. If they wanted to develop for the PS3 they'd go through proper channels.

Solid Knight said,

Real life is the damn source. Are you really in disbelief that people are hacking consoles to cheat? Consider: there weren't any cheaters before the jailbreak and now all of a sudden there are.

For homebrew is bull****. If they wanted to develop for the PS3 they'd go through proper channels.


Agree. People who are saying hacking for homebrew is just a stupid excuse or just lying to themselves.

tanjiajun_34 said,

Agree. People who are saying hacking for homebrew is just a stupid excuse or just lying to themselves.

There are lot of people who would like PS3 for different purposes then what sony wants you do with it. Thats why the remember army bought a whole lot of them to run them in a cluster. I myself would like xbmc ported to the ps3.

Melfster said,
There are lot of people who would like PS3 for different purposes then what sony wants you do with it. Thats why the remember army bought a whole lot of them to run them in a cluster. I myself would like xbmc ported to the ps3.

You're using the Army making a cluster as your example of things people might want to jailbreak a PS3 for in their home?

Melfster said,

There are lot of people who would like PS3 for different purposes then what sony wants you do with it. Thats why the remember army bought a whole lot of them to run them in a cluster. I myself would like xbmc ported to the ps3.


I thought they are using just OtherOS.
Just don't update their PS3 will do since they are not going to use it and play?

Solid Knight said,

Real life is the damn source. Are you really in disbelief that people are hacking consoles to cheat? Consider: there weren't any cheaters before the jailbreak and now all of a sudden there are.

For homebrew is bull****. If they wanted to develop for the PS3 they'd go through proper channels.

In real life, the Jailbreak had not even happened when people were hacking COD on the PS3. Jailbreaking, custom firmware, and the root key are not needed in order to do this

Aleksael said,
In real life, the Jailbreak had not even happened when people were hacking COD on the PS3. Jailbreaking, custom firmware, and the root key are not needed in order to do this

And they were installing patches on the console, how?

Solid Knight said,

And they were installing patches on the console, how?

They weren't patches. See, the PS3 has USB interfaces, which makes it easy to plug a drive up to your PC, fiddle with the files that the PS3 works with to make your game work, using code that is already completely fully signed. To make things even easier, COD has other versions that are made modularly, the 360 and PC versions, they even have a nice and tidy keyboard console that you can activate and configure things to your liking. When the PS3 version of COD was made, it never occurred to anybody that it would be a good idea to remove these features, or the hooks in the back end for these features, so nothing ever needed to be reprogrammed or hacked into the game. Have you ever googled? COD hacks were happening on the PS3 years ago.

Aleksael said,

They weren't patches. See, the PS3 has USB interfaces, which makes it easy to plug a drive up to your PC, fiddle with the files that the PS3 works with to make your game work, using code that is already completely fully signed. To make things even easier, COD has other versions that are made modularly, the 360 and PC versions, they even have a nice and tidy keyboard console that you can activate and configure things to your liking. When the PS3 version of COD was made, it never occurred to anybody that it would be a good idea to remove these features, or the hooks in the back end for these features, so nothing ever needed to be reprogrammed or hacked into the game. Have you ever googled? COD hacks were happening on the PS3 years ago.

What the hell does Google have to do with whether or not I bothered to look for hacks?

Solid Knight said,

What the hell does Google have to do with whether or not I bothered to look for hacks?

It has to do with how you don't know what you are talking about.

Fact: the PS3 key is not necessary to hack COD.

Fact: COD has been hacked on PS3.

Fact: the PS3 key is now known.

You're conflating these things to be the same when they aren't.

You asked how anybody hacked the game without the root key, and I told you. It's the same way they hacked the game for XBox 360. It's the same way L4D is hacked on XBox 360. Only JTAGged 360s can run unsigned code, and even 360s which cannot be JTAGged can still run hacked versions of these games.

I guess they're bothering just to satisfy their shareholders.

At least I hope they don't see any particular benefit in doing this, piracy-wise...