Geohot releases the PS3 keys [Discussion]

[Snowl]

So today geohot released the PS3 Private keys, before fail0verflow did, after they disclosed the findings. Mathieulh also posted the isoldr keys.

This was a pretty **** move of geohot, imo.

At least they are out there now.

[still1]

wonder what Sony is going to do next(probably nothing)... pirated PS3 games will soon show up in the internet.

[Kreuger]

Wow, I thought GeoHot had stopped hacking the PS3.

[Ruciz]

Wow, I thought GeoHot had stopped hacking the PS3.

Hes a sellout. his release came with a job application to any of the 'big three' so he's NOT on the 'side' hes portrayed in his PS3 and iPhone hacks...

I believe he figured this out months ago though, cause 3.21oo wouldn't have been possible otherwise - but that never came to light either.

[Kreuger]

Hes a sellout. his release came with a job application to any of the 'big three' so he's NOT on the 'side' hes portrayed in his PS3 and iPhone hacks...

Can't say I blame him. I'm sure someone else will fill his place anyway.

[0nyX]

wonder what Sony is going to do next(probably nothing)... pirated PS3 games will soon show up in the internet.

I am not sure if i have understand correctly and what has changed with Geohot's released keys but on the "failoverflow" videos they clearly state that they don't have the keys to sign games.

Has this changed now?

[The_Observer]

sorry been live under a xbox360 what this all about?

[Richard Hammond]

I am not sure if i have understand correctly and what has changed with Geohot's released keys but on the "failoverflow" videos they clearly state that they don't have the keys to sign games.

Has this changed now?

The Root/Master Key has leaked from what i can gather, that means the PS3 is wide open now anything can be run or signed and any firmware past, present or future can be hacked and you will be able to play on PSN, you wont need a dongle either.

[Nick H. Supervisor]

I'm far from knowledgeable about how serious this is. I understand what it allows a user to do, but couldn't Sony release another firmware update that changes the key and uses a different form of encryption? Or would that break anything created for the PS3 in the past?

[Richard Hammond]

No, all these encryption keys cannot be patched out from what i read the keys are stored on hardware so if Sony revoked these keys 10s of millions of PS3s would simple lose the ability to play games from disk or psn.

[Nick H. Supervisor]

No, all these encryption keys cannot be patched out from what i read the keys are stored on hardware so if Sony revoked these keys 10s of millions of PS3s would simple lose the ability to play games from disk or psn.

Gotcha, cheers. ;)

[iamawesomewicked]

pirated PS3 games will soon show up in the internet.

They're already on the internet >.>

Playable no.. but they're there..

[Richard Hammond]

Playable yes with jailbreak.

[The_Decryptor Veteran]

The Root/Master Key has leaked from what i can gather, that means the PS3 is wide open now anything can be run or signed and any firmware past, present or future can be hacked and you will be able to play on PSN, you wont need a dongle either.

From what I've read, it was the method Sony used to make the keys that was cracked (i.e. the method used was weak, like a random number generator always returning the same value)

[HoochieMamma]

So I assume (without reading up) these key allows people to burn fully playable blurays of the games without modifying the console at all?

[Biohead]

It has the possibility to do that. It's still a very new hack and applications are limited at the moment... but they are coming.

Primarily, homebrew is what benefits this as the custom packages can now be signed with the proper key - not needing the jailbreak/debug console.

[-KJ]

Poor Sony.

[Richard Hammond]

From what I've read, it was the method Sony used to make the keys that was cracked (i.e. the method used was weak, like a random number generator always returning the same value)

It wasnt, that was a joke from XKCD comics.

[Snowl]

It was that, just they used a xkcd comic to show how it was generated. M wasn't actually 4.

[c3ntury]

Geohot is a attention seeking moron as far as I'm concerned. This isn't the first time he has taken an exploit found by someone else, merely used that exploit to get information then just tried to take credit where it isn't due.

[Biohead]

I thought it was pretty much a variable that Sony kept constant? Thats what the hacking slides show.

If K is the private key, and m is a random number (they're divided in the algorithm), if m is kept the same, that means K is the same so it's possible to work it out.

It's quite a read if no-ones seen the slides/videos yet and are interested:

http://psx-scene.com/forums/f6/fail0verflow-27c3-ps3-epic-fail-now-live-demo-73986/

[The_Decryptor Veteran]

It wasnt, that was a joke from XKCD comics.

While XKCD did make a joke about it (although it's an old joke), that is apparently what Sony did.

[Snowl]

fail0verflow has now released some of their tools on their git: http://git.fail0verf...?p=ps3tools.git

Some of the tools are as follows:

sceverify: verify SCE binaries

pupunpack: check pup hmacs

puppack: create PUP files from scratch

norunpack: extract files from a NOR dump

unself: convert fselfs back to elfs

makeself: convert ELF files to self files

makepkg: build update.pkg files

readself: read and output info regarding a self file

unpkg: decrypt and unpack update .pkg files

[CentralDogma]

appldr keys have been dumped. That's the keys used to encrypt games.

And some tools have been released.

decrypt-self.exe

Code:

decrypts self files

Usage: decrypt-self {self file} {elf file} {key file} {fix}

self file: file you want to decrypt

elf file: your output file

key file: use one of the included (e.g. "315.appkey")

all x**.appkey files are unknown fw numbers

find out on your own :)

fix: 0 (zero)

read-self.exe

Code:

shows self info

Usage: read-self {self file}

self file: file you want to decryptrebuild-self.exe

Code:

rebuild self?

Usage: rebuild-self {self file} {elf file}

pup_unpack.exe

Code:

unpack pup files (get core_os_package.pkg, etc.)

Usage: pup_unpack {filename} {directory}

filename: your pup

directory: destination for pup contents

fwpkg.exe

Code:

decrypt pkgs (you extracted with pup_unpack)

Usage: fwpkg {mode} {input file} {output file}

Mode: - e: Encrypt PKG

- d: Decrypt PKG

input file: your crypted pkg

output file: decrypted output

coreos_tool.exe

Code:

extracts/rebuilds the decrypted CORE_OS_PACKAGE

Pack CoreOS : coreos_tool p {output pkg} {files...}

Unpack CoreOS: coreos_tool u {decrypted CORE_OS_PACKAGE.pkg}

key files:

Code:

first 32 bytes: erk

last 16 bytes: riv

[Hedon]

They're already on the internet >.>

Playable no.. but they're there..

Playable, yes. ;)