Updating sony ps3 enscription key sex dating in leavenworth washington
Where each hacked layer could be counteracted by an update of a lower-level firmware.
If not for the flawed signature implementation, PS3 would've remained 'secure' for it's entire lifecycle, which is rather impressive.
This is much like the history of jailbreaking on Apple’s i OS, where hackers typically uncover a security vulnerability and exploit it, whereupon Apple patches the hole and suppresses the jailbreak. That’s because this hack isn’t giving you an exploit to use against a programming hole.
It’s giving you Sony’s so-called LV0 (level zero) cryptographic keys.
[Time Zone], [Samoa Islands] has been changed to [American Samoa] and [Independent State of Samoa].
If the precondition was "nonce" however (which is suspect) then this is beyond stupid as they apparently did not even look up the definition. I am a bit surprised that they managed to stay unbroken for so long, but one of the referenced articles makes the good point that initially you could run Linux on the box and that decreased hacker interest considerably.
I do wonder whether it becomes possible to push malicious updates to all PS3s on the internet. • October 29, 2012 AM Anybody surprised by this obviously doesn't remember what happened back in 2010: Some hackers who were pissed at Sony for removing their Other OS functionality with a firmware update, decided to try and break the PS3's security, and it turned out that Sony had used the same "random" number in the key generation process for two unrelated keys.
Probably requires a combination of fake certificates, dns poisoning. A bit of algebra later, the hackers had Sony's private keys... Seems this is (once again) people without a a basic clue about cryptography using crypto-primitives and getting it badly wrong.
• October 29, 2012 AM @ Gweihir Sony used a public key crypto, but they used a bad implementation that allowed someone, once capable of decrypting the signature block, to derive the private key. Once they managed to decrypt the update (with the key available in the bootloader), they could once again attack the flawed signature.
From what I understand this process has been like a peeling-an-onion.
Since they were, in their own words, “done with PS3 now anyways,” they just sat on the information. Follow @duckblog [*] Paul Ducklin is a passionate security proselytiser. ) He lives and breathes computer security, and would be happy for you to do so, too.