Sony finally responds to Fail0verflow PS3 "root key" leak

vbimport

#1

Sony finally responds to Fail0verflow PS3 “root key” leak.

[newsimage]http://static.rankone.nl/images_posts/2011/01/S1LILM.jpg[/newsimage]It has been a full week now since the news about hacking group FailOverflow’s discovery of the PS3 “root key”, which would allow homebrew developers to sign their own applications, began to filter out of the 27C3 (Chaos Communication Congress) Hacker Conference 2010. It seems that Sony executives either hadn’t been paying attention to the reports, or simply discounted them as another easily-corrected security hole, as they had not released any type of statement regarding the discovery until today.


Read the full article here: [http://www.myce.com/news/sony-finally-responds-to-fail0verflow-ps3-root-key-leak-38560/](http://www.myce.com/news/sony-finally-responds-to-fail0verflow-ps3-root-key-leak-38560/)


Please note that the reactions from the complete site will be synched below.

#2

However, Sony wrote their own signing software, which used a constant number for each signature.” From there, it was just a matter of using “simple Algebra” to uncover the key.
Ouch.

It’s quite likely that Sony lawyers are very busy at the moment trying to figure out a way to put a stop to this, but pytey says he’s not worried. “I haven’t stolen anything,” he said. “It’s my own hardware, I can run whatever I like on it.”
Depends on what kind of intellectual property he touched and if he was allowed to touch it in that way.


#3

[QUOTE=Mr. Belvedere;2567972]Ouch.
[/QUOTE]
Yeah although it wasn’t intentional, It was a major F@#k up by one of the devs. It was supposed to be random, This was the code


int getRandomNumber()
{
    return 4;
}

As you can see real brilliant and I suspect that coder is now looking for a new job haha.


#4

[QUOTE=slayerking;2567976]Yeah although it wasn’t intentional, It was a major F@#k up by one of the devs. It was supposed to be random, This was the code


int getRandomNumber()
{
    return 4;
}

As you can see real brilliant and I suspect that coder is now looking for a new job haha.[/QUOTE]

It’s much more complicated than that. The slide you saw with that code was a comic from xkcd.com (see: http://xkcd.com/221/) that fail0verflow used. The random number is NOT 4, but much like 7a5646e46eed4567f34657a65433. This is just an example. A PS3 dev (hacker) had a comment on twitter about this, but I can’t find it right now.


#5

Scott Adams said it best:


#6

Meh…



#7

Does that mean AMD/ ATI, WD, OCZ, and every other peripherals manufacturer could sue me because I don’t keep their hardware at specs? AMD plainly states that they are NOT responsible for overclocking issues. Even though they sell specific lines (Black Edition) just for that purpose. At what point do we keep taking it up the ass from corporate greed as well as government intervention to protect those greedy cock-suckers at Sony and other (MS) console makers? If I can’t play it on my computer, then it is irrelevant to me. (Did you hear that, game manufacturers?) My computer is way beyond Sony’s Piece of Shit3, and if their code ever gets released or reverse engineered, 3 words MAME emulation, bitches.


#8

[QUOTE=trust2112;2569092]Does that mean AMD/ ATI, WD, OCZ, and every other peripherals manufacturer could sue me because I don’t keep their hardware at specs? AMD plainly states that they are NOT responsible for overclocking issues. Even though they sell specific lines (Black Edition) just for that purpose. At what point do we keep taking it up the ass from corporate greed as well as government intervention to protect those greedy cock-suckers at Sony and other (MS) console makers? If I can’t play it on my computer, then it is irrelevant to me. (Did you hear that, game manufacturers?) My computer is way beyond Sony’s Piece of Shit3, and if their code ever gets released or reverse engineered, 3 words MAME emulation, bitches.[/QUOTE]

It all depends on what kind of license agreements you have actually agreed upon.

If you bought a Sony Playstation 3, agree to a license agreement that forbids you to set fire on it and then set fire to it… well… you are breaking the agreement. I’m not sure if breaking an agreement would actually be illegal though, but it can have penalties.

If you have never agreed upon a license agreement that forbids you to set fire on it (you bought the PS3 and never turned it on), and then set fire to it… i think you’re pretty legal.

If you bought a Sony Playstation3, agree not to modificate it via a license agreement and then start hacking away… well… are you not breaking the agreement? But would that be against the law? There is no company in the world that can make you agree to something that is against local and international law rules you as a person are obliged to follow or can enjoy.

For instance: Sony could make me agree to set up a human slave trade business via an End User License Agreement, but it would be worthless, since it’s against most laws.

That is the sole reason why this licensing business is a very shady business. It is almost impossible for an end user to understand the End User License agreement they are agreeing upon and it is very difficult to prove it abides every local law.


#9

Brilliant post ,Mr. Belvedere!

Some very good points that I (and I’ll bet a lot of other folks too) hadn’t even thought to consider about EULA’s. I try to read all contractual things like those and the damn things that come with my bank accounts but after page 3 my brain really gets tired. I always feel like the things are written in the most convoluted way imaginable for the sole purpose of discouraging me from reading it carefully. Why does everyone have to have a legal degree now to use a piece of software?

But one of the statements brings up a question - supposing someone reverse-engineered a software program and actually removed the EULA from the install or documentation and then re-released it into the wild world of P2P via sharing or the like and it is then downloaded by someone else and installed and used or somehow violated the terms of the agreement that they never saw. Would that person be liable in such a case?


#10

… and btw was this really an “error” or does anyone else think this exploit might have been left there purposely by someone on the original programming team?


#11

[QUOTE=ftlion;2570306]But one of the statements brings up a question - supposing someone reverse-engineered a software program and actually removed the EULA from the install or documentation and then re-released it into the wild world?[/QUOTE]

This has actually been done in real time with an Opera installation. The hacker showed that he could in real time change the text “I agree” to “No thanks, but continue installation anyway”. :slight_smile:

This may seem a fishy one for a judge, but i think actually it isn’t. The sole purpose of this reverse-engineering is to bypass the agreement. This is not jailbreaking or hacking to open up possibilities that were hidden, but real intended abuse. Almost any judge will punish you for it.