The Sony PlayStation 3 (PS3) has been reversed engineered by a group of German hackers called Fail0verflow to hack the code and crack the security protection implemented by PS3. Fail0verflow has announced at the 27th Chaos Communication Conference, the annual congress for hackers, that the PS3 has been completely and irreversibly cracked, allowing any games and software to be installed and run on the platform.
Sony PS3 is one of the most secure gaming console of the era, where it was only first hacked after few years in the market, where PSJailbreak, PSGroove and PSFreedom managed to take advantage of security loophole in USB protocol to load custom software. But the PS3 hack via USB dongle can be fixed, patched and plugged easily by Sony through firmware upgrade.
The new hack is arguably unpatchable, leaving the PS3 pwned for life, as any measure to counter the hack requires complete hardware architecture overhaul of the PS3, which if done, will render all previously released software and games unplayable.
The trick of the circumvention is that FailOverflow has managed to get hold of all Sony PS3’s static cryptography encryption private keys used in the encryption of PS3 software. By static, it means that the encryption keys are fixed constant code numbers (when the private keys supposed to be secured by random dynamic bits) that serve as the ”official handshake signature’ for the PS3, allowing high level decryption tool to be developed to sign and authorize virtually any apps or games to run on the game console.
In other word, by signing the files with the leaked private keys of PS3, users can create and make “legitimate” homebrew software applications (in the view of PS3), and then load and run it without even the need to jailbreak or crack the PS3, as the software is determined to be genuine from Sony with signature.
Thus, users can create custom DLC, install custom firmware upgrades, install games or apps onto PS3 internal or external hard drive, install Linux (such as OtherOS or AsbestOS) on PS3, which was the feature previously offered as OtherOS but withdrew once a vulnerability is found. The OtherOS feature was dropped with the release of PS3 Slim on September 2009, and other models through firmware upgrade around the same time. But the most important to gamers are than the hack open the doors to play homebrew (homemade), unauthorized, pirated, copied, backed-up, unsigned, unsealed, counterfeit, pirated or duplicated games (including in ISO and disc) and applications on Sony PS3.
The “Fail 0verflow” hack is still in the development stage, and the hacker team said that an user friendly version of the hack is likely to be released in a month or two. However, they have posted the source code of the Fail0verflow.
Check out the Console Hacking video presentation of the Fail0verflow during the 27th Chaos Communication Congress in Berlin:
More information can be found at ccc.de, including presentation slide.
With the source code of Fail0verflow, George Hotz, the famous iPhone hacker, has managed to publish the Sony PS3’s private root keys, along with a ‘Hello World’ program bootable from a USB device, which allows users to run Linux, run copied or duplicated games, run homebrew software and games, and play copied Blu-ray discs or movie files.