Eye of the storm on Jupiter


First off, let me state, I totally think cheating on multiplayer games and illegal copying are wrong , ammoral acts. I do not condone any of that. but this whole debacle has me wondering what kind of security mindset Sony has. This might be indicative of the entire industry. therefore it is worthwhile examing what is going on here.

If there is one thing I detest more than cheaters, it is lack of security. Let's see what Sony does for security.

They've created some keys to protect their game system. These keys are non-revocable.

To the best of my knowledge the keys are as follows:

  • 46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2
  • B0 CD 2F DF 15 C9 A7 9A 2C 28 41 5B 2B 53 85 ED 7E 91 D3 8D
  • B0 E7 CA FF C8 DE EE 8A 55 A3 05 0D 80 9A DF E3 8F A0 1D AB
  • 89 7F C3 B1 45 E1 0D 82 8B 8A 86 57 0F 9D F9 40 9F 75 CB B0
  • 3D E8 01 67 D2 F0 E9 D3 0F 21 45 14 4A 55 8D 11 74 F5 41 0C
  • A3 8B CB 3E 4E 73 09 90 4A EF DF C5 04 7D 0F DF 06 E3 5C 0D
  • B0 E7 CA FF C8 DE EE 8A 55 A3 05 0D 80 9A DF E3 8F A0 1D AB
  • 97 4E 90 62 79 70 5E 58 D9 DA B4 BF DA 8B DA 93 13 51 17 E2
  • 04 0A B4 75 09 BE D0 4B D9 65 21 AD 1B 36 5B 86 BF 62 0A 98

The first key is the one discovered by GeoHot. It's the Master key. The Master Blaster , I guess. How stupid is this of Sony?

You can also discover the other keys for yourself by using this code. That code was developed by the failOverflow guys. Whoever the hell they are. I don't know them. Seriously. Really. In all honestness, I know them not. Just in case Sony is listening, let me make one thing purrfectly clear. I really, really do not know any of the people related to jailbreaking your pathetic game system security. They are a Smart Bunch of Dudes though.

I've looked at their code. It looks like it uses a lot of pretty vanilla encryption and decryption code, hashes and what not. Nothing spectacular, except for the fact they took the time to research it and reverse engineer the Sony PS3. I see nothing infringing here.

I can neither confirm, nor deny, these keys, nor say if they are all the keys. The fact is they are in the wild and Sony has no way to realistically recall them. Any bad guys out there already have them. Probably have had them before these researchers did, and there may be more keys still. Supposedly there is also a game signing key, or I'm not understanding the whole thread. I'm not sure if either GeoHotz or the failoverflow guys published that. I'm fairly sure, though, they did not. Some other related files are here.

Now, for my analysis of their security system.

It sucks!

Who the hell builds a nuclear bomb with

no off switch!?

Well, ok, maybe a PS3 isn't a nuclear bomb, but seriously, what the hell kind of security is this, "We'll just hide the keys and no one will ever find them.". It's arrogant, and humongously stupid. But many an intelligent person does really stupid things in a big way. So now they have millions of PS3s that have lifetime irrevocable keys. which is great for the homebrew market and for video game pirates. Now, had Sony actually been smart enough to recognize the fact that as long as there is a market for their products, there will be a homebreww crowd. But greed gets in the way. Had they made the boxes capable of having self-signed homebrew games and had a remote authentication that didn't rely on a permanaent non-revocable key, they would


have this problem today.

But Sony has been down this road several times now. It's pretty apparent they aren't ready to learn.

Please note, I don't have a Sony PS3. Don't have an account with them. No longer have a FB account. Don't twitter or tweet, and basically am old school. Or just plain old. I would never own a PS3, because, well let's face it, Sony has a lot issues and I'd rather not do business with them.

PS Sony if you're reading,

don't come and ask me how to secure your PS3. Because I'm likely to tell you to refer to the reply given in the case of

Arkell v. Pressdram

Everyone else, stay tuned. I'll do more research and talk more about this as time permits.

Page Hits

Debian Apache

copyright 2011, Brian J. Densmore. Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.