Geohot and Fail0verflow are getting sued

[iamtheoneneo]

You need to read whats out there - Sonys security was effectively me leaving the vault keys to Fort Knox under the welcome mat...

ps3ud0

yet it took 4+ years to crack?
sorry but i dont think its quite the same as your making it to be, would it take you 4 years to unlock knox with keys???? i dont think so....

what your saying makes no sense at all, it clearly wasnt as easy as some people want to believe it was.....nothing easy takes over 4 years to crack especially from a team that have cracked other devices in days.

Of course it was lazy and half-arsed. Ignoring the multiple security ****ups of the console itself, Sony used the same 'random number' over and over when signing software. That is monumental stupidity.

again for such a lazy and half arsed system .... it lasted the longest by years. LOGIC MUCH? stop reading the hacker propaganda.

 

[Fr0dders]

Indeed. I'm staggered by the number of people who will seemingly buy into a company's product one day, and then gladly turn on them the next when they're trying to protect their investment. I cannot understand why people think these hackers have a right to start tearing the PS3 apart; whether they condone piracy or not is largely irrelevant if piracy occurs as a result of what they've done. They're responsible for it either way.

Incidentally, the suggestion that "THe hackers had gladly left the PS3 untouched for years, and never had any intention of using it for pirated games." is hilariously ignorant; there will have been plenty of people trying to break-in long before any of this happened.

thats just the point

The people who have been trying to break the PS3 for years, are those that would seek to profit from piracy. But they don't have the talent to crack it.

Sony brought this on themselves by removing the option to install another operating system on the PS3.

Had they left this, it would have continued to go un-noticed by the hackers with the talent to crack the PS3.

Sony's arrogance on the issue telling people "tough luck" is what means they deserve it. I don't care they are trying to protect their investment - you can't change the product you've sold to customers retrospectively and tell them "tough luck"

The move was designed to prevent piracy - and look what it resulted in. The PS3 being the most wide open console for generations.

The person who sparked all of this was geohot. And the firmware he released didnt allow the downloading the pirated games. Sony should have hired him, not sued him.

 

[Fr0dders]

again for such a lazy and half arsed system .... it lasted the longest by years. LOGIC MUCH? stop reading the hacker propaganda.

can't you see ??

It lasted that long because there was the option to install your own operating system. Where is the incentive to "hack" a system that already lets you do what you want with it ?

Its your hardware after all, you own it, and no big corporation has the right to tell you what you can and can't do with it. Apple proved this trying to get jailbreaks made illegal. and it got thrown out.

The reason it lasted was because the proper hackers weren't bothered with the PS3 because it was wide open allowing people to use their hardware freely.

Then they removed that option and ****ed a load of people off, and all of a sudden anybody who was anybody was trying to get the install other OS option back and hacking the PS3. THe group was over 100 members big. That tells you how much sony ****ed people off.

 

[iamtheoneneo]

thats just the point

The people who have been trying to break the PS3 for years, are those that would seek to profit from piracy. But they don't have the talent to crack it.

Sony brought this on themselves by removing the option to install another operating system on the PS3.

Had they left this, it would have continued to go un-noticed by the hackers with the talent to crack the PS3.

Sony's arrogance on the issue telling people "tough luck" is what means they deserve it. I don't care they are trying to protect their investment - you can't change the product you've sold to customers retrospectively and tell them "tough luck"

The move was designed to prevent piracy - and look what it resulted in. The PS3 being the most wide open console for generations.

The person who sparked all of this was geohot. And the firmware he released didnt allow the downloading the pirated games. Sony should have hired him, not sued him.

hackers with the talent to crack have been working on this for years...this is what some people seem to be missing.
it just hasnt one day been hacked bc geo bothered to look into it, the security has been massively effective and so much so its taken this long.
problem is people are reading way too much into the hacker hype/propaganda were they are effectively mouthing off that it took 0.2 seconds to break..

utter BS. are people really that stupid and delusional?

and the linux excuse is so poor. hardly anyone bloody used it in the first place!

 

[DreXeL]

again for such a lazy and half arsed system .... it lasted the longest by years. LOGIC MUCH?

It took 4 years because nobody really tried properly before now. Rmoving 'OtherOS' was the catalyst for fail0verflow to really go to town on the system, and they cracked it in less than 12 months.

Lets look at some of the highlights of Sony's security failures:

- A 'Hypervisor' that is not fit for purpose and basically does nothing.
- A 'security coprocessor' rendered absolutely useless due to the other security holes.
- And the big one, using the same 'random number' over and over again when signing, allowing crypto keys to be calculated using simple maths.

 

[Fr0dders]

hackers with the talent to crack have been working on this for years...this is what some people seem to be missing.
it just hasnt one day been hacked bc geo bothered to look into it, the security has been massively effective and so much so its taken this long.
problem is people are reading way too much into the hacker hype/propaganda were they are effectively mouthing off that it took 0.2 seconds to break..

utter BS. are people really that stupid and delusional?

and the linux excuse is so poor.

don't kid yourself. The FailOverFlow group have not been trying to do this for years.

And it matters not who used or who didn't. Removing it was the catalyst that started it all, like it or not. The very fact sony did it enraged people, even if they didn't use it themselves.

 

[DreXeL]

don't kid yourself. The FailOverFlow group have not been trying to do this for years.

And it matters not who used or who didn't. Removing it was the catalyst that started it all, like it or not. The very fact sony did it enraged people, even if they didn't use it themselves.

TBH I'm beginning to think it's pointless repeating this, they will just stick their fingers in their ears and keep spouting 'Blah blah it took for years blah blah that means it was the most secure console evvaar blah blah', without actually looking at the evidence

If you want to see a really secure system, look at the 360. Apart from the DVD drive hacking/flashing (which only allows copied games and nothing else), the console itself has been totally secure since MS closed the JTAG/SMC vulnerability a couple of updates ago.

 

[iamtheoneneo]

don't kid yourself. The FailOverFlow group have not been trying to do this for years.

did i say FailOverFlow have? no

they were hacking this console way before linux disappeared

 

[LeJosh]

...

Do you actually believe that it was coincedence that they hacked it not so long after the OtherOS support was removed?

Hackers had no reason to get the keys because they could do what they want with the hardware provided by Sony. Then Sony removed it and managed to bring a **** hurricane on themselves.

Edit - Oh and it's not a very secure system at all when it took 1 dude in his home to breach it.

 

[DreXeL]

did i say FailOverFlow have? no

they were hacking this console way before linux disappeared

Who were?

 

[iamtheoneneo]

regardless of it being hacked anyone that thinks its a good thing needs their heads examined.
all this is going to do is make future consoles more secure, no doubt web based auth tools etc akin to ubisofts.

all these hackers do, is enable piracy and in the process restrict future consoles even further

 

[FreeStream]

you can argue with your statement, because your talking out of your ass. Sony has the best security out there, and only now its being broken? says to me that they did a lot right, you dont just fluke security like that - clearly not lazy or half arsed as you would like to believe.

Right, because a random number that isn't random is 'best' security is it?

LOL.

If I coded something like that i'd fail that module, yet it makes Sony have the 'best' security?

I should also point out for completeness that if Fail0verflow are to be believed and that they were only working on this since the removal of Linux then thats a matter of what, a year? Not the 6 or whatever it is since release...

Re-read my post and realise what you originally suggested isnt anything like your reply . Trust me your original idea was very naive, especially if it was the removal of the feature that supposedly broke the camels back...

ps3ud0

Well I hope my secondary post made it clear what I was trying to convey in the first post?

 

[Things change I've changed]

My key concern is whether this will mean no back compat on the PS4, not only for our retail games but PSN titles also, with digital distribution being such an integral part of this console generation not being able to transfer your content across could be detrimental.

 

[Demon]

regardless of it being hacked anyone that thinks its a good thing needs their heads examined.
all this is going to do is make future consoles more secure, no doubt web based auth tools etc akin to ubisofts.

all these hackers do, is enable piracy and in the process restrict future consoles even further

It's both good and bad..

It's good because it shows if you mess with your customers and take the pee, then expect to be bitten..

It also shows that consumers want flexibility to do their own thing a little.. And the inclusion of OtherOS was an amazingly good move of Sony at the start, it really did give no real impetus for the top level hackers to look at the system..

As long as Sony do it properly next time and keep the master key safe, then they needn't do much more then they already have, just a few tweaks..

 

[uv]

My key concern is whether this will mean no back compat on the PS4, not only for our retail games but PSN titles also, with digital distribution being such an integral part of this console generation not being able to transfer your content across could be detrimental.

If there's no backwards compatibilty, it won't be down to the fact the PS3 was hacked - my PS3-Slim doesn't have PS2 compatibility, and I bought it before the console was hacked. It's just a sad fact that backwards-compatability isn't a priority with Sony.

 

[ps3ud0]

Well I hope my secondary post made it clear what I was trying to convey in the first post?

It does now, but still doesnt mean that there is any incentive for Sony to provide such a feature in future consoles. Hopefully though they actually bother to invest in decent cryptography - though Im not looking forward to a new set of hoops to jump through as a normal consumer because of this...

My key concern is whether this will mean no back compat on the PS4, not only for our retail games but PSN titles also, with digital distribution being such an integral part of this console generation not being able to transfer your content across could be detrimental.

Yep, Im thinking the same kind of thing, the repercussions are going to be felt by normal consumers and no doubt will alter the next generation of consoles...

If there's no backwards compatibilty, it won't be down to the fact the PS3 was hacked - my PS3-Slim doesn't have PS2 compatibility, and I bought it before the console was hacked. It's just a sad fact that backwards-compatability isn't a priority with Sony.

Its still my understanding that Sony will be using the Cell (been a while since Ive bothered to look though) so its going to be far easier to attempt backwards compatibility than it was with the PS3 > PS2 (again an assumption, but I think its a safe one)...

ps3ud0

 

[5punk3monk3y]

That doesn't sound right at all, or even make sense if you think it through, do you have a source for that info?

Surely all copies of a disk should be identical to the Master? How can any 'key' information on that affect the 'pressing' of each disk, unless each disk was actually different? and I doubt that is the case...

I suspect what stops them copying them is the un-writeable sections of a BR disk that are only able to be pressed by the legit kit, the BR reader can read these, and it contains extra authentication info, the same as the 360 in essence?

That is not quite right what UE is saying is that all they have to do is use an original copy of the game and with the keys out there the parts of the disc that a BD burner would not burn can be reapplied now and PRESSED with the correct hardware. Nothing to do with burning anything. Then you have an actual 1:1 true copy of the original.

 

[FreeStream]

It does now, but still doesnt mean that there is any incentive for Sony to provide such a feature in future consoles. Hopefully though they actually bother to invest in decent cryptography - though Im not looking forward to a new set of hoops to jump through as a normal consumer because of this...

Quite true actually and a point I am actually bothered about, if Sony now stops the ability to USB upgrade (or any other form of FW update other than PSN) means we can't swap HDs, and that, would be a right pain as one day a nice SSD in my Slim would go down nicely

 

[edscdk]

If you want to see a really secure system, look at the 360. Apart from the DVD drive hacking/flashing (which only allows copied games and nothing else), the console itself has been totally secure since MS closed the JTAG/SMC vulnerability a couple of updates ago.

lets be honest, once you have a hack that allows you to play a copy of a game thats 95% of all people happy... there will only be a small % who want to do anything else on it..

 

[Demon]

That is not quite right what UE is saying is that all they have to do is use an original copy of the game and with the keys out there the parts of the disc that a BD burner would not burn can be reapplied now and PRESSED with the correct hardware. Nothing to do with burning anything. Then you have an actual 1:1 true copy of the original.

It still doesn't quite make sense, the un-writeable sections of the BR disk that can only be pressed, are still readable by a BR Reader, assuming you can already read that info in a bitwise 'binary' dump fashion, surely that dump is what is then used by the pressing plant?

I just can't see why the Master Key is required to make exact copies of disks if you have the ability to press BR's, and I'm sure a modified BR reader could bit wise read these 'only pressable authentication sectors', you have everything you already need to make a new master disk?

That's where I can't follow you, a BR Reader has to be able to read these special sections of the disk, or the data is useless, if it can read it, even if that data is encrypted, it only needs the binary dump of it, and replicate that on the pressed disks?

I perhaps naively thought that only certain BR fabs had the machines capable of pressing these extra special sections on the disk, and under control of Sony etc, there is no back street chinese BR presser that had the capabillity, even if you gave him all the info in the world..