
Sony says it can fix private key crack - Mithrandir
http://www.thinq.co.uk/2011/1/7/sony-says-it-can-fix-private-key-hack/
======
burgerbrain
My guess? The suits at Sony, being as incompetent now as they always have
been, still haven't realized the seriousness of their situation.

I'd love to be privy to the email exchanges that must be going on there
between their engineers and management...

Alternatively they do have a solution, and it's something to the effect of
"nuke it from orbit"/"if we can't have it, _nobody_ can". They already tried
to take that approach with OtherOS, so this should get entertaining if that's
the case.

~~~
doron
My sentiment exactly, wonder if the solution includes something akin to the
rootkit they deployed once before.

------
mmastrac
Here's the problem (picture supplied by first result after googling for ps3
nand motherboard):

[http://s200.photobucket.com/albums/aa138/ejsid/infectus%20ps...](http://s200.photobucket.com/albums/aa138/ejsid/infectus%20ps3/?action=view&current=DSC01329.jpg)

The keys are _hard-coded_ in hardware and the content in question lives on a
TSOP NAND device on the motherboard. No matter what Sony does, they can't
prevent you from flashing your own code, signed with the old keys, to that
onboard NAND. Whether you de-solder it and socket it, or use some other sort
of hardware device, Sony is screwed for old hardware.

~~~
wmf
If you jailbreak your PS3 before they push out the security update then you've
won. But that probably isn't very many people at this point. If the security
update is non-downgradable and invulnerable to the currently-known exploits
then Sony will be back in control of most PS3s.

------
alecco
If I can resurrect my PS3 and run *nix natively on it with graphics and full
blown access to the co-processors I'd buy a second one for gaming.

The main problem is the memory limitations of 256MB+256MB but with careful
configuration it can be just OK.

I wouldn't be surprised if this ends up making the PS3 ubiquitous leaving all
the other consoles behind. Even in spite of the poor higher management coming
from old media (the ones pissing off traditional developers, forcing Blu-Ray
and that insane rootkit.)

<http://en.wikipedia.org/wiki/Howard_Stringer>

[http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootki...](http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal)

~~~
glhaynes
What makes you think it would make the PS3 ubiquitous? What evidence is there
that more than a tiny set of people want to run non-built-in services on their
PS3s? What would they _do_ with them? I'm a geek and _I_ certainly don't need
another box running 24/7...

~~~
alecco
Different paragraph, different concept. A cracked and affordable PS3 with HD
(Blu-ray) media player and trivially changeable HDD can be very attractive.
And running a *nix home server on it could be a definite plus for many people,
anyway.

------
daeken
Let's say they update the hardware to include a new public key. They now have
the issue that existing signatures don't verify properly. You can mitigate
this by having a list of existing valid signatures which can use the old key,
but that can't be the best way. Can anyone come up with another?

~~~
Omega191
We'd still be able to decrypt the updates and look for holes, or if you have
the hardware, just flash your hacked update on the PS3. (We have metldr keys,
so we can sign our own loaders)

~~~
daeken
You'd be able to decrypt updates signed for old hardware, yes. You wouldn't be
able to directly reflash new PS3s, though, which is a huge improvement for
them.

------
raganwald
_"We will fix the issues through network updates, but because this is a
security issue, we are not able to provide you with any more details,” [Sony]
said._

Wrong on two counts. First, Sony can't really "fix" the problem, merely patch
over the current situation until their "fix" is compromised. At best they can
hold freedom off for a little while longer.

Second, there is no security through obscurity, and failing to explain exactly
how they will "fix" the compromised hardware is vainglorious. If a fix does
exist, it will be so resistant to exploit that an explanation won't change
anything.

It's conceivable for them to have an impervious fix (without conceiving of the
fix itself), however experience has shown that the strongest schemes are the
ones that have been exposed to the most eyeballs.

~~~
tedunangst
I think it's conceivable for a fix to exist such that 1\. knowledge of its
inner workings could be used to prevent it from being applied. 2\. it will
take weeks to reverse, by which point most systems will be upgraded. 3\. once
applied, the trick used to prevent it from being applied cannot be used to
remove it.

trivial example: the fix creates a new file "supersecurity" only if the file
doesn't exist. by creating an empty with that name, you can upgrade but dodge
the fix. but once you've got the supersecurity, you can't delete that file.

~~~
raganwald
I agree with your first paragraph: It is possible for there to be a "fix"
where knowledge of its inner workings would expose an easy way to prevent the
fix from being applied.

Of course, what I said would still apply: I am less confident that such a
thing would be resistant to compromise using other methods. So, if they have
this supersecurity patch to put out, after it has been installed they should
be eager to tell the world how the systems are now secured.

------
pornel
Maybe the hardware has a second key hidden that wasn't used until now?

------
cybernytrix
They can simply check the date it was signed: if (dateSigned() < 1293775200) {
// Verify with old PubKey } else { // Use new PubKey } What is the big deal
here?

~~~
timdorr
That doesn't close the hole because I can sign my homebrew or resign my
pirated material with an older date. They would have to whitelist _all_
previous content and issue a new key in hardware somehow.

