Overclock.net banner

[Examiner] GeoHot releases PS3 key, asks for job from console makers

10K views 178 replies 62 participants last post by  OmegaNemesis28 
#1 ·
Quote:
"George Hotz (aka GeoHot) has released what is essentially the security keys to the Playstation 3 and claimed to have opened the doors to the Sony's home console. This follows the news last week where the fail0verflow hacking group called the PS3 security an "Epic Fail" and made public the method to obtain the private key.

The PS3 root key could essentially open up the console to hackers and modders to run unauthorized code for everything from Linux to pirated copies of games. Prior to Sony removing the OtherOS feature, users were able to install a copy of the Linux operation system on to the machine and educational and military institutions created super-computers out of networked PS3s."
sSource

Sony must be pretty mad, from what I heard Sony is going to have a really hard time fixing this mess.

Linux support will be back
 
#4 ·
I dont see how they called it a epic fail.. It took them over 4 years to hack it.. They keep saying, it needs linux, it needs linux.. Please.. It had linux for the first 4 years and it took them this long to hack the ps3.. IMHO, Sony's security was pretty good. I watched the entire 45 minute video relating to hacking the ps3 last week and they kept saying epic fail.
confused.gif
 
  • Rep+
Reactions: WhiteCrane
#5 ·
I love how, having "retired" from the scene, geohot makes a sudden re-appearance to claim some more limelight, just as soon as he realises that fail0verflow have worked out everything he had supposedly already achieved a while back, but was too selfish to share with everyone else! Despite his best hopes of getting a job with any of the big three, I can't imagine they'll be taking him up on his offer - too much ego from egohot
tongue.gif

Quote:
Originally Posted by zamdam;11884985
I dont see how they called it a epic fail.. etc..
It's to do with the ultra-simplistic calculation they used to generate the fixed keys, when, they really should have employed a much smarter system to achieve a far greater level of protection. But yes, you can't deny that Sony have had a good run for 4+ years (or whatever the time period has been!)
 
#6 ·
Quote:
Originally Posted by iceblade008;11885015
It's to do with the ultra-simplistic calculation they used to generate the fixed keys, when, they really should have employed a much smarter system to achieve a far greater level of protection. But yes, you can't deny that Sony have had a good run for 4+ years (or whatever the time period has been!)
Yep.. But if it was so simple, i wonder why it took them so long.. Thats the part that i dont like, they should be saying, "Guys, it took a while, but we finally hacked it.. And your not going to believe how simplistic the calculation was to get the keys"

Not epic fail. If it was so easy, they should have did whatever they did years ago..
 
#7 ·
Quote:
Originally Posted by zamdam;11885128
Yep.. But if it was so simple, i wonder why it took them so long.. Thats the part that i dont like, they should be saying, "Guys, it took a while, but we finally hacked it.. And your not going to believe how simplistic the calculation was to get the keys"

Not epic fail. If it was so easy, they should have did whatever they did years ago..
The reason is is that nobody cared enough because it had Linux. One can argue that this hack allows backups, etc., but these hackers main purpose isn't piracy, but to make it more open, ie the ability to install Linux. If Sony didn't remove the OtherOS option, I am pretty sure it would, to this day, still be unhackable, due to there's less hackers out there that want to break a console for the sole purpose of piracy, as opposed to making it more open. These are my thoughts on the matter though.
 
#8 ·
Quote:
Originally Posted by cubanresourceful;11885165
The reason is is that nobody cared enough because it had Linux. One can argue that this hack allows backups, etc., but these hackers main purpose isn't piracy, but to make it more open, ie the ability to install Linux. If Sony didn't remove the OtherOS option, I am pretty sure it would, to this day, still be unhackable, due to there's less hackers out there that want to break a console for the sole purpose of piracy, as opposed to making it more open. These are my thoughts on the matter though.
See I don't believe that at all. I would think there is some interest in hacking the console for piracy because mod chips sales (i'm basing my knowledge off Xbox modding, I could be wrong with the PS3).
 
#9 ·
Quote:
Originally Posted by zamdam;11884985
I dont see how they called it a epic fail.. It took them over 4 years to hack it.. They keep saying, it needs linux, it needs linux.. Please.. It had linux for the first 4 years and it took them this long to hack the ps3.. IMHO, Sony's security was pretty good. I watched the entire 45 minute video relating to hacking the ps3 last week and they kept saying epic fail.
confused.gif
The epic fail was that Sony did not use a random seed number as the equation requires. It would be like a door company shipping on security doors that all use the same key. It is just a matter of time until someone finds the right key which unlocks all their doors. This why door companys don't use the same key pattern for every lock...

How many people in the world are working to hack the PS3? How many man-hours have been spent trying to crack this?
 
#10 ·
Even if it was a simple calculation, I definitely don't count the PS3's security as an "epic fail," that's just Hotz trying to be fresh. The true epic fail is that all these huge hacking groups took this long when the answer was so simple to get. The PS3 has had a VERY impressive run with 0 piracy. When it released, I expected it to be hacked within a few weeks. Even more epic fail will be when new firmware (already released) blocks his hack.

Also, I think Hotz ruined his chance of getting a VERY well paying job. Had he not publicly released the tools to do the hack, Sony may be more willing to hear him out. Now they will more likely take legal action instead.
 
#11 ·
I'm probably gonna get infracted for this but owell.

Hotz is a whiney *** he is a proper steal the spotlight atention whore.

The fact that the Xbox was hacked from what a year before it's release and it's taken 4 years to do the PS3.

I think the hackers have been doing an epic fail if the security is so simple why haven't they worked it out earlier ?
 
#12 ·
Quote:
Originally Posted by Stealth Pyros;11885202
Even if it was a simple calculation, I definitely don't count the PS3's security as an "epic fail," that's just Hotz trying to be fresh. The true epic fail is that all these huge hacking groups took this long when the answer was so simple to get. The PS3 has had a VERY impressive run with 0 piracy. When it released, I expected it to be hacked within a few weeks.

Also, I think Hotz ruined his chance of getting a VERY well paying job. Had he not publicly released the tools to do the hack, Sony may be more willing to hear him out. Now they will more likely take legal action instead.
No. It is an epic fail.

Sony did not use a random number in their key. The equation required a random number. It is basic basic basic basic basic cryptography. If your seed is the same, someone will be able to solve for the key after collecting a few keys.
 
#13 ·
1) OtherOS feature left no real reason to hack the PS3 except for piracy, giving no incentive for many people to even attempt to break it.
2) Giving up your private key without some serious hardware level hacking is a major failure, regardless of how long it takes.
 
#15 ·
Quote:
Originally Posted by Stealth Pyros;11885202
Even if it was a simple calculation, I definitely don't count the PS3's security as an "epic fail," that's just Hotz trying to be fresh. The true epic fail is that all these huge hacking groups took this long when the answer was so simple to get. The PS3 has had a VERY impressive run with 0 piracy. When it released, I expected it to be hacked within a few weeks. Even more epic fail will be when new firmware (already released) blocks his hack.

Also, I think Hotz ruined his chance of getting a VERY well paying job. Had he not publicly released the tools to do the hack, Sony may be more willing to hear him out. Now they will more likely take legal action instead.
Lot of assumptions about "these huge hacking groups". No proof.
 
#16 ·
Quote:
Originally Posted by TFL Replica;11885263
Lot of assumptions about "these huge hacking groups". No proof.
By huge I didn't mean in size, I meant the hacking individuals that feel they're such hotshots.
 
#17 ·
Quote:
Originally Posted by Stealth Pyros;11885269
By huge I didn't mean in size, I meant the hacking individuals that feel they're such hotshots.
Wrong.

The failure on Sony's part is EPIC. Go watch the video to see why Sony failed. What they did was INCREDIBLY STUPID..... I mean a freshman on his first day of cryptography knows not to reuse seeds.

Do you know how hard it is to hack such devices? Figuring out these weaknesses is not easy.... and yes, they are hotshots legitimately. A few guys on their own time beat a mulit-billion mega-corporation.
 
#19 ·
Quote:
Originally Posted by DuckieHo;11885287
Wrong.

The failure on Sony's part is EPIC. Go watch the video to see why Sony failed. What they did was INCREDIBLY STUPID..... I mean a freshman on his first day of cryptography knows not to reuse seeds.

Do you know how hard it is to hack such devices? Figuring out these weaknesses is not easy.... and yes, they are hotshots legitimately. A few guys on their own time beat a mulit-billion mega-corporation.
Bleh... I get what you mean Duckie, and I'm not tossing you aside, but I still feel it was no "epic fail," at least not in regards to how well the security did its job. As simple as the encryption was, it lasted longer than any of the other consoles. After seeing the Metldr key and the random number code used to achieve getting it I don't argue that it was horribly simple to crack; even I've done more complex coding than that and I've only done basic C++ and basic Java. The security did its job. Now just over 4 years old, PS3 is (might not even if Sony's patch is successful) now going to start suffering from piracy.
 
#20 ·
Quote:
Originally Posted by DuckieHo;11885287
Wrong.

The failure on Sony's part is EPIC. Go watch the video to see why Sony failed. What they did was INCREDIBLY STUPID..... I mean a freshman on his first day of cryptography knows not to reuse seeds.

Do you know how hard it is to hack such devices? Figuring out these weaknesses is not easy.... and yes, they are hotshots legitimately. A few guys on their own time beat a mulit-billion mega-corporation.
How are they amazing if theyve taken 4 years to figure out what is apprently so simple ?

Epic fail on the hackers part to me.
 
#22 ·
Quote:
Originally Posted by Stealth Pyros;11885365
Bleh... I get what you mean Duckie, and I'm not tossing you aside, but I still feel it was no "epic fail," at least not in regards to how well the security did its job. As simple as the encryption was, it lasted longer than any of the other consoles. After seeing the Metldr key and the random number code used to achieve getting it I don't argue that it was horribly simple to crack; even I've done more complex coding than that and I've only done basic C++ and basic Java. The security did its job. Now just over 4 years old, PS3 is (might not even if Sony's patch is successful) now going to start suffering from piracy.
Quote:
Originally Posted by Wingzero;11885453
How are they amazing if theyve taken 4 years to figure out what is apprently so simple ?

Epic fail on the hackers part to me.
It is encryption. It is NP-complete problem.

While the solution may seem simple, it can be very hard to solve regardless. If I gave you a bunch of binary and asked you to find the pattern, how long would it take to solve? You are attempting to find pattern out of intentionally nearly random values.

If someone dropped a hint, who long would it take to solve?
 
#23 ·
it really didnt take 4 years to fully break the console. When did Sony remove "Other OS?" April 2010? minus the date its cracked = 9 months?

im sure if Sony never had Other OS it would have been cracked alot sooner but I guess everyone was focused on linux. if it works why replace it?

snippet from "TheEscapistmagazine.com
""it's believed, although not confirmed, that Sony will have trouble changing this key without rendering a lot of PS3 software inoperable. If this is true, then there may be nothing that Sony can do to prevent people running their own homebrew software"
 
#24 ·
Quote:
Originally Posted by DuckieHo;11885507
It is encryption. It is NP-complete problem.

While the solution may seem simple, it can be very hard to solve regardless. If I gave you a bunch of binary and asked you to find the pattern, how long would it take to solve? You are attempting to find pattern out of intentionally nearly random values.

If someone dropped a hint, who long would it take to solve?
We aren't talking simply binary though you can't just compare it to a problem like that.
 
#25 ·
If you notice in the video, they didn't say "epic fail" until they got to the specific part where they detailed the FAILURE to generate a random number. All the other systems were bypassed or ineffective, but they never screamed fail until they got to a portion of the security that fell apart due to a complete lack of effective design. Obviously the PS3 had a successful history of avoiding hacks, however that doesn't mean their security design wasn't a failure.

What if that number were actually generated properly?

Evaluating the difficulty of hacking the console security or the ability of the hackers just based on how long the console has been out is silly. Unless you know how many hours they spent working on this, you really have no idea how hard it was or how long it took.
 
#26 ·
I'd like to point out is that they not only hacked the PS3 but made it so that any non-modded/stock PS3 running the latest official firmware can run homebrew signed with these keys... That is what makes it such an epic fail. Correct me if I am wrong but I don't think any console has ever been hacked this wide open.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top