Tech Focus: The New PlayStation 3 Hack
Digital Foundry analyses the latest assault on Sony's console security protocols.
News of yet another PlayStation 3 hack is unlikely to be greeted with too much surprise, but the damage wrought by the release of the LV0 bootloader keys last week could have serious repercussions - not just in terms of PS3 piracy but also for the long-term security of the PlayStation Network.
Up until now, Sony has coped relatively well with the multiple breaches of its security that have occurred over the last couple of years. The original PSJailbreak was built around an exploit in the USB interface present up until firmware 3.41, and that hole was plugged by Sony within weeks. Hackers managed to run a small amount of games built for later system software revisions but through mandatory software upgrades, access to the PlayStation Network was off-limits for those who remained on the hacked firmware.
"The latest PlayStation 3 hack can only have a limited impact in terms of game piracy, but the door once again opening to PSN hacking is a genuine concern."
Then, disaster. Inherent weaknesses in Sony's encryption algorithms were unveiled by hacker group fail0verflow, swiftly followed by the publication of the metldr "master key" from the infamous Geohot. PlayStation 3 was blown wide open - seemingly irrevocably - from two fronts. Not only could all aspects of the system be decrypted with the master key and then reverse-engineered, but thanks to fail0verflow's signing tools, the code could be repackaged into a form that the PS3 was happy to process. The era of the "custom firmware" was upon us and there was a point where every console on the market could be compromised simply through running a CFW update from a memory stick.
System software 3.60 saw Sony fight back valiantly. New encryption protocols were put in place which effectively mothballed metldr, while the specific signing algorithms used for fail0verflow's tools were blacklisted. Encryption keys were changed so new software would not run on older firmware, and Sony even released a revised console with changes to the Cell architecture that addressed some of the exploits hackers were using to gain access to the PS3 hardware - even the metldr key was changed on this new hardware. Access to the PlayStation Network was completely locked out on hacked consoles.
There's little evidence that the hack which saw PSN's servers compromised in one of the biggest security fails in internet history had much to do with the breaches that preceded it. The hack was server-side and there Sony was running traditional hardware with open source software, which had vulnerabilities of its own. It's telling that even after PSN was restored to service, the underlying protocols by which PS3 "spoke" to the servers hadn't changed so much at all.
However, the hackers were not done with PS3. A new "jailbreak" based on another USB dongle appeared last year, dubbed "TrueBlue". This allowed newer games to run on older, compromised firmware 3.55 PlayStation 3s. It worked through the hackers decrypting newer games and then re-signing them with a variant of fail0verflow's tools. This time there was no exploit in Sony's USB code: instead the hackers released their own firmware which would not function without the dongle attached. In short, it was a crude way to monetise the fact that someone, somewhere had somehow managed to retrieve decryption codes from Sony's latest OS updates. At the same time, the unique "pass phrase" buried within the firmware that allows PS3s to connect with the PlayStation Network was also leaked - and then leaked again after Sony changed it.
So how was it done? Despite locking down metldr, there remained one further vulnerability - one that Sony simply cannot revoke: the bootloader key. If you still have an untouched PS3 from the 2006 launch, you can power it up and update it to the latest 4.30 firmware. Every PS3 requires the means by which to decrypt any firmware update - past, present or future. That's what the so-called "lv0" bootloader key does, and that's the final element of PlayStation 3 security that is now out there in the public domain.
How did it get out there? All the indications are that the hackers who made the discovery - who have dubbed themselves "the three muskateers" had no intention of ever making it out into the public domain. However, one of their associates with access to their work appears to have sold it on, and the release of the bootloader keys was made in response to Far Eastern hackers looking to profit from a new wave of "custom firmware". Rather than allow others to profit from their work, the "muskateers" went nuclear, and released the master key so any one with PS3 hacking experience could roll their own firmware. Since then, in just the space of a few days, at least two piracy enabling system updates have been released.
There's a little good news and somewhat more bad news for Sony here. The good news is that while decryption has now been fully blown open, there is no firmware 4.30 equivalent to fail0verflow's encryption tools - only Sony has the means to produce code that runs on any console running on firmware 3.56 or higher. The hackers meanwhile, have to rely upon the 3.55 fail0verflow tools, which can only run on un-updated consoles. Many firmware revisions have been released since then and we'd tentatively suggest that the vast majority of active consoles out there will be running on the newer firmware. At the time of writing, any new hacked code cannot be run on these machines.
"All PS3s need to be able to read firmware updates files from the past, present and future. The release of the bootloader keys gives hackers the same decryption access as the console. Patching this hole could prove to be almost impossible for Sony."
So while the overall damage is most likely limited for now in terms of revenue lost due to piracy, there are still many fundamental issues Sony has to address. Firstly there's the integrity of the PlayStation Network. Genuine, legitimate players will be playing online not only with people who've pirated PS3 software, but have the means to adjust any game data they want. Pirate games run from read/write PC hard drives rather than read-only optical media making customisation much simpler - maps could be altered for example to give hackers an unfair advantage in a first-person shooter. Sony can address this by changing the "pass phrase" which allows PS3s to connect to PSN, but this brings us nicely to the second major problem: how to tackle the leak of the lv0 bootloader keys.
The problem here is that any change Sony makes to the PS3 software has to be read by the PS3 - and that's what the bootloader does. The PSN pass phrase can be changed, but that change needs to be integrated into data that lv0 decrypts - and thus it can be read by hackers. Similarly, new games coming out can be re-encrypted with keys not present in current firmwares - but they need to be delivered to the console via an update that (you guessed it), lv0 - and thus, the hackers - will be able to read. Now Sony can make it harder for those keys to be revealed, they can encrypt to many hundreds of layers if they need to - but at the end of the day, the beginning of the process always begins with the bootloader, which has been irrevocably compromised.
In terms of guaranteeing the validity of the console attached to the network, Microsoft has been far more aggressive than Sony thus far, and has faced attacks from a number of different sources. Consoles running custom firmware are quickly identified and banned from Xbox Live, while users flashing the DVD drive in order to run burned games have also found themselves barred from the service. But it seems that the hackers are always one step ahead, and in the here and now, pirates are still able to access Xbox Live relatively easily using copied games. Only those foolish enough to run leaked code days or even weeks before the game is released are identified as hackers and face the uncompromising wrath of the banhammer.
So where does this all leave game developers? At the most basic level, when it comes to multiplayer gameplay, the bottom line is that the system-level methods of weeding out cheats probably aren't enough on their own: it's going to be down to developers to add further levels of security to ensure that integrity of online gameplay. In short, exactly the sort of thing that's been a required standard for PC gaming for a long, long time now...