Chaos Communication Congress (Console Hacking 2010)

Deathwolf · December 30, 2010, 12:01:25 AM

Bushing and his team are talking about their new Homebrew Enablers.

Part 1: http://www.youtube.com/watch?v=HEFMAP0mTvY

Part 2: http://www.youtube.com/watch?v=qFuTCEtK6l8

part 3: http://www.youtube.com/watch?v=84WI-jSgNMQ

just enjoy :eek:

Thomas83Lin · December 30, 2010, 12:55:59 AM

yep watched all 3 videos, very cool stuff. seems like the ps3 may be the next wii :) it terms of being hacked

Nutmeg · December 30, 2010, 04:43:50 AM

I don't understand 90% of that, but could somebody explain the last pard of episode 3? Where they say they aren't going to work on hacking games, and something about finding the private key to the app loader.

Games = app
private key = needed to sign the user's code.

So then.... all that security breaking was for the sole purpose of pirating games???

Can somebody explain the main hack they executed?

Link · December 30, 2010, 05:52:30 AM

Quote from: Nutmeg on December 30, 2010, 04:43:50 AM
I don't understand 90% of that, but could somebody explain the last pard of episode 3? Where they say they aren't going to work on hacking games, and something about finding the private key to the app loader.

Games = app
private key = needed to sign the user's code.

So then.... all that security breaking was for the sole purpose of pirating games???

Can somebody explain the main hack they executed?

Wrong.. it's the same as for Wii.. bushing, marcan, sven and their team are looking for convenient ways to run homebrew and Linux. Given the fact they have the private key of the console, they can create application package which are considered officially authorized by the system. So for example if you tried to install the homebrew channel using WAD installers on a nowadays Wii (without using known exploits), the Wii would refuse to take the WAD as the signature is incorrect - Team Twiizers was never able to gain the private key of the system. However, the Wii has SO MANY exploits by now that there are multiple other ways to get the HBC in.

For the PS3: given the fact they have the private key, they can create application packages which have OFFICIAL SONY SIGNATURES! Thus they do not require an exploit, the packages are completely correctly signed looking like perfect Sony packages. And even worse: this is EXTREMELY difficult for Sony to patch! (A possibility would be the DSi way: storing signatures of every official game and application package being made by now and using different private keys for future packages - I do not know though how the public keys are stored so if Sony cannot change them they have lost the fight and they can hardly even win it with all future PS3 revisions).

Thus it allows pure homebrew: however, to get back to piracy. Look at the Wii.. look at JTAG 360s.. homebrew which is used to play piracy is pretty quickly coming out.. so while the Fail0verflow team will not produce any piracy loaders - I could even imagine that they develop software packages which make it as difficult as possible to create them, I am quite sure, third parties will soon develop them.

Thomas83Lin · January 03, 2011, 05:32:32 AM

Quote
Geohot has now released the all mighty root key that allows you to decrypt and sign ANYTHING on the ps3.

erk: Keys Removed
riv:
pub:
R:
n:
K:
Da:

~geohot

props to fail0verflow for the asymmetric half
no donate link, just use this info wisely
i do not condone piracy

if you want your next console to be secure, get in touch with me. any of you 3.
it'd be fun to be on the other side.

Thoughts?

Source: geohot

James0x57 · January 03, 2011, 03:59:11 PM

sexy

I'd love to start up a PS3rd Code Database if such things fall into place.... Would be nice to have another hacker-driven "united" database. =)

Deathwolf · January 03, 2011, 04:07:31 PM

is a usb gecko for PS3 possible? xD

Romaap · January 03, 2011, 04:10:22 PM

I think it would be much easier to have an application that dumps RAM through the network, because there is already an app that sends stuff through the network (by fail0verflow IIRC) so it should be possible.

James0x57 · January 03, 2011, 04:26:18 PM

Indeed. Hopefully when PS3 code hacking begins it will be as intelligently designed as the Gecko/WiiRD code handler's codetypes and all based on some simple game ID like Wii.

Deathwolf · January 03, 2011, 04:30:00 PM

Quote from: James0x57 on January 03, 2011, 04:26:18 PM
Indeed. Hopefully when PS3 code hacking begins it will be as intelligently designed as the Gecko/WiiRD code handler's codetypes and all based on some simple game ID like Wii.

but the PS3 use PowerPC for ASM (Disassembler) codes right?

Deathwolf · January 03, 2011, 07:21:28 PM

PS3 has been full hacked!!

PS3 Masterkey(Root Key) discovered by GeoHot :eek:

matt123337 · January 03, 2011, 10:43:50 PM

Deathwolf, Thomas quoted that like 5 posts above :D

hetoan2 · January 04, 2011, 01:17:53 AM

I cant wait to get my hands on a remote debugger for the PS3, twill be amazing.

Deathwolf · January 04, 2011, 01:30:37 AM

Code search plugin.prx like usb gecko is already possible on PS3.
Would be amazing to do this. As geohot said, 95% software (flashing files) and 5% hardware.
Hardware modifing sucks ....

WiiRd forum

News:

Chaos Communication Congress (Console Hacking 2010)

Deathwolf

Thomas83Lin

Nutmeg

Link

Thomas83Lin

James0x57

Deathwolf

Romaap

James0x57

Deathwolf

Deathwolf

matt123337

hetoan2

Deathwolf