Sony is waking up to a new PlayStation 3 security nightmare after a day in which a brand new, PSN-enabled custom firmware was released for hacked consoles, swiftly followed up by publication of the console's LV0 decryption keys - which some say blows the system wide open.

We've been here before of course. Over two years ago, the first piracy-enabling firmware and USB dongle combo - PSJailbreak was released, which exploited a weakness in the PS3's USB protocols, allowing for the system software to be patched in order to run copied software running from hard disk. This was followed up some time later by the release of tools from hacker group fail0verflow, which allowed users to encrypt files for the system in the same way that Sony does, allowing for a new wave of piracy. Geohot's public release of the "metldr" root key also added to the challenges facing Sony, resulting in a messy legal battle.

The firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware.

Despite the effectiveness of firmware 3.60, PS3 has still had to contend with piracy issues, notably the JB2/TrueBlue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to PSN - until recently at least, where the "passphrase" security protocol protecting PSN was leaked, giving hacked consoles full access to the service.

The release of the new custom firmware - and the LV0 decryption keys in particular - poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.

So just how did LV0 come to be released at all? The original hackers who first found the master key - calling themselves "The Three Tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.

"You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," a statement from the hacker group says.

We have approached Sony for comment.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Jump to comments (157)

About the author

Richard Leadbetter

Richard Leadbetter

Technology Editor, Digital Foundry

Rich has been a games journalist since the days of 16-bit and specialises in technical analysis. He's commonly known around Eurogamer as the Blacksmith of the Future.

More articles by Richard Leadbetter

Comments (157)

Hide low-scoring comments
Order
Threading

Related

Like what we do at Digital Foundry? Support us!

Subscribe for only $5 and get access to our entire library of 4K videos.

Digital Foundry

Advertisement