Sony is waking up to a new PlayStation 3 security nightmare after a day in which a brand new, PSN-enabled custom firmware was released for hacked consoles, swiftly followed up by publication of the console's LV0 decryption keys - which some say blows the system wide open.
We've been here before of course. Over two years ago, the first piracy-enabling firmware and USB dongle combo - PSJailbreak was released, which exploited a weakness in the PS3's USB protocols, allowing for the system software to be patched in order to run copied software running from hard disk. This was followed up some time later by the release of tools from hacker group fail0verflow, which allowed users to encrypt files for the system in the same way that Sony does, allowing for a new wave of piracy. Geohot's public release of the "metldr" root key also added to the challenges facing Sony, resulting in a messy legal battle.
The firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware.
Despite the effectiveness of firmware 3.60, PS3 has still had to contend with piracy issues, notably the JB2/TrueBlue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to PSN - until recently at least, where the "passphrase" security protocol protecting PSN was leaked, giving hacked consoles full access to the service.
The release of the new custom firmware - and the LV0 decryption keys in particular - poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.
So just how did LV0 come to be released at all? The original hackers who first found the master key - calling themselves "The Three Tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.
"You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," a statement from the hacker group says.
We have approached Sony for comment.
Will you support the Digital Foundry team?
Digital Foundry specialises in technical analysis of gaming hardware and software, using state-of-the-art capture systems and bespoke software to show you how well games and hardware run, visualising precisely what they're capable of. In order to show you what 4K gaming actually looks like we needed to build our own platform to supply high quality 4K video for offline viewing. So we did.
Our videos are multi-gigabyte files and we've chosen a high quality provider to ensure fast downloads. However, that bandwidth isn't free and so we charge a small monthly subscription fee of $5. We think it's a small price to pay for unlimited access to top-tier quality encodes of our content. Thank you.Support Digital Foundry