Old 3rd January 2011, 10:42 PM   #1 (permalink)
Retired Captain
Retired Captain
Deadly - Post: 2169
 George's Avatar

Fine
Default Hacked......I think....

A very good friend of mine who is a propeller head for a living sent me how the PS3 was hacked. Now, i'm still unsure what he's talking about and i also though the PS3 was hacked last year by that George Holz kid, so what's new?

As you can tell he gets turned on my numbers

His summary is still too complicated for me

George




Quote:
PS3 pwned. This is how – but geek warning.
YouTube - PSGroove.com - Console Hacking 2010 Part 3 - Chaos Communication Congress


Or to avoid the geek stuff, summarised by this flawed code effectively doing this in PS3:








FYI - PS3 security pwned. Not that this is particularly intersting if you don't have a PS3, but check out HOW it ultimately failed in the security chain of trust.

http://events.ccc.de/congress/2010/F...cking_2010.pdf

Although it was a concerted attack on a number of fronts (much like iOS is done), the key killer was this line of code (slide 127/12:

def generate_ecdsa(k, sha):
k = bytes_to_long(k)
e = bytes_to_long(sha)
m = open(“/dev/random”,”rb”).read(30)
if len(m) != 30:
raise Exception(“Failed to get m”)
m = bytes_to_long(m) % ec_N
r = (m * ec_G).x.tobignum() % ec_N
kk = ((r * k) + e) % ec_N
s = (bn_inv(m, ec_N) * kk) % ec_N
r = long_to_bytes(r, 30)
s = long_to_bytes(s, 30)
return r,s


Using complex elliptic curve cryptography algorithms, some dork wrote a random number extractor that produced the same number every time!!!!

Once they had the same number generated, they could determine Sony's private keys from just two instances (like reusing a one time pad).

Some code bunny has just had his arse fried!


XXXX


__________________


Last edited by George; 3rd January 2011 at 10:52 PM.
George is offline   Reply With Quote

Old 4th January 2011, 12:55 PM   #2 (permalink)
Retired Captain
Elite - Post: 2541
 Cadder's Avatar

Default

Simple solutions are quite often the most effective. Redefining "random" to solve randomly generated security is a great example of thinking outside the proverbial box.

It reminded me of the old epithet:
Q: How many Micro$oft techs does it take to change a light bulb?
A: Irrelevant. We redefined darkness as the new standard.
__________________
Cad nominatim, CAD per professio, cad per vis.
(Click the .sig for my PSN portable ID)
Cadder is offline   Reply With Quote
Old 5th January 2011, 02:19 AM   #3 (permalink)
Lethal - Post: 5501
 King_Rocket's Avatar

Pensive
Default

Man this is good news, I was pretty disjointed on how limited my PS3 was as a non gaming device.
__________________

"If a job's worth doing, no further justification is required." - Alice: Madness Returns
"It takes just as much work to achieve failure as it does to achieve success."
King_Rocket is offline   Reply With Quote
Old 10th January 2011, 05:17 PM   #4 (permalink)
Guild Officer
Guild Officer
DOTA2
Deadly - Post: 2094
 Chief's Avatar

Confused
Default

Geohot released a custom firmware for people with the latest OFW (3.55). You don't even need one of those USB development boards anymore, you can just use a normal USB drive of any sort.

Nothing Sony can do about it now, only option they have is to keep updating firmware and watch as it keeps getting hacked, like with the PSP.
__________________
Battlelog ~ PSN - Trent_Steele ~ Steam ~ Battle.net - Chief#6843
Chief is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +11. The time now is 11:13 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0