Sony PS3 hacked “for good” – master keys revealed

Sony’s PS3 has been hacked.

Perhaps “hacked” is the wrong word, because it can imply both criminality and lawful exploration. But we’ll stick with “hacked” here, in the sense of “some reverse engineers have figured out how you can adapt, or jailbreak, your PS3 to make it interoperable with software of your own choice.”

The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple’s iOS, where hackers typically uncover a security vulnerability and exploit it, whereupon Apple patches the hole and suppresses the jailbreak.

But the latest PS3 break is being dubbed unpatchable and the final hack.

That’s because this hack isn’t giving you an exploit to use against a programming hole. It’s giving you Sony’s so-called LV0 (level zero) cryptographic keys.

The PS3 system software loads up as shown in the picture below:

Diagram derived from this article on popular PS3 development website ps3devwiki.

The Level Zero (LV0) loader is the mother of all field-updatable firmware components in the PS3 bootstrap process. It orchestrates the loading, and the cryptographic verification, of all the modules underneath it. As long as the LV0 loader remains the way Sony wants it, you get to run only what Sony wants you to.

Pirated games won’t load, which is good for rights holders. But Linux, for example, won’t run either, which is bad for you. Why shouldn’t you run lawfully-acquired software of your choice on your own computer? [*]

With the LV0 keys now published, you can – at least in theory – replace the LV0 loader and run whatever you like, because you can authorise your own custom firmware (CFW). The PS3’s most-secret cat is out of the bag.

Incidentally, the publication of the LV0 keys was not without some controversy and finger-pointing amongst the reverse engineering and CFW community.

It seems as though a hacking and reversing posse known as the Three Musketeers worked out the LV0 keys some time ago. Since they were, in their own words, “done with PS3 now anyways,” they just sat on the information.

But some turncoat leaked it, and it eventually reached a Chinese hacking group, BlueDisk­CFW.

Well, well.

BlueDisk­CFW didn’t just use someone else’s work to publish a custom firmware that was unashamedly aimed at violating others’ intellectual property. They planned to charge for it! Knock me down with a feather! Dishonourable software pirates! Thieves and rascals!

The Three Musketeers took exception to that.

Let’s hope, when the PS4 comes out, that Sony will give up on trying to lock out jailbreakers permanently, and instead provide a way for those who want to run alternative software to do so in official safety.

When King Cnut famously ordered the tide back and failed, he wasn’t an arrogant absolute ruler trying to show off.

He knew he would fail, and thereby demonstrated that to hold back the tide was impossible – and, in any case, unnecessary – even for a king.

[*] That’s a rhetorical question. There isn’t a good reason why you shouldn’t. Most people don’t want to, and won’t even try. But that’s no reason why you shouldn’t have the choice.