Reply
First Son
Registered: 07/15/2012
Offline
15 posts
 

Re: This subject is of interest to all who play and have your PS3 console updated...

Oct 25, 2012

Source: EUROGAMER

 

ByRichard LeadbetterPublished 23 October, 2012

Sony is waking up to a new PlayStation 3 security nightmare after a day in which a brand new, PSN-enabled custom firmware was released for hacked consoles, swiftly followed up by publication of the console's LV0 decryption keys - which some say blows the system wide open.

We've been here before of course. Over two years ago, the first piracy-enabling firmware and USB dongle combo - PSJailbreak was released, which exploited a weakness in the PS3's USB protocols, allowing for the system software to be patched in order to run copied software running from hard disk. This was followed up some time later by the release of tools from hacker group fail0verflow, which allowed users to encrypt files for the system in the same way that Sony does, allowing for a new wave of piracy. Geohot's public release of the "metldr" root key also added to the challenges facing Sony, resulting in a messy legal battle.

The firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware.

Despite the effectiveness of firmware 3.60, PS3 has still had to contend with piracy issues, notably the JB2/TrueBlue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to PSN - until recently at least, where the "passphrase" security protocol protecting PSN was leaked, giving hacked consoles full access to the service.

The release of the new custom firmware - and the LV0 decryption keys in particular - poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.

So just how did LV0 come to be released at all? The original hackers who first found the master key - calling themselves "The Three Tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.

"You  can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," a statement from the hacker group says.

We have approached Sony for comment.

Message 21 of 26 (81 Views)
Reply
0 Likes
VP of Gaming
Registered: 12/08/2000
Online
28977 posts
 

Re: This subject is of interest to all who play and have your PS3 console updated...

[ Edited ]
Oct 25, 2012

moblesuit75 wrote:

Rappudo wrote:
Thanks for your response, and for the help, I play with many who speak the English language and have to ask to speak more slowly and slowly, because I have difficulty in understanding.
Just wanted to leave here my opinion contrary to people that don't add anything, don't use the knowledge we have to help, to contribute, only to destroy the work of others. I try to be honest and do my part, even when I am outraged that the game crashes or other bugs appear, try contacting the developer, who never responds, but I do my part.
Really upset me that information, but those who want to always take advantage are not part of my circle of friends.
Say this because I suffer unfair competition in my area of professional activity, and that bothers me a lot.
I hope that Sony (PSN) solve these flaws, and maybe create mechanisms for encouragement of piracy, to stop this practice.
Could in each game, inside the packaging, put a code with the right drawings for prizes like games, consoles, TVs, perhaps to encourage consumption of original products. Here, in Brazil, selling pirated movies and games on every corner, I am totally against this. Most stores closed because they had to compete with that, in the case of the PS2 and XBOX 360, here in Brazil, do not know anyone who has the original set, thankfully still don't make Blu-ray Disc copies.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Ah yes, I see now.  Here in the US, you have to actually go looking for the pirated stuff, if you were so inclined.  I think the enforcement is greater here, because there is money in it for the US Government.  There are huge fines applied in the US, and that is a great deterrent.

 

Jail time is also associated with piracy here, so it is not as wide spread as it may be in Brazil (Brasilia).  Not that this is a critique on the Justice System of Brazil, but you yourself mentioned the piracy was out of control.

 

I do agree as well, sometimes the developers create something and leave their hands off, so long as it does not major impact their bottom line.  They typically leave it to the Government to solve their problems.  In the US, anything can be resolved, punished, rewarded or impacted by MONEY.  It is the nature of the game here.

 

Rappudo, I know it seemed like I was giving you a hard time at first, like a few others, but I am glad we got to communicate.  I just like to have a little fun every once in a while to lighten the mood.  I agree with your post and your ideas.  Don't be discouraged by the language differences, all are welcome here.  Don't min d the "ball breakers" either.  Some of them do not know any better.

 

Moble


 

There's not really "money in it" for the U.S. government. These laws were lobbied for by the entertainment industry (including video game companies), and the F.B.I. acts if there's a complaint filed. If you think about it, the amount of fines levied are a veritable drop in the bucket compared to the total budget of the federal government.

 

Years ago, January 1989 to be exact, I was at a record show (remember those things, RECORDS, better still remember PAYING for music), and it was raided by the Chesire Police Department (Chesire, CT). Word was that an artist's manager got wind that there were bootlegged video tapes and audio cassettes being sold there. This was at a time well before the internet, and even before computers were mainstream products. So this is nothing new.

 

Now here's the thing, and bear with me on this; I'm one of those who believes that people should be paid for their hard work. At the same time, going after a kid downloading a Sponge Bob song isn't addressing the problem. The real problem isn't downloading, it's music (using this to make a point here) is and has been overpriced, and for a very long time now. People like me aren't buying CD's, and we're not even downloading the stuff for free. Why? Because there's a lot of us who aren't fans of rap and country, and there's nothing for us to listen to.

 

If the game industry isn't careful it could be heading down the same path. Who have to change with your customers needs. So far the game industry has been giving us more bang for our collective bucks. Hopefully they'll look at the music industry and learn from their example.

Message 22 of 26 (78 Views)
Reply
0 Likes
VP of Gaming
Registered: 12/08/2000
Online
28977 posts
 

Re: This subject is of interest to all who play and have your PS3 console updated...

Oct 25, 2012

moblesuit75 wrote:

BRIT-KO wrote:

moblesuit75 wrote:

By the way OP, that is my colour, you can't use that.  (Yes I like spelling it colour, just as I enjoy spelling shop as shoppe Smiley Wink)

 

 

JK, enjoy it.  I like it because it reminds me of Halloween against the black backdrop.

 

Moble


Being from the UK as I originally am I am used to spelling color with a "U", also favoUr the same way, but living in the USA as I have for a number of years now it's second nature to leave that "U" out now Smiley Sad.

 

As for Shoppe, I used to go to a sweet (candy) shop called The Olde Sweetie Shoppe, I also used to frequesnt a pub (bar to you American's lol) called Ye Olde London, brilliant pub!



Ah yes, the Queen's English, with all the redundant consonants.  I actually admire it.  I think US English is very lazy at times and loses all the nuances.

 

Was The Olde Sweetie Shoppe like the one in Willy Wonka?  The Gene Wilder one, not the Tim Burton Bastardization that followed the book more closely and was thus not as intriguing.  Johnnie Depp creeps me out.

 

I have never been to the UK, but would like to visit sometime in my life.  I have relatives in Ireland (not the UK) that I have never met.  It would be nice to meet them, as they are strangers to me and I to them.  Seeing a proper Public House would be interesting as well.

 

I have had a fascination with the UK since my days of running around with a leather jacket on and my hair in a mohawk.  I was, and sort of still am a big fan of The Sex Pistols.  Still love my The Damned albums, now digital copies, too.  It is funny that even to this day, "rock" purely exists in the UK, while the US gets notoriety of being the "rock" nation.  Too bad hip hop and R&B have taken over though.

 

I say "rock" subjectively, because there are many forms.

 

If I was to ever get over to the UK, I wouldn't mind taking in a Chelsea F.C. match either.  Yeah I said it CHELSEA, oi! Smiley Very Happy

 

Cheers

 

Moble


Not to get too far off topic, but I would strongly advise you to keep your passport up to date, and get yourself over to the UK. I went a couple of years ago, and even though I like to think of myself of "as American as apple pie", I couldn't help but think "this is what we fought the Revolution to get away from?? THIS IS AWESOME!!".

 

As far as music goes, Electronica is huge throughout Europe, not a fan. I had great fun going to all the guitar shops on Denmark St.

Always remember though, if it weren't for Chuck Berry, Little Richard, and Elivs Presly, there wouldn't have been an British Invasion.

Message 23 of 26 (75 Views)
Treasure Hunter
Registered: 11/06/2011
Offline
4421 posts
 

Re: This subject is of interest to all who play and have your PS3 console updated...

Oct 26, 2012

CaptainAlbator wrote:

Not to get too far off topic, but I would strongly advise you to keep your passport up to date, and get yourself over to the UK. I went a couple of years ago, and even though I like to think of myself of "as American as apple pie", I couldn't help but think "this is what we fought the Revolution to get away from?? THIS IS AWESOME!!".

 

As far as music goes, Electronica is huge throughout Europe, not a fan. I had great fun going to all the guitar shops on Denmark St.

Always remember though, if it weren't for Chuck Berry, Little Richard, and Elivs Presly, there wouldn't have been an British Invasion.


I definately see what you are saying about the gaming industry and piracy.  As far as Government involvement, I think you hit it more on the head than I.  

 

The government protects the money for the industry through legislation brought forth by lobbyist paid by the entertainment industries.  I do think the gaming industry should be careful, as you said, that they do not go the route of the music industry.

 

As for the off topic; I would love to go to Europe and specifically the UK.  I listen to just about anything these days.  I actually like some electronica.  I enjoy MUSE and Radio Head.  I even like a little Snow Patrol.  I used to listen to New Order and Erasure when I was younger too.  

 

I would say though; the US still holds a fair bit of the Metal genre, although South America and Eastern Europe have some pretty heavy bands for that genre as well.

 

Moble

Message 24 of 26 (59 Views)
Treasure Hunter
Registered: 11/06/2011
Offline
4421 posts
 

Re: This subject is of interest to all who play and have your PS3 console updated...

Oct 26, 2012

Rappudo wrote:

Source: EUROGAMER

 

ByRichard LeadbetterPublished 23 October, 2012

Sony is waking up to a new PlayStation 3 security nightmare after a day in which a brand new, PSN-enabled custom firmware was released for hacked consoles, swiftly followed up by publication of the console's LV0 decryption keys - which some say blows the system wide open.

We've been here before of course. Over two years ago, the first piracy-enabling firmware and USB dongle combo - PSJailbreak was released, which exploited a weakness in the PS3's USB protocols, allowing for the system software to be patched in order to run copied software running from hard disk. This was followed up some time later by the release of tools from hacker group fail0verflow, which allowed users to encrypt files for the system in the same way that Sony does, allowing for a new wave of piracy. Geohot's public release of the "metldr" root key also added to the challenges facing Sony, resulting in a messy legal battle.

The firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware.

Despite the effectiveness of firmware 3.60, PS3 has still had to contend with piracy issues, notably the JB2/TrueBlue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to PSN - until recently at least, where the "passphrase" security protocol protecting PSN was leaked, giving hacked consoles full access to the service.

The release of the new custom firmware - and the LV0 decryption keys in particular - poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.

So just how did LV0 come to be released at all? The original hackers who first found the master key - calling themselves "The Three Tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.

"You  can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," a statement from the hacker group says.

We have approached Sony for comment.


Yeah, you are right.  That does **bleep** me off.  I never understand why there are those out there who only look to ruin things for others.  I don't care if it is monetarily motivated or just because they want to prove something to someone.  When it effects me, it makes me angry.

 

What is the source for this article, by this I mean do you have the direct link?

 

Moble

Message 25 of 26 (57 Views)
Reply
0 Likes
First Son
Registered: 07/15/2012
Offline
15 posts
 

Re: This subject is of interest to all who play and have your PS3 console updated...

Oct 27, 2012
Message 26 of 26 (40 Views)
Reply
0 Likes