IT will be in the [INFO, Hacks & Exploits] link...

0m1kr0n wrote:

The general public probably won't. It wouldn't surprise me if something has already been found and patched. Even the updates are encrypted, and Sony is very secretive about everything- even to the Linux kernel developers.

Like I recently said- the type of people it'll take to get past the crypto won't take interest, or report directly to the vendor- Sony- if they find something.

If you had the equipment and the time, would you know what to do to break the cryptology?

Powerslave wrote:

The cryptology is about half of it...  Once that's done, you need to get the KEY from the CPU.   The XB360, they have found how to get it, but with the CELL, there is no way yet.   You also need he PUBLIC key.   The encryption isn't what you think, like the WHOLE game, or communications on-line,  just portions that need to clear the security checks.   

Think of it as like someone is at your gate, they key in the code you gave them to open the gate, this is the public key, which means not EVERYONE has it, they are just below the HYPERVISOR, with limited access to your home's resources (water spouts, electrical outlets, and whatever tools YOU provide).  Generally these would be gardeners, workers, and so on, they stay outside and do not come in your home.  You then give them permission to do certain things, by handing them a chart with codes on it, they decipher the codes and can do their work properly.  Then, another person, say the guy coming to update your living room, comes knocking at your door, and you won't let them in without a password, the private key.  HE is now working above the hypervisor, and now has access to all the resources both IN ad OUTSIDE your home.   The encryption comes for him BEFORE you give him the private key with like a riddle, your encryption key, then he answerers it, if correct, gets in the home with the private key...

Yeah, I know, there is more to it than that, but I am trying to explain how it works, kind of, in REAL REAL lamens terms....

So, you have two levels of security, for certain tasks, general and more lucrative. 

When a game is put in, it needs both keys to properly execute....  IT gets the key from the PS3 by cryptology...  Without the private key, the game can't run, due to limited resources....  I dunno, I am trying to get a way to explain it, maybe the other dude can better?

Look at the CBE security model article by IBM in my sig. Look at the parts about the RNG, process check sum, and "code vault." The code vault is the foundation of the Type I hypervisor by the way.

The software efforts of reverse engineering the PS3 thus far -all- point to Sony using the "code vault" for crypto on all the ELF binaries. They could implement any crypto from 3DES to AES, or maybe even quantum algorithm using the CBE. I'm of course only referring to the RSX research, because crack team stuff for the most part has no forensic backing.


It'd make total sense for a designer to put all the cryptographic functions in the secure part of the CBE chip instead of revealing itself in FLASH or HDD. The other chips as you can see from my board schematics a while back, are all BUS level signal controllers, emulators(PS2 version,) RAM, or other Sony chips. There are some smaller ones too, but they've all been looked up. It wouldn't make sense for Sony to do hard wired security in the other 2 ASIC's when it has a ground up solution in the CBE that works in comparison.

I personally would be all over this if I new how to write automaton that brute forces crypt text. There are algorithms for all ciphers, but they sometimes take a lot of time and/or processing. If the cipher was known you could probably load a few ELF's in something and have it do it's work. Any mathematicians in the house?

Last edited by 0m1kr0n (2008-07-09 21:26:59)