> news sites are overhyping the release/leak/whatever of the rom keyseeds, saying it could be used to fully unlock the ps5. i've already stated on twitter and i'll state it again. rom and seeds alone are NOT enough to pwn a ps5, you either need fuses and nandgroups to complement it
> ... or alternatively, you need to find bugs in the rom that you can use to exploit the ps5. neither of these are easy and require immense work. also, decapping a ps5 apu to retrieve the fuses optically will prove useless to the end user because those fuses are encrypted/xored/obfuscated
I always fascinated by works of people that try to reverse engineer this secure system
- Precocity and curiosity. Access to tech, resources, ways of actually getting answers instead of just hypothesizing. Though a curious mind will always conjure theories of all sorts.
- Working on an assortment of devices. Recent, old. Take them apart, ask how do they work. Read up about how they are constructed. Repeat.
- Robotics. Dead give away because robotics means embedded and embedded knowledge is gold. As is electronics knowledge among all the knowledge of how sensors actually work and what they do. You don’t wake up knowing how software and hardware interfaces. Along with learning this you learn a ridiculous amount regarding protocols, tools like logic analyzers and oscilloscopes, and patterns that repeat again and again. [0]
- Free time. This one is a given. This shit takes too long and all you’ve got are hunches along the way.
Take the recent CCC presentation on Miele appliances. The young presenter practically gives the punch line away: he fixes his parents’ house appliances, he rummages forum posts looking for information. He reads data sheets of processors and knows what pin does what. He looks at what others have done and wonders “what if?”. His whole presentation was so textbook and the appliance is an early 2000s model that it’s begging for someone with a shred of curiosity to take it apart and learn how it works. He finished by successfully dumping the firmware even when he thought it couldn’t be done. Along the way his “hunches” show he knows how things work because he’s worked on it before. The only people surprised are people who haven’t done it. He was going to succeed before he began - that’s how prepared you need to be.
Now, if you’re not a super talented 12 year old, that’s okay. Start programming microcontrollers and get comfortable with reading voltage levels and signals of GPIOs and peripherals. Learn how your firmware gets loaded at startup. Build some basic protocols and confirm on a logic analyzer. Decode your work with your eyes. Reading binary and hex should be second nature. Read and decode a USB protocol. An SPI protocol. And don’t complain it’s too much work.
Probably could have been avoided if Sony kept the Linux version of the Playstation still alive. Imagine what the (console) world would have looked like, if it was still alive. I never got the chance to even try it myself before it was gone, but I'm sure a lot of the homebrew community's energy could have been redirected towards it instead, hitting two flies with one swath.
The causality here is backwards; Sony removed Other OS support precisely because the first jailbreak (a glitching attack) relied on it.
IMHO, removal of this feature should have triggered Sony having to pay back the amount of taxes cheated.
Only the original ones ever supported the feature.
But it was fun.
Nobody tried to hack it, everyone assumed it was impossible. But when they removed Linux, then people tried, and it was broken very quickly.
> According to The Cybersec Guru, this is an unpatchable problem for Sony, because these keys cannot be changed and are burned directly in the APU.
I'm just speculating at this point, but what could prevent Sony from anticipating this exact situation and burning several keys in the APU? I mean, eFuse is not exactly a new technology. That way, once a key is leaked, Sony could push a firmware update switching the APU to a new key which hasn't been leaked yet.
If keys are recovered using some form of low level hardware attack, as was almost surely the case here, the attacker can usually recover the unused key sets too.
If the chip manufacturing provisioning supply chain is leaky the new keys will probably be disclosed anyway, and if the key custody chain is broken (ie, keys are shared with OEMs or third parties) they will definitely be disclosed anyway.
So if v1 is signed by key A, v2 is signed by key B and invalidates key A; a console that installs v2 wouldn't be able to install v1 after, but that's not a problem for Sony.
But, I'm not sure how many companies would be able to manage their keys properly to ensure that someone with access to key A doesn't have access to key B.
If these are asymmetric key pairs and the device side key was extracted from the device... Switching keys wouldn't help, and it's not a huge deal by itself --- having the device side key doesn't allow you to make a firmware image the device would accept.
If there was a breach, I'd expect keys for the PS4 to be leaked as well which would be quite handy. There are soft jailbreaks you can do currently on the PS4, but they're not full on CFW (custom firmware) and don't persist reboots.
This also goes into a bit more detail regarding how these keys are used.
Nasty filler to add that to the page.
General question: (I don't know enough about cryptography)
Are these symmetric keys or asymmetric ones? Both allow you to decrypt, but only the former would allow you to make changes to it, whereas the latter would still require you to find an exploit in the next stage. I think?
Once PS3 was cracked enough to run game mods, every PS3 GTA freeroam session was overrun with obnoxious cheaters, ruining it for everyone else. (Sorta like the tech industry.)
In most computer tech things, I'm all Linux, OpenWrt, Coreboot, GrapheneOS, etc., but the game console is one thing that that I like being locked down.
Consoles are e-waste in my eyes, perfectly good for other uses but liocked to what the vendor wants to give. Limited by the hardware that's given and then nagged to buy latest model.
Why am I not allowed to turn an old PS4 in to a Linux router? It has a beast of a CPU, USB ports and suports SSD's, what's the issue?
I simply sell my game consoles when I'm done with them.
They would make terrible Linux routers, even if they were unlocked.
/sarcasm
Nintendo DS is now kind of EOL. So the era of Flashcarts and the likes are gone. I remeber the toothpick wrapped in tinfoil to flash a custom firmware trick and applying it to my DS. The recent lawsuit kind of killed the main provider to these carts.
PS3+, Nintendo Switch have had e-fuses which now look out the console when attempting CFW.
PC Games are now protected by Denuvo which are almost impossible to crack apart from a couple of folk, one who is slightly mental and another who only does racing games.
The android bootloader is being locked down to stop custom firmware. Microsoft is attempting to lock the user out unless you upgrade to Windows 11 with TPM.
Emulation is another game, but Nintendo throws a lawsut if you attempt. Sony is locking down by having to dump your own firmware although I am not sure about Xbox emulation.
edit:
> You still won't get a jailbroken PlayStation 5 with this leak, but it will make it easier for hackers to compromise the console's bootloader.
nope?
This would just allow further study.
Ref: https://www.pcmag.com/news/japans-cyber-security-minister-do...
