PlayStation 3 Firmware Hacked, LV0 Encryption Keys Released

As a consequence of what seems to be a war between two hacking groups, the PlayStation 3 console had its firmware hacked yesterday. Consequently, the LV0 encryption keys that the PS3’s entire architecture is based around were released into the wild, potentially destroying Sony’s entire security model.

A statement from a group called The Three Musketeers put out a statement on October 22 stating that they had been sitting on the LV0 keys for the system for some time. However, someone leaked their keys to a hacking group based in China called BlueDisk-CFW, who put out a custom firmware (CFW), and was going to charge for further custom firmwares, based off of their work. They decided to release the keys along with a statement decrying the initial leak that allowed BlueDisk-CFW to sell custom firmwares.

[_ As this was a group effort, we wouldn't normally have lost a word about it |
|ever, but as we're done with PS3 now anyways, we think it doesn't matter |
|anymore []. Congratulations to the guy that leaked |
|stuff, you, sir, are a 1337 haxx0r, jk, you're an asshole. _]
| |
| Try this bytes... |
|(*SEE BELOW - CEB*) |
| ...and be amazed. |
| |
[_ People should know that crooked personalities are widespread in this so |
|called 'scene'. Some people try to achive something for fun together and make|
|the wrong decision to trust others and share their results with them, but ofc|
|there got to be the attention seeking fame wh*** that has to leak stuff to |
|feel a little bit better about him-/herself. _]
[_ Now the catch is that it works like this in every 'scene', just that in |
|others it usually doesn't come to light. _]
[_ The only sad thing is, that the others who worked on this won't get the |
|attention they deserve because they probably want to remain anonymous (also |
|they don't care about E-fame | |
[_ PS: This is neither about drama nor E-fame nor 'OMG WE HAZ BEEN FIRST', we |
|just thought you should know that we're disappointed in certain people. You |
|can be sure that if it wouldn't have been for this leak, this key would never|
|have seen the light of day, only the fear of our work being used by others to|
|make money out of it has forced us to release this now. _]
'----===========================================[- The Three Musketeers]==----'

Sony has had issues with hacked firmware in the past. Two years ago, PS Jailbreak was released, which allowed users to bypass Sony’s security check with a USB dongle. Later, the fail0verflow group released tools that got around Sony’s encryption up to firmware 3.55. All of this was in response to Sony disabling the OtherOS feature—a native PlayStation 3 feature that allowed technical users to install Linux-based operating systems other than Sony’s XMB—on their slim-model PlayStations, and then disabling it retroactively in all PS3 firmwares after 3.12 in response to a hack put out by George “GeoHot” Hotz. Firmware 3.60 was able to effectively stamp out most software-based hacks for anyone who upgraded until this point.

The LV0 is effectively Sony’s signing key. It allows custom firmwares to appear to be “signed” by Sony, making them legitimate in the eyes of the processor. The keys are not changeable; they have to be read by all legacy software, dating back to the PlayStation 3’s inception. This effectively allows any custom firmware to be created going forward, including those that patch around the system’s security checks of software. This also allows pirated and otherwise counterfeit games to be played on the PS3.

Sony has not commented on this to Gaming Bus or any other news organization. The LV0 keys were released a day before Sony’s latest firmware, 4.30, was to go live.

Note: Gaming Bus will not release the LV0 keys or link to a site that has one as we have no interest in aiding software piracy

Analysis: I’m not one of those that is going out on a limb and saying that Sony will never recover from this. We said that after the root keys were put out by GeoHot in 2011, and Sony was very deftly able to get around that. However, this looks bad for the sake of the PS3’s security: there’s simply no “lower” level of security to go without getting to the kernel, which this potentially allows. In short, for a company that has been so dogmatic about its security as their removal of OtherOS started this chain reaction years ago, this is an unmitigated disaster. I’m sure it will only be a matter of time before firmware 4.30 is cracked as well.

With that said, the key question is: what will Sony do?

Their first response is likely going to be another firmware update beyond 4.30. Like the ones when the cat-and-mouse game started in earnest in December of 2010, this will likely only serve to piss off customers who want to play their games. They will also start issuing cease-and-desist notifications to anyone who puts out the keys. Good luck with that; it’s on the Internet, it’s gone now, and bullying a few smaller sites isn’t going to do anything to solve that.

After that, there’s simply no way of knowing. If the LV0 hack is as bad as it looks—and although it’s bad, I’ve heard the Sony will never recover! song before—then simply entering into a game of firmware tennis will accomplish nothing. Sony’s updating model is atrocious: it requires a whole new firmware to be downloaded and installed instead of just patched, so that will just overly inconvenience customers. Sony’s actions in handling their PlayStation Network hack from 2011 indicate that they don’t give two flying shits about the consumer, but at this point, the cons would outweigh the pros. Beyond this, it’s anyone’s guess. We can get into hypothetical debates all day, but I think Sony’s best move would be to step up enforcement of non-official firmwares, as far as that’s possible, and kick offenders off of the PlayStation Network. I say this acknowledging it might not be possible since someone could clone the verification method into a CFW, but it’s Sony’s best bet.

Beyond that, the PlayStation 3 had a four-year history before it got hacked with any kind of seriousness. If this is truly it for the system’s integrity, it lasted six years. That’s much longer than the 360, which lasted about a year, and the Wii, which was almost immediate. That’s a really good record in spite of the anti-consumer ways in how they got there.

Christopher Bowen

About Christopher Bowen

Christopher Bowen is the Editor in Chief of Gaming Bus. Before opening Gaming Bus in May of 2011, he was the News Editor at Diehard GameFAN, a lead reporter for DailyGamesNews, and a reviewer at Not A True Ending, also contributing to VIMM, SNESZone and Scotsmanality. Outside of the industry, he is a network engineer in Norwalk, CT and a veteran of Operation Iraqi Freedom.