[Stepmania 5] Running in the 90's| Max Coveri| Expert 12| 95.34%. Alfa Romeo Aston Martin Audi BMW Bugatti Chevrolet Dodge Ferrari Ford Honda. Running in the 90s in Stepmania game (Like Dance Dance Revolution for PC) I'm only. I tried to follow the arrows, but my brain melted along the way.
Is a reddit for discussion and news about Guidelines. Please keep submissions on topic and of high quality. Just because it has a computer in it doesn't make it programming. If there is no code in your link, it probably doesn't belong here. Direct links to app demos (unrelated to programming) will be removed. No surveys. Please follow proper.
Info. Do you have a question?.
Do you have something funny to share with fellow programmers? Please take it to. For posting job listings, please visit. Check out our.
It could use some updating. Are you interested in promoting your own content? Related reddits.
As for your suggestion, it might be feasible for Sony to issue new keys further down the chain of trust and a write new game verification subsystem which does whitelisting for old titles, but there's nothing to stop us pretending we installed that update and emulate the results. We previously couldn't decrypt any of Sony's firmware updates, or any of the boot ROMs. Now we can decode all of them. It's a similar situation to Satellite TV decoder cards or anti-cheat software. As we're in 100% control of the unit now, none of it can be trusted by Sony.
They just have to issue surprise code that demands we reveal an aspect of our system software over the network, and permaban us from their network when they find any discrepancies. But there's nothing to stop us pretending we installed that update and emulate the results. Right, if you root your machine now, before they get it all in place.
Yes, if you want to do it by software alone. But you can reflash your firmware at any time using hardware - we have the private key that signs that firmware, something we don't have for any other console. We can wipe out any subsequent firmware updates whenever we want to. The vulnerable hardware will remain vulnerable indefinitely.
Furthermore, PS3s need to be on the internet to get firmware updates from Sony, and they don't install updates automatically. The user has to confirm they want it (Sony entices them by then making it a requirement before they are allowed on PSN or to play the latest games) Perhaps Sony gave the PS3 a 'fuck the user, install this anyway' mode? We will soon find out. Metldr is the first loader in the system, and it's in ROM on the CPU die. It decrypts and executes lv0ldr, which is in flash. Watch for a complete description by experts.
Using the metldr private key, I can decrypt Sony's lv0ldr code, write my own based on that, re-encrypt and sign it with the metldr key and start up all the PS3 hardware however I like. Sony might stop me burning a new lv0ldr with a future firmware update (by issuing a new firmware with the old key, saying not to accept firmware updates using the old key), but if they do I can still piggy back on the flash chip and write my signed lv0ldr to it it while the PS3 is switched off. 1) If we can run ANYTHING, we can lie to Sony about the results of a key check. If we didn't feel like lying, we could just add whatever key we feel like to the white-list, since we can run anything we want. 2) They can just extract the new key.
3) If the key is actually changeable (Most likely coded in hardware) then anyone can change the key to prevent Sony from changing it. (They can't sign software if they don't know our key.) Moreso, we can continue to run whatever we want.
4) In order to install a new key on a PS3, they would have to mass distribute the key over the Internet, and every PS3 would have to be capable of decoding it. Since we're inside the PS3 already, even if they did change 'm' to be random and make the new key 'uncrackable', we'd still have open access to the new key as the current PS3 must be able to read the value to store it. There is no way for them to change the key on existing PS3s without everyone knowing what the new key is. The reason the original key can be kept secret is because it's implemented inside a chip on the assembly line, not broadcast over the Internet. The PS3 is broken and they will not be fixing it.
Whitelisting will never work. The only way to 'fix' the PS3 is to make new consoles 100% incompatible with existing games and implement a new key and proper random 'm' values at the factory. Tl;dr: It's broken in an unfixable way. Once the end user has the same execution rights as Sony there is nothing they can do. The entire system relies on them being the Admin, and us just users.
Once we're all Admins they have no control. Any attempt to do a remote fix ultimately relies on the user not having Admin rights. A whitelist and a new key would have to pass through the hands of the end-users to reach the system, making them utterly pointless.
It's simply too late. Tl;dr2: You can never remotely secure a system you know to be insecure because you can never confirm that the 'success' feedback you're getting is actually from your fix and not from the hacker's code. I see a lot of talk about whether the private key is updated, but I don't see why the console would even need to have the private key. AFAIK, the console simply needs to verify signatures, and all you need for that is the public key. It is possible consoles have a separate private key for secure communications to Sony, but that would be unrelated to signing software. Now, this doesn't change the situation, since even if you add a second public key to verify new signatures, you still need software signed with the old private key to work, and that means anything homebrew signed by the old private key will also work. Whitelisting and such is also unworkable since they'll probably need to be signed using the old private key, so such lists could be forged as well.
1) If we can run ANYTHING, we can lie to Sony about the results of a key check. On current machines that have been cracked, and haven't had their firmware updated. Firmware updates might be worked around, but new machines might not remain vulnerable. 2) They can just extract the new key. They can not. They got the old one because Sony fucked up when generating it.
They will not do that a second time. 3) If the key is actually changeable (Most likely coded in hardware) then anyone can change the key to prevent Sony from changing it. If you do that, you can run your own code, but you can also never run any official games again. If there is a whitelist, you might be able to hack that, but you have to keep updating it for every new game released. 4) In order to install a new key on a PS3, they would have to mass distribute the key over the Internet, and every PS3 would have to be capable of decoding it. The public key. That one is entirely safe to distribute, that is how public-key crypto works.
It is the private key you need, and Sony will not distribute that. Arrgghhh, you're not understanding something very crucial. There are 2 very different types of keys at work here. And there are multiple different values of these 2 keys for different parts of the system. First of all, the riv/erk keys are used to symmetrically encrypt executables using a AES-CTR cipher, and the key for this on the metldr is what is referred to as the 'root key', because every other key can be discovered by following down this chain and decrypting each level firmware and its loader (lv0, lv1, etc). It is believed that Sony cannot update the metldr keys on currently released versions of the console, and thus any new firmware they release, we can successfully decrypt and analyze.
Secondly, the public/private keypair is used only to digitally sign the hash of the executable. Each loader effectively checks the signature of the 'loadee' (lv1, lv2, game, etc) to ensure that it is officially authorized by Sony. The current private components of these keys were compromised during Sony's failure to understand 'randomness' allowing us to digitally sign new firmware, executables, etc.