Bunnie, the original hacker of the first Xbox, was brought on as council by Microsoft to help improve security for the Xbox 360. You can see the results if you ever get deep into the security models of the two.
I'm not so sure I'd want to take a job having just made my new chain of command look like incompetent idiots, they'd probably find a way to repay the favor. They'd just make him to sign a bunch of long-term NDAs and fire him 6 months later. If this guy had much experience in the workplace he'd know that development like this usually happens when an organization has systematically driven out the detail-oriented security-minded people. They tend to be on the low end of the "net reduction in buglist items per salary dollar" scale.
On the other hand, there are any number of independent security assessment/pen testing firms that would love to have this guy's skills. He might even end up working on consoles. That's probably the way he should approach it.
I'm not so sure I'd want to take a job having just made my new chain of command look like incompetent idiots
A chain of command that's savvy enough to really want him despite that is one you'd actually want to be in, though. An organization that focused on results would be all edge like the fictional Maas Neotek from Gibson's Neuromancer.
A chain of command that's savvy enough to really want him despite that is one you'd actually want to be in, though.
Absolutely. But if they were the savvy type, would they have been pwned at nearly every security layer like that? If you haven't seen it, the video says it better than I can.
So probably if he were hired, it would be with mixed feelings of some of his uppers. At best, he probably "wouldn't fit in with the team" as they say. Someone like him would need to be either in charge of the whole freaking platform direction, or not there at all. (now there's an idea) Seriously, IMHO Sony's best move would be to fire the guy responsible for reneging on Linux and hire someone with a clue instead. Microsoft would have the guts do something like that.
It's ridiculous. I bought a PS3 (by coincidence) the other day. Guess what?! It doesn't play PS2 games! PS2 plays PS1 games (so I thought). Our Wii plays GameCube games. Xbox360 plays Xbox games. What is a PS3 if not a PlayStation? I didn't have my heart set on it anyway, but the kids tracked down some PS2 games they wanted. They specifically wanted the older PS2 versions because they didn't like the PS3 versions!
In fairness, Gran Turismo 5 and Little Big Planet are beautiful and fun games and they have only crashed a few times.
This is true-the parent should also bear in mind that not every single Xbox game is supported on the 360. They gave up on trying to be backwards compatible about 2.5 years in, or so.
Thanks for the info. Clearly we have to read the fine print rather than relying on product names.
Congrats Sony, you thought you'd force your customers to repurchase their favorite games didn't you? Instead you made enemies of an upcoming generation of gamers.
If only they could have heard the tears of the small children on Christmas morning upon finding out that they would not, in fact, be able to use the dance pad and the older Dance Dance Revolution which had the actual anime songs that they had saved their allowance to buy and they would only be able to dance to Lady Gaga instead...
The backwards-compatibility with PS2 games was facilitated by the presence of the PS2 CPU and GPU in the PS3 hardware. Newer revisions of the system eliminated first the CPU and then the GPU. I think it's fair to assume this was done for cost reasons -- it's not like they removed the functionality through software update.
If you really want to play PS2 games, buy a used PS2 on Craigslist for a fraction of the cost of a PS3. Heck, you can still get them new.
The backwards-compatibility with PS2 games was facilitated by the presence of the PS2 CPU and GPU in the PS3 hardware. Newer revisions of the system eliminated first the CPU and then the GPU.
Then they ought to stop selling it as a "PlayStation 3" once it no longer performs the functions of a "PlayStation 3". Call it a "Playstation 3--" or something.
Product model names invoke the very definition of what the product is and does, particularly when the name includes a number. They aren't just attractive words to be chosen by Marketing, even when it was the same company that made the initial definition of the feature set in the first place.
Like I said, it wasn't particularly frustrating or surprising to me to find this out after I bought it, but only because my expectations of a Sony product were so low to begin with. I would have been shocked if this had been Google though.
Backward compatibility of gaming systems, in my estimation, started with Sony. Nintendo and Sega certainly didn't have them on their systems, and Sony was the first to do it(again, AFAIK) with the Playstation 2. Gamecubes didn't play N64 games which didn't play SNES games which didn't play NES games, etc.. However, the PS2 accomplished that by having a PS1 core on the same board as the PS2 hardware-whenever a gamer inserted a PS1 disc, it would switch to the old core... which is why they ran perfectly but with no enhancements from the PS2 hardware.
Getting to the point, the PS3's with the PS2 core were dropped not long after release due to their high cost. I understand your frustration, but it's becoming increasingly important to do research and understand each system's capabilities before putting your dollars down... the 360 is no exception here either.
But if they were the savvy type, would they have been pwned at nearly every security layer like that?
True. If I were him, I'd try working at Apple. Also, "they" are not monolithic. It's quite possible that the parties they beat would not be in his chain of command. One would have to do some diligent research before taking that job. It might well be worth it, however.
Contract employees are paid to perform specific services as laid out by, well, their contract. This makes them a lot less beholden to management than their full time equivalents. The most vindictive thing management could do is to not hire GeoHot in the first place, which would be their loss really.
Really not that brilliant. It appears that the fail0verflow guys did all of the work here. He just beat them to the punch after taking the fruits of their labor, and dropped the key using their exploit.
This is not unlike his behavior that got him rejected in the iPhone scene. I am actually a bit surprised that there are so many comments here praising him.
Hiring the fail0verflow guys, on the other hand, would be a good move.
There is a reason that he never releases technical details and just comes out of nowhere.
No, this is different. geohot compromised metldr, fail0verflow did the other loaders. geohot's exploit is different, no one but himself knows how he did it (not even fail0verflow).
No, the only thing that wasn't known was how he dumped metldr. This is a relatively insignificant part of the whole thing and wasn't what fail0verflow was focusing on in their research (as seen in the video).
The only reason that he was able to do anything with his dump was because of all of fail0verflow's work. See the twitter feed of marcan42 for clarification.
Actually, since the beginning, geohot's ps3 trick was just him copying what fail0verflow had done on the wii (glitching the address bus). He didn't give them credit for that either.
They don't need security; they can just throw you in jail indefinitely, eventually give you a "trial" where some military types say they can execute you, and then execute you. BAI!
It's the phone manufacturers that have to use cryptography to prevent you from actually enjoying a device you just paid them $600 for, since they can't legally kill you if you do something they don't like.
Didn't this happen with their last round of consoles, and didn't they hire the people that did this last time around? I recall something about this from that case with the guy who was chipping in CA a few weeks ago.
As I understand it, all that was required was for them to use the same random number /twice/. Let's say you're Sony and you sign a patch, release it, realise there is a minor fix, and release within 2hours... maybe in your rush you failed to regenerate the random seed?
Or, my initial thoughts, someone inside Sony did this maliciously?
If your build process requires you to manually generate a random number and copy and paste it in, you need to try harder. If you work for a bank handling payments, you should be fired and never allowed to work in software again.
EDIT: that last bit about banks is OT, sorry about that, I've been watching the chip and pin hacking talk from CCC and got confused.
Personally, I don't think the domain matters. If a developer is required to provide security, either to protect a secret, maintain personal or company profits, or protect customer finances, and that developer fails by "int rand() {return 4;}", that developer should never work with technology again.
I agree. It is unlikely that the release manager would have been expected to generate a random number. I'd have expected, possibly, a pre-generated list of random numbers, maybe 1000 or so, so a duplicate is not unlikely, and cannot happen maliciously.
I find it most likely that the build process code was flawed. This sort of code is, in my experience, not written by your most talented developer (unless one of your top developers has a build fetish). All too often you only find deficiencies in the build/release process the month of release, when you have the least time to fix them.
If the whole project is about signing code packages to prevent the platform being hacked, you would've thought the key generation would be considered a critical part of the application code, rather than a detail of the build process. Even if the code necessarily exists in the build script. The build script is the project in this case.
If a developer has ever even thought about generating a list of 1000 random numbers to pick from at a later date, then they shouldn't be developing production code.
Yeah. You don't generate a list. You have make automatically dd 16 bytes from /dev/random, pipe it through hexdump, and then use that as your seed. You don't even have to check for dupes. There are 3.4 * 10^38 possible keys; You will not pick the same one twice.
That way, you can't even accidentally reuse a seed in development, or leak that list of the previously used seeds. When something compromises the system, and you don't need it any more, it should be destroyed.
You are probably more likely to spontaneously rearrange your constituent atoms into cheese or something than to generate the same random 16 bytes twice, assuming a new number needs to be generated only once for each package of code signed. If there was one needed for each packet on a network or something it might be different.
In any case, this risk is orders of magnitude lower than the risk of someone leaking your list of past numbers, especially when they're this valuable.
Even worse, if you are using a list to eliminate the possibility of repeats then you aren't generating a perfect random distribution any more. The possibility of repeated numbers, however small, is explicitly allowed.
maybe in your rush you failed to regenerate the random seed?
Or, my initial thoughts, someone inside Sony did this maliciously?
As always, the human factor is the real weakness. (Key management by users and coders.) There are similar problems with RSA signatures on related numbers or selecting keys for IDEA block cipher and RC4 stream cipher, just to name a few. If you use crypto tools incorrectly, you actually put yourself in a somewhat weaker position than if you hadn't even tried. What you've essentially done is create "security theater" for the bad guys to dupe the unsuspecting with.
I always assumed the PS3 has top notch security given how long they had managed to avoid exploits. Seems from watching the videos that they could go a long way on a future console to prevent hacks just by plugging these issues. The hypervisor happily allocating/ running anything and everything seems like a good place to start.
Obviously other ways would probably eventually be found but as these guys say, just providing a way for people to run their own code to begin with takes a lot of effort behind people hacking the system. There will always be an army of people out there wanting to pirate games and an army of people wanting to profit off of it but only a tiny amount of them can really do anything about it.
I always assumed the PS3 has top notch security given how long they had managed to avoid exploits.
Sometimes absence of evidence really is evidence of absence. Sometimes it's just that nobody was really looking that hard.
Their presentation makes a good case that real hackers really do just want to run their own code and that the 'piracy' bugaboo is something else entirely.
When I was little, I thought Sony was the coolest company ever. They made high-quality reasonably priced HiFi gear. Now my small children have made Sony the laughing stock of the household. Between this Linux debacle and the Windows rootkit, Sony has shown itself to have a habit of shooting its customers in the foot my opinion. No other company has fallen so low in my view.
Seems from watching the videos that they could go a long way on a future console to prevent hacks just by plugging these issues.
Naah. Every major security layer they had in place was broken or ineffective. That's usually a sign of deeper problems in the development process.
IBM probably wrote the hypervisor layer for them. IBM discontinued development on the Cell processor a few years back. It's likely nobody really understands that system at this point better than the hackers.
I do not think they make that case well at all. If you look at what happened with the last generation of consoles, everything but the PS3 had piracy before anyone had unsigned code running. They ignored basically all of the security measures the consoles had implemented and attacked the optical drives firmware (with or without a modchip) and enabled 'backups'/piracy. That basically leaves the PS3 as the one that had linux so the 'real hackers' were not working on it.
The PS3 itself is still not a good example of holding up against piracy until the hackers that wanted to run linux worked on it. It was first broken for the reasons of piracy (PSJailbreak) and was not done by the homebrew scene. Actually, all of their work required and is based on already having code running on the PS3 using the pirate method.
So, what exactly is left to support the opinion that the homebrew people are smart, the piracy people are dumb, and if you do not support linux the homebrew people will make it work with the side effect of allowing piracy? In every instance it is piracy that was first. You can also look to the DVD/HDDVD/BluRay scene and see that the piracy people were ahead of the 'make it play on linux' crowd and quite capable.
This is simply not true. Unsigned code came before piracy. OtherOS kept people wanting to run code on their console happy, removing it was a severe mistake.
And don't put words into the mouth of the PSJailbreak authors. The PSJailbreak allows unsigned code to run, that is why they made it first and foremost (they need unsigned code for piracy), they saw that they can get piracy and went for it. Anything to drive the sales, right? And we still don't know who's behind PSJailbreak, and if they are or aren't in the 'homebrew scene'.
What 'pirate method'?
'DVD/HDDVD/BluRay scene' we're comparing consoles to media now? Get your act together.
PSJailbreak did not come from the homebrew scene and you cannot honestly think people were going to pay $150 just to run homebrew that didn't even exist. You said I should not ascribe PSJailbreak to be for piracy and yet in the same breath you devote them to the homebrew side. At best, you could say that they tie. OtherOS does not count as it is still restricted by the hypervisor.
The pirate method I was referring to is the USB descriptor buffer overrun.
The technological measures protecting HDDVDs and BluRay are as tough as any used by the gaming consoles. Even still, SlySoft in particular manages to deal with new hurdles faster than the rest of doom9.
PS3: OtherOS allowed unsigned code, way before piracy.
Wii: Team Twiizers, who are strongly anti-piracy, were the first to run unsigned code. This was later abused for piracy, but only after Nintendo refused to work with them to fix the issue.
Xbox 360: Don't know much about this. You might be right here.
Drivechips aren't "hacking" in any way comparable to what fail0verflow, Team Twiizers, or any other group accomplished.
I never said that running 1:1 backups is anything near the accomplishments in other instances. I am not the one trying to make a strong claim here. Anyone saying 'let people run linux on it or they will hack it, which leads to piracy' is basing that argument on the sole data point of the PS3. That is a terrible argument.
Naah. Every major security layer they had in place was broken or ineffective. That's usually a sign of deeper problems in the development process.
That, plus the serious problems they had at the launch of the PS3 Fat might indicate that a lot of know-how has leaked out of their organization and moved onto better things.
No, no, no. This is a different exploit. We don't know how he did it yet. (He did get the private key mathematically, using the method from the talk, but not using the revocation list exploit)
Homebrew first and foremost, and reclaiming back the ability to run Linux on the consoles (and run it on the PS3 Slim as well). It's possible to pirate games with this knowledge, but from my understanding a lot of the Blu-ray security has not been broken at this point in time so these keys are by no means all you need to get up and start ripping those discs.
I have a PS3 that hasn't been received the update to remove the "Other OS" option(and I'm damn glad I waited...). Does this also provide access to the PS3 Hypervisor? I remember reading, a long time ago, that that was one portion of the PS3 that was restricted from running Linux. On the same token, I wonder if that could mean better performance... I found that running Yellow Dog Linux on it was awfully slow.
> On the same token, I wonder if that could mean better performance... I found that running Yellow Dog Linux on it was awfully slow.
The hypervisor is minimal in terms of overhead. The biggest impact comes from the fact that the PPC core in the PS3 doesn't do out-of-order execution. You'd be downright amazed how huge a difference this makes.
No kidding? I remember someone from GDC in 2005(the one, I believe from Maxis, who created a storm on Gamasutra after bashing the Wii two years later) that putting out-of-order execution on gaming consoles was going to cripple their capabilities... but the PS3 certainly doesn't seem to suffer from it as far as games are concerned. I don't know enough about the topic at this point so I'd have to read some more.
The strength of the PS3 doesn't lie with the PS3 core, but rather with the ring of SPEs that the Cell processor has. These allow insanely efficient data processing, where the PPC chip really doesn't do a whole lot except for managing logic and state.
However, nothing under OtherOS used the SPEs really, and it had no access to the GPU, so the speed came down to the in-order PPC core.
The CPUs in all of the current systems (Wii, PS3, and the Xbox 360) use in-order execution cores.
My understanding is that for the prevalent workloads presented by most games, out-of-order execution's benefits don't outweigh its costs in chip complexity/size/power consumption/heat/etc.
I would take the mans word and hire him. I'd even through Apple into his list, he did after all release jailbreaks for the iPhone too.