alt Hacker NewsSony PS5 ROM keys leaked – jailbreaking could be made easier with BootROM codes
Comments
> This isn’t the first time that Sony has had to deal with a security crisis with the popular PlayStation family. The PlayStation 3 was previously hit with a vulnerability when the company made a mistake with their cryptography on the console, allowing users to install homebrew software and allow piracy and cheating on popular titles.
Probably could have been avoided if Sony kept the Linux version of the Playstation still alive. Imagine what the (console) world would have looked like, if it was still alive. I never got the chance to even try it myself before it was gone, but I'm sure a lot of the homebrew community's energy could have been redirected towards it instead, hitting two flies with one swath.
The article says:
> According to The Cybersec Guru, this is an unpatchable problem for Sony, because these keys cannot be changed and are burned directly in the APU.
I'm just speculating at this point, but what could prevent Sony from anticipating this exact situation and burning several keys in the APU? I mean, eFuse is not exactly a new technology. That way, once a key is leaked, Sony could push a firmware update switching the APU to a new key which hasn't been leaked yet.
How did the keys get leaked and where are they sourcing this from? Did Sony get compromised, disgruntled employee, what?
If there was a breach, I'd expect keys for the PS4 to be leaked as well which would be quite handy. There are soft jailbreaks you can do currently on the PS4, but they're not full on CFW (custom firmware) and don't persist reboots.
This is probably based on the research outlined in this ccc presentation: https://youtu.be/cVJZYT8kYsI
This also goes into a bit more detail regarding how these keys are used.
I hope this doesn't lead to further cracks, and PS5 multiplayer games being overrun with cheaters.
Once PS3 was cracked enough to run game mods, every PS3 GTA freeroam session was overrun with obnoxious cheaters, ruining it for everyone else. (Sorta like the tech industry.)
In most computer tech things, I'm all Linux, OpenWrt, Coreboot, GrapheneOS, etc., but the game console is one thing that that I like being locked down.
> https://thecybersecguru.com/news/ps5-rom-keys-leaked/#:~:tex...
Nasty filler to add that to the page.
General question: (I don't know enough about cryptography)
Are these symmetric keys or asymmetric ones? Both allow you to decrypt, but only the former would allow you to make changes to it, whereas the latter would still require you to find an exploit in the next stage. I think?
Jailbreaking, emulation and gaming communities are so far gone at this point that it's hard to understand the impact here.
given that there is no dev mode or ssh server running on a console, how do they even read low level binary code such as boot loader? Do they transplant memory chips?
Oh the travesty! People now have the keys to unlock hardware they paid money to and legally 'own', and can inspect their legally owned hardware as they choose!
/sarcasm
As in, you can now craft your own "update" and sign the bootloader/entire package and it will flash?
edit:
> You still won't get a jailbroken PlayStation 5 with this leak, but it will make it easier for hackers to compromise the console's bootloader.
nope?
https://xcancel.com/notnotzecoxao/status/2006525981113332025
> news sites are overhyping the release/leak/whatever of the rom keyseeds, saying it could be used to fully unlock the ps5. i've already stated on twitter and i'll state it again. rom and seeds alone are NOT enough to pwn a ps5, you either need fuses and nandgroups to complement it
> ... or alternatively, you need to find bugs in the rom that you can use to exploit the ps5. neither of these are easy and require immense work. also, decapping a ps5 apu to retrieve the fuses optically will prove useless to the end user because those fuses are encrypted/xored/obfuscated