Musings & ramblings of a Pythonista
The 27th Chaos Communication Congress revealed the Epic Programming Fail on the PlayStation 3 security. Finally it turned out that Sony's ECDSA algorithm for signing apps use a random number generator which always returns the same number (No, I'm not kidding). The fail0verflow team, who found out this fail, used the following famous xkcd comic to describe Sony's ECDSA algorithm.
fail0verflow demonstrated their work on AsbestOS, which is a bootloader for ps3 using which you can boot Linux on it. Currently this needs some wiring and soldering works but they have promised to release an easy to use tool sometime next month.
But kakaroto(the hacker behind aMsn and PL3 payload for psgroove) wasn't patient enough. He went on to develop some tools to create custom firmware for ps3. You can find the custom firmware generator code from here. Currently it works on Linux and Mac. For those who doesn't know how to use these tools, the following steps would help.
First of all checkout the tools developed by fail0verflow team and build it. You might need to install build-essential
and zlib1g-dev
packages if you are using Ubuntu (use sudo apt-get install
).
mkdir ~/src cd ~/src git clone git://git.fail0verflow.com/ps3tools.git cd ps3tools make
Now checkout the firmware generator code from kakaroto's GitHub repository and use the official firmware update (PS3UPDAT.PUP) to create the CFW.
mkdir ~/.ps3 cd ~/.ps3 git clone https://github.com/kakaroto/ps3keys.git . cd ~/src git clone https://github.com/kakaroto/ps3utils.git cd ps3utils make ./create_cfw.sh PS3UPDAT.PUP CFW.PUP
You can rename this CFW.PUP to PS3UPDAT.PUP and copy it to PS3->UPDATE directory of your pendrive and update the ps3 from the XMB. Still, this CFW does nothing but shows the Install Application option on XMB. You still have to wait until the homebrews are signed and repackaged with the retail .pkg
format to install on this firmware.
fail0verflow's presentation on Console Hacking - 27th Chaos Communication Congress