Professional Documents
Culture Documents
1780 27c3 Console Hacking 2010
1780 27c3 Console Hacking 2010
Not trademark infringing The domain was available The ratio of fail to win is high.
We've been collaborating on various embedded and thought expansive projects, the most famous of which that hit the press earlier this year was the full reconstruction of the $REDACTED allowing $REDACTED to be completely broken, that was a fun couple of weeks.
Xbox 360
PS3
Xbox 360
PS3
Xbox 360
PS3
JTAG Hack
Xbox 360
PS3
JTAG Hack slim w/o Linux released Geohots hack Linux removed Jailbreak Downgrade this talk :)
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days 1 day piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock Homebrew
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy piracy
2007 2010
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months not yet 1 month 2 weeks 11 days 1 day piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock Homebrew
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy piracy
2007 2010
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months 4 years not yet 1 month 2 weeks 11 days 1 day piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Linux Linux Homebrew, SIM-Lock Homebrew
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy piracy
2007 2010
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months 4 years not yet 1 month 2 weeks 11 days 1 day piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Homebrew Piracy Linux Linux Homebrew, SIM-Lock Homebrew
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy Front Row piracy piracy piracy
2007 2010
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months 4 years not yet 1 month 2 weeks 11 days 1 day piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Homebrew Piracy Linux Linux Homebrew, SIM-Lock Homebrew
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy piracy Front Row piracy piracy piracy
2007 2010
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
hacked for
? 3 months 12 months 4 months <12 months 6 months 2 months 12 months 4 years not yet 1 month 2 weeks 11 days 1 day piracy Linux Homebrew Linux Homebrew Linux Homebrew Homebrew Linux Homebrew Homebrew Piracy Linux Linux Homebrew, SIM-Lock Homebrew
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy piracy Front Row piracy piracy piracy
2007 2010
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy piracy Front Row piracy piracy piracy
encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
2007 2010
device
PS2 dbox2
y
1999 2000
security
? signed kernel encrypted boot
effect
pay TV decoding piracy piracy piracy piracy leaked keys piracy piracy Front Row piracy piracy piracy
encrypted/signed bootup, signed executables checksum signed/encrypted executables signed bootup/executables encrypted/signed bootup,encrypted/signed executables, encrypted RAM, hypervisor, eFuses encrypted/signed bootup,encrypted/signed executables, hypervisor, eFuses, isolated SPU encrypted bootup signed bootloader signed/encrypted bootup/executables signed/encrypted bootup/executables
2007 2010
PS3 Architecture
Source: IBM
Mittwoch, 29. Dezember 2010
SPU Isolation
Source: IBM
0x00000
0x3e000
0x40000
metldr
metldr
lv0ldr
metldr
lv0ldr
lv0
metldr
lv0ldr
metldr
lv0ldr
metldr
lv0ldr
metldr
lv0ldr
ASSED BYP
OtherOS
OtherOS
Not supported on the PS3 Slim
OtherOS
Not supported on the PS3 Slim
Geohot Exploit
XDR RAM Glitching Attack
RAM
Kernel
Hypervisor
HTAB
RAM
Kernel
Hypervisor
HTAB
RAM
Kernel
Hypervisor
HTAB
RAM
Kernel
Hypervisor
HTAB
RAM
Kernel
Hypervisor
HTAB
RAM
Kernel
HTAB
Hypervisor
HTAB
RAM
Kernel
HTAB
Hypervisor
HTAB
Kernel
HV
HTAB
Hypervisor
HTAB
OtherOS
OtherOS
Forcibly removed on the PS3 Fat
Mittwoch, 29. Dezember 2010
OtherOS
Forcibly removed on the PS3 Fat
Mittwoch, 29. Dezember 2010
PSJailbreak
PSJailbreak
PSJailbreak Exploit
PSJailbreak
Hub
PWN1
PWN2
PWN3
PWN4
JIG
FINAL
Device 1
TL = 0xF00 CONFIGURATION #1 .. #4 INTERFACE #1
PAYLOAD
Device 4
Device 4
TL = 0x12 CONFIGURATION #1 INTERFACE #1
Device 4
TL = 0x12 CONFIGURATION #1 INTERFACE #1
CONFIGURATION #2
Device 2
TL = 0x16 INTERFACE #1 CONFIGURATION #1 04 21 B4 2F
Device 4
TL = 0x12 CONFIGURATION #1 CONFIGURATION #1 04 21 B4 2F CONFIGURATION #2 INTERFACE #1
Device 4
TL = 0x12 CONFIGURATION #1 INTERFACE #1
TL = 0x2FB4 CONFIGURATION #2
C++ Objects
VTABLE POINTER INTERFACE OBJECT #N
C++ Objects
VTABLE POINTER INTERFACE OBJECT #N CONFIGURATION #3 INTERFACE OBJECT #N+1
C++
INTERFACE #1
C++ C++
C++ Objects
VTABLE POINTER INTERFACE OBJECT #N CONFIGURATION #3 PAYLOAD POINTER INTERFACE OBJECT #N+1
C++
INTERFACE #1
C++ C++
Device 3
CONFIGURATION #1 .. #2 INTERFACE #1 INTERFACE #4 INTERFACE #7 INTERFACE #10 INTERFACE #2 INTERFACE #5 INTERFACE #8 INTERFACE #11 INTERFACE #3 INTERFACE #6 INTERFACE #9 ...........
NO W^X in LV2
Any old exploit == code execution
Results
LV2 GameOS compromised LV1 Hypervisor NOT compromised Secure SPE NOT compromised
LV2 GameOS compromised LV1 Hypervisor NOT compromised Secure SPE NOT compromised Piracy
Mittwoch, 29. Dezember 2010
ASSED BYP
INE
Downgrades
Downgrades
Sony xed the exploit
Downgrades
Sony xed the exploit Service mode triggered by USB JIG HMAC authenticated, keys dumped
Downgrades
Sony xed the exploit Service mode triggered by USB JIG HMAC authenticated, keys dumped Leaked service app used to enable
downgrades
Sony xed the exploit Service mode triggered by USB JIG HMAC authenticated, keys dumped Leaked service app used to enable
downgrades
AsbestOS
AsbestOS
AsbestOS
Replace LV2/GameOS in memory OtherOS mode and GameOS mode are virtually identical
AsbestOS
Replace LV2/GameOS in memory OtherOS mode and GameOS mode are virtually identical
AsbestOS
Replace LV2/GameOS in memory OtherOS mode and GameOS mode are virtually identical
Run Linux again (even on the Slim!) Use NetRPC to remote-control the PS3 and experiment...
SELFs
SCE header ehdr + phdr ehdrehdr + phdr encrypted metadata key metadata ECDSA signature ehdr + phdr (again...) phdr #0 data #0 phdr #1 data ... phdr #N data
ELF
SELFs
r key oade
SELF key
ELF
SCE header ehdr + phdr ehdrehdr + phdr encrypted metadata key metadata ECDSA signature ehdr + phdr (again...) phdr #0 data #0 phdr #1 data ... phdr #N data
SELFs
r key e load AES
SELF key
ELF
SCE header ehdr + phdr ehdrehdr + phdr encrypted metadata key metadata ECDSA signature ehdr + phdr (again...) phdr #0 data #0 phdr #1 data ... phdr #N data
SELFs
r key e load AES
SELF key
ELF
SCE header ehdr + phdr ehdrehdr + phdr encrypted metadata key metadata ECDSA signature ehdr + phdr (again...) phdr #0 data #0 phdr #1 data ... phdr #N data
AES + SHA-1
The Oracle
Sonys idea: No one can see our code! ... unless the PPE is compromised Decrypting all code possible from GameOS But we want keys!
Mittwoch, 29. Dezember 2010
Sonys idea: No one can see our code! ... unless the PPE is compromised Decrypting all code possible from GameOS But we want keys!
Mittwoch, 29. Dezember 2010
INE
E ESS US L
Chain of Trust
Name bootldr lv0 metldr lv1ldr lv1 isoldr sc_iso lv2ldr lv2 appldr some game
Mittwoch, 29. Dezember 2010
Processor / updateable revocable* Mode SPE PPE HV SPE SPE PPE HV SPE SPE SPE PPE SV SPE PPE PS
usage
boot lv0 boot lv1 run *ldr decrypt lv1 hypervisor decrypt modules
...
Chain of Trust
Name bootldr lv0 metldr lv1ldr lv1 isoldr sc_iso lv2ldr lv2 appldr some game
Mittwoch, 29. Dezember 2010
Processor / updateable revocable* Mode SPE PPE HV SPE SPE PPE HV SPE SPE SPE PPE SV SPE PPE PS
usage
boot lv0 boot lv1 run *ldr decrypt lv1 hypervisor decrypt modules
...
decrypt lv2 kernel decrypt games :-) *as per Sonys specication
Breaking loaders
Revocation list buffer rvk_isolated lv2ldr code Revocation list buffer rvk_shared
Breaking loaders
Revocation list buffer rvk_isolated lv2ldr code Revocation list buffer rvk_shared
Breaking loaders
Revocation list buffer rvk_isolated lv2ldr code Revocation list buffer rvk_shared
lv2ldr code
Only a bug in isolated loaders Chain of Trust already broken for all sold
consoles now.
Only a bug in isolated loaders Chain of Trust already broken for all sold
consoles now.
ROKEN B
CTIVE FFE
SELFs
r key e load AES
SELF key
ELF
SCE header ehdr + phdr ehdrehdr + phdr encrypted metadata key metadata ECDSA signature ehdr + phdr (again...) phdr #0 data #0 phdr #1 data ... phdr #N data
AES + SHA-1
SELFs
r key e load How does AES
SELF key
this work?
ELF
SCE header ehdr + phdr ehdrehdr + phdr encrypted metadata key metadata ECDSA signature ehdr + phdr (again...) phdr #0 data #0 phdr #1 data ... phdr #N data
AES + SHA-1
ECDSA
These are public: p, a, b, G, N (elliptic curve params) Q = public key e = hash of data R, S = signature, and these are private: m = random k = private key.
Mittwoch, 29. Dezember 2010
A signature is a pair of numbers R, S computed by the signer as R = (mG)x e + kR S= . m It is imperative to have a random m for every signature: from a pair of signatures that use the same m, we can compute m and k.
Mittwoch, 29. Dezember 2010
R = (mG)x R = (mG)x e1 + kR e2 + kR S1 = S2 = m m When m is identical for two signatures, so is R, and e1 e2 S1 S2 = m e1 e2 m= S1 S2 mSi ei e1 S2 e2 S1 k= = . R R(S1 S2 )
Mittwoch, 29. Dezember 2010
ROKEN B
CTIVE FFE
E ESS US L
E ESS US L
On-die bootROM On-die key storage Public-key crypto Chain of trust Per-console keys Signed executables Security coprocessor
Full media encryption and signing Encrypted storage Self-signed storage Memory encryption/hashing Hypervisor User/kernelmode Anti-downgrade eFUSEs
E ESS US L