PlayStation 3 homebrew

Last updated

Homebrew software was first run on the PlayStation 3 by a group of hackers under the name "Team Ice" by exploiting a vulnerability in the game Resistance: Fall of Man. Following various other hacks executed from Linux, Sony removed the ability to install another operating system in the 3.21 firmware update. This event caused backlash among the hacker communities, and eventually the group Fail0verflow found a flaw in the generation of encryption keys which they leveraged to restore the ability to install Linux. George Hotz (Geohot), [1] often misattributed as the genesis of homebrew on the PS3, later created the first homebrew signed using the private "metldr" encryption key which he leaked onto the internet. Leaking the key led to Hotz being sued by Sony. The court case was settled out of court, with the result of George Hotz not being able to further reverse engineer the PS3. [2] [3]

Contents

Private key compromised

PlayStation 3 Free speech flag Free-speech-flag-ps3.svg
PlayStation 3 Free speech flag

At the 2010 Chaos Communication Congress (CCC) in Berlin, a group calling itself fail0verflow announced it had succeeded in bypassing a number of the PlayStation 3's security measures, allowing unsigned code to run without a dongle. They also announced that it was possible to recover the Elliptic Curve DSA (ECDSA) private key used by Sony to sign software, due to a failure of Sony's ECDSA implementation to generate a different random number for each signature. However, fail0verflow chose not to publish this key because it was not necessary to run homebrew software on the device. [5] The release of this key would allow anyone to sign their code and therefore be able to run it on any PlayStation 3 console. This would also mean that no countermeasures could be taken by Sony without rendering old software useless, as there would be no distinction between official and homebrew software. [6] The public component of the key is embedded in the PlayStation 3's bootloader, which cannot be modified once a unit leaves the factory, meaning that existing units could not be patched by any future updates. [7] On January 3, 2011, geohot published the aforementioned private key, represented in hexadecimal as C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70, as well as a Hello world program for the PS3. [8] [9] [10] On January 12, 2011, Sony Computer Entertainment America filed lawsuits against both fail0verflow and geohot for violations of the DMCA and CFAA. [11] [12] The suit against geohot was settled at the end of March, 2011, with geohot agreeing to a permanent injunction. [13] [14]

Custom firmware (CFW)

To allow for homebrew using the newly discovered encryption keys, several modified versions of system update 3.55 have been released by Geohot and others. The most common feature is the addition of an "App Loader" that allows for the installation of homebrew apps as signed DLC-like packages. Although Backup Managers could run at that time, they could not load games at first even though some success had been made by making backups look like DLC games and then signing them. An LV2 patch was later released to allow Backup Managers to load game backups and was later integrated into the Managers themselves so that it doesn't have to be run whenever the PS3 is restarted.[ citation needed ]

PS3 System Software update 3.56 tried to patch Miha's exploit for 3.55, however, within a day the system was circumvented again. [15] [16] This caused Sony to release another update shortly after, 3.60, which was secure against circumvention. [17]

However, users may choose not to update and games requiring a firmware version above 3.55 can be patched to run on v3.55 or lower. Soon after v3.60 was released, updates to the PlayStation Network were conducted to block any methods known that allowed PSN access on firmware older than the latest required official firmware (v4.91 as of February 2024), thereby blocking users who chose not to update.

On existing systems, the update only blocks the ability to install modified firmware using the normal system update process. Due to the bootloader being immutable, if the user manages to find a way to write modified firmware to the console's flash, it will still be bootable, even if the console was updated to version 3.60 or above. Consoles that were originally shipped with version 3.60 or above, however, use a new version of the bootloader, and therefore will not boot modified firmware.

A custom firmware known as "Rebug", [18] released on March 31, 2011, gave retail PS3s most of the options and functionality of debug/developer PS3 units. One week later, tutorials became available allowing users to download PSN content for free, using fake (rather than stolen) credit card numbers. [19] One April 12 report described hackers using the jailbroken firmware to access the dev-PSN to get back on games like Call of Duty, with widespread reports of cheating. [20] While some sources blamed Rebug for the subsequent intrusion to Sony's private developer network, Time's "Techland" described such theories as "highly—as in looking down at the clouds from the tip-top of Mount Everest highly—speculative". [21]

In late 2017, there was a tool released to convert 4.82 PS3 OFW to CFW. [22] [23] A new exploit toolset, named the Bguerville Toolset (BG Toolset for short), was released in 2020, [24] which allows firmwares 4.75 to 4.91 to be patched. Sony has worked numerous times to try and patch the BG Toolset, but as of June 20th, 2024, it still remains as the primary entry point for the custom firmware scene on the PlayStation 3. The tool works by modifying the system update process. After installing the patch and rebooting the system, the user can install custom firmware as a system update the same way that was used on firmware 3.55 and below.

It is also worth noting that in early March of 2023, a flash writer [25] for firmware 4.90 was released for the Playstation 3 that required a specific firmware to be installed. This method required a web server that exploit files would be hosted on. This exploit was released in the absence of the BG Toolset as its websites, along with numerous other popular jailbreaking sites, had their domains seized. The tool had since been updated to support firmware version 4.91 as well. While the tool uses a different vulnerability as the initial point of entry, it also applies the same system update patch, allowing the installation of custom firmware using the system update process.

Using one of the above methods, as of October 2024, all PlayStation 3 consoles originally shipped with firmware version 3.56 or below can be modified with custom firmware, regardless of the firmware version currently installed.

Homebrew enabler (HEN)

In 2019, a tool called PS3HEN was released, compatible with any model of PS3, which allows non-CFW compatible consoles to run homebrew with LV2 kernel access. [26] HEN has to be loaded on every reboot albeit this process only takes a few seconds. On release, it was unstable, however as of 2022 it is very stable. HEN has been adopted by many popular homebrew applications, such as multiMAN, to detect LV2 access and run accordingly. Most features of CFW are in HEN, making it a viable alternative for the late 25xx and 30xx series Slims as well as all Super Slims to be able to run homebrew.

See also

Notes

  1. Not based on the key that Hotz released.

Related Research Articles

<span class="mw-page-title-main">PlayStation 3</span> Sonys third home video game console, part of the seventh generation

The PlayStation 3 (PS3) is a home video game console developed and marketed by Sony Computer Entertainment (SCE). The successor to the PlayStation 2, it is part of the PlayStation brand of consoles. It was first released on November 11, 2006, in Japan, November 17, 2006, in North America, and March 23, 2007, in Europe and Australasia. The PlayStation 3 competed primarily against Microsoft's Xbox 360 and Nintendo's Wii as part of the seventh generation of video game consoles.

<span class="mw-page-title-main">PlayStation Portable</span> Handheld game console by Sony

The PlayStation Portable (PSP) is a handheld game console developed and marketed by Sony Computer Entertainment. It was first released in Japan on December 12, 2004, in North America on March 24, 2005, and in PAL regions on September 1, 2005, and is the first handheld installment in the PlayStation line of consoles. As a seventh generation console, the PSP competed with the Nintendo DS.

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application or user with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

A softmod is a method of using software to modify the intended behavior of hardware, such as computer hardware, or video game consoles in a way that can overcome restrictions of the firmware, or install custom firmware.

Homebrew, when applied to video games, refers to software produced by hobbyists for proprietary video game consoles which are not intended to be user-programmable. The official documentation is often only available to licensed developers, and these systems may use storage formats that make distribution difficult, such as ROM cartridges or encrypted CD-ROMs. Many consoles have hardware restrictions to prevent unauthorized development.

<span class="mw-page-title-main">PlayStation Portable homebrew</span> Executing unsigned code on PlayStation Portable

PlayStation Portable homebrew refers to the process of using exploits and hacks to execute unsigned code on the PlayStation Portable (PSP).

<span class="mw-page-title-main">Remote Play</span> Video game console remote control function

Remote Play is a native functionality of Sony video game consoles that allow the PlayStation 3, PlayStation 4 and PlayStation 5 to wirelessly transmit video and audio output to a receiving device, which would also control the console. Remote Play works either nearby, when both the console and the receiver are on the same home local area network, or remotely via the Internet through Sony's servers.

OtherOS is a feature of early versions of the PlayStation 3 video game console, allowing user installed software, such as Linux or FreeBSD. The feature was removed since system firmware update 3.21, released on April 1, 2010.

<span class="mw-page-title-main">PlayStation 3 system software</span> System software for the PlayStation 3

The PlayStation 3 system software is the updatable firmware and operating system of the PlayStation 3. The base operating system used by Sony for the PlayStation 3 is a fork of both FreeBSD and NetBSD known internally as CellOS or GameOS. It uses XrossMediaBar as its graphical shell.

The PlayStation Portable system software is the official firmware for the PlayStation Portable (PSP). It uses the XrossMediaBar (XMB) as its user interface, similar to the PlayStation 3 console.

<span class="mw-page-title-main">PlayTV</span> HDTV/DVR add-on unit for the PlayStation 3

PlayTV is an add-on unit for the PlayStation 3 video game console that allows it to act as a digital television receiver, and digital video recorder, using the DVB-T standard.

<span class="mw-page-title-main">George Hotz</span> American software engineer

George Francis Hotz, alias geohot, is an American security hacker, entrepreneur, and software engineer. He is known for developing iOS jailbreaks, reverse engineering the PlayStation 3, and for the subsequent lawsuit brought against him by Sony. From September 2015 onwards, he has been working on his vehicle automation machine learning company comma.ai. Since November 2022, Hotz has been working on tinygrad, a deep learning framework.

<span class="mw-page-title-main">Kevin Butler (character)</span> Character

Kevin Butler was a marketing character used by Sony Computer Entertainment America as part of their It Only Does Everything (2009–11) and Long Live Play (2011) advertising campaigns for the PlayStation 3 in North America. He starred as the Vice President of various fictitious departments within the PlayStation division of Sony, responding to "Dear PlayStation" queries. Due to the positive reception to the commercials, Sony extended them throughout the remainder of 2010 as well as into 2011. The character was created by Deutsch LA, the advertising agency responsible for the campaign. Deutsch/LA also managed Kevin Butler's Twitter account and wrote his E3 2010 speech. Creative Circus graduates Will Lindberg and Mark Adler were responsible for creating the "Hall of Play" Facebook application to induct PlayStation gamers into the Hall of Play by Kevin Butler.

<span class="mw-page-title-main">PlayStation 3 Jailbreak</span>

PlayStation 3 Jailbreak was the first USB chipset that allowed unauthorized execution of code, similar to homebrew, on the PlayStation 3. It works by bypassing a system security check using a memory exploit which occurs with USB devices that allows the execution of unsigned code.

<span class="mw-page-title-main">Hacking of consumer electronics</span>

The hacking of consumer electronics is a common practice that users perform to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.

<i>Sony Computer Entertainment America, Inc. v. Hotz</i> Lawsuit between Sony Entertainment and hackers geohot and fail0verflow

SCEA v. Hotz was a lawsuit in the United States by Sony Computer Entertainment of America against George Hotz and associates of the group fail0verflow. It was in regards to jailbreaking and reverse engineering the PlayStation 3.

The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to deactivate the PlayStation Network servers on April 20. The outage lasted 23 days.

<span class="mw-page-title-main">PlayStation 4 system software</span> System software for the PlayStation 4

The PlayStation 4 system software is the updatable firmware and operating system of the PlayStation 4. The operating system is Orbis OS, based on FreeBSD 9.

<span class="mw-page-title-main">PlayStation TV</span> Microconsole manufactured by Sony Computer Entertainment

The PlayStation TV, known in Japan and other parts of Asia as the PlayStation Vita TV or PS Vita TV, is a microconsole, and a non-handheld variant of the PlayStation Vita handheld game console. It was released in Japan on November 14, 2013, and Europe and Australia on November 14, 2014.

Custom firmware, also known as aftermarket firmware, is an unofficial new or modified version of firmware created by third parties on devices such as video game consoles, mobile phones, and various embedded device types to provide new features or to unlock hidden functionality. In the video game console community, the term is often written as custom firmware or simply CFW, referring to an altered version of the original system software inside a video game console such as the PlayStation Portable, PlayStation 3, PlayStation Vita/PlayStation TV, PlayStation 4, Nintendo 3DS, Wii U and Nintendo Switch. Installing custom firmware on some devices requires bootloader unlocking.

References

  1. AttackOfTheShow (2011-01-14), Hacking and Jailbreaking with George Hotz , retrieved 2018-01-14
  2. "Sony and PlayStation 3 jailbreaker George Hotz settle out of court". Engadget. Retrieved 2018-01-14.
  3. Thorsen, Tor (2011-04-13). "Sony/Hotz settlement details surface". GameSpot. Retrieved 2018-01-14.
  4. S, Ben (March 1, 2011). "46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2". Yale Law & Technology. Yale University. Archived from the original on March 10, 2011. Retrieved September 24, 2015. A 'PS3 Flag', an homage to its predecessor, the 'Free Speech Flag'
  5. Bendel, Mike (2010-12-29). "Hackers Describe PS3 Security As Epic Fail, Gain Unrestricted Access". Exophase.com. Retrieved 2011-01-05.
  6. Fildes, Jonathan (2011-01-06). "iPhone hacker publishes secret Sony PlayStation 3 key". BBC. Retrieved 2011-03-20.
  7. "How the PS3 LV0 key was (probably) hacked".
  8. Rosen, Brad (March 1, 2011). "46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2". yalelawtech.org. Retrieved 6 February 2017.
  9. "Hacker Claims To Have The PS3's Front Door Keys". Kotaku. 2011-01-03. Retrieved 2011-01-05.
  10. "Geohot: Here is your PS3 Root Key! – Now with "HELLO WORLD" proof!". (psx-scene administrator). Archived from the original on 2011-01-06. Retrieved 2013-08-21. (original GeoHot posting to psx-scene with key and hello world program)
  11. "Sony to Geohot: See you in court". Eurogamer. January 12, 2011. Retrieved January 12, 2011.
  12. "Motion for TRO". Scribd.com. 2011-01-12. Retrieved 2011-03-20.
  13. Sony and George Hotz Settle PS3 Hacking Lawsuit
  14. Settlement in George Hotz Case – PlayStation Blog
  15. "Sony patches PS3 to 3.56, hackers immediately open system back up - Geek.com". Geek.com. 2011-01-28. Archived from the original on 2018-01-15. Retrieved 2018-01-14.
  16. "PS3 firmware 3.56 hacked in less than a day, Sony's lawyers look confused (update)". Engadget. Retrieved 2018-01-14.
  17. "Hacker who released first custom firmware says PS3 is secure with 3.60 - Geek.com". Geek.com. 2011-03-15. Archived from the original on 2018-01-15. Retrieved 2018-01-14.
  18. The site rebug.me Archived 2022-08-12 at the Wayback Machine is credited in an April 26 Eurogamer.es report.
  19. "PlayStation Network taken down to halt piracy?". computerandvideogames.com. 2011-04-25. and linked articles
  20. "PlayStation 3 Hackers Using Developer Network to Access PSN". attackofthefanboy.com. 2011-04-12.
  21. Peckham, Matt (2011-04-26). "Did Custom 'Rebug' Firmware Kill Sony's PlayStation Network?". Time.
  22. "PS3 Custom Firmware 4.82 Download Installer 2017 Released For Homebrew, Details Here | Redmond Pie". Redmond Pie. 2017-11-30. Retrieved 2018-01-14.
  23. ""Christmas in November" release: PS3 Custom Firmware installer for Firmware 4.82 - Wololo.net". Wololo.net. 2017-11-24. Retrieved 2018-01-14.
  24. "PlayStation 3: bguerville releases PlayStation 3 Toolset – A PS3 Exploitation Framework leveraging a brand new exploit!". Wololo.net. 2020-03-29. Retrieved 2021-05-01.
  25. "PS3 - PS3Xploit Flash Writer (4.90 HFW)". PSX-Place. Retrieved 2023-06-06.
  26. "PS3HEN along with an offline loader released: You can finally use Homebrew and some CFW features on SuperSlim and Late Slim PlayStation 3 Consoles!". Wololo.net. 2019-04-28. Retrieved 2022-12-31.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.