Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Thursday December 13 2018, @01:25AM   Printer-friendly
from the classic-rot26-security dept.

Submitted via IRC for SoyCow1984

Cryptography failure leads to easy hacking for PlayStation Classic

Plug-and-play hardware lacks even basic functional security for crucial bootrom.

In the days since the PlayStation Classic's official release, hackers have already made great progress in loading other PlayStation games (and even non-PlayStation software) onto the plug-and-play device. What's more, it seems some sloppy cryptography work on Sony's part is key to unlocking the device for other uses.

Console hackers yifanlu and madmonkey1907 were among those who were able to dump the PlayStation Classic's code via the system's UART serial port in the days after its release. From there, as yifanlu laid out on Twitter, the hackers found that the most sensitive parts of the system are signed and encrypted solely using a key that's embedded on the device itself, rather than with the aid of a private key held exclusively by Sony. In essence, Sony distributed the PlayStation Classic with the key to its own software lock hidden in the device itself.

takyon: PlayStation Classic is an ARM-based video game console that ships with the ability to play 20 preloaded games made for the original PlayStation console (released in 1994). Sony will not add additional games, but since the console uses the free and open source PCSX emulator and can be easily hacked, adding new content shouldn't be a problem.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by forkazoo on Thursday December 13 2018, @06:14AM (1 child)

    by forkazoo (2561) on Thursday December 13 2018, @06:14AM (#773905)

    It's amazing to me that we've come to a point where being able to run whatever code you want on hardware that you purchased outright and own completely, is considered some sort of embarrassing bug. It's honestly pretty depressing that it's being covered that way. Whatever weak encryption is there should be treated as a bug for making it inconvenient to run your own code, rather than the other way around.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 3, Touché) by acid andy on Thursday December 13 2018, @03:56PM

    by acid andy (1683) on Thursday December 13 2018, @03:56PM (#773995) Homepage Journal

    You're right, but this is a console we're talking about. They've always been designed to be walled gardens. It's just the other systems that are catching up.

    --
    If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?