Stories
Slash Boxes
Comments

SoylentNews is people

Cryptography Failure Leads to Easy Hacking for PlayStation Classic

posted by takyon on Thursday December 13 2018, @01:25AM   Printer-friendly
from the classic-rot26-security dept.

MrPlow writes:

Submitted via IRC for SoyCow1984

Cryptography failure leads to easy hacking for PlayStation Classic

Plug-and-play hardware lacks even basic functional security for crucial bootrom.

In the days since the PlayStation Classic's official release, hackers have already made great progress in loading other PlayStation games (and even non-PlayStation software) onto the plug-and-play device. What's more, it seems some sloppy cryptography work on Sony's part is key to unlocking the device for other uses.

Console hackers yifanlu and madmonkey1907 were among those who were able to dump the PlayStation Classic's code via the system's UART serial port in the days after its release. From there, as yifanlu laid out on Twitter, the hackers found that the most sensitive parts of the system are signed and encrypted solely using a key that's embedded on the device itself, rather than with the aid of a private key held exclusively by Sony. In essence, Sony distributed the PlayStation Classic with the key to its own software lock hidden in the device itself.

takyon: PlayStation Classic is an ARM-based video game console that ships with the ability to play 20 preloaded games made for the original PlayStation console (released in 1994). Sony will not add additional games, but since the console uses the free and open source PCSX emulator and can be easily hacked, adding new content shouldn't be a problem.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Cryptography Failure Leads to Easy Hacking for PlayStation Classic | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by jjr on Thursday December 13 2018, @02:27PM

    by jjr (6969) on Thursday December 13 2018, @02:27PM (#773956)

    Probably Sony didn't care if encryption was not strong enough or the key was included inside. It's a "one time" product, not something that will get more development in the future (*), so it's not worth throwing more money into making it more secure. Once it's sold, Sony doesn't care what customers will do with it, they already got the estimated profits. And as pointed out before, if somebody else is able to "enhance" the product, that will boost sales without Sony having to spend a dime on marketing.

    (*) Yes, theoretically in the future there could be a new version with more games or even a PS2 version, but then again, the target of the device is very well defined: nostalgic players or people who could not afford a PS1 back in time, where this product is a sure sale. It's neither a SaaS product nor it needs any kind of subscriptiosn where you have to keep your customers happy in order to generate revenue month after month and grow in sales.