LV0 encryption key cracks current and future PlayStation 3 firmware

It looks like the security of the PlayStation 3 has been cracked wide open. But then again we’ve thought the same thing in the past and Sony managed to patch those exploits. The latest in the cat and mouse game is the release of the LV0 encryption codes for the PS3 console. The guys who discovered the magic strings of characters supposedly intended to keep them a secret, but have gone public after there was a leak and some black-hats now intend to use them for profit.

The keys are the bottom layer of security when pushing firmware updates to the PS3. With keys in hand, current and future upgrades can be unencrypted, altered, and repackaged without the gaming rig putting up a fuss. Our only real beef with the tight security came when Sony removed the ability to install Linux on systems marketed with this option. The availability of these keys should let you install just about whatever you want on your hardware.

[Thanks Kris via Phys]

33 thoughts on “LV0 encryption key cracks current and future PlayStation 3 firmware

  1. this is good cuz the ps3 has yet to be fully utelized. more power i say and with the option of a posibul pc mod again yey for full out gaming on a power house console. lets make it just as good as our hacky friend the dreamcast

    1. i agree m8, dis cud probly be d best hack since xbox1

      …I died a little inside writing that, even more so than reading your initial post

    1. You may notice how there were almost no major vulnerabilities found UNTIL they decided to remove OtherOS support. I believe that’s the real player here…

  2. I guess if you look at PS3 hardware, ya for the most part they did a pretty good job keeping the console like they wanted.

    But remember the whole ps3 security fallout? I know that was more to do with the servers that ran the accounts but still a part of ps3 security.

  3. NEVER buy Sony products. Ever. Not even headsets.
    After what they did to Geohot?
    Why would the hacking community even speak about this company?

    1. Because it’s still a viable hacking target and this site is about hacking?

      If you hate them so much you should be happy their lowest level of security just got bypassed.

    1. Geohot didn’t release anything before the OtherOS removal, he just showed that it was possible to crack the security in some way on the console, sony got scared and removed OtherOS in hopes that it would take away most points of attack. That made everyone pissed and more and more devs started to look into the security of the PS3, thats when those darn piracy dongles showed up and after that Fail0verflow found the signature keys.

      Funny thing is that OtherOS had nothing to do with 1. Enabling piracy
      2. The signature keys getting released

      Those happened only because Sony wasn’t implementing their security well enough. I believe that team fail0verflow even said that they wouldn’t have looked for security flaws in the system if OtherOS wasn’t removed, as they only wanted to crack the console so they could get back their beloved linux

      1. I agree with some points made above but the main reason Sony decided to remove the OtherOS feature was to prevent mass sales of the hardware to businesses & institutes looking to create an extremely cheap Cell CPU cluster with no intention of buying games, media etc from their services where they make the real money and attract game designers to create and license for their hardware.

        Also the GPU was restricted within the OtherOS feature crippling it for anything other than trivial / computational tasks.

        I know it annoyed a lot of people, me included

    2. xorhack

      bootldr can only be updated in newer skus as they did starting in factory and with 3.60fw

      However for everybory else they cannot update and since they need to maintain compatibility to lower skus and the last place they could encapsulate the loaders is owned…

      The PS3 in terms of hacking kind of lost its interest (everything can be decrypted now)…

      Only those that have the newer bootldr can’t do anything…

      1. You can run Win7 or Win8, but you can run WinNT 3.51. Believe it or not there’s a version of WinNT for power. Would be a nice hack if you ask me.

  4. You can buy things such as the Progskeet flasher or the E3 Flasher which is a NAND/NOR flasher and can replace a “bricked” Ps3 regardless of which firmware it is on, as long as you made a backup of the original image installed on that hardware. You either soulder it up to the memory on the motherboard and if you ever screw up the firmware you can reflash back to which ever backup you created. The best firmware to be on right now is 3.55 Official firmware as it can be exploited with Kmeaw/Rogero firmwares.

    The hardware in Slim PS3’s shipped from factory with OFW 3.55 and down have the same hardware keys as every single PS3 so it’s technically possible to downgrade even more PS3’s that are on OFW 4.30+. The problem is getting a software exploit in an official firmware on these “cracked” machines is hard as of yet.

    The new Slim Ps3’s CHECH3x+ (500GB Top loading disc Drives) have all new hardware keys and can’t be hacked as of yet. Since future updates have to apply to existing Ps3 hardware types it’s easier to exploit further firmwares for future hardware revisons.

  5. Isn’t this old news? Firstly, geohot published his hack an age ago, in response to sony removing other os support, which was in response to his comments on the flaws in ps3 security.

    Secondly, did nobody see that talk 2 years ago where they completely dissected ps3 security at every level? http://www.youtube.com/watch?v=PR9tFXz4Quc. In this talk they showed you how to extract the private keys in every level of ps3 security due to flaws in the implementation of the encryption layers.

    1. Neither geohot nor fail0verflow broke the lv0 encryption, and in fact if you had even bothered to watch the video that you linked everyone to – or were smart enough to understand it, which you obviously aren’t – you would have seen as much. Geohot and the fail0verflow guys only managed to find keys down to lv1, not lv0. Idiot.

  6. Updated on 25.10.2012, 17:20: Apparently Sony delivers the slim version of the PS3 from CECH-30xx and the super-slim with lv0.2 that checks a second signature. This would mean that these newer models can not crack on the manner described above.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s