It looks like the security of the PlayStation 3 has been cracked wide open. But then again we’ve thought the same thing in the past and Sony managed to patch those exploits. The latest in the cat and mouse game is the release of the LV0 encryption codes for the PS3 console. The guys who discovered the magic strings of characters supposedly intended to keep them a secret, but have gone public after there was a leak and some black-hats now intend to use them for profit.
The keys are the bottom layer of security when pushing firmware updates to the PS3. With keys in hand, current and future upgrades can be unencrypted, altered, and repackaged without the gaming rig putting up a fuss. Our only real beef with the tight security came when Sony removed the ability to install Linux on systems marketed with this option. The availability of these keys should let you install just about whatever you want on your hardware.
[Thanks Kris via Phys]
Finding alternative ways to unlock doors is a favorite hacker pastime. TkkrLab recently took on the challenge themselves. The hackerspace, which is located in the Netherlands, faced a problem common to communal workshops; how could they manage keyed access for a large number of members? The metal keys for the door are special, and cannot be cheaply duplicated. To further compound the issue, they are not the only tenants in the building so they can’t replace the lock with one that uses less-expensive keys. So they decided to add an electronic solution.
They first looked at a method for electronically opening the door. Often, this comes in the form of an electronic strike, but rather than alter the door jamb, they replaces the latching mechanism. The electronic latch was compatible with the original cylinder, which means the old keys still work in it. You can see the new assembly above. Just to the left of the lock is an iButton reader. We’ve seen this hardware in projects many times before. It’s cheap, and easy to work with. Now TkkrLab issues an iButton to each member, and can keep track of who is coming in door.
Well it looks like the Play Station 3 is finally and definitively cracked. FailOverflow’s Chaos Communications Congress talk on console security revealed that, thanks to a flaw on Sony’s part, they were able to acquire the private keys for the PS3. These keys can be used to sign your own code, making it every bit as valid (to the machine anyway) as a disk licensed by the media giant. We’ve embedded the three-part video of the talk, which we watched in its entirety with delight. We especially enjoy their reasoning that Sony brought this upon themselves by pulling OtherOS support.
We remember seeing a talk years back about how the original Xbox security was hacked. We looked and looked but couldn’t dig up the link. If you know what we’re talking about, leave the goods with your comment.
Continue reading “PS3 hacking start-to-finish – CCC”
Add a bit of interest to your radio equipment with one of these unorthodox CW keys. [OH6DC] has been hard at work posting almost sixty of these hacks. Above you can see an alarm clock whose snooze button acts as the key, and a nail clipper used as a key. There’s a banana , a cross-country ski shoe , and a toaster key. The rest you’ll have to see for yourself. Any of these would work perfectly with that Morse code keyboard you’ve been wanting to build.
[Fileark] has instructions for reprogramming keyless entry devices for your car. His demonstration video, which you can see after the break, shows how to make one key fob work for two different vehicles. In this case he’s working on a couple of Chevrolet trucks but there are instructions for GM, Ford, Dodge, Toyota, and Nissan. If you need to reprogram one of these you may find this useful, but we’re wondering how it can be incorporated into a project. If you can sniff out the communications that are going on during the programming you should be able to build and pair your own devices with a vehicle. Wouldn’t it be nice to incorporate your keyless entry into your wristwatch?
Continue reading “Key fob programming”
Hackaday alum [Will O’Brien] cleaned up his messy breadboard with an RGB keylock Arduino shield. You may remember this two-part project from last year. It uses buttons backlit by an RGB LED to operate a door lock.
[Will] is still mulling over what type of kit options he will offer. We’re happy to see if the most important part, a laser-cut key bezel, will be available. This makes for a professional looking finish that made the original project difficult to replicate.
We ran into a friend a while back who was logging into her employer’s Virtual Private Network on the weekend. She caught our attention by whipping out her keys and typing in some information from a key-fob. It turns out that her work uses an additional layer of protection for logging into the network. They have implemented a username, pin number, as well as a hardware token system called SecurID.
The hardware consists of a key-fob with an LCD screen on it. A code is displayed on the screen and changes frequently, usually every 60 seconds. The device is generating keys based on a 128-bit encryption seed. When this number is fed to a server that has a copy of that seed, it is used as an additional verification to the other login data.
This seems like a tech trickle-down of the code generating device from GoldenEye. It does get us thinking: with the problems free email services have been having with account theft, why aren’t they offering a fee-based service that includes a security fob? With the right pricing structure this could be a nice stream of income for the provider. We’re also wondering if this can be implemented with a microcontroller and used in our home network. As always, leave comments below and let us know if you’ve already built your own system using these principles.
Update: Thanks to Andre for his comment that tells us this type of security is available for Apache servers. The distribution includes a server side authentication system and a Java based token generator that can run on any handheld that supports Java.