A number of happenings related to the PS3 have occurred since the last time we wrote the story about Sony’s court action against George Hotz – what follows is a brief rundown of events.
The Examiner and Ars Technica reported that the recently released firmware may have – at least temporarily – broken some stuff. The report points to a problem with the original and the Slim models of the PS3 not being able to upgrade to a new hard drive. According to several users on NeoGAF and HighDef Forum, the 3.56 firmware prevents the newer PlayStation 3 models with 16 MB flash from being upgradeable to a new hard disk drive.
The models include the Original PlayStation 3 Models – CECHH, CECHJ, CECHK, CECHL, CECHM, CECHP, and CECHQ. Slim PlayStation 3 models having trouble include CECH-20..A, CECH-20..B, CECH-21..A, CECH-21..B, CECH-250.A, CECH-250.B, CECH-250.A, CECH-250.B, CECH-251.A, and CECH-251.B. This is apparently an old bug that was eventually fixed, but accidently reintroduced by Sony. Other reports indicate that this problem has already been fixed.
Both CV&G and Gamasutra reported earlier this week that code sharing site Github was forced to take down seven custom firmware files shared by three different users. This was done at the behest of Sony who sent the web site a DMCA takedown notice. The takedown of these files took place a day before a California judge granted Sony a temporary restraining order against PS3 jailbreaker George Hotz.
A Neograf thread, fueled by an IRC conversation from developer and hacker "Mathieulh" (found on JailBreakScene), speculated that firmware 3.56 contained a rootkit that allowed Sony to scan specific files on any PS3 connecting to PlayStation Network. With the ability to scan for specific files, Sony could use this "back door" approach to detect and then ban users who have customized firmware on their consoles. This is a method similar to the one used by Microsoft to detect compromised Xbox 360s.
The Register reported that hackers had already managed to compromise the latest firmware release. On the same day 3.56 was released game console hacker Youness Alaoui (aka KaKaRoToKS) claimed via twitter that he was releasing tools to unpack the files,. These tools allowed him to uncover the new version’s signing keys. Alaoui only released the signing keys for 3.56, which were hosted at Github. Naturally these files can be found somewhere on the internet if someone looks hard enough. A customized version of firmware 3.56 has not been released yet.
Finally, Edge reports that homebrew developer Mathieu Hervais calls Sony’s efforts to plug the security hole created by hackers "too little, too late."
"3.56 was more of a patch to save what’s left to be saved," Hervais told Edge. "Indeed Sony fixed everything that could have been fixed. The reality though is that this is only a minor drawback."
"New keys were introduced in the 3.56 Firmware and code that is not whitelisted is now forced to use those keys. However, since the boot chain integrity is compromised it’s always possible to reprogram externally the NAND/NOR chips (where the firmware code is written to) to run unsigned code again."
"No matter what they do, a 3.56 (and onward) custom firmware is possible on all PlayStation 3 consoles manufactured so far. The people Sony hired made several kindergarten mistakes while implementing their security."