PS3 Security Julian Wechsler Overview Legal Issues ◦ DMCA Security Overview Exploits ◦ Geohot’s Exploit, PS Jailbreak Flaws ◦ ECDSA Legal Issues Sega v. Accolade: Establishes that Reverse Engineering can count as Fair Use Lexmark Int’l v. Static Control Components: Ruled that circumvention of Lexmark’s ink cartridge lock does not violate the DMCA. The basic question If you purchase something, should you be allowed to do whatever you want with it? Recently, it was established that people are allowed to jailbreak or root their phones. From 2010 DMCA Anti-circumvention exemptions: ◦ (2) Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset. How much of a stretch between cellphones and consoles? ◦ Homebrew vs Unofficial Applications PS3 Security Overview Hypervisor (aka lv1) controls access between the Game OS (lv 2) and low level hardware, enforces security. Signed executables 4 years, why? For 3 years, the PS3 has had an “OtherOS” feature, which let people run Linux, so there was no reason to hack it. This feature was removed from the newer PS3 Slim models. Geohot’s Exploit – Sony responds with removing OtherOS from all units. From that point, it took one year for the system to be cracked open. Geohot’s Exploit – Glitching Attack The exploit is a Linux kernel module (hence requiring OtherOS) that calls various system calls to the hypervisor dealing with memory management. A glitching attack involves sending a timed voltage pulse that should cause the hardware to misbehave in some manner. ◦ Here, used for glitching memory read/write Geohot’s Exploit Goal: Compromise the hashed page table (HTAB) to get read/write access to the main segment, which maps all memory including the hypervisor. The kernel module allocates, deallocates, and then tries to use deallocated memory as the HTAB for a virtual segment. The glitch is meant to prevent the deallocating of the mapped memory. Geohot’s Exploit – Step 1 Allocate a buffer. Make many requests to create lots of duplicate mappings to this buffer. Any one of these mappings can be used to read or write to it. Geohot’s Exploit – Step 2 Deallocate the buffer. The hypervisor will destroy all of the mappings, but if a successful glitch happens here, the mapping will remain intact. Geohot’s Exploit – Step 3 Lastly, create virtual segments until it falls in the buffer space that the kernel still has access to. Since you can still read and write to it, the exploit writes some HTAB entries that gives it full access to the main segment which maps all memory. Geohot’s Exploit – Effects This exploit gives access to all memory, including the hypervisor. So what does this mean? Not really too much.You get a lot of interesting memory dumps, but not really much you can do with it at this point. Regardless, Sony retaliates by removing the OtherOS feature completely to get rid of this exploit. PS Jailbreak, and all of its clones The PSJailbreak emulates a 6 port usb hub, and attaches/detacches fake devices to it to mess with the memory allocation and freeing of the various blocks of memory that hold the device and configuration descriptors. A heap overflow is used to execute shellcode. PS Jailbreak Effects After loading the exploit, the payload patches the lv2 GameOS so that it can run unsigned code. For some reason, the hypervisor doesn’t check to make sure that code is signed. Lv2 can also be patched to load games from the HDD. (Piracy!) Lv1/hypervisor is still protected. (Not that they’re doing much at this point) Signed Executables Sony’s ECDSA A ECDSA signature consists of R and S computed by: R = (mG)x S = (e + kR) / m The first equation can’t be solved because of the discrete logarithm problem The second equation can’t be solved because it contains two unknowns. Sony’s ECDSA However, m is supposed to be a random number. For some reason, Sony uses the same random number every time. With two signatures using the same m, you can easily solve for k, very easily obtaining the private key. With this information, anyone can sign anything, and run it without having to preload any kind of exploit. Resources https://ps3wiki.lan.st/index.php/Main_Page http://events.ccc.de/congress/2010/Fahrplan/attachments/1780_27c3_cons ole_hacking_2010.pdf http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/ http://www.copyright.gov/1201/ https://www.eff.org/cases/lexmark-v-static-control-case-archive http://bulk.resource.org/courts.gov/c/F2/977/977.F2d.1510.92-15655.html