The many failures of the PS3 Encryption

PS3 Overview

  • Its a Video Game system
  • Released in 2006

  • It runs on a modified version of linux

1st Failure

USB

  • The thing you cant seem to plugin correctly the first time
  • The PS3 has a recovery mode which allows a Operating System loaded over USB
  • This is how Sony fixes broken PS3's in its factory

So why can't I also do that?

The Operating System that is sent over USB is encrypted with a Symmetric Key.

Cryptography 101

  • Symmetric Key: encrypting and decrypting data use the same key.
  • If you find a key for decryption you can use it to encrypt data.
  • If you find a key for encryption you can use it to decrypt data.

How to Find Sony's Key

  • On Sony's Servers
  • On Sony's developers computers
  • On the PS3

Now anyone can push an OS to the PS3

2nd Failure

PS3 Programs

  • Linux biased programs
  • Before the program is run it is checked that it has been authorized by Sony
    • This Prevents unauthorized programs from running
  • This is done by a Cryptographic Signature
  • Cryptographic Signature are created using Asymmetric Keys

Cryptography 102

  • Asymmetric Keys: Encrypting and decrypting data uses different keys
    • These keys are related to each other and are inverses
    • If you know the Decryption Key you also know the Encryption Key
    • But If you know the Encryption Key you don't know the Decryption key
  • Decryption Key as Private Key
  • Encryption Key as Public Key

Cryptography 103

  • Cryptographic Signature: A way that you can trust the origin or validity of data.
  • Creating a Signature is done by using the Decryption Key on the some message.
    • signature = Decryption(message, ...)
  • This can be verified using the corresponding Encryption Key
  • Encrypting the Signature gets back the original message
    • messageĀ  = Encryption(Decryption(message, ...))
    • messageĀ  = Encryption(signature, ...)

Sony's Signature

  • Uses Elliptic Curve Digital Signature Algorithm (ECDSA)
  • This algorithm needs a large random number to generate a secure signature.
  • Sign(random_number, message, sony_private_key) = random_output, signature
  • This is only secure when random_number is unique on for every message
  • If random_number is repeated on two different messages everything is broken.

So what did Sony do?

They Fucked it up

Warning Math

Getting the Random Number

random\_output_1 = (random\_number_1 * G) \newline signature_1 = (random\_output_1 * private\_key) + message_1) / random\_number_1
random\_output_2 = (random\_number_2 * G) = random\_output_1 \newline signature_2 = ((random\_output_2 * private\_key) + message_2) /random\_number_2
\begin{aligned} signature_1 - signature_2 &= \dfrac{(random\_output_1 * singing\_key) + message_1}{random\_number} - \\ & \dfrac{(random\_output_2 * singing\_key) + message_2}{random\_number} \end{aligned}
\begin{aligned} &= \dfrac{(random\_output_1 * signing\_key) - (random\_output_2 * singing\_key) + message_1 - message_2}{random\_number} \\ & =\dfrac{ message_1 - message_2}{random\_number} \end{aligned}
\begin{aligned} random\_number &= \dfrac{message_1 - message_2}{signature_1 - signature_2} \end{aligned}

Getting Sony Signing Key

\begin{aligned} signing\_key &= \dfrac{random\_number * signature_1 - message_1}{random\_output_1} \\ & = \dfrac{message_1 * signature_2 - message_2 * signature_1}{random\_output_1} \\ & = \dfrac{signature_1 * \dfrac{message_1 - message_2}{signature_1 - signature_2} - message_1}{random\_output_1} \\ & = \dfrac{\dfrac{message_1 - message_2}{1 - signature_2} - message_1}{random\_output_1} \\ & = \dfrac{\dfrac{message_1 - message_2}{1 - signature_2} - \dfrac{message_1 - message_1 * signature_2)}{1 - signature_2}}{random\_output_1} \\ & = \dfrac{ message_1 * signature_2 - message_2}{random\_output_1 - signature_2} \\ \end{aligned}
\begin{aligned} signing\_key &= \dfrac{ message_1 * signature_2 - message_2}{random\_output_1 - signature_2} \\ \end{aligned}
Made with Slides.com