The private keys for the PS3 (and PSP) have been found.
Who did it?[/p]A hole in the encryption scheme of the PS3 was found by team fail0verflow. Geohot used the information to find and publicly post the keys. Mathieulh then did some digging in the PS3 and found the encryption keys for the PSP as well (the PS3 and PSP interchange content under certain situations).
What are keys?[/p]The reason game systems will only run official content is because the company in question (e.g. Sony, Nintendo, or Microsoft) builds the system so that it will only accept digitally "signed" content. This "signature" basically takes the form of a key used to encrypt/lock the game/program. If the system is presented with a program that doesn't have the key incorporated into it, it refuses to run it.
This is how game companies keep people from running pirated games (when copied, part of the signature/lock is destroyed, so to speak), and it's also how they keep a tight control over what content their system plays. If you're a game designer and you want to make a pornographic game for the Wii, you can't unless Nintendo specifically allows you to by signing your content, which of course they won't. This makes sure that the system isn't ruined by an influx of crappy games, as happened with systems before the NES's age. A game company uses this to make sure only "quality" games make it through... and it's a way of making sure they get a cut of the profits of each game, of course.
How does this relate to current hacks?[/p]This content authentication I described is present in every modern game system.
All the hacks/mods we're used to target these protection systems in order to disable them.
Softmodding a Wii?
A flash cart for the DS/i?
FreeMCBoot for the PS2?
A jailbreak dongle for the PS3?
Custom firmware for the PSP?
The purpose of each of those mods is to stop the system from checking for the signature.
What can we do with the keys?[/p]With the keys, we can sign our own programs. We no longer have to hack the PS3 in order to run custom content, because our programs will have the signature that the system checks for. This means that now, somebody can make a program that will run on ANY PS3, regardless of it's firmware version or whether it's been modded or not. This opens the doors for anybody with a PS3 to develop content (not just hackers), and you don't need a hacked PS3 to run anything they make. This blows the PS3 wide open.
Some of you may ask about the Wii's key we have. That is the common key, which is not the key used to sign content (that's the private key). Yes, this means that the PS3 is even more open than the Wii now.
How can Sony stop this?[/p]Unfortunately, their options are extremely limited, for the following reasons.[*]Everything for the PS3 is signed with the keys.
If Sony was to release a firmware update to simply block things signed with these keys, it would block every PS3 game that currently exists.
[*]Sony has no legal way to force people to not develop for their system in the first place.
There are various laws in place allowing interoperability and compatibility. This is part of the reason that game systems use this type of security. Since game companies have no way to sue people or prevent them from developing for the system through laws, they require that the system only run things signed with a key, and then they simply refuse to give the key to anybody else. Unfortunately for them, the keys have been found by outsiders.
[*]Sony could attempt to claim that possession or use of the keys are illegal, but that's on shaky ground.
A "key" is really just a number (a really big one). Sony would have to convince the courts that knowledge of a certain number is illegal. While something like that might happen when it deals with national security or protecting citizens during a war, Sony's going to have a hard time convincing the courts to do it for a video game system.
For some background on the legal aspects... this same sort of thing happened with the encryption key for the HD DVD format, and while companies sent out many threat letters, no site was actually sued or taken to court over posting the key (even those like digg that did so defiantly). I'm not sure Sony has a legal way to stop people from using the key, at least in the US.
UPDATE: Sony's managed to pull some tricks that were previously unknown to developers, it seems they anticipated something like this. Newer firmwares cannot be hacked, but at the cost of usable recovery mode (the PS3 will not exit recovery mode on newer firmwares). In addition Sony's attempting to sue over this, but it seems to be going oddly...
Who did it?[/p]A hole in the encryption scheme of the PS3 was found by team fail0verflow. Geohot used the information to find and publicly post the keys. Mathieulh then did some digging in the PS3 and found the encryption keys for the PSP as well (the PS3 and PSP interchange content under certain situations).
What are keys?[/p]The reason game systems will only run official content is because the company in question (e.g. Sony, Nintendo, or Microsoft) builds the system so that it will only accept digitally "signed" content. This "signature" basically takes the form of a key used to encrypt/lock the game/program. If the system is presented with a program that doesn't have the key incorporated into it, it refuses to run it.
This is how game companies keep people from running pirated games (when copied, part of the signature/lock is destroyed, so to speak), and it's also how they keep a tight control over what content their system plays. If you're a game designer and you want to make a pornographic game for the Wii, you can't unless Nintendo specifically allows you to by signing your content, which of course they won't. This makes sure that the system isn't ruined by an influx of crappy games, as happened with systems before the NES's age. A game company uses this to make sure only "quality" games make it through... and it's a way of making sure they get a cut of the profits of each game, of course.
How does this relate to current hacks?[/p]This content authentication I described is present in every modern game system.
All the hacks/mods we're used to target these protection systems in order to disable them.
Softmodding a Wii?
A flash cart for the DS/i?
FreeMCBoot for the PS2?
A jailbreak dongle for the PS3?
Custom firmware for the PSP?
The purpose of each of those mods is to stop the system from checking for the signature.
What can we do with the keys?[/p]With the keys, we can sign our own programs. We no longer have to hack the PS3 in order to run custom content, because our programs will have the signature that the system checks for. This means that now, somebody can make a program that will run on ANY PS3, regardless of it's firmware version or whether it's been modded or not. This opens the doors for anybody with a PS3 to develop content (not just hackers), and you don't need a hacked PS3 to run anything they make. This blows the PS3 wide open.
Some of you may ask about the Wii's key we have. That is the common key, which is not the key used to sign content (that's the private key). Yes, this means that the PS3 is even more open than the Wii now.
How can Sony stop this?[/p]Unfortunately, their options are extremely limited, for the following reasons.[*]Everything for the PS3 is signed with the keys.
If Sony was to release a firmware update to simply block things signed with these keys, it would block every PS3 game that currently exists.
[*]Sony has no legal way to force people to not develop for their system in the first place.
There are various laws in place allowing interoperability and compatibility. This is part of the reason that game systems use this type of security. Since game companies have no way to sue people or prevent them from developing for the system through laws, they require that the system only run things signed with a key, and then they simply refuse to give the key to anybody else. Unfortunately for them, the keys have been found by outsiders.
[*]Sony could attempt to claim that possession or use of the keys are illegal, but that's on shaky ground.
A "key" is really just a number (a really big one). Sony would have to convince the courts that knowledge of a certain number is illegal. While something like that might happen when it deals with national security or protecting citizens during a war, Sony's going to have a hard time convincing the courts to do it for a video game system.
UPDATE: Sony's managed to pull some tricks that were previously unknown to developers, it seems they anticipated something like this. Newer firmwares cannot be hacked, but at the cost of usable recovery mode (the PS3 will not exit recovery mode on newer firmwares). In addition Sony's attempting to sue over this, but it seems to be going oddly...