Transcript julian_PS3_Security... - Department of Computer and Information

PS3 Security
Julian Wechsler
Overview

Legal Issues
◦ DMCA
Security Overview
 Exploits

◦ Geohot’s Exploit, PS Jailbreak

Flaws
◦ ECDSA
Legal Issues
Sega v. Accolade: Establishes that Reverse
Engineering can count as Fair Use
 Lexmark Int’l v. Static Control
Components: Ruled that circumvention of
Lexmark’s ink cartridge lock does not
violate the DMCA.

The basic question

If you purchase something, should you be
allowed to do whatever you want with it?

Recently, it was established that people are
allowed to jailbreak or root their phones.

From 2010 DMCA Anti-circumvention exemptions:
◦ (2) Computer programs that enable wireless telephone handsets to execute
software applications, where circumvention is accomplished for the sole purpose
of enabling interoperability of such applications, when they have been lawfully
obtained, with computer programs on the telephone handset.

How much of a stretch between cellphones and consoles?
◦ Homebrew vs Unofficial Applications
PS3 Security Overview
Hypervisor (aka lv1) controls access
between the Game OS (lv 2) and low
level hardware, enforces security.
 Signed executables

4 years, why?
For 3 years, the PS3 has had an
“OtherOS” feature, which let people run
Linux, so there was no reason to hack it.
 This feature was removed from the
newer PS3 Slim models.
 Geohot’s Exploit – Sony responds with
removing OtherOS from all units.
 From that point, it took one year for the
system to be cracked open.

Geohot’s Exploit – Glitching Attack
The exploit is a Linux kernel module
(hence requiring OtherOS) that calls
various system calls to the hypervisor
dealing with memory management.
 A glitching attack involves sending a timed
voltage pulse that should cause the
hardware to misbehave in some manner.

◦ Here, used for glitching memory read/write
Geohot’s Exploit
Goal: Compromise the hashed page table
(HTAB) to get read/write access to the
main segment, which maps all memory
including the hypervisor.
 The kernel module allocates, deallocates,
and then tries to use deallocated memory
as the HTAB for a virtual segment.
 The glitch is meant to prevent the
deallocating of the mapped memory.

Geohot’s Exploit – Step 1

Allocate a
buffer. Make
many requests
to create lots
of duplicate
mappings to
this buffer. Any
one of these
mappings can
be used to read
or write to it.
Geohot’s Exploit – Step 2

Deallocate the
buffer. The
hypervisor will
destroy all of
the mappings,
but if a
successful glitch
happens here,
the mapping will
remain intact.
Geohot’s Exploit – Step 3


Lastly, create
virtual segments
until it falls in the
buffer space that
the kernel still has
access to.
Since you can still
read and write to
it, the exploit
writes some
HTAB entries that
gives it full access
to the main
segment which
maps all memory.
Geohot’s Exploit – Effects
This exploit gives access to all memory,
including the hypervisor.
 So what does this mean? Not really too
much.You get a lot of interesting memory
dumps, but not really much you can do
with it at this point.
 Regardless, Sony retaliates by removing
the OtherOS feature completely to get
rid of this exploit.

PS Jailbreak, and all of its clones
The PSJailbreak emulates a 6 port usb
hub, and attaches/detacches fake devices
to it to mess with the memory allocation
and freeing of the various blocks of
memory that hold the device and
configuration descriptors.
 A heap overflow is used to execute
shellcode.

PS Jailbreak Effects
After loading the exploit, the payload
patches the lv2 GameOS so that it can
run unsigned code. For some reason, the
hypervisor doesn’t check to make sure
that code is signed.
 Lv2 can also be patched to load games
from the HDD. (Piracy!)
 Lv1/hypervisor is still protected. (Not that
they’re doing much at this point)

Signed Executables
Sony’s ECDSA
A ECDSA signature consists of R and S
computed by:
 R = (mG)x
 S = (e + kR) / m
 The first equation can’t be solved because
of the discrete logarithm problem
 The second equation can’t be solved
because it contains two unknowns.

Sony’s ECDSA
However, m is supposed to be a random
number.
 For some reason, Sony uses the same
random number every time.
 With two signatures using the same m,
you can easily solve for k, very easily
obtaining the private key.
 With this information, anyone can sign
anything, and run it without having to
preload any kind of exploit.

Resources

https://ps3wiki.lan.st/index.php/Main_Page

http://events.ccc.de/congress/2010/Fahrplan/attachments/1780_27c3_cons
ole_hacking_2010.pdf

http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/

http://www.copyright.gov/1201/

https://www.eff.org/cases/lexmark-v-static-control-case-archive

http://bulk.resource.org/courts.gov/c/F2/977/977.F2d.1510.92-15655.html